Configuration - Hardware.com
Contents
1.2. 5 Internet yO x bust Ase RANER u e A a 1 PC A Primary DSL interface 2 Cisco 3900 series ISR B Dial backup and remote management through the ISDN 3 DSLAM interface ISDN S T port serves as a failover link when the primary line goes down 4 Aggregator 5 ISDN switch c Provides administrator with remote management capability 6 Webserver through the ISDN interface when the primary DSL link is down serves as dial in access to allow changes or updates to Cisco IOS 7 Administrator configuration Configuring ISDN Settings amp Note Traffic of interest must be present in order to activate the backup ISDN line by means of the backup interface and floating static routes methods Traffic of interest is not needed in order for the dialer watch to activate the backup ISDN line To configure your router ISDN interface for use as a backup interface follow these steps beginning in global configuration mode SUMMARY STEPS 1 isdn switch type switch type interface type number encapsulation encapsulation type dialer pool member number isdn switch type switch type a F wN exit Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 E7 Chapter Configuring Backup Data Lines and Remote Management W Configuring Data Line Backup and Remote Management Through the ISDN S T Port DETAILED ST
3. Table 1 Modules that Support the Power Efficiency Management Feature Type of Module Module Name SM SM ES2 16 P SM SRE NM NM 16 ESW NME NME 16ES 1G P HWIC HWIC 4ES W POE HWIC 1G SFP HWIC 2FE ISM ISM SRE 300 K9 PVDM3 PVDM3 256 SRE SM SRE 700 K9 1 NM 16ESW is not supported on Cisco 3945E and Cisco 3925E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 nes Chapter Configuring Power Efficiency Management HZ Restrictions for Power Efficiency Management and OIR Restrictions for Power Efficiency Management and OIR The following restrictions apply when using the power efficiency management feature e The online insertion and removal OIR commands cannot be used when a module is in power save mode e When the OIR commands are executed power efficiency management cannot be configured on a service module Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 86 OL 20696 04 Configuring Security Features Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs provide the following security features e Configuring the Cryptographic Engine Accelerator page 87 e Configuring SSL VPN page 87 e Authentication Authorization and Accounting page 88 e Configuring AutoSecure page 88
4. Note Aironet extensions must be enabled to limit the power level on associated client devices Aironet extensions are enabled by default Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Radio Settings Configuring Radio Channel Settings W Configuring Radio Channel Settings A The default channel setting for the wireless device radios is least congested At startup the wireless device scans for and selects the least congested channel For the most consistent performance after a site survey however we recommend that you assign a static channel setting for each access point The channel settings on the wireless device correspond to the frequencies available in your regulatory domain See the hardware installation guide for the access point for the frequencies allowed in your domain Each 2 4 GHz channel covers 22 MHz Because the bands for channels 1 6 and 11 do not overlap you can set up multiple access points in the same vicinity without causing interference The 802 11b and 802 11g 2 4 GHz radios use the same channels and frequencies The 5 GHz radio operates on 8 channels from 5180 to 5320 MHz up to 27 channels from 5170 to 5850 MHz depending on regulatory domain Each channel covers 20 MHz and the bands for the channels overlap slightly For best performance use channels that are not adjacent
5. I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings W Configuring Radio Channel Settings Blocking Channels from DFS Selection If your regulatory domain limits the channels that you can use in specific locations for example indoors or outdoors you can block groups of channels to prevent the access point from selecting them when DFS is enabled Use this configuration interface command to block groups of channels from DFS selection no dfs band 1 2 3 4 block The 1 2 3 and 4 options designate blocks of channels e 1 Specifies frequencies 5 150 to 5 250 GHz This group of frequencies is also known as the UNII 1 band e 2 Specifies frequencies 5 250 to 5 350 GHz This group of frequencies is also known as the UNII 2 band e 3 Specifies frequencies 5 470 to 5 725 GHz e 4 Specifies frequencies 5 725 to 5 825 GHz This group of frequencies is also known as the UNII 3 band This example shows how to prevent the access point from selecting frequencies 5 150 to 5 350 GHz during DFS ap config if dfs band 1 2 block This example shows how to unblock frequencies 5 150 to 5 350 for DFS ap config if no dfs band 1 2 block This example shows how to unblock all frequencies for DFS ap config if no dfs band block Simulating Radar Detection You can simu
6. Monitoring and Maintaining the DHCP Server Access Point The following sections describe commands you can use to monitor and maintain the DHCP server access point e show Commands page 294 e clear Commands page 295 e debug Command page 295 show Commands To display information about the wireless device as DHCP server enter the commands in Table 4 in privileged EXEC mode Table 4 Show Commands for DHCP Server Command Purpose show ip dhcp conflict address Displays a list of all address conflicts recorded by a specific DHCP Server Enter the wireless device IP address to show conflicts recorded by the wireless device show ip dhcp database url Displays recent activity on the DHCP database Note Use this command in privileged EXEC mode show ip dhcp server statistics Displays count information about server statistics and messages sent and received Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device clear Commands debug Command Configuring the Access Point for Secure Shell W To clear DHCP server variables use the commands in Table 5 in privileged EXEC mode Table 5 Clear Commands for DHCP Server Command Purpose clear ip dhcp binding Deletes an automatic address binding from the address DHCP database Specifying the ad
7. OL 20696 04 Chapter Configuring Radio Settings Configuring VoIP Packet Handling W Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 SEN Chapter Configuring Radio Settings W Configuring VoIP Packet Handling Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 254 OL 20696 04 Administering the Wireless Device The following sections describe administration tasks for the wireless device Security on the Wireless Device Disabling the Mode Button Function page 255 Preventing Unauthorized Access to Your Access Point page 257 Protecting Access to Privileged EXEC Commands page 257 Controlling Access Point Access with RADIUS page 265 Controlling Access Point Access with TACACS page 270 Administering the Wireless Device Administering the Wireless Hardware and Software page 274 Resetting the Wireless Device to the Factory Default Configuration page 274 Monitoring the Wireless Device page 275 Managing the System Time and Date page 275 Configuring a System Name and Prompt page 281 Creating a Banner page 284 Configuring Wireless Device Communication Configuring Ethernet Speed and Duplex Settings page 287 Configuring the Access Point for Wireless Network Management page 288 Configuring the Access Point for Local Aut
8. crypto ipsec profile profile name Example Router config crypto ipsec profile prol Router config Configures an IPSec profile to apply protection on the tunnel for encryption crypto ipsec transform set transform set name transform transform2 transform3 transform4 Example Router config crypto ipsec transform set vpnl esp 3des esp sha hmac Router config Defines a transform set an acceptable combination of IPSec security protocols and algorithms See Cisco IOS Security Command Reference for detail about the valid transforms and combinations crypto ipsec security association lifetime seconds seconds kilobytes kilobytes Example Router config crypto ipsec security association lifetime seconds 86400 Router config Specifies global lifetime values used when IPSec security associations are negotiated See Cisco IOS Security Command Reference for details Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Security Features Configuring VPN W Configure the IPSec Crypto Method and Parameters A dynamic crypto map policy processes negotiation requests for new security associations from remote IPSec peers even if the router does not know all the crypto map parameters for example IP address To configure the IPSec crypto method follow the
9. Chapter Configuring Radio Settings Configuring the Role in the Radio Network W Configuring the Role in the Radio Network The radio performs the following roles in the wireless network e Access point e Access point fallback to radio shutdown e Root bridge e Non root bridge e Root bridge with wireless clients e Non root bridge without wireless clients You can also configure a fallback role for root access points The wireless device automatically assumes the fallback role when its Ethernet port is disabled or disconnected from the wired LAN The default fallback role for Cisco ISR wireless devices is as follows Shutdown the wireless device shuts down its radio and disassociates all client devices To set the wireless device s radio network role and fallback role follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal interface dotllradio 0 1 station role e 2 N non root bridge wireless clients root access point ap only bridge wireless clients fallback repeater shutdown 5 workgroup bridge multicast mode lt client infrastructure gt universal lt Ethernet client MAC address gt 6 end 7 copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 E 223 Chapter Configuring Radio Settings HZ Configuring the Rol
10. Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Basic Router Configuration Configuring Global Parameters W no ip http server control plane line con 0 line aux 0 line vty 0 3 login exception data corruption buffer truncate scheduler allocate 20000 1000 end Configuring Global Parameters SUMMARY STEPS DETAILED STEPS Step 1 Step 2 To configure the global parameters for your router follow these steps 1 configure terminal 2 hostname name 3 enable secret password 4 no ip domain lookup Command Purpose configure terminal Enters global configuration mode when using the console port Example Use the following to connect to the router with a Router gt enable remote terminal Router configure terminal Router config telnet router name or address Login login id Password Router gt enable hostname name Specifies the name for the router Example Router config hostname Router Router config I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide is Chapter Basic Router Configuration E Configuring 1 0 Memory Allocation Step 3 Step 4 Command Purpose enable secret password Specifies an encrypted password to
11. Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide B 8 OL 20696 04 _ Appendix B Using CompactFlash Memory Cards Removing a Directory Directory Operations on a CompactFlash Memory Card W To remove a directory in flash memory enter the rmdir flash0 command in privileged EXEC mode Before you can remove a directory you must remove all files and subdirectories from the directory amp Note Use flash1 in the command syntax to access CF in slot 1 Use flasho in the command syntax to access CF in slot 0 Example Removing a Directory In the following example the subdirectory test config is removed Router dir Directory of flash0 config 1581 drw 0 Mar 01 2004 23 50 08 128094208 bytes total 121626624 bytes free Router rmdir flash0 config test config Remove directory filename config test config Delete flash0 config test config confirm Removed dir flash0 config test config Router dir Directory of flash0 config No files in directory 128094208 bytes total 121630720 bytes free test config I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Appendix B Using CompactFlash Memory Cards HI Directory Operations on a CompactFlash Memory Card Cisco 3900 Series Cisco 2900 Series and Cisco 1
12. Chapter Configuring Security Features HZ Configuring VPN Apply Mode Configuration to the Crypto Map To apply mode configuration to the crypto map follow these steps beginning in global configuration mode SUMMARY STEPS 1 crypto map map name isakmp authorization list list name 2 crypto map fag client configuration address initiate respond DETAILED STEPS Command or Action Purpose Step 1 crypto map map name isakmp authorization list Applies mode configuration to the crypto map and list name enables key lookup IKE queries for the group policy from an AAA server Example Router config crypto map dynmap isakmp authorization list rtr remote Router config Step 2 crypto map fag client configuration address Configures the router to reply to mode initiate respond configuration requests from remote clients Example Router config crypto map dynmap client configuration address respond Router config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 98 OL 20696 04 _ Chapter Configuring Security Features Enable Policy Lookup SUMMARY STEPS DETAILED STEPS Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 1 Step 2 Step 3 Step 4 Configuring VPN W To enable policy lookup through AAA foll
13. Example Router gt enable Enables privileged EXEC mode Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode authentication open Example Router config if authentication open Enables open access on a port end Example Router config if end Router Returns to privileged EXEC mode Control Direction Wake on LAN When the router uses IEEE 802 1X authentication with Wake on LAN WoL the router forwards traffic to the unauthorized IEEE 802 1X ports including the magic packets While the port is unauthorized the switch continues to block ingress traffic other than EAPol packets The host can receive packets but Configuring Control Direction Wake on LAN SUMMARY STEPS cannot send packets to other devices in the network Perform these steps to configure Control Direction Wake on LAN 1 enable 2 configure terminal 3 interface gigabitethernet slot port 4 authentication control direction inlboth I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Identity Features on Layer 3 Interface Hs Control Direction Wake on LAN DETAILED STEPS S
14. Prerequisites e Download the new Cisco IOS Software image to the PC See the Where Do I Download the System Image section on page 179 e Locate the compact flash memory card slot on the router chassis For help with locating the slot and instructions for removing and inserting the card see the hardware installation guide for your router A Caution Removing the compact flash memory card may disrupt the network because some software features use the compact flash memory card to store tables and other important data Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image DETAILED STEPS Step 1 Remove the compact flash memory card from the router Step2 Insert the card into the compact flash card reader on a PC Step3 Use the PC to copy the system image file to the compact flash memory card Step4 Remove the card from the compact flash card reader Step5 Insert the compact flash memory card into the router What to Do Next Proceed to the Loading the New System Image section on page 192 Loading the New System Image This section describes how to load the new system image that you copied into flash memory First determine whether you are in ROM monitor mode or in the Cisco IOS CLI then choose one of the following methods of loa
15. Returns to global configuration mode crypto isakmp keepalive seconds Example Router config crypto ezvpn crypto isakmp keepalive 10 Router config Enables dead peer detection messages Time between messages is given in seconds with a range of 10 to 3600 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide ioa OL 20696 04 Chapter Configuring Security Features Configuring VPN W Command or Action Purpose Step 7 interface type number Enters the interface configuration mode for the interface to which you are applying the Cisco Easy VPN remote configuration Example l Router config interface fastethernet 4 Note For routers with an ATM WAN interface Router config if this command would be interface atm 0 Step 8 crypto ipsec client ezvpn name outside inside Assigns the Cisco Easy VPN remote configuration to the WAN interface which causes the router to automatically create the NAT or PAT and the Example le f access list configuration needed for the VPN Router config if crypto ipsec client i connection ezvpn ezvpnclient outside Router config if Step 9 exit Returns to global configuration mode Example Router config crypto ezvpn exit Router config 1 PAT port address translation Configuration Example The following configuration example shows a portion of the confi
16. Step 15 Step 16 What to Do Next How to Upgrade the Ciscol0S Image W When prompted to confirm the reload enter y Proceed with reload confirm y show version Use this command to verify that the router loaded the proper system image Router show version 00 22 25 SYS 5 CONFIG_I Configured from console by console Cisco Internetwork Operating System Software System returned to ROM by reload System image file is flash0 c2900 universalk9 mz bin Proceed to the Saving Backup Copies of Your New System Image and Configuration section on page 197 Loading the New System Image from ROM Monitor Mode SUMMARY STEPS To load the new system image from ROM monitor mode follow these steps 1 dir flash0 partition number confreg 0x2102 boot flash0 partition number filename e N After the system loads the new system image press Return a few times to display the Cisco IOS command line interface CLI prompt enable configure terminal no boot system boot system flash0 new system image filename o Nn og Optional Repeat to specify the order in which the router should attempt to load any backup system images 10 exit 11 copy run start I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image DETAILED STE
17. Use Cisco Feature Navigator to find information about platform support and software image support Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release feature set or platform To access Cisco Feature Navigator go to http www cisco com go cfn An account at Cisco com is not required amp Note Table 3 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train Unless noted otherwise subsequent releases of that Cisco IOS software release train also support that feature Table 3 Feature Information for Configuring the PVDM3 Module on Cisco Voice Gateway Routers Feature Name Releases Feature Information Configuring the PVDM3 Module on Cisco 15 0 1 M The PVDM3 DSP modules support high density audio Voice Gateway Routers 15 1 1 T applications on the Cisco voice gateways These DSP 15 1 4 M modules provide resources for voice termination voice compression algorithms echo cancellation conferencing and transcoding and support for modems and fax calls In Release 15 0 1 M this feature is supported only on the Cisco 2901 Cisco 2911 Cisco 2921 Cisco 2951 Cisco 3925 and Cisco 3945 In Release 15 1 1 T this feature is supported only on the Cisco 3925E and Cisco 3945E ISRs In Release 15 1 4 M support was added for video conference and transcoding 1 DSP di
18. You may need to update the speed and duplex settings for this interface Enables Auto Detect If a 1 GigE SFP is plugged in set the speed as 1000 and duplex as full An RJ45 connection only works with speed as 1000 and duplex as full If a SFP is not plugged in all speeds and duplexes are available for the RJ45 media Note Do not set speed as 100 or 10 and duplex as half if a 1 GigE SFP is plugged in SFP behavior is unpredictable at these settings Configuring Cellular Dial on Demand Routing Backup Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide To monitor the primary connection and initiate the backup connection over the cellular interface when needed the router can use one of the following methods e Backup Interface Backup interface stays in standby mode until the primary interface line protocol is detected as down then the backup interface is brought up See the Configuring Backup Interfaces section on page 57 e Dialer Watch Dialer watch is a backup feature that integrates dial backup with routing capabilities See the Configuring DDR Backup Using Dialer Watch section on page 62 e Floating Static Route Route through the backup interface has an administrative distance that is greater than the administrative distance of the primary connection route and therefore is not in the routing table until the primary interfa
19. clock summer time zone date date month year hh mm date month year hh mm offset 2 end 3 show running config 4 copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 SEN Chapter Administering the Wireless Device W Managing the System Time and Date DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 clock summer time zone date month Configures summer time to start on the first date and end on the second date year hh mm month date year hh mm date offset or Summer time is disabled by default e For zone specify the name of the time zone for example PDT to be clock summer time zone date date displayed when summer time is in effect MONIN ILAT TAs ATG OURAN VEAN e Optional For week specify the week of the month 1 to 5 or last hh mm offset e Optional For day specify the day of the week for example Sunday e Optional For month specify the month for example January e Optional For hh mm specify the time 24 hour format in hours and minutes e Optional For offset specify the number of minutes to add during summer time The default is 60 Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves yo
20. section on page 192 Using the ROM Monitor to Copy the System Image over a Network A This section describes how to download a Cisco IOS software image from a remote TFTP server to the router flash memory by using the tftpdnld ROM monitor command Caution Prerequisites Restrictions amp Using the tftpdnld ROM monitor command may erase the system image configuration and data files System image configuration and data files must be present on USB CF in slot0 for the router to boot and perform normal file operations Before you can enter the tftpdnld ROM monitor command you must set the ROM monitor environment variables Connect the TFTP server to a fixed network port on your router The LAN ports on network modules or interface cards are not active in ROM monitor mode Therefore only a fixed port on your router can be used for TFTP download This can be either a fixed Ethernet port on the router or one of the Gigabit Ethernet ports on routers equipped with them Note SUMMARY STEPS You can use this command only to download files to the router You cannot use tftpdnld to get files from the router 1 Enter ROM monitor mode 2 Set the IP_ADDRESS ip_address configuration variable 3 Set the IP_LSUBNET_MASK ip_address configuration variable 4 Set the DEFAULT_GATEWAY ip_address configuration variable 5 Set the TFTP_SERVER ip_address configuration variable 6 Set the TFTP_FILE directory path fi
21. A My access point failed to upgrade from autonomous software to Unified software and it appears to be stuck in the recovery mode What is my next step Check the following items Is the IP address on the BVI interface on the same subnet as the WLC Can you ping the WLC from the router access point to confirm connectivity Is the access point set to the current date and time Use the show clock command to confirm this information My access point is attempting to boot but it keeps failing Why My access point is stuck in the recovery image and will not upgrade to the Unified software Why The access point is stuck in recovery mode and you must use the service module wlan ap0 reset bootloader command to return the access point back to bootloader for manual image recovery Downgrading the Software on the Access Point Use the service module wlan ap0 bootimage autonomous command to reset the access point BOOT back to the last autonomous image Use the service module wlan ap 0 reload command to reload the access point with the autonomous software image Recovering Software on the Access Point To recover the image on the access point use the service module wlan ap0 reset bootloader command This command returns the access point to the bootloader for manual image recovery A Caution Use this command with caution Use this command only to recover from a shutdown or failed state OL 20696 04 Cisco 3900 Seri
22. Authorized By Vlan Group AAA Policies Session timeout Idle timeout Common Session ID Acct Session ID Handle Runnable methods list Method dot1x State c1921 GigabitEthernet0 1 0201 0201 0201 Unknown testUserl Authz Success DATA single host both Authentication Server N A N A N A 03030303000000000000BA04 0x00000001 0x6D000001 Authc Success Configuring the MAC Authentication Bypass MAB Perform these steps to configure the MAB SUMMARY STEPS 1 enable 2 configure terminal 3 4 5 mab 6 end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide interface gigabitethernet slot port authentication port control auto Authentication Methods Session ID 03030303000000000000BA04 I OL 20696 04 E Chapter HI Authentication Methods DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Command or Action Purpose enable Example Router gt enable Enables privileged EXEC mode Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode authentication port control auto Example Router config if authentication port control auto Enabl
23. This section describes how to control administrator access to the wireless device using Terminal Access Controller Access Control System Plus TACACS For complete instructions on configuring the wireless device to support TACACS see the Configuring Radius and TACACS Servers chapter in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points TACACS provides detailed accounting information and flexible administrative control over authentication and authorization processes TACACS is facilitated through AAA and can be enabled only through AAA commands Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 270 OL 20696 04 Chapter Administering the Wireless Device amp Controlling Access Point Access with TACACS W Note For complete syntax and usage information for the commands used in this section see Cisco IOS Security Command Reference These sections describe TACACS configuration e Default TACACS Configuration page 271 e Configuring TACACS Login Authentication page 271 e Configuring TACACS Authorization for Privileged EXEC Access and Network Services page 273 e Displaying the TACACS Configuration page 274 Default TACACS Configuration TACACS and AAA are disabled by default To prevent a lapse in security you cannot configure TACACS through a network management application When enabled TACA
24. clock set hh mm ss month day year and seconds The time specified is relative to the configured time zone e For day specify the day by date in the month e For month specify the month by its full name e For year specify the year in four digits no abbreviation Step2 show running config Verifies your entries Step3 copy running config startup config Optional Saves your entries in the configuration file This example shows how to manually set the system clock to 1 32 p m on July 23 2001 AP clock set 13 32 00 23 July 2001 Displaying the Time and Date Configuration To display the time and date configuration use the show clock detail command in privileged EXEC mode The system clock keeps an authoritative flag that shows whether the time is authoritative believed to be accurate If the system clock has been set by a timing source such as NTP the flag is set If the time is not authoritative it is used only for display purposes Until the clock is authoritative and the authoritative flag is set the flag prevents peers from synchronizing to the clock when the peers time is invalid The symbol that precedes the show clock display has this meaning e Time is not authoritative e blank Time is authoritative e Time is authoritative but NTP is not synchronized Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Gui
25. e DSP Farms e DSP Farm Profiles e Conferencing e Broadcast Fast Busy Tone for DSP Oversubscription Video Conference and Transcoding Beginning in Cisco IOS Release 15 1 4 M support is added for video conference and transcoding on the PVDMs3 cards For more information see the Cisco Voice and Video Conferencing for ISR Routers document DSP Resource Manager Enhancement and DSP Numbering amp Each PVDM3 DSP card can hold up to two devices and each device can hold up to three DSP cores The host recognizes each DSP card as one individual DSP and each physical DSP as a device This virtual DSP concept provides a maximum of six DSPs per PVDM3 For backward compatibility for 5510 DSPs the existing numbering scheme is maintained see Table 1 and for PVDM3 DSPs a new numbering scheme is applied see Table 2 Note The numbering schemes shown in Table 1 and Table 2 are examples only and the DSP cards must be installed in the PVDM slots as shown for these sample numbering schemes to be correct For more information about DSP and device numbering see the documents listed in the Additional References section on page 166 Table 1 Example of a DSP Numbering Scheme for 5510 Installation Only Existing PVDM slot 0 PVDM slot 1 PVDM slot 2 PVDM slot 3 5510 Only PVDM2 16 PVDM2 32 PVDM2 48 PVDM2 64 DSP ID 1 5 6 9 10 11 13 14 15 16 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers
26. enable break abort has effect y n n y I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide ra AppendixC Using ROM Monitor HI How to Use the ROM Monitor Typical Tasks enable ignore system config info y n n y change console baud rate y n n y enter rate 0 9600 1 4800 2 1200 3 2400 0 0 change the boot characteristics y n n Yy enter to boot 0 ROM Monitor 1 the boot helper image 2 15 boot system 0 0 Configuration Summary enabled are diagnostic mode console baud 9600 boot the ROM Monitor rommon 8 gt Obtaining Information on USB Flash Devices This section describes how to obtain information on USB devices that are installed in the router For instructions on booting from a USB flash device see the Loading a System Image boot section on page C 8 SUMMARY STEPS 1 dir usbflash x 2 dev DETAILED STEPS Command or Action Purpose Step1 dir usbflash x Displays the contents of the USB flash device including directories files permissions and sizes Example e Q USB flash device inserted in port 0 commen gt dit usbflaskhos e 1 USB flash device inserted in port 1 Step2 dev Shows the targeted USB flash devices that are inserted in the router and the valid device names that may or may not be currently inserted Example ROMMON gt dev Example
27. http help path http www cisco com warp public 779 smbiz prodconfig help eag radius source interface BVI1 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 m Chapter Administering the Wireless Device HZ Configuring the Access Point to Provide DHCP Service I tacacs server host 192 168 133 231 key 7 105E080A16001D1908 tacacs server directed request radius server attribute 32 include in access req format h radius server host 192 168 134 229 auth port 1645 acct port 1646 key 7 111918160405041E00 radius server vsa send accounting I control plane bridge 1 route ip line con 0 transport preferred all transport output all line vty 0 4 transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all I end Configuring the Access Point to Provide DHCP Service The following sections describe how to configure the wireless device to act as a DHCP server e Setting up the DHCP Server page 292 e Monitoring and Maintaining the DHCP Server Access Point page 294 Setting up the DHCP Server amp By default access points are configured to receive IP settings from a DHCP server on your network You can also configure an access point to act as a DHCP server to assign IP settings to devices on both wired and wire
28. it does one of the following e Sends an alarm in syslog format or logs an alarm in Secure Device Event Exchange SDEE format e Drops suspicious packets e Resets the connection e Denies traffic from the source IP address of the attacker for a specified amount of time e Denies traffic on the connection for which the signature was seen for a specified amount of time For additional information about configuring Cisco IOS IPS see the Cisco IOS IPS 5 x Signature Format Support and Usability Enhancements section of Cisco IOS Security Configuration Guide Securing the Data Plane Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html Content Filtering Cisco 3900 series 2900 series and 1900 series ISRs provide category based URL filtering The user provisions URL filtering on the ISR by selecting categories of websites to be permitted or blocked An external server maintained by a third party is used to check for URLs in each category Permit and deny policies are maintained on the ISR The service is subscription based and the URLs in each category are maintained by the third party vendor For additional information about configuring URL filtering see Subscription based Cisco IOS Content Filtering at http www cisco com en US docs ios security configuration guide sec_url_filtering html Configuring VPN A Virtual Private Network VPN connection p
29. station role root access point fallback track fa 0 MAC Address Tracking You can configure the radio whose role is root access point to come up or go down by tracking a client access point and using its MAC address on another radio If the client disassociates from the access point the root access point radio goes down If the client reassociates with the access point the root access point radio comes back up MAC address tracking is most useful when the client is a non root bridge access point connected to an upstream wired network For example to track a client whose MAC address is 12 12 12 12 12 12 enter the following command station role root access point fallback track mac address 12 12 12 12 12 12 shutdown Configuring Radio Data Rates You use the data rate settings to choose the data rates that the wireless device uses for data transmission The rates are expressed in megabits per second Mb s The wireless device always attempts to transmit at the highest data rate set to basic also known as required on the browser based interface If there are obstacles or interference the wireless device steps down to the highest rate that allows data transmission You can set each data rate to one of three states e Basic the GUI labels Basic rates as Required Allows transmission at this rate for all packets both unicast and multicast At least one of the wireless device s data rates must be set to basic e Enabled The wire
30. universal serial bus CF CompactFlash MGF multi gigabit fabric OE Oo oe HIMI High Speed Intrachassis Module Interconnect Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 a Chapter Overview of the Hardware and Software HZ New Features by Platform New Features by Platform Table 2 shows new feature support by platform Table 2 New Features in this Release by Platform Features 1941 1941W 2901 2911 2921 2951 3925 3925E 3945 3945E Services Performance Engine N N N N N N Y Y Y Y Cryptographic Engine N N N N N N yY Y y Y Acceleration USB Serial Console Y Y Y Y Y Y Y Y Y Y Power Management Y Y Y Y Y Y Y Y Y Y New Module and Interface Card Y Y Y Y Y Y Y Y Y Y Features Advanced Capability Y Y Y Y Y Y Y Y Y Y CompactFlash SFP Gigabit Ethernet Port N N N N Y Y Y Y Y Y Multi Gigabit Fabric Y Y Y Y Y Y Y Y Y Y Communication Integrated Application Services y y Y Y Y Y Y Y Y Y Eupe A New Slots Does not support Voice application services Must have Services Performance Engine 200 installed in the router Must have Services Performance Engine 250 installed in the router Does not support Voice application services Includes embedded wireless access point that supports Cisco Unified Wireless Architecture Cisco 3900 series 2900 series and 1900 series I
31. 0 1 1 2400 0 0 1 1200 Changing the Configuration Register Settings Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Step 8 You can change the configuration register settings from either the ROM monitor or the Cisco IOS CLI This section describes how to modify the configuration register settings from the Cisco IOS CLI To change the configuration register using the ROM monitor see Appendix C Using ROM Monitor in this guide To change the configuration register settings from the Cisco IOS CLI complete the following steps Connect a terminal or PC to the router console port If you need help see the hardware installation guide for your router Configure your terminal or terminal emulation software for 9600 baud default 8 data bits no parity and 2 stop bits Power on the router If you are asked whether you would like to enter the initial dialog answer no Would you like to enter the initial dialog yes no After a few seconds the user EXEC prompt Router gt appears Enter privileged EXEC mode by typing enable and if prompted enter your password Router gt enable Password password Router Enter global configuration mode Router configure terminal Enter configuration commands one per line Edit with DELETE CTRL W and CTRL U end with CTRL Z To change the configuration register settings enter the config register value command where value is a
32. 1 to 5 or last e Optional For day specify the day of the week for example Sunday e Optional For month specify the month for example January e Optional For hh mm specify the time 24 hour format in hours and minutes e Optional For offset specify the number of minutes to add during summer time The default is 60 Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file The first part of the clock summer time global configuration command specifies when summer time begins and the second part specifies when it ends All times are relative to the local time zone The start time is relative to standard time The end time is relative to summer time If the starting month is after the ending month the system assumes that you are in the southern hemisphere This example shows how to specify that summer time starts on the first Sunday in April at 02 00 and ends on the last Sunday in October at 02 00 AP config clock summer time PDT recurring 1 Sunday April 2 00 last Sunday October 2 00 If summer time in your area does not follow a recurring pattern configure the exact date and time of the next summer time events follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 clock summer time zone date month date year hh mm month date year hh mm offset or
33. 1340665 864167346 3591 3591 1340665 864091056 1340724 927961044 0 244128 KKK KKK KKK KKK KKK KK KK KKK KK KKK KK KK KK KK KKK KK KK KKK KK KKK KK KK KKK KKK KKK KKK KK KKK KEKEKE 3591 3591 1340725 927671142 1340666 864213120 3591 3591 1340666 864121572 1340725 928006818 0 244128 KKK KKK KKK KKK KKK KK KKK KKK KKK KKK KKK KKK KKK KK KK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKKEKKKE 3591 3591 1340726 927655884 1340667 864197862 3591 3591 1340667 864106314 1340726 927991560 0 244128 KKK KKK KKK KKK KKK KK KKK KKK KKK KKK KKK KKK KKK KK KK KKK KK KKK KKK KKK KKK KK KK KKK KK KKK EKER EK 3591 3591 1340727 927732174 1340668 864533538 3591 3591 1340668 864167346 1340727 928327236 0 228870 KKK KKK KK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KK KKK KK KK KKK KKK KKK KKK KKK KKK KKK KKK KEKKEKE 3591 3591 1340728 927655884 1340669 864197862 3591 3591 1340669 864121572 1340728 928006818 0 274644 KR KKK KKK KK KKK KKK KKK KKK KK KKK KK KKK KKK KKK KK KK KKK KK KKK KKK KKK KKK KK KKK KKK KKK KKK KKK 3591 3591 1340729 927671142 1340670 864197862 3591 3591 1340670 864121572 1340729 927991560 0 244128 KKK KKK KK KK KK KKK KK KKK KEK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKK KKEKKEKE Troubleshooting Two Way Delay Measurement Configuration A Table 4 lists the debug commands to troubleshoot issues pertaining to
34. 60 seconds e If there are no radar signals on the new channel enables beacons and accepts client associations e If participating in WDS sends a DFS notification of its new operating frequency to the active WDS device amp Note You cannot manually select a channel for DFS enabled 5 GHz radios in Europe and Singapore The access points randomly selects a channel However in Japan you can manually select a channel if a radar has not been detected on it for the previous 30 minutes If you attempt to select a channel that is unavailable due to radar detection the CLI displays a message stating the channel is unavailable The full list of channels that require DFS is shown in Table 2 Table 2 DFS Channel List Channel Frequency Channel Frequency Channel Frequency 56 5280 MHz 108 5520 MHz 128 5640 MHz 60 5300 MHz 112 5560 MHz 132 5660 MHz 64 5320 MHz 116 5580 MHz 136 5680 MHz 100 5500 MHz 120 5600 MHz 140 5700 MHz 104 5500 MHz 124 5620 MHz For autonomous operation DFS requires random channel selection among the channels listed in Table 2 The user interface prevents you from manually configuring these channels The channels that are not listed in Table 2 do not require random selection and may be manually configured Prior to transmitting on any channels listed in Table 2 the access point radio performs a Channel Availability Check CAC The CAC is a 60 second scan for the presence of r
35. Cisco 1900 Series ISRs Table 6 lists the slots and ports available on Cisco 1900 series routers To view the installation guide see the following URL http www cisco com en US docs routers access 1900 hardware installation guide 1900_HIG html Table 6 Cisco 1900 Series ISR Routers Dbl Wide Dbl Wide GE RJ 45 Router EHWIC EHWIC SM SM ISM PVDM3 WLAN CF ports Cisco 1941 2 1 0 0 1 0 0 2 12 Cisco 1941W 2 1 0 0 0 0 1 2 12 1 One of the two EWHIC slots is adouble wide EWHIC slot giving the appearance of three EWHIC slots Common Ports The following ports are common among Cisco 3900 series Cisco 2900 series and Cisco 1900 series routers e Gigabit Ethernet RJ45 Ports available through an RJ45 connector e Gigabit Ethernet RJ45 SFP Ports available through RJ45 SFP connectors Connection supports fail over if the secondary connection goes down e RS232 Aux Supports modem control lines and remote administration for box to box redundancy applications e RS232 Serial Console Supports modem control lines and remote administration of the router with the proprietary cable shipped in the box e Type A USB 2 0 Supports USB based flash memory sticks security tokens and USB compliant devices e Type B mini port USB Serial Console Supports modem control lines and remote administration of the router using a type B USB compliant cable Licensing Cisco 3900 series Cisco 2900 series an
36. Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Example Router config sla y1731 delay aggregate interval 30 aggregate interval refers to the interval at which the packets are sent seconds Specifies the length of time in seconds I OL 20696 04 i Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface Command Purpose Step6 exit Exits the router configuration mode Example Router config sla y1731 delay exit Step7 ip sla schedule operation number life Schedules the two way delay measurement value forever start time value she e life Specifies a period of time in seconds to execute The value can also be set as forever Example Start Specifies the ti hich h Router tcontioitip sla schedule 1001 start time sSpecifies the time at which to start the lite forever stare time mow entry The options available are after hh mm hh mm ss now and pending Step8 end Exits the router configuration mode and returns to the privileged EXEC mode Example Router config end Configuration Examples for Two Way Delay Measurement This example shows how to configure two way delay measurement using single tagging router gt enable router configure terminal router conf
37. Gi 0 2 1101 ka Gi 0 2 1101 Gi 0 0 1101 Provider Carrier Gi 0 0 1101 customer 1101 vlan 100 vlan 10 vlan 100 customer 1101 vlan 1101 vlan 1101 Gi 0 0 1102 Gi 0 2 1102 Gi 0 2 1102 Gi 0 0 1102 customer 1102 customer 1102 8 vlan 1102 vlan 1102 2 The following steps show how to configure external Ethernet data plane loopback on a subinterface using single and double tagging The procedure to configure external Ethernet data plane loopback on the main interface is similar to this procedure enable configure terminal interface gigabitethernet slot port sub port encapsulation dotlq vian id I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces W Ethernet Data Plane Loopback or encapsulation dotlq v an id second dotlq inner vlan id Step5 ethernet loopback permit external Step6 end DETAILED STEPS Command Purpose Step1 enable Enables the privileged EXEC mode Enter your password when prompted Example Router gt enable Step2 configure terminal Enters the global configuration mode Example Router configure terminal Step3 interface gigabitethernet Specifies the subinterface and enters the subinterface slot port sub port configuration mode Example Router config interface gigabitethernet 0 2 1101 Step4 enca
38. HZ How to Upgrade the Cisco 10S Image Step7 Step 8 Step 9 Step 10 Step 11 Step 12 What to Do Next copy flash0 tftp rep Optional Copy a file to a server before deleting the file from flash memory When prompted enter the filename and the server s hostname or IP address Router copy flash0O tftp Optional Repeat Step 7 for each file that you identified in Step 6 delete flash0 directory path filename Use this command to delete a file in flash memory Router delete flash0 c39xx tmp Delete filename c39xx tmp lt er gt Delete flash0 c39xx tmp confirm lt er gt Repeat Step 9 for each file that you identified in Step 6 dir flash0 Use this command to display the layout and contents of flash memory Router dir flash0 Flash CompactFlash directory File Length Name status 1 6458208 c39xx tmp deleted 2 6458208 c3xx mz 12916544 bytes used 3139776 available 16056320 total 15680K bytes of ATA CompactFlash Read Write From the displayed output of the dir flash0 command compare the number of bytes available to the size of the system image to which you want to upgrade e Ifthe available memory is less than the new system image s minimum flash requirements you must upgrade your compact flash memory card to a size that can accommodate both the existing files and the new system image See the hardware installation guide for your router e Ifthe available memory is equal to or greater than the new
39. Manager Express and Cisco Unified Communications Manager clusters An H 323 Gatekeeper provides these endpoints with call routing and call admission control functions The endpoints communicate with the Gatekeeper using the H 323 Registration Admission Status RAS protocol The H 323 Gatekeeper is a special Cisco IOS software image that runs on the Cisco ISR platforms and the AS5350XM and AS5400XM Universal Gateway platforms The Cisco IOS H 323 Gatekeeper is an application that acts as the point of control for a variety of voice and video components that can be attached to an IP network such as IP telephony devices IP PSTN gateways H 323 video conferencing endpoints and H 323 multipoint control units while facilitating buildout of large scale multimedia service networks To configure Gatekeeper features see Configuring H 323 Gatekeepers and Proxies at http www cisco com en US docs ios 12_3 vvf_c cisco_ios_h323_configuration_guide old_archives_h323 5gkconf html Call Control Protocols The Cisco 3900 series and Cisco 2900 series ISRs support the following type of call control protocols e Trunk side Protocols page 132 e Line side Protocols page 133 Trunk side Protocols The Cisco 3900 series and Cisco 2900 series ISRs support the following trunk side call control protocols e Session Initiation Protocol SIP page 133 e Media Gateway Control Protocol MGCP page 133 e H 323 page 133 Cisco 3900 Series Cisco 2900 S
40. R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 i IS IS su IS IS summary L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets a 10 108 1 0 is directly connected Loopback0O S 0 0 0 0 0 is directly connected FastEthernet0 Configuring Dynamic Routes In dynamic routing the network protocol adjusts the path automatically based on network traffic or topology Changes in dynamic routes are shared with other routers in the network The Cisco routers can use IP routing protocols such as Routing Information Protocol RIP or Enhanced Interior Gateway Routing Protocol EIGRP to learn routes dynamically You can configure either of these routing protocols on your router e Configuring Routing Information Protocol section on page 21 e Configuring Enhanced Interior Gateway Routing Protocol section on page 23 Configuring Routing Information Protocol SUMMARY STEPS To configure the RIP routing protocol on the router follow these steps beginning in global configuration mode 1 router rip version 1 2 network ip address no auto summary oF YS N end I OL 2
41. Statistics reports for each slot show packet performance and packet failures The following example displays output from the show platform mgf statistics command when entered on a Cisco 1941 ISR Router show platform mgf statistics Interface statistics for slot ISM port 1 30 second input rate 0 packets sec 30 second output rate 0 packets sec 0 packets input 0 bytes 0 overruns Received 0 broadcasts 0 multicast 0 unicast 0 runts 0 giants 0 jabbers 0 input errors 0 CRC 0 fragments 0 pause input 0 packets output 0 bytes 0 underruns 0 broadcast 0 multicast 0 unicast 0 late collisions 0 collisions 0 deferred 0 bad bytes received 0 multiple 0 pause output Interface statistics for slot EHWIC 0 port 2 30 second input rate 13844 packets sec 30 second output rate 13844 packets sec 3955600345 packets input 1596845471340 bytes 26682 overruns Received 0 broadcasts 0 multicast 3955600345 unicast 0 runts 0 giants 0 jabbers 0 input errors 0 CRC 0 fragments 0 pause input 3955738564 packets output 1596886171288 bytes 0 underruns 0 broadcast 0 multicast 3955738564 unicast 0 late collisions 0 collisions 0 deferred 0 bad bytes received 0 multiple 94883 pause output Interface statistics for slot EHWIC 1 port 3 30 second input rate 13844 packets sec 30 second output rate 13844 packets sec 3955973016 packets input 1598763291608 bytes 26684 overruns Received 0 broadcasts 0 multicast 3955973016 unicast 0
42. The password is encrypted in the configuration file Setting or Changing a Static Enable Password The enable password controls access to the privileged EXEC mode A Caution The no enable password command in global configuration mode removes the enable password but you should use extreme care when using this command If you remove the enable password you are locked out of the privileged EXEC mode To set or change a static enable password follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal enable password password end show running config a ae wN copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 258 OL 20696 04 _ Chapter Administering the Wireless Device Protecting Access to Privileged EXEC Commands DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Ste p2 enable password password Defines a new password or changes an existing password for access to privileged EXEC mode The default password is Cisco For password specify a string from to 25 alphanumeric characters The string cannot start with a number is case sensitive and allows spaces but ignores leading spaces It can contain the question mark character if you precede the question mark with the key combination Crtl V w
43. To configure dial backup and remote management on Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs follow these steps beginning in global configuration mode 1 ip name server server address 2 ip dhcp pool name 3 exit 4 chat script script name expect send 5 interface type number 6 exit 7 interface type number 8 dialer watch group group number 9 exit 10 ip nat inside source list access list number interface type number pool name overload 11 ip route prefix mask ip address interface type interface number ip address 12 access list access list number deny permit source source wildcard 13 dialerwatch list group number ip ip address address mask delay route check initial seconds 14 line aux console tty vty line number ending line number 15 modem enable 16 exit 17 line aux console tty vty line number ending line number 18 flowcontrol none software lock in out hardware in out Command Purpose ip name server server address Enters your ISP DNS IP address Tip You may add multiple server Example addresses if available Router config ip name server 192 168 28 12 Router config ip dhcp pool name Creates a DHCP address pool on the router Example Router config ip dhcp pool 1 and enters DHCP pool configuration mode The name argument can be a string or an integer Router config dhcp Configure the DHCP address pool For sample commands
44. and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 a iss Chapter Configuring Next Generation High Density PVDM3 Modules HZ How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways TDM Sharing Pooling Configuration Time division multiplexing TDM sharing pooling is only allowed among the same type of PVDMs For example if the motherboard has PVDM3 modules and other voice cards have PVDM2 modules the motherboard cannot share or pool DSP resources with other voice cards If the motherboard has PVDM2 modules and other voice cards also have PVDM2 modules the existing CLI command will enable TDM sharing pooling voice card 0 dsp tdm pooling In the case of mixed types of PVDMs existing in the router for example the motherboard has PVDM3 another voice card has PVDM2 and a third voice card has no PVDM there is a new CLI command under the voice card CLI that allows the voice card to choose which type of PVDM to use for TDM sharing pooling voice card 2 dsp tdm pooling type PVDM2 PVDM3 For more information about TDM sharing pooling see the documents listed in the Additional References section on page 166 How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways Use the following commands in global configuration mode to verify and troubleshoot the functionality of the PVDM2 and PVDM3 modules in
45. boot This section describes how to load a system image by using the boot ROM monitor command Prerequisites Determine the filename and location of the system image that you want to load Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 8 OL 20696 04 Appendix Using ROM Monitor SUMMARY STEPS 1 boot or boot flash0 filename or boot filename tftpserver or boot filename or boot usbflash0 filename DETAILED STEPS Step 1 1 Cisco 3925E and Cisco 3945E do not support this boot option Command or Action How to Use the ROM Monitor Typical Tasks Tl Purpose boot or boot flash0 filename or boot filename tftpserver or boot filename or boot usbflash0 filename Example ROMMON gt boot Example ROMMON gt boot flash0 Example ROMMON gt boot someimage 172 16 30 40 Example ROMMON gt boot someimage Example ROMMON gt boot usbflash0 someimage In order the examples here direct the router to e Boot the first image in flash memory e Boot the first image or a specified image in flash memory Note In IOS flashO will be aliased onto flash e Boot the specified image over the network from the specified TFTP server hostname or IP address e Boot from the boothelper image because it does not recognize the device ID This form of the command is used to boot a specif
46. dir flash0 Step4 copy flash0 ftp rep tftp Copies a file from flash memory to a server e Copy the system image file to a server to serve as a Example backup copy ROP SEH copy S1agnt ss SEs e Enter the flash memory partition number if prompted e Enter the filename and destination URL when prompted Examples 198 E Copying the Startup Configuration to a TFTP Server Example The following example shows the startup configuration being copied to a TFTP server Router copy nvram startup config tftp Remote host 172 16 101 101 Name of configuration file to write rtr2 confg lt er gt Write file rtr2 confg on host 172 16 101 101 confirm lt er gt OK Copying from Flash Memory to a TFTP Server Example The following example uses the dir flash0 privileged EXEC command to obtain the name of the system image file and the copy flash0 tftp privileged EXEC command to copy the system image to a TFTP server The router uses the default username and password Router dir flash0 System flash directory File Length Name status 1 4137888 c2900 mz 4137952 bytes used 12639264 available 16777216 total 16384K bytes of processor board System flash Read Write Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco 10S Software Router copy flash0O tftp How to Upgrade the
47. http www cisco com en US docs ios 12_3 vvf_c interop intcnf2 html The RSVP Agent feature implements a Resource Reservation Protocol RSVP agent on Cisco IOS voice gateways that support Cisco Unified Communications Manager Version 5 0 1 The RSVP agent enables Cisco Unified Communications Manager to provide resource reservation for voice and video media to ensure QoS and call admission control CAC Cisco Unified Communications Manager controls the RSVP agent through Skinny Client Control Protocol SCCP This signaling is independent of the signaling protocol used for the call so SCCP SIP H 323 and MGCP calls can all use the RSVP agent Benefits of this feature include the following e Improves flexibility and scalability of bandwidth management in a meshed network by decentralizing call admission control e Provides method of managing unpredictable bandwidth requirements of video media e Enables RSVP across WAN for Cisco IP phones and other devices that do not support RSVP See Configuring the RSVP Agent at Cisco com for information http www cisco com en US docs ios 12_3 vvf_c interop int_rsvp html Trusted Relay Point TRP The Cisco Unified Communications system can be deployed in a network virtualization environment Cisco Unified Communications Manager enables the insertion of trusted relay points TRPs The insertion of TRPs into the media path constitutes a first step toward VoIP deployment within a virtual network See Me
48. i ip dhcp pool miercom network 10 1 0 0 255 255 0 0 default router 10 1 0 254 dns server 10 1 0 254 ip dhcp pool wlan clients network 10 9 0 0 255 255 0 0 default router 10 9 0 254 dns server 10 9 0 254 multilink bundle name authenticated chat script gsm atdt 99 TIMEOUT 180 CONNECT chat script cdma atdt 777 TIMEOUT 180 CONNECT license udi pid CISCO1941W A K9 sn FHH1249P016 archive log config hidekeys redundancy track 234 ip sla 1 reachability interface Loopback0O ip address 1 1 1 1 255 255 255 255 I interface Wlan GigabitEthernet0 0 description Internal switch interface connecting to the embedded AP I interface GigabitEthernet0 0 ip address dhcp ip virtual reassembly load interval 30 shutdown duplex auto speed auto l interface wlan ap0 description Service module interface to manage the embedded AP ip address 192 168 1 1 255 255 255 0 arp timeout 0 no mop enabled no mop sysid l interface GigabitEthernet0 1 ip address 10 1 0 254 255 255 0 0 ip nat inside ip virtual reassembly shutdown Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 nos Chapter Configuring Backup Data Lines and Remote Management WE Configuring Backup Interfaces duplex auto speed auto crypto ipsec client ezvpn hw client
49. see Cisco IOS Security Command Reference for Release 12 4 This section describes how to control access to the configuration file and privileged EXEC commands It contains this configuration information e Configuring Default Password and Privilege Level page 258 e Setting or Changing a Static Enable Password page 258 e Protecting Enable and Enable Secret Passwords with Encryption page 259 e Configuring Username and Password Pairs page 261 e Configuring Multiple Privilege Levels page 262 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device HZ Protecting Access to Privileged EXEC Commands Configuring Default Password and Privilege Level Table 1 shows the default password and privilege level configuration Table 1 Default Passwords and Privilege Levels Privilege Level Default Setting Username and password Default username is Cisco and the default password is Cisco Enable password and privilege level Default password is Cisco The default is level 15 privileged EXEC level The password is encrypted in the configuration file Enable secret password and privilege level Default enable password is Cisco The default is level 15 privileged EXEC level The password is encrypted before it is written to the configuration file Line password Default password is Cisco
50. 0 0 0 0 3 1 0 0 0 0 00fa ce25 0000 51645919 37972871 29875 29875 0 0 0 1 4 1 0 0 0 0 00fa ce25 0001 28355309 20859980 29875 29875 0 0 0 1 5 1 0 0 0 0 00fa ce25 0001 28355309 20859980 29875 29875 0 0 0 1 6 1 0 0 0 0 00fa ce25 0001 28355309 20859980 29875 29875 0 Step8 show voice dsp statistics tx rx Use this command to display transmitted and received packet counts for the device Router show voice dsp statistics tx rx Device and Port Statistics PVDM 0 8903 input packets at port 15374 output packets at port Device 0 6853 packets from device 11793 packets to device 0 Ctrl amp 0 Media out of sequence packets 0 packets drop 0 input error packets 0 output error packets 0 resource errors packets 0 gaints vlan id 2 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 160 OL 20696 04 _ Chapter Configuring Next Generation High Density PVDM3 Modules Step 9 Step 10 Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers il Device 1 2048 packets from device 3579 packets to device 0 Ctrl amp 0 Media out of sequence packets 0 packets drop 0 input error packets 0 output error packets 0 resource errors packets 0 gaints vlan id 2 29083 input packets at port 32627 output packets at port Device 2 29081 packets from device 32627 packets to device 0 Ctrl amp 0 Media out of sequence pack
51. 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz and 5 GHz radios are radio 0 The 802 1 1n 5 GHz radio is radio 1 fragment threshold value Sets the fragmentation threshold Enter a setting from 256 to 2346 bytes for the 2 4 GHz radio Enter a setting from 256 to 2346 bytes for the 5 GHz radio end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Use the no form of the fragment threshold command to reset the setting to the default Enabling Short Slot Time for 802 119 Radios You can increase throughput on the 802 11g 2 4 GHz radio by enabling short slot time Reducing the slot time from the standard 20 microseconds to the 9 microsecond short slot time decreases the overall backoff which increases throughput Backoff which is a multiple of the slot time is the random length of time that a station waits before sending a packet on the LAN Many 802 11g radios support short slot time but some do not When you enable short slot time the wireless device uses the short slot time only when all clients associated to the 802 11g 2 4 GHz radio support short slot time Short slot time is supported only on the 802 11g 2 4 GHz radio Short slot time is disabled by default In radio interface mode enter the short slot time command to enable short slot time ap config if short slot time Enter no short slot time
52. 10 10 2 Router config end Exits router configuration mode and enters privileged EXEC mode Example Router config end Router I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Basic Router Configuration W Configuring Static Routes Example In the following configuration example the static route sends out all IP packets with a destination IP address of 192 168 1 0 and a subnet mask of 255 255 255 0 on the Gigabit Ethernet interface to another device with an IP address of 10 10 10 2 Specifically the packets are sent to the configured PVC You do not need to enter the command marked default This command appears automatically in the configuration file generated when you use the show running config command ip classless default ip route 192 168 1 0 255 255 255 0 10 10 10 2 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 20 OL 20696 04 Chapter Basic Router Configuration Configuring Dynamic Routes W Verifying Configuration To verify that you have properly configured static routing enter the show ip route command and look for static routes signified by the S You should see verification output similar to the following Router show ip route Codes C connected S static
53. 10S CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration W DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Command or Action Purpose enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable configure terminal Enters global configuration mode Example Router configure terminal hostname name Specifies or modifies the hostname for the network server Example Router config hostname myrouter Verify that the router prompt displays your new hostname Example myrouter config end Optional Returns to privileged EXEC mode Example myrouter end Configuring the Enable and Enable Secret Passwords To provide an additional layer of security particularly for passwords that cross the network or are stored on a TFTP server you can use either the enable password command or enable secret command Both commands accomplish the same thing they allow you to establish an encrypted password that users must enter to access privileged EXEC enable mode We recommend that you use the enable secret command because it uses an improved encryption algorithm Use the enable password command only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command For more information see the Configuring Passwords and Privileges chap
54. 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 220 OL 20696 04 Configuring Radio Settings The following sections describe how to configure radio settings for the wireless device Enabling the Radio Interface page 221 Configuring the Role in the Radio Network page 223 Configuring Dual Radio Fallback page 225 Configuring Radio Data Rates page 226 Configuring MCS Rates page 229 Configuring Radio Transmit Power page 231 Configuring Radio Channel Settings page 233 Enabling and Disabling World Mode page 239 Disabling and Enabling Short Radio Preambles page 241 Configuring Transmit and Receive Antennas page 242 Enabling and Disabling Gratuitous Probe Response page 243 Configuring the Ethernet Encapsulation Transformation Method page 245 Enabling and Disabling Public Secure Packet Forwarding page 246 Configuring the Beacon Period and the DTIM page 248 Configure RTS Threshold and Retries page 249 Configuring the Maximum Data Retries page 250 Configuring the Fragmentation Threshold page 250 Enabling Short Slot Time for 802 11g Radios page 251 Performing a Carrier Busy Test page 251 Configuring VoIP Packet Handling page 252 Enabling the Radio Interface The wireless device radios are disabled by default amp Note You must create a service set identifier SSID before you can enable the radio interface Cisco 3900 Serie
55. 3925 and Cisco 3925E routers Applies only to Cisco 3945 and Cisco 3945E routers Applies only to Cisco 2951 Cisco 3925 and Cisco 3925E routers Applies only to Cisco 3945 and Cisco 3945E routers Applies only to Cisco 2951 Cisco 3925 and Cisco 3925E routers Applies only to Cisco 3945 and Cisco 3945E routers O05 Soh OY ORS 8 oS Configuring Gigabit Ethernet Interfaces To manually define onboard Gigabit Ethernet GE interfaces follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface gigabitethernet slot port ip address ip address mask no shutdown PF N exit DETAILED STEPS Command Purpose Step 1 interface gigabitethernet slot port Enters the configuration mode for a Gigabit Ethernet interface on the router Example Router config interface gigabitethernet 0 1 Router config if Step 2 Sets the IP address and subnet mask for the specified GE interface ip address ip address mask Example Router config if ip address 192 168 12 2 255 255 255 0 Router config if Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Basic Router Configuration Command Configuring Wireless LAN Interfaces W Purpose Step 3 no shutdown Example Router config if no shutdown Router config if Enables the GE interface changing its
56. 43 for the controller IP address in the DHCP pool configuration The following is a sample configuration ip dhcp pool embedded ap pool network 60 0 0 0 255 255 255 0 dns server 171 70 168 183 default router 60 0 0 1 option 43 hex 104 0a0a 0a0f single WLC IP address 10 10 10 15 in hex format int vlanl ip address 60 0 0 1 255 255 255 0 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring the Wireless Device HI Upgrading to Cisco Unified Software For more information about the WLC discovery process see Cisco Wireless LAN Configuration Guide at Cisco com http www cisco com en US docs wireless controller 4 0 configuration guide ccfig40 html Prior to the Upgrade Perform the following steps 1 Ping the WLC from the router to confirm IP connectivity Enter the service module wlan ap 0 session command to establish a session with the access point Confirm that the access point is running an autonomous boot image gt 2S N Enter the show boot command on the access point to confirm the mode setting is enabled The following is sample output for the command Autonomous AP show boot BOOT path list flash ap801 k9w7 mx 124 10b JA3 ap801 k9w7 mx 124 10b JA3 Config file flash config txt Private Config file flash private config Enable Break yes Manual Boot yes HELPER path list NVRAM
57. 8 9 60 4 39 81 43 1 3 90 5 52 109 57 5 9 120 6 58 5 121 5 65 135 7 65 135 72 2 9 152 5 8 13 27 14 4 9 30 9 26 54 28 8 9 60 10 39 81 43 1 3 90 11 52 108 57 7 9 120 12 78 162 86 2 3 180 13 104 216 115 5 9 240 14 117 243 130 270 15 130 270 144 4 9 300 The legacy rates are as follows 5 GHz 6 9 12 18 24 36 48 and 54 Mb s 2 4 GHz 1 2 5 5 6 9 11 12 18 24 36 48 and 54 Mb s MCS rates are configured using the speed command The following example shows a speed setting for an 802 11g n 2 4 GHz radio interface Dot11Radio0 no ip address no ip route cache ssid 800test speed basic 1 0 2 0 5 5 11 0 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 mO m1 m2 m3 m4 m8 m9 m10 m11 m12 m13 m14 m15 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 230 OL 20696 04 Chapter Configuring Radio Settings Configuring Radio Transmit Power W Configuring Radio Transmit Power SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Radio transmit power is based on the type of radio or radios installed in your access point and the regulatory domain in which it operates To set the transmit power on access point radios follow these steps beginning in privileged EXEC mode 1 configure terminal 2 interface dotllradio 0 1 3 power local level 4 end 5 copy running
58. 802 11d world mode operation Limiting the power level on associated client devices When a client device associates to the wireless device the wireless device sends the maximum allowed power level setting to the client Disabling Aironet extensions disables the features listed above but it sometimes improves the ability of non Cisco client devices to associate to the wireless device Aironet extensions are enabled by default To disable Aironet extensions follow these steps beginning in privileged EXEC mode SUMMARY STEPS oF N configure terminal interface dotllradio 0 1 no doti1 extension aironet end copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Radio Settings Configuring the Ethernet Encapsulation Transformation Method W DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface dotilradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 1 1n 5 GHz radio is radio 1 Step3 no dot11 extension aironet Disables Aironet extensions Step4 end Returns to privileged EXEC mode Step5 copy running config startup config Optional Saves your entries in the configuration file Use the dot11 extension aironet command to enable
59. Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EN Chapter Configuring Next Generation High Density PVDM3 Modules HZ Prerequisites for Configuring the PVDM3 Module on Cisco Voice Gateway Routers e How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways page 154 e Configuration Examples for Configuring the PYDM3 Module on Cisco Voice Gateway Routers page 161 e Additional References page 166 e Glossary page 168 Prerequisites for Configuring the PVDM3 Module on Cisco Voice Gateway Routers To configure the PVDM3 Module on your Cisco 2900 or Cisco 3900 series voice gateway router you must have Cisco IOS Release 15 0 1 M or a later release installed The image must provide a voice capable feature set To configure the PVDM3 Module on your Cisco 3925E or Cisco 3945E voice gateway router you must have Cisco IOS Release 15 1 1 T or later release installed The image must provide a voice capable feature set If you have installed the PVDM3 cards in your Cisco gateway make certain that you have complied with the hardware installation instructions in Cisco 2900 Series and 3900 Series Integrated Services Routers Hardware Installation Guide Restrictions for Configuring the PVDM3 Module on Cisco Voice Gateway Routers The PVDM3 card can only be installed and used on the following Cisco voice gateway router
60. Clients ie W Access point i A i 146930 l amp Note This feature does not affect the fallback feature for single radio access points You can configure dual radio fallback in three ways e Radio tracking e Fast Ethernet tracking e MAC address tracking Radio Tracking You can configure the access point to track or monitor the status of one of its radios If the tracked radio goes down or is disabled the access point shuts down the other radio If the tracked radio comes up the access point enables the other radio e To track radio 0 enter the following command station role root access point fallback track d0 shutdown e To track radio 1 enter the following command station role root access point fallback track d1 shutdown Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 g 225 Chapter Configuring Radio Settings W Configuring Radio Data Rates Fast Ethernet Tracking You can configure the access point for fallback when its Ethernet port is disabled or disconnected from the wired LAN You configure the access point for Fast Ethernet tracking as described in the Configuring the Role in the Radio Network section on page 223 Note Fast Ethernet tracking does not support the repeater mode e To configure the access point for Fast Ethernet tracking enter the following command
61. Command or Action Configuring VPN W Purpose Step 2 crypto map map name Applies the crypto map to the interface See Cisco IOS Security Command Reference for Example more detail about this command Router config if crypto map static map Router config if Step 3 exit Returns to global configuration mode Example Router config crypto map exit Router config Where to Go Next Create a Cisco Easy VPN Remote Configuration SUMMARY STEPS If you are creating a Cisco Easy VPN remote configuration go to the Create a Cisco Easy VPN Remote Configuration section on page 103 If you are creating a site to site VPN using IPSec tunnels and GRE go to the Configure a Site to Site GRE Tunnel section on page 106 The router that is acting as the Cisco Easy VPN client must create a Cisco Easy VPN remote configuration and assign it to the outgoing interface To create the remote configuration follow these steps beginning in global configuration mode crypto ipsec client ezvpn name group group name key group key peer ipaddress hostname exit crypto isakmp keepalive seconds interface type number o o N Fo fF FPF YS DN exit mode client network extension network extension plus crypto ipsec client ezvpn name outside inside I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Gu
62. Device HZ Configuring Wireless Settings Table 1 Security Type Types of SSID Security continued Description Security Features Enabled EAP Authentication This option enables 802 1X authentication such as LEAP PEAP EAP TLS EAP FAST EAP TTLS EAP GTC EAP SIM and other 802 1X EAP based products This setting uses mandatory encryption WEP open authentication EAP network EAP authentication no key management RADIUS server authentication port 1645 You are required to enter the IP address and shared secret for an authentication server on your network server authentication port 1645 Because 802 1X authentication provides dynamic encryption keys you do not need to enter a WEP key Mandatory 802 1X authentication Client devices that associate using this SSID must perform 802 1X authentication If radio clients are configured to authenticate using EAP FAST open authentication with EAP should also be configured If you do not configure open authentication with EAP the following warning message appears SSID CONFIG WARNING SSID If radio clients are using EAP FAST AUTH OPEN with EAP should also be configured WPA This option permits wireless access to users Mandatory WPA authentication authenticated against a database through the services of Client devices that associate using an authentication server then encrypts their IP traffic this SSID must be
63. Guide for more information ISRs are configured primarily as residential gateways RGWs under MGCP For residential gateway configuration information see the Configuring an RGW section of the Basic MGCP Configuration chapter of Cisco IOS MGCP and Related Protocols Configuration Guide H 323 is an umbrella recommendation from the International Telecommunication Union ITU that defines the protocols to provide voice and video communication sessions on a packet network The H 323 standard addresses call signaling and control multimedia transport and control and bandwidth control for point to point and multi point sessions See Cisco IOS H 323 Configuration Guide for more information about H 323 For router configuration information see the Configuring H 323 Gateways chapter of Cisco IOS H 323 Configuration Guide Line side Protocols The Cisco 3900 series and Cisco 2900 series ISRs support the following line side call control protocols e SCCP Controlled Analog Ports with Supplementary Features page 134 e Session Initiation Protocol SIP page 134 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chapter Unified Communications on Cisco Integrated Services Routers W Unified Communications Gateways SCCP Controlled Analog Ports with Supplementary Features Voice gateway ISRs support the Cisco Skinny Client Control Protocol SCCP
64. Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces W Ethernet Data Plane Loopback This is an intrusive loopback and the packets matched with the service will not be able to pass through Continue yes no Enter yes to continue This example shows how to stop an Ethernet data plane loopback Router ethernet loopback stop local interface gigabitethernet 0 2 1101 id 1 Router Oct 21 10 16 17 887 E_DLB 6 DATAPLANE_LOOPBACK_STOP Ethernet Dataplane Loopback Stop on interface GigabitEthernet0 2 with session id 1 Router show ethernet loopback active Total Active Session s 0 Total Internal Session s 0 Total External Session s 0 Verifying the Ethernet Data Plane Loopback Configuration Use the following commands to verify the Ethernet data plane loopback configuration e show ethernet loopback permitted e show ethernet loopback active Use the show ethernet loopback permitted command to view the loopback capabilities per interface Router show ethernet loopback permitted Interface SrvcInst Direction Dot1lq Dotlad s Second Dot1q s Gi0 2 1101 N A External 100 1101 Use the show ethernet loopback active command to display the summary of the active loopback sessions on a subinterface Router show ethernet loopback active Loopback Session ID seid Interface GigabitEthernet0 2 1101 Service Inst
65. OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor Typical Tasks W Accessibility This product can be configured using the Cisco command line interface CLI The CLI conforms to accessibility code 508 because it is text based and it relies on a keyboard for navigation All functions of the router can be configured and monitored through the CLI For a complete list of guidelines and Cisco products adherence to accessibility see the Cisco Accessibility Products document at http www cisco com web about responsibility accessibility products How to Use the ROM Monitor Typical Tasks This section provides the following procedures e Entering ROM Monitor Mode page C 3 e Displaying Commands and Command Syntax in ROM Monitor Mode help page C 7 e Displaying Files in a File System dir page C 8 e Loading a System Image boot page C 8 e Modifying the Configuration Register confreg page C 13 e Obtaining Information on USB Flash Devices page C 14 e Modifying the I O Memory iomemset page C 15 e Recovering the System Image tftpdnld page C 16 e Troubleshooting Crashes and Hangs stack context frame sysret meminfo page C 20 e Exiting ROM Monitor Mode page C 25 amp Note This section does not describe how to perform all possible ROM monitor tasks Use the command help to perform any tasks that are not described in this document See the Displaying Commands and Command Syntax in ROM Mon
66. PPP number of packets and number of bytes AAA uses protocols such as Remote Authentication Dial In User Service RADIUS Terminal Access Controller Access Control System Plus TACACS or Kerberos to administer its security functions If your router is acting as a network access server AAA is the means through which you establish communication between your network access server and your RADIUS TACACS or Kerberos security server For information about configuring AAA services and supported security protocols authentication authorization accounting RADIUS TACACS or Kerberos see the following sections of Cisco IOS Security Configuration Guide Securing User Services Release 12 4T at http www cisco com en US docs ios sec_user_services configuration guide 12_4T sec_securing_user_services_12 4t_book html e Configuring Authentication e Configuring Authorization e Configuring Accounting e Configuring RADIUS e Configuring TACACS e Configuring Kerberos Configuring AutoSecure The AutoSecure feature disables common IP services that can be exploited for network attacks and enables IP services and features that can aid in the defense of a network when under attack These IP services are all disabled and enabled simultaneously with a single command greatly simplifying security configuration on your router For a complete description of the AutoSecure feature see the AutoSecure feature document at http www cisco com unive
67. Size 256 MB Start Addr 0x00000000 ee Bank 0 128 MB Bank 1 128 MB Main memory size 384 MB in 64 bit mode Available main memory starts at 0xa0015000 size 393132KB IO packet memory size 10 percent of main memory NVRAM size 191KB Recovering the System Image tftpdnid A This section describes how to download a Cisco IOS software image from a remote TFTP server to the router flash memory by using the tftpdnld command in ROM monitor mode Caution Prerequisites Restrictions Use the tftpdnld command only for disaster recovery because it can erase all existing data in flash memory before it downloads a new software image to the router Before you can enter the tftpdnld command you must set the ROM monitor environment variables Connect the TFTP server to a fixed network port on your router e LAN ports on network modules or interface cards are not active in ROM monitor mode Therefore only a fixed port on your router can be used for TFTP download This can be a fixed Ethernet port on the router that is either of the two Gigabit Ethernet ports on Cisco routers with those ports e You can only download files to the router You cannot use the tftpdnld command to retrieve files from the router Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor
68. Size Used Free Bank Size State Copy Mode T 125184K 20390K 104793K OK Read Write Direct System Compact Flash directory File Length Name status addr fcksum ccksum 1 6658376 c29xx i mz 0x40 OxEOFF OxEOFF 2 14221136 c2900 telcoent mz 0x6599C8 O0x5C3D 0x5C3D 20879640 bytes used 107308776 available 128188416 total 125184K bytes of ATA System Compact Flash Read Write Chip information NOT available External Card with Class C Flash File System Example The geometry and format information is displayed in this format Router show flash all length date time path 1 6658376 Mar 01 2004 04 27 46 c28xx i mz 25268224 bytes available 6664192 bytes used xx x x x x ATA Flash Card Geometry Format Info ATA CARD GEOMETRY Number of Heads Number of Cylinders 490 Sectors per Cylinder 32 Sector Size 512 Total Sectors 62720 ATA CARD FORMAT Number of FAT Sectors 31 Sectors Per Cluster 8 Number of Clusters 7796 Number of Data Sectors 62560 Base Root Sector 155 Base FAT Sector 93 Base Data Sector 187 Formatting CompactFlash Memory as a Class C File System Use the format flash0 command in privileged EXEC mode to e Format CF memory cards with a Class C flash file system e Remove the files from a CF memory card previously formatted with a Class C flash file system I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services R
69. Typical Tasks W SUMMARY STEPS 1 IP_ADDRESS ip_address 2 IP_SUBNET_MASK ip_address 3 DEFAULT_GATEWAY ip_address 4 TFTP_SERVER ip_address 5 TFTP_FILE directory path filename 6 GE_PORT 01 11 2 7 GE_SPEED_MODE 01112131415 8 TFTP_MEDIA_TYPE 0 1 9 TFTP_CHECKSUM 0 1 10 TFTP_DESTINATION flash0 flash1 usbflash0 usbflash1 11 TFTP_MACADDR MAC _address 12 TFTP_RETRY_COUNT retry_times 13 TFTP_TIMEOUT time 14 TFTP_VERBOSE setting 15 set 16 tftpdnid h r 17 y DETAILED STEPS Command or Action Purpose Step 1 IP_ADDRESS ip_address Sets the IP address of the router Example rommon gt IP_ADDRESS 172 16 23 32 Step2 IP_SUBNET_MASK ip_address Sets the subnet mask of the router Example rommon gt IP_SUBNET_MASK 255 255 255 224 Step3 DEFAULT_GATEWAY ip_address Sets the default gateway of the router Example rommon gt DEFAULT_GATEWAY 172 16 23 40 Step4 TFTP_SERVER ip_address Sets the TFTP server from which the software is downloaded Example rommon gt TFTP_SERVER 172 16 23 33 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 EA AppendixC Using ROM Monitor HI Howto Use the ROM Monitor Typical Tasks Command or Action Purpose Step5 TFTP_FILE directory path filename Example rommon gt TFTP_FILE archive rel22 c2801 i mz Sets the
70. US docs ios 12_2 ibm configuration guide bcftb_ps1835_TSD_Products_Configuration_Guide_Chapter html PSPF is disabled by default To enable PSPF follow these steps beginning in privileged EXEC mode 1 configure terminal interface dotl1radio 0 1 bridge group group port protected end oF YS N copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Radio Settings DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Enabling and Disabling Public Secure Packet Forwarding W Command Purpose configure terminal Enters global configuration mode interface dotllradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 bridge group group port protected Enables PSPF end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Use the no form of the bridge group command to disable PSPF Configuring Protected Ports SUMMARY STEPS DETAILED STEPS Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 1 Step 2 Step 3 Step 4 Step5 Step 6 To prevent communication between cl
71. WPA capable with stronger algorithms than those used in WEP If radio clients are configured to This setting uses encryption ciphers TKIP open authenticate using EAP FAST open authentication EAP network EAP authentication key authentication with EAP should also management WPA mandatory and RADIUS server be configured If you don t configure authentication port 1645 open authentication with EAP the As with EAP authentication you must enter the IP following message appears address and shared secret for an authentication server on SSID CONFIG WARNING SSID If your network server authentication port 1645 Zadio Sen gre using EAP FAST AUTH OPEN with EAP should also be configured 1 EAP Extensible Authentication Protocol 2 LEAP Lightweight Extensible Authentication Protocol 3 PEAP Protected Extensible Authentication Protocol 4 EAP TLS Extensible Authentication Protocol Transport Layer Security 5 EAP FAST Extensible Authentication Protocol Flexible Authentication via Secure Tunneling 6 EAP TTLS Extensible Authentication Protocol Tunneled Transport Layer Security 7 EAP GTC Extensible Authentication Protocol Generic Token Card 8 EAP SIM Extensible Authentication Protocol Subscriber Identity Module 9 WA Wi Fi Protected Access gt TKIP Temporal Key Integrity Protocol Configuring Wireless Quality of Service Configuring Quality of Service QoS can provide preferential treatment
72. You can upgrade the software on the device to Cisco Unified software See the Upgrading to Cisco Unified Software section on page 215 Note The wireless device is embedded on the router and does not have an external console port for connections To configure the wireless device use a console cable to connect a personal computer to the host router s Console serial port and follow the instruction to establish a configuration session Starting a Wireless Configuration Session Enter the following commands in global configuration mode on the router s Cisco IOS command line interface CLI SUMMARY STEPS 1 interface wlan ap0 ip address subnet mask no shut interface vlan1 ip address subnet mask exit exit o N os FF Y DN service module wlan ap 0 session Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ms 207 Chapter Configuring the Wireless Device HZ Starting a Wireless Configuration Session DETAILED STEPS Command Purpose Step 1 interface wlan ap0 Example router config interface wlan ap0 router config if Defines the router s console interface to the wireless device It is used for communication between the router s Console and the wireless device Always use port 0 The following message appears The wlan ap 0 interface is used for managing the embedded AP Please use
73. all incoming Ethernet packets conform to the configured rate Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 298 OL 20696 04 APPENDIX A Cisco IOS CLI for Initial Configuration The following sections describe how to perform the initial configuration using the Cisco Internet Operating System IOS command line interface CLI e Prerequisites for Initial Software Configuration Using the Cisco IOS CLI page A 1 e Using the Cisco IOS CLI to Perform Initial Configuration page A 2 amp Note We recommend using Cisco Configuration Professional Express web based application to configure the initial router settings See Cisco Configuration Professional Express User Guide at Cisco com for detailed instructions http www cisco com en US docs net_mgmt cisco_configuration_professional_express v1_4 olh ccp_ express html Initial Configuration of the Wireless Access Point on Cisco 1941W Router The embedded wireless access point AP runs its own version of Cisco Internet Operating System IOS software Use Cisco Configuration Professional Express to perform the initial configuration of the access point software For information on how to configure additional wireless parameters see the Configuring the Wireless Device module in this guide Prerequisites for Initial Software Configuration Using the Cisco IOS CLI Follow the instructions in th
74. allows most VPN parameters such as internal IP addresses internal subnet masks DHCP server addresses Windows Internet Naming Service WINS server addresses and split tunneling flags to be defined at a VPN server such as a Cisco VPN 3000 series concentrator that is acting as an IPSec server A Cisco Easy VPN server enabled device can terminate VPN tunnels initiated by mobile and remote workers who are running Cisco Easy VPN Remote software on PCs Cisco Easy VPN server enabled devices allow remote routers to act as Cisco Easy VPN Remote nodes The Cisco Easy VPN client feature can be configured in one of two modes client mode or network extension mode Client mode is the default configuration and allows only devices at the client site to access resources at the central site Resources at the client site are unavailable to the central site Network extension mode allows users at the central site where the Cisco VPN 3000 series concentrator is located to access network resources on the client site After the IPSec server has been configured a VPN connection can be created with minimal configuration on an IPSec client When the IPSec client initiates the VPN tunnel connection the IPSec server pushes the IPSec policies to the IPSec client and creates the corresponding VPN tunnel connection Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 92 OL 20696 0
75. allows the access point to extend the coverage area by compromising on the data rate Therefore if you have a client that cannot connect to the access point while other clients can the client might not be within the coverage area of the access point In such a case using the range option will help extend the coverage area and the client may be able to connect to the access point Typically the trade off is between throughput and range When the signal degrades possibly due to distance from the access point the rates renegotiate in order to maintain the link but at a lower data rate A link that is configured for a higher throughput simply drops when the signal degrades enough that it no longer sustains a configured high data rate or the link roams to another access point with sufficient coverage if one is available The balance between the two throughput vs range is a design decision that must be made based on resources available to the wireless project the type of traffic the users will be passing the service level desired and as always the quality of the RF environment When you enter throughput for the data rate setting the wireless device sets all four data rates to basic Note When a wireless network has a mixed environment of 802 11b clients and 802 11g clients make sure that data rates 1 2 5 5 and 11 Mb s are set to required basic and that all other data rates are set to enable The 802 11b adapters do not reco
76. associated client devices Maintaining an ARP cache on the wireless device reduces the traffic load on your wireless LAN ARP caching is disabled by default This section contains this information e Understanding Client ARP Caching page 296 e Configuring ARP Caching page 297 Understanding Client ARP Caching ARP caching on the wireless device reduces the traffic on your wireless LAN by stopping ARP requests for client devices at the wireless device Instead of forwarding ARP requests to client devices the wireless device responds to requests on behalf of associated client devices When ARP caching is disabled the wireless device forwards all ARP requests through the radio port to associated clients The client that receives the ARP request responds When ARP caching is enabled the wireless device responds to ARP requests for associated clients and does not forward requests to clients When the wireless device receives an ARP request for an IP address not in the cache the wireless device drops the request and does not forward it In its beacon the wireless device includes an information element to alert client devices that they can safely ignore broadcast messages to increase battery life Optional ARP Caching When a non Cisco client device is associated to an access point and is not passing data the wireless device might not know the client IP address If this situation occurs frequently on your wireless LAN you can enable optional ARP
77. character of your choice such as a pound sign and press the Return key The delimiting character signifies the beginning and end of the banner text Characters after the ending delimiter are discarded For message enter a banner message up to 255 characters You cannot use the delimiting character in the message Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file To delete the MOTD banner use the no banner motd command in global configuration mode The following is example shows how to configure a MOTD banner for the wireless device The pound sign is used as the beginning and ending delimiter AP config banner motd Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 mw 285 Chapter Administering the Wireless Device W Creating a Banner This is a secure site Only authorized users are allowed For access contact technical support AP config This example shows the banner that results from the previous configuration Unix gt telnet 172 2 5 4 Trying 172 2 5 4 Connected to 172 2 5 4 Escape character is This is a secure site Only authorized users are allowed For access contact technical support User Access Verification Password Configuring a Log
78. client dial pool number 1 I OL 20696 04 E Chapter Configuring Backup Data Lines and Remote Management W Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port I dsl operating mode auto I Primary WAN link interface Dialer1 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 ppp authentication pap callin ppp pap sent username account password 7 pass ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request Dialer backup logical interface interface Dialer3 ip address negotiated ip nat outside encapsulation ppp no ip route cache no ip mroute cache dialer pool 3 dialer idle timeout 60 dialer string 5555102 modem script Dialout dialer watch group 1 I Remote management PC IP address peer default ip address 192 168 2 2 no cdp enable Need to use your own ISP account and password ppp pap sent username account password 7 pass ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request IP NAT over Dialer interface using route map ip nat inside source route map main interface Dialerl overload ip nat inside source route map secondary interface Dialer3 overload ip classless When primary link is up again distance 50 will override 80 if dial backup has not timed out Use multiple routes because peer IP addresses are alternated among them when the CPE is connected ip route 0 0 0 0 0 0 0 0 64 161 31 254 50 ip route 0 0 0 0 0 0
79. com c en us products collateral ios nx os software identity based networking servic e application_note_c27 573287 html Only single host mode is supported for the Identity features on the Onboard Gigabit Ethernet Layer 3 ports In single host mode only one client can be connected to the IEEE 802 1X enabled router port The router detects the client by sending an EAPol frame when the port link state changes to up state If a Client leaves or is replaced with another client the router changes the port link state to down and the port returns to the unauthorized state Open Access The Open Access feature allows clients or devices to gain network access before authentication is performed This is primarily required for the Preboot eXecution Environment PXE scenario where a device is required to access the network before PXE times out and downloads a bootable image which contains a supplicant Configuring Open Access SUMMARY STEPS Perform these steps to configure Open Access 1 enable 2 configure terminal 3 interface gigabitethernet slot port 4 authentication open 5 end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Identity Features on Layer 3 Interface DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Command or Action Control Direction Wake on LAN W Purpose enable
80. command in line configuration mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Controlling Access Point Access with TACACS W Configuring TACACS Authorization for Privileged EXEC Access and Network Services AAA authorization limits the services available to a user When AAA authorization is enabled the wireless device uses information retrieved from the user profile which is located either in the local user database or on the security server to configure the user session The user is granted access to a requested service only if the information in the user profile allows it You can use the aaa authorization command in global configuration mode with the tacacs keyword to set parameters that restrict a user network access to privileged EXEC mode The aaa authorization exec tacacs local command sets these authorization parameters e Use TACACS for privileged EXEC access authorization if authentication was performed by using TACACS e Use the local database if authentication was not performed by using TACACS Note SUMMARY STEPS Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured To specify TACACS authorization for privileged EXEC access and network services follow these steps beginning in pr
81. command to disable short slot time Performing a Carrier Busy Test You can perform a carrier busy test to check the radio activity on wireless channels During the carrier busy test the wireless device drops all associations with wireless networking devices for 4 seconds while it conducts the carrier test and then displays the test results In privileged EXEC mode enter this command to perform a carrier busy test dot11 interface number carrier busy For interface number enter dot11radio 0 to run the test on the 2 4 GHz radio or enter dot11radio 1 to run the test on the 5 GHz radio Use the show dot11 carrier busy command to redisplay the carrier busy test results I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide i Chapter Configuring Radio Settings W Configuring VoIP Packet Handling Configuring VolP Packet Handling Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 You can improve the quality of VoIP packet handling per radio on access points by enhancing 802 11 MAC behavior for lower latency for the class of service CoS 5 Video and CoS 6 Voice user priorities To configure VoIP packet handling on an access point follow these steps Using a browser log in to the access point Click Services in the task menu on the left side of the web browser interface When the list of Services expands click Stream The St
82. configuration file amp Note When you enable the role of a device in the radio network as a bridge workgroup bridge and enable the interface using the no shut command the physical status and the software status of the interface will be up ready only if the device on the other end access point or bridge is up Otherwise only the physical status of the device will be up The software status will be up when the device on the other end is configured and ready Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 22a E OL 20696 04 Chapter Configuring Radio Settings Configuring Dual Radio Fallback W Configuring Dual Radio Fallback The dual radio fallback feature see Figure 1 allows you to configure access points so that if the non root bridge link connecting the access point to the network infrastructure goes down the root access point link through which a client connects to the access point shut down Shutting down the root access point link causes the client to roam to another access point Without this feature the client remains connected to the access point but won t be able to send or receive data from the network Figure 1 Dual Radio Fallback Access point 44 a Root bridge iss OR a o point Fast Ethernet p mone bridge mode p ToS Emene aa w 11 a Root 11 b g root bridge mode access point mode ili i o
83. configured locally on a router The following is a sample output of the show ethernet cfm maintenance points local command Router show ethernet cfm maintenance points local Local MEPs MPID Domain Name Lvl MacAddress Type CC Ofld Domain Id Dir Port Id MA Name SrvciInst Source EVC name 44 carrier 2 5657 a844 04fa Port Y No carrier Down Gi0 2 none carrier N A Static N A Total Local MEPs 1 Local MIPs None Use the show ethernet cfm maintenance points remote command to display information about remote maintenance point domains or levels In the following example carrier Provider and customer are the maintenance point domains that are configured On router 1 Routerl show ethernet cfm maintenance points remote MPID Domain Name MacAddress TfSt PtSt Lvl Domain ID Ingress RDI MA Name Type Id SrvcInst EVC Name Age Local MEP Info 43 carrier 5657 a86c fa92 Up N A 2 carrier Gi0 2 carrier Port none N A N A 0s MPID 44 Domain carrier MA carrier 33 Provider 5657 a86c fa92 Up Up 5 Provider Gi0 2 100 Provider Vlan 100 N A N A Os MPID 34 Domain Provider MA Provider 3101 customer 5657 a86c fa92 Up Up 7 customer Gi0 2 1101 customer1101 S C 100 1101 N A N A Os MPID 4101 Domain customer MA customer1101 3102 customer 5657 a86c fa92 Up Up 7 customer Gi0 2 1102 customer1102 S C 100 1102 N A N A Os MPID 4102 Domain customer MA customer1102 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series
84. customer1101 Type escape sequence to abort TTL 64 Linktrace Timeout is 5 seconds Tracing the route to 8843 e154 6f01 on Domain customer Level 7 service customer1101 vlan 100 inner vlan 30 Traceroute sent via Gi0 2 1101 B Intermediary Bridge Target Destination Per hop Timeout MAC Ingress Ingr Action Relay Action Hops Host Forwarded Egress Egr Action Previous Hop 1 8843 e154 6f01 Gi0 2 1101 IngOk RlyHit MEP Not Forwarded 5657 a86c fa92 Use the show ethernet cfm error configuration command to view Ethernet CFM configuration errors if any The following is a sample output of the show ethernet cfm error configuration command Router show ethernet cfm error configuration CFM Interface Type Id Level Error type Gi0 2 S 100 30 5 CFMLeak Gi0 2 SRE 100 30 1 CFMLeak Troubleshooting Ethernet CFM Configuration Table 3 lists the debug commands to troubleshoot issues pertaining to the Ethernet CFM configuration The Cisco IOS Master Command List at Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 48 OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces A CFM Support on Routed Port and Port MEP W http www cisco com en US docs ios mcl allreleasemcl all_book html provides more information about these commands Caution amp Because debugging output is assigned
85. db session id The following are the sample outputs of the commands listed above Router show run sec ip sla ip sla auto discovery ip sla 1101 ethernet y1731 delay DMM domain customer vlan 100 inner vlan 1101 mpid 3101 cos 1 source mpid 4101 ip sla schedule 1101 life forever start time now Router show ip sla summary IPSLAs Latest Operation Summary Codes active inactive pending ID Type Destination Stats Return Last ms Code Run 1104 y1731 delay Domain customer V OK 27 seconds ag lan 100 CVlan 110 o 1 Mpid 3101 Router show ip sla statistics IPSLAs Latest Operation Statistics IPSLA operation id 1101 Delay Statistics for Y1731 Operation 1101 Type of operation Y1731 Delay Measurement Latest operation start time 10 43 12 930 UTC Mon Oct 21 2013 Latest operation return code OK Distribution Statistics Interval Start time 10 43 12 930 UTC Mon Oct 21 2013 Elapsed time 15 seconds Number of measurements initiated 7 Number of measurements completed 7 Flag OK Router show ip sla configuration 1101 IP SLAs Infrastructure Engine III Entry number 1101 Owner Tag Operation timeout milliseconds 5000 Ethernet Y1731 Delay Operation Frame Type DMM Domain customer Vlan 100 CVlan 1101 Target Mpid 3101 Source Mpid 4101 Cos 1 Max Delay 5000 Request size Padding portion 64 Frame Interval 1000 Clock Not In Sync Threshold milliseconds 5000 Schedule Operation frequency seconds 30 not c
86. e Configuring Access Lists page 89 e Configuring Cisco IOS Firewall page 90 e Zone Based Policy Firewall page 90 e Configuring Cisco IOS IPS page 91 e Content Filtering page 91 e Configuring VPN page 91 e Configuring Dynamic Multipoint VPN page 109 e Configuring Group Encrypted Transport VPN page 110 Configuring the Cryptographic Engine Accelerator Services Performance Engine 200 and Services Performance Engine 250 have an onboard cryptographic engine accelerator that is shared between SSLVPN and IPSec protocols By default acceleration of SSL is disabled so IPSec performance is maximized To set up a router as an SSLVPN gateway enable hardware acceleration for SSLVPN with the crypto engine accelerator bandwidth allocation ssl fair command from global configuration mode Issue the reload command Configuring SSL VPN The Secure Socket Layer Virtual Private Network SSL VPN feature also known as WebVPN provides support in Cisco IOS software for remote user access to enterprise networks from anywhere on the Internet Remote access is provided through a SSL enabled SSL VPN gateway The SSL VPN gateway allows remote users to establish a secure VPN tunnel using a web browser This feature provides a Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 s 87 Chapter Configuring Security Features W Authentication Authorizati
87. ecm sccp local GigabitEthernet0 0 sccp ccm 10 1 32 147 identifier 1 priority 1 version 5 0 1 sccp sccp ccm group 1 associate ccm 1 priority 1 associate profile 3 register CONFERENCE associate profile 2 register UNIVERSAL associate profile 1 register G711_ANY I dspfarm profile 1 transcode codec g71lulaw codec g711lalaw codec g722 64 maximum sessions 40 associate application SCCP dspfarm profile 2 transcode universal codec g723r63 codec ilbc codec g729r8 codec g729br8 codec g723r53 maximum sessions 10 associate application SCCP dspfarm profile 3 conference codec g71lulaw codec g71llalaw codec g7 729ar8 codec g729abr8 codec g729r8 codec g729br8 maximum conference participants 32 maximum sessions 2 associate application SCCP shutdown Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide ECH OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers W dial peer voice 201 voip session protocol sipv2 incoming called number 408555 codec g71lulaw no vad dial peer voice 202 voip destination pattern 408555 0 4 session protocol sipv2 session target ipv4 10 1 32
88. efficiency management is configured on the module the EnergyWise level must be set to 10 or online insertion and removal is not allowed Perform the following tasks for managed online insertion and removal on the Cisco 3900 Series ISRs 1 Shut down the controller and voice ports 2 Perform online insertion and removal 3 Restart the controller and voice ports Shut down the controller and voice ports Perform the steps detailed in this section to shut down the controller and voice ports SUMMARY STEPS 1 enable configure terminal controller el slot port shutdown exit 9 oo FF BY DN voice port slot number port Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 150 OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules 7 shutdown Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers 8 exit DETAILED STEPS Command or Action Purpose Step1 enable Enable privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 configure terminal Enter global configuration mode Example Router configure terminal Step3 controller e1 slot port Enter config controller mode Example Router config controller e1 0 0 0 Step4 shutdown Administratively shuts down the controller port Example Router config controller shutdo
89. for the virtual terminal lines vty for remote console access e Make sure that you configure all vty lines on your router Note To verify the number of vty lines on your router use the line vty command password password Example Router config line password guessagain Specifies a password on a line login Example Router config line login Enables password checking at login end Example Router config line end Returns to privileged EXEC mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix A Cisco 10S CLI for Initial Configuration Using the Cisco 10S CLI to Perform Initial Configuration W Command or Action Purpose Step7 show running config Displays the running configuration file e Verify that you properly configured the virtual terminal Example lines for remote access Router show running config Step8 From another network device attempt to open a Telnet Verifies that you can remotely access the router and that the session to the router virtual terminal line password is correctly configured Example Router 172 16 74 3 Password Examples The following example shows how to configure virtual terminal lines with a password line vty 0 4 password guessagain login What to Do Next After you configure the vty lines follow these
90. for Initial Configuration DETAILED STEPS Command or Action Using the Cisco 10S CLI to Perform Initial Configuration W Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 copy nvram startup config ftp rep tftp Copies the startup configuration file to a server e The configuration file copy can serve as a backup copy Example e Enter the destination URL when prompted Router copy nvram startup config ftp Step3 show flash0 flash1 Displays the layout and contents of a flash memory file system Example e Learn the name of the system image file Router show flash0 flash1 Step4 copy flash0 flash1 ftp rep tftp Copies a file from flash memory to a server e Copy the system image file to a server to serve as a Example backup copy Router copy flash0 flash1 ftp e Enter the filename and destination URL when prompted Examples Copying the Startup Configuration to a TFTP Server Example The following example shows the startup configuration being copied to a TFTP server Router copy nvram startup config tftp Remote host 172 16 101 101 Name of configuration file to write rtr2 confg lt er gt Write file rtr2 confg on host 172 16 101 101 confirm lt er gt OK Copying from Flash Memory to a TFTP Server Example The following example shows the use of the show flashOlflash1 command in privileged EXEC to le
91. for the router to boot and perform normal file operations Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide oL 20696 04 EN Appendix B Using CompactFlash Memory Cards W Online Insertion and Removal Table B 1 Compact Flash Slot Numbering and Naming Slot Number CF Filenames Size Slot02 flash0 256MB Slot1 flash1 0 1 The maximum storage capacity for the CF in SlotO and Slot1 is 4GB 2 Slot 0 is the default CF slot CF in slot0 can store system image configuration and data files CF must be present in this slot for the router to boot and perform normal file operations Online Insertion and Removal Online insertion and removal OIR is a feature that allows you to replace CF memory cards without turning off the router and without affecting the operation of other interfaces OIR of CF memory cards provides uninterrupted operation to network users maintains routing information and ensures session preservation A Caution The external CF memory card should not be removed if the flash memory busy CF LED on the router is blinking because this indicates that the software is accessing the CF memory card Removing the CF memory card may disrupt the network because some software features use the CF memory card to store tables and other important data For instructions on inserting removing and replacing the external C
92. for this For details see Cisco IOS Security Configuration Guide Securing User Services Release 2 4T and Cisco IOS Security Command Reference username name nopassword password password password encryption type encrypted password Example Router config username usernamel password 0 passwordl Router config Establishes a username based authentication system This example implements a username of username with an encrypted password of password I OL 20696 04 Chapter Configuring Security Features WE Configuring VPN Configure IPSec Transforms and Protocols SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 A transform set represents a certain combination of security protocols and algorithms During IKE negotiation the peers agree to use a particular transform set for protecting data flow During IKE negotiations the peers search multiple transform sets for a transform that is the same at both peers When a transform set is found that contains such a transform it is selected and applied to the protected traffic as a part of both peers configurations To specify the IPSec transform set and protocols follow these steps beginning in global configuration mode 1 crypto ipsec profile profile name 2 crypto ipsec transform set transform set name 3 crypto ipsec security association lifetime seconds seconds kilobytes kilobytes Command or Action Purpose
93. from the digital signal processor DSP farm See Media and Signaling Encryption SRTP TLS on DSP Conferencing Farm at Cisco com for configuration information http www cisco com en US docs ios 12_4t 12_4t15 itsdsp html See SIP SIP Support for SRTP at Cisco com for configuration information http www cisco com en US docs ios 12_4t 12_4t15 srtpstub html wp1008975 Virtual Route Forward Virtual Route Forward VRF is the technique to create multiple virtual networks within a single network entity In a single network component we can create multiple VRFs to create the isolation among each other In our regular deployment of Unified Communication we create different VLANs for voice and data to separate traffics This is Layer 2 virtualization In conjunction with VAN support Cisco UC also supports Layer 3 virtualization through VRF for both voice and data In a typical UC deployment hard phones are typically in Voice Segments and PCs are in Data Segments PCs are inherently un trusted devices in the network Mechanisms based on s rely on port numbers and there is no way to ensure only trusted media enters UC Segment VRF implementations in ISR can create single voice network and multiple data networks which consolidate voice communication into one logically partitioned network to separate voice and data communication on a converged multi media network To configure Virtual Route Forward features see Virtual Route Forwarding Des
94. group server radius dummy authentication login default local cache tac_admin group tac_admin authentication login eap_methods group rad_eap authentication login mac_methods local authorization exec default local cache tac_admin group tac_admin accounting network acct_methods start stop group rad_acct cache profile admin_cache session id common dge irb erface Dot11Radio0 ip address ip route cache tdown speed basic 1 0 basic 2 0 basic 5 5 6 0 9 0 basic 11 0 12 0 18 0 24 0 36 0 48 0 54 0 sta bri bri bri no no bri int no no shu spe sta bri bri bri no no bri int no no dup spe bri no bri int ip no ip ip no ip ip tion role root dge group 1 dge group 1 subscriber loop control dge group 1 block unknown source bridge group 1 source learning bridge group 1 unicast flooding dge group 1 spanning disabled erface Dot11Radiol ip address ip route cache tdown ed basic 6 0 9 0 basic 12 0 18 0 basic 24 0 36 0 48 0 54 0 tion role root dge group 1 dge group 1 subscriber loop control dge group 1 block unknown source bridge group 1 source learning bridge group 1 unicast flooding dge group 1 spanning disabled erface FastEthernet0 ip address ip route cache lex auto ed auto dge group 1 bridge group 1 source learning dge group 1 spanning disabled erface BVI1 address 192 168 133 207 255 255 255 0 ip route cache http server http authentication aaa ip http secure server
95. hexadecimal number preceded by Ox Router config config register Oxvalue amp Note The Cisco IOS software does not allow you to change the console speed bits directly with the config register command To change the console speed from the Cisco IOS CLI see the Configuring the Console Line Speed Cisco IOS CLI section on page D 5 Exit global configuration mode Router config end Router mi Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix D Changing the Configuration Register Settings Displaying the Configuration Register Settings W Step9 Save the configuration changes to NVRAM Router copy run start The new configuration register settings are saved to NVRAM but they do not take effect until the next router reload or power cycle Displaying the Configuration Register Settings To display the configuration register settings that are currently in effect and the settings that will be used at the next router reload enter the show version command in privileged EXEC mode The configuration register settings are displayed in the last line of the show version command output Configuration register is 0x142 will be 0x142 at next reload Configuring the Console Line Speed Cisco 10S CLI The combined setting of bits 5 11 and 12 determines the console line speed You can modify these particular c
96. icmp any any access list 103 deny ip any any Prevents Internet initiated traffic inbound acl 105 matches addresses for the IPsec tunnel to or from the corporate network access list 105 permit ip 10 1 1 0 0 0 0 255 192 168 0 0 0 0 255 255 no cdp run Configuring Dynamic Multipoint VPN The Dynamic Multipoint VPN DMVPN feature allows users to better scale large and small IP Security IPsec VPNs by combining GRE tunnels IPsec encryption and Next Hop Resolution Protocol NHRP For additional information about configuring DMVPN see the Dynamic Multipoint VPN section of Cisco IOS Security Configuration Guide Secure Connectivity Release 12 4T at http www cisco com en US docs ios sec_secure_connectivity configuration guide 12_4t sec_secure_connectivity_12_4t_book html I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Security Features WE Configuring Group Encrypted Transport VPN Configuring Group Encrypted Transport VPN Group Encrypted Transport GET VPN is a set of features that are necessary to secure IP multicast group traffic or unicast traffic over a private WAN that originates on or flows through a Cisco IOS device GET VPN combines the keying protocol Group Domain of Interpretation GDOI with IPsec encryption to provide users with an efficient method of securing IP multicast traffic o
97. in the dir flash0 command output this step is not required boot system flash0 new system image filename Use this command to load the new system image after the next system reload or power cycle Router config boot system flash0O c2900 universalk9 mz bin Optional Repeat to specify the order in which the router should attempt to load any backup system images Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco 10S Software Step 10 Step 11 What to Do Next How to Upgrade the Cisco IOS Image W exit Use this command to exit global configuration mode Router config exit Router copy run start Use this command to copy the running configuration to the startup configuration Router copy run start Proceed to the Saving Backup Copies of Your New System Image and Configuration section on page 197 Saving Backup Copies of Your New System Image and Configuration To aid file recovery and to minimize downtime in the event of file corruption we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server Tip SUMMARY STEPS Do not erase any existing backup copies of your configuration and system image that you saved before upgrading your system image If you encounter serious problems using your new sys
98. in the system name If it is important for client users to distinguish between devices make sure that a unique portion of the system name appears in the first 15 characters Step 3 Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file When you set the system name the name is also used as the system prompt To return to the default hostname use the no hostname command in global configuration mode Understanding DNS 282 E The DNS protocol controls the Domain Name System DNS a distributed database with which you can map hostnames to IP addresses When you configure DNS on the wireless device you can substitute the hostname for the IP address with all IP commands such as ping telnet connect and related Telnet support operations IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain Domain names are pieced together with periods as the delimiting characters For example Cisco Systems is a commercial organization that IP identifies by a com domain name so its domain name is cisco com A specific device in this domain such as the File Transfer Protocol FTP system is identified as ftp cisco com To keep track of domain names IP has defined the concept of a domain name server which holds a cache or database of names mapped to IP addresses To map d
99. interface administrative distance mame name configured administrative distance through the specified interface Example A higher administrative distance should be Router config ip route 0 0 0 0 Dialer 2 track 234 configured for the route through the backup interface so that the backup interface is used only when the primary interface is down Cellular Wireless Modem as Backup with NAT and IPSec Configuration The following example shows how to configure the 3G wireless modem as backup with NAT and IPsec on either GSM or CDMA networks amp Note The receive and transmit speeds cannot be configured The actual throughput depends on the cellular network service Router sh run Building configuration Current configuration 5833 bytes Last configuration change at 18 26 15 UTC Wed Sep 30 2009 version 12 4 service timestamps debug datetime msec service timestamps log datetime msec no service password encryption service internal hostname Router boot start marker boot end marker no aaa new model service module wlan ap 0 bootimage autonomous no ipv6 cef ip source route ip cef ip multicast routing Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 64 OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces
100. introduced for embedded wireless LAN access points on Integrated Services Routers Managing the System Time and Date You can manage the system time and date on the wireless device automatically by using the Simple Network Time Protocol SNTP or manually by setting the time and date on the wireless device amp Note For complete syntax and usage information for the commands used in this section see Cisco IOS Configuration Fundamentals Command Reference for Release 12 4 This section provides the following configuration information e Understanding Simple Network Time Protocol page 276 e Configuring SNTP page 276 e Configuring Time and Date Manually page 276 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 a 275 Chapter Administering the Wireless Device HE Managing the System Time and Date Understanding Simple Network Time Protocol Simple Network Time Protocol SNTP is a simplified client only version of NTP SNTP can only receive the time from NTP servers it cannot provide time services to other systems SNTP typically provides time within 100 milliseconds of the accurate time but it does not provide the complex filtering and statistical mechanisms of NTP You can configure SNTP to request and accept packets from configured servers or to accept NTP broadcast packets from any source When multiple sources are send
101. is an implicit deny all at the end of all sequences Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ao Chapter Configuring Security Features WE Configuring Cisco 10S Firewall For information on configuring and managing access groups see the Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values section of the Access Control Lists section of Cisco IOS Security Configuration Guide Securing the Data Plane Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html Configuring Cisco IOS Firewall The Cisco IOS Firewall lets you configure a stateful firewall where packets are inspected internally and the state of network connections is monitored Stateful firewall is superior to static access lists because access lists can only permit or deny traffic based on individual packets not based on streams of packets Also because the Cisco IOS Firewall inspects the packets decisions to permit or deny traffic can be made by examining application layer data which static access lists cannot examine To configure a Cisco IOS Firewall specify which protocols to examine by using the following command in interface configuration mode ip inspect name inspection name protocol timeout seconds When inspection detects that th
102. level 14 and how to define SecretPswd14 as the password users must enter to use level 14 commands AP config privilege exec level 14 configure AP config enable password level 14 SecretPswd14 Logging Into and Exiting a Privilege Level SUMMARY STEPS DETAILED STEPS Step 1 Step 2 To log in to a specified privilege level or to exit to a specified privilege level follow these steps beginning in privileged EXEC mode 1 enable level 2 disable level Command Purpose enable level Logs in to a specified privilege level For level the range is 0 to 15 disable level Exits to a specified privilege level For level the range is 0 to 15 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Controlling Access Point Access with RADIUS W Controlling Access Point Access with RADIUS This section describes how to control administrator access to the wireless device by using Remote Authentication Dial In User Service RADIUS For complete instructions on configuring the wireless device to support RADIUS see the Configuring Radius and TACACS Servers chapter in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points RADIUS provides detailed accounting information and flexible administrative control over authentication and authorization processes RAD
103. line End with CNTL Z Router config memory size iomem 5 IO memory size too small minimum IO memory size is 201M Router config Router config memory size iomem lt 5 50 gt percentage of DRAM to use for I O memory 5 10 15 20 25 30 40 50 Router config memory size iomem 25 Smart init will be disabled and new I O memory size will take effect upon reload Router config end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 2 g OL 20696 04 Chapter Basic Router Configuration Verifying IOMEM Setting Router show run Current configuration 6590 bytes Last configuration change at 16 48 41 UTC Tue Feb 23 2010 version 15 1 service timestamps debug datetime msec service timestamps log datetime msec no service password encryption service internal hostname Routerl no aaa new model Interface Ports Table 1 lists the interfaces that are supported on Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers Table 1 Slots Ports Logical Interface Interfaces 1941 memory size iomem 25 Interfaces by Cisco Router 2901 2911 amp 2921 2951 amp 3925 amp 3945 Interface Ports W 3925E amp 3945E Onboard GE ports Gi0 0 Gi0 1 Gi0 0 Gi0 1 Gi0 0 Gi0 1 G10 2 Gi0 0 Gi0 1 GI10 2 Gi0 0 Gi0 1 GI1
104. member value is 1 dialer string dial string isdn subaddress Example Router config if dialer string 384040 Router config if Specifies the telephone number to be dialed dialer group group number Example Router config if dialer group 1 Router config if Assigns the dialer interface to a dialer group 1 10 exit Example Router config if exit Router config Exits dialer interface configuration mode and enters global configuration mode dialer list dialer group protocol protocol name permit deny list access list number access group Example Router config dialer list 1 protocol ip permit Router config Creates a dialer list for packets of interest to be forwarded through the specified interface dialer group In the example dialer list 1 corresponds to dialer group 1 For details about this command and additional parameters that can be set see Cisco IOS Dial Technologies Command Reference I OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management W Configuring Data Line Backup and Remote Management Through the ISDN S T Port Example The following configuration example configures an aggregated and ISDN peer router The aggregator is typically a concentrator router where your Cisco router Asynchronous Transfer Mode ATM permanent virtual connection PVC terminates In the following configuration example the a
105. mode 1 configure terminal 2 interface dotllradio 3 probe response gratuitous period speed 4 period Kusec 5 speed 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 6 end 7 copy running config startup config Command Purpose configure terminal Enters global configuration mode interface dot11lradio Enters interface configuration mode for the 5 GHz radio interface probe response gratuitous Enables the Gratuitous Probe Response feature using default period speed period 10 Kusec and speed 6 0 Mbps period Kusec Optional Accepts a value from 10 to 255 The default value is 10 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E Chapter Configuring Radio Settings W Disabling and Enabling Aironet Extensions Command Purpose Step5 speed Optional Sets the response speed in Mbps The default value 6 0 9 0 12 0 18 0 24 0 is 6 0 36 0 48 0 54 0 Step6 end Returns to privileged EXEC mode Step7 copy running config startup config Optional Saves your entries in the configuration file The optional parameters can be configured independently or combined when you do not want to use the defaults as shown in the following examples config if probe response gratuitous period 30 config if probe response gratuitous speed 12 0 config if pro
106. module PVDM3 e Service module SM e Enhanced high speed WAN interface card EHWIC Note The PVDM3 slot and the SM slot are not backwards compatible with legacy modules Legacy modules require an adapter for installation in these slots For a list of supported UC modules and interface cards see Module Support on Cisco Integrated Services Routers Generation 2 Call Control The Cisco 3900 series and Cisco 2900 series ISRs support the following types of call control applications and Cisco Voice solutions e Cisco Unified Communications Manager Express page 130 e Unified Survivable Remote Site Telephony page 131 e Cisco Unified SIP Proxy CUSP page 132 e Gatekeeper page 132 Cisco Unified Communications Manager Express Cisco Unified Communications Manager Express CME is a feature rich entry level IP telephony solution that is integrated directly into Cisco IOS software Cisco Unified CME allows small business customers and autonomous small enterprise branch offices to deploy voice data and IP telephony on a single platform for small offices thereby streamlining operations and lowering network costs Cisco Unified CME is ideal for customers who have data connectivity requirements and also have a need for a telephony solution in the same office Whether offered through a service provider s managed services offering or purchased directly by a corporation Cisco Unified CME offers most of the core telephony features required i
107. name and location of the file that is downloaded to the router Step6 GE_PORT 0 11 2 Example rommon gt GE_PORT 0 Optional Sets the input port to use one of the Gigabit Ethernet ports The default is 0 Step GE_SPEED_MODE 01 112131415 Example rommon gt GE_SPEED_MODE 3 Optional Sets the Gigabit Ethernet port speed mode with these options e 0 10 Mbps half duplex e 1 10 Mbps full duplex e 2 100 Mbps half duplex e 3 100 Mbps full duplex e 4 1 Gbps full duplex e 5 Automatic selection default Step8 TFTP_MEDIA_TYPE 0 1 Example rommon gt MEDIA _TYPE 1 Optional Sets the Gigabit Ethernet connection media type RJ 45 0 or SFP 1 Small form factor pluggable SFP mode is applicable only if GE_PORT 0 gig 0 0 RJ 45 mode is available on both gig 0 0 and gig 0 1 GE_PORT O or 1 The default is 0 Step9 TFTP_CHECKSUM 0 1 Example rommon gt TFTP_CHECKSUM 0 Optional Determines whether the router performs a checksum test on the downloaded image e 1 Checksum test is performed default e 0 No checksum test is performed Step10 TETP_DESTINATION flash0 flash1 usbflash0 usbflash1 Example rommon gt TFTP_DESTINATION usbflash0 Optional Designates the targeted flash device as compact flash or USB flash e flash0 Compact flash device in port O default e flash1 Compact flash device in port 1 e usbf
108. other router models VPN configuration information must be configured on both endpoints You must specify parameters such as internal IP addresses internal subnet masks DHCP server addresses and Network Address Translation NAT e Configure a VPN over an IPSec Tunnel section on page 94 e Create a Cisco Easy VPN Remote Configuration section on page 103 e Configure a Site to Site GRE Tunnel section on page 106 Configure a VPN over an IPSec Tunnel Perform the following tasks to configure a VPN over an IPSec tunnel e Configure the IKE Policy page 95 e Configure Group Policy Information page 96 e Apply Mode Configuration to the Crypto Map page 98 e Enable Policy Lookup page 99 e Configure IPSec Transforms and Protocols page 100 e Configure the IPSec Crypto Method and Parameters page 101 e Apply the Crypto Map to the Physical Interface page 102 e Where to Go Next page 103 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 94 OL 20696 04 _ Chapter Configuring Security Features Configure the IKE Policy SUMMARY STEPS DETAILED STEPS Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 1 Step 2 Step 3 Step 4 Step5 Configuring VPN W To configure the Internet Key Exchange IKE policy follow these steps beginning in
109. runts 0 giants 0 jabbers 0 input errors 0 CRC 0 fragments 0 pause input 3955781430 packets output 1598708166660 bytes 0 underruns 0 broadcast 0 multicast 3955781430 unicast 0 late collisions 0 collisions 0 deferred 0 bad bytes received 0 multiple 94987 pause output Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 175 Chapter Configuring Multi Gigabit Fabric Communication W Viewing Platform Information Viewing Multi Gigabit Fabric CPU Port Statistics Multi Gigabit Fabric s CPU port statistics display details about the hardware status data transmission rate line type protocols and packets The following example displays output for the show platform mef statistics cpu command when entered on a Cisco 3945 ISR Router show platform mgf statistics cpu Backplane GigabitEthernet0 3 is up line protocol is up Hardware is PQ3_TSEC address is 001b 5428 d403 bia 001b 5428 d403 MTU 9600 bytes BW 1000000 Kbit sec DLY 10 usec reliability 255 255 txload 1 255 rxload 1 255 Encapsulation ARPA loopback not set Full duplex 1000Mb s media type is internal output flow control is unsupported input flow control is unsupported ARP type ARPA ARP Timeout 04 00 00 Last input never output never output hang never Last clearing of Show interface counters never Input queue 0 75 0 0 size max drops flushes Total output drops 0 Qu
110. scheme MCS is a specification of PHY parameters consisting of modulation order binary phase shift keying BPSK quaternary phase shift keying QPSK 16 quadrature amplitude modulation 16 QAM 64 QAM and forward error correction FEC code rate 1 2 2 3 3 4 5 6 MCS is used in the wireless device 802 1 1n radios which define 32 symmetrical settings 8 per spatial stream e MCS 0 7 e MCS 8 15 e MCS 16 23 e MCS 24 31 The wireless device supports MCS 0 15 High throughput clients support at least MCS 0 7 MCS is an important setting because it provides for potentially greater throughput High throughput data rates are a function of MCS bandwidth and guard interval The 802 1 1a b and g radios use 20 MHz channel widths Table 1 shows potential data rated based on MCS guard interval and channel width I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Radio Settings HZ Configuring MCS Rates Table 1 Data Rates Based on MCS Settings Guard Interval and Channel Width MCS Index Guard Interval 800 ns Guard Interval 400 ns 20 MHz Channel 40 MHz Channel 20 MHz Channel 40 MHz Channel Width Data Rate Width Data Rate Width Data Rate Width Data Rate Mb s Mb s Mb s Mb s 0 6 5 13 5 7 2 9 15 1 13 27 14 4 9 30 2 19 5 40 5 21 2 3 45 3 26 54 28
111. setting both c1921 show authentication sessions interface Gi0 1 Interface MAC Address IP Address User Name Status Domain Oper host mode Oper control dir Authorized By Vlan Group AAA Policies GigabitEthernet0 1 0201 0201 0201 Unknown testUserl1 Authz Success DATA single host both Authentication Server N A Session timeout N A Idle timeout N A Common Session ID 03030303000000000000BA04 Acct Session ID 0x00000001 Handle 0x6D000001 Runnable methods list Method State dot1x Authc Success c1921 c1921 sh dotix int g0 1 Dot1x Info for GigabitEthernet0 1 PAE PortControl ControlDirection HostMode QuietPeriod ServerTimeout SuppTimeout ReAuthMax MaxReq TxPeriod AUTHENTICATOR AUTO Both SINGLE_HOST 60 30 30 I OL 20696 04 Control Direction Wake on LAN EE Chapter Configuring Identity Features on Layer 3 Interface HZ Preauthentication Access Control List Verifying Authentication Control Direction Setting in Use the show authentication sessions and show dot1x commands to verify the authentication control direction setting in c1921 show authentication sessions interface gi0 1 Interface GigabitEthernet0 1 MAC Address 0201 0201 0201 IP Address Unknown User Name testUserl Status Authz Success Domain DATA Oper host mode single host Oper control dir in Authorized By Authentication Server Vlan Group N A AAA P
112. show ethernet cfm domain Domain Name customer Level 7 Total Services 1 Services Type Id Dir CC CC int Static rmep Crosscheck MaxMEP Source MA Name Vlan 100 Dwn Y 10s Disabled Disabled 100 Static customer1101 Domain Name enterprise Level 6 Total Services 1 Services Type Id Dir CC CC int Static rmep Crosscheck MaxMEP Source MA Name Vlan 110 Dwn Y 10s Disabled Disabled 100 Static custservice Domain Name carrier Level 2 Total Services 1 Services Type Id Dir CC CC int Static rmep Crosscheck MaxMEP Source MA Name Vlan 200 Dwn Y 10s Disabled Disabled 100 Static carrier Router Use the show ethernet cfm maintenance points local command to view the local MEPs The following is a sample output of the show ethernet cfm maintenance points local command Router show ethernet cfm maintenance points local MPID Domain Name Lvl MacAddress Type CC Ofld Domain Id Dir Port Id MA Name SrvciInst Source EVC name 100 customer 7 70ca 9b4d a400 Vlan Y E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces CFM Support on Routed Port and Port MEP W No customer Down Gi0 2 100 customer1101 N A Static N A 400 enterprise 6 70ca 9b4d a400 Vlan I No enterprise Down Gi0 1 110 custservice N A Static N A 44 carrier 2 70ca 9b4d a4
113. steps e Optional To encrypt the virtual terminal line password see the Configuring Passwords and Privileges chapter in Cisco IOS Security Configuration Guide Also see the Cisco IOS Password Encryption Facts tech note e Optional To secure the VTY lines with an access list see Part 3 Traffic Filtering and Firewalls in the Cisco IOS Security Configuration Guide Configuring the Auxiliary Line This section describes how to enter line configuration mode for the auxiliary line How you configure the auxiliary line depends on your particular implementation of the auxiliary AUX port See the following documents for information on configuring the auxiliary line Configuring a Modem on the AUX Port for EXEC Dialin Connectivity tech note http www cisco com en US tech tk801 tk36 technologies_tech_note09186a0080094bbc shtml Configuring Dialout Using a Modem on the AUX Port sample configuration http www cisco com en US tech tk801 tk36 technologies_configuration_example09186a0080094579 shtml Configuring AUX to AUX Port Async Backup with Dialer Watch sample configuration http www cisco com en US tech tk801 tk36 technologies_configuration_example09186a0080093d2b shtml Modem Router Connection Guide tech note http www cisco com en US tech tk801 tk36 technologies_tech_note09186a008009428b shtml Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration
114. steps beginning in EXEC mode 1 configure terminal 2 interface gigabitethernet slot port 3 media type sfp 4 media type sfp auto failover 5 end Command Purpose configure terminal Example Router gt enable Router configure terminal Router config Enters global configuration mode when using the console port Use the following commands to connect to the router with a remote terminal telnet router name or address Login login id Password x Router gt enable interface gigabitethernet slot port Example Router config interface gigabitethernet 0 1 Router config if Enters interface configuration mode I OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management WE Configuring Backup Interfaces Command Purpose Step 3 media type sfp Designates SFP port as the primary media OR Example Designates RJ 45 as the primary media Router config if media type sfp Router config if Example Router config if media type rj45 Router config if Step4 media type sfp auto failover Configures the port with SFP as the primary media for automatic failover from SFP to RJ 45 Example Router config if media type sfp OR auto failover Router config if Configures the port with RJ 45 as the primary media for automatic failover from RJ 45 to SFP Example Router config if media type rj45 auto fai
115. string from 1 to 25 alphanumeric characters The string cannot start with a number is case sensitive and allows spaces but ignores leading spaces By default no password is defined Note The characters TAB and are invalid characters for passwords Step4 end Returns to privileged EXEC mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 SEN Chapter Administering the Wireless Device HZ Protecting Access to Privileged EXEC Commands Command Purpose Step5 show running config Verifies your entries or The show running config command displays the password and access show privilege level configuration The show privilege command displays the privilege level configuration Step6 copy running config startup config Optional Saves your entries in the configuration file When you set a command to a privilege level all commands whose syntax is a subset of that command are also set to that level For example if you set the show ip route command to level 15 the show commands and show ip commands are automatically set to privilege level 15 unless you set them individually to different levels To return to the default privilege for a given command use the no privilege mode level level command command in global configuration mode The following example shows how to set the configure command to privilege
116. that you can use in DHCP pool configuration mode see the Example section on page 73 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Backup Data Lines and Remote Management Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 3 Step 4 Step5 Step 6 Step7 Step 8 Step 9 Step 10 Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port W Command Purpose exit Exits DHCP pool configuration mode and enters global configuration mode Example Router config dhcp exit Router config chat script script name expect send Example Router config chat script Dialout ABORT ERROR ABORT BUSY AT OK ATDT 5555102 T TIMEOUT 45 CONNECT c Router config Configures a chat script for use in DDR to give commands for dialing a modem and for logging in to remote systems The defined script is used to place a call over a modem connected to the PSTN interface type number Example Router config interface Async 1 Router config if Creates asynchronous interface and enters configuration mode for the asynchronous interface Configure the asynchronous interface For sample commands that you can use in asynchronous interf
117. the Configuring Security Features section on page 87 to configure security features on the router Follow instructions in the Unified Communications on Cisco Integrated Services Routers section on page 129 to configure Voice features on the router I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Overview of the Hardware and Software HZ Getting Started Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 8 OL 20696 04 Basic Router Configuration This module provides configuration procedures for Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs It also includes configuration examples and verification steps whenever possible amp Note See Appendix A Cisco IOS CLI for Initial Configuration for information on how to perform the initial configuration using the Cisco Internet Operating System IOS command line interface on Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers Basic Configuration Default Configuration page 10 Configuring Global Parameters page 11 Interface Configuration Interface Ports page 13 Configuring Gigabit Ethernet Interfaces page 14 Configuring Wireless LAN Interfaces page 15 Configuring Inter
118. the service module wlan ap 0 session command to console into the embedded AP Step 2 ip address subnet mask Example router config if ip address 10 21 0 20 255 255 255 0 Example router config if ip unnumbered vlanl Specifies the interface IP address and subnet mask Note The IP address can be shared with the IP address assigned to the Cisco Integrated Services Router by using the ip unnumbered vlani command Step 3 no shut Example router config if no shut Specifies the internal interface connection remains open Step 4 interface vlan1 Example router config if interface vlanl Specifies the virtual LAN interface for data communication on the internal GEO port to other interfaces Step5 ip address subnet mask Example router config if ip address 10 10 0 30 255 255 255 0 Specifies the interface IP address and subnet mask Step 6 exit Example router config if exit router config Exits the mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring the Wireless Device Configuring Wireless Settings W Command Purpose Step 7 exit Exits the mode Example router config exit router Step 8 service module wlan ap 0 session Opens the connection between the wireless device and the router s console Exa
119. the baud rate To set the configuration register without affecting the baud rate use the current configuration register setting by entering the show ver inc configuration command and then replacing the last rightmost number with a 0 in the configuration register command Restrictions The modified configuration register value is automatically written into NVRAM but the new value does not take effect until you reset or power cycle the router SUMMARY STEPS 1 confreg value DETAILED STEPS Command or Action Purpose Step1 confreg value Changes the configuration register settings while in ROM monitor mode Example e Optionally enter the new hexadecimal value for the rommon gt confreg 0x2102 configuration register The value range is from 0x0 to OxFFFF e If you do not enter the value the router prompts for each bit of the 16 bit configuration register Examples In the following example the configuration register is set to boot the system image from flash memory rommon 3 gt confreg 0x2102 In the following example no value is entered therefore the system prompts for each bit in the register rommon 7 gt confreg Configuration Summary enabled are console baud 9600 boot the ROM Monitor do you wish to change the configuration y n n y enable diagnostic mode y n n y enable use net in IP bcast address y n n y enable load rom after netboot fails y n n y enable use all zero broadcast y n n y
120. the system image file to a server This file can serve as a backup copy e Enter the flash memory partition number if prompted e Enter the filename and destination URL when prompted Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco IOS Software Examples How to Upgrade the Cisco IOS Image W The following examples show how to copy a startup configuration to a TFTP server and how to copy from flash memory to an FTP server Copying the Startup Configuration to a TFTP Server Example The following example shows the startup configuration being copied to a TFTP server Router copy nvram startup config tftp Remote host 192 0 0 1 Name of configuration file to write rtr2 confg rtr2 config b4upgrade Write file rtr2 confg b4upgrade on host 192 0 0 1 confirm lt er gt OK Copying from Flash Memory to a TFTP Server Example The following example uses the dir flash0 command in privileged EXEC mode to learn the name of the system image file and the copy flash0 tftp command in privileged EXEC mode to copy the system image to a TFTP server The router uses the default username and password Router copy flash0O tftp Source filename running config Address or name of remote host 192 0 0 1 Destination filename router confg running config 983 bytes copied in 0 048 secs 20479 byt
121. to certain traffic at the expense of other traffic Without QoS the device offers best effort service to each packet regardless of the packet contents or size It sends the packets without any assurance of reliability delay bounds or throughput To configure quality of service QoS for your wireless device see Quality of Service in a Wireless Environment at http www cisco com en US docs routers access wireless software guide QualityOfService html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 214 E OL 20696 04 Chapter Configuring the Wireless Device Upgrading to Cisco Unified Software Hi Configuring the Access Point in Hot Standby Mode In hot standby mode an access point is designated as a backup for another access point The standby access point is placed near the access point that it monitors and is configured exactly like the monitored access point The standby access point associates with the monitored access point as a client and sends Internet Access Point Protocol LAPP queries to the monitored access point through the Ethernet and radio ports If the monitored access point fails to respond the standby access point comes online and takes the monitored access point s place in the network Except for the IP address the standby access point s settings should be identical to the settings on the monitored access point If the mo
122. to users who need to have access at this level Use the privilege level command in global configuration mode to specify commands accessible at various levels For more information see the Configuring Multiple Privilege Levels section on page 262 If you enable password encryption it applies to all passwords including username passwords authentication key passwords the privileged command password and console and virtual terminal line passwords To remove a password and level use the no enable password level level command or the no enable secret level Zevel command in global configuration mode To disable password encryption use the no service password encryption command in global configuration mode This example shows how to configure the encrypted password FaDO XytiSRkls3LoyxzS8 for privilege level 2 AP config enable secret level 2 5 1 FaD0 Xyti5Rk1ls3LoyxzS8 Configuring Username and Password Pairs SUMMARY STEPS You can configure username and password pairs which are locally stored on the wireless device These pairs are assigned to lines or interfaces and they authenticate each user before the user can access the wireless device If you have defined privilege levels you can also assign a specific privilege level with associated rights and privileges to each username and password pair To establish a username based authentication system that requests a login username and a password follow these steps beginnin
123. which supplies basic and supplementary features on analog voice ports that are controlled by Cisco Unified Communications Manager or by a Cisco Unified Communications Manager Express system Supported features include e Audible message waiting indication e Call forwarding options e Call park pickup options e Call transfer e Call waiting e Caller ID e 3 party conference calls e Redial e Speed dial options For more information on the features supported and their configuration see SCCP Controlled Analog FXS Ports with Supplementary Features in Cisco IOS Gateways at Cisco com Session Initiation Protocol SIP Session Initiation Protocol SIP is a peer to peer multimedia signaling protocol developed in the IETF IETF RFC 3261 Session Initiation Protocol is ASCII based It resembles HTTP and it reuses existing IP protocols such as DNS and SDP to provide media setup and tear down See Cisco IOS SIP Configuration Guide for more information For router configuration information under SIP see the Basic SIP Configuration chapter of Cisco IOS SIP Configuration Guide Voice gateways provide voice security through SIP enhancements within the Cisco IOS Firewall SIP inspect functionality SIP packet inspection and detection of pin hole openings is provided as well as protocol conformance and application security The user is given more granular control on the policies and security checks applied to SIP traffic and capability to fil
124. wireless software guide wireless_vlans html amp Note If you do not use VLANs on your wireless LAN the security options that you can assign to SSIDs are limited because the encryption settings and authentication types are linked on the Express Security page Assigning SSIDs You can configure up to 16 SSIDs on a wireless device in the role of an access point and configure a unique set of parameters for each SSID For example you might use one SSID to allow guests to have limited access to the network and another SSID to allow authorized users to have access to secure data See Service Set Identifiers at Cisco com for more about creating multiple SSIDs http www cisco com en US docs routers access wireless software guide ServiceSetID html amp Note Without VLANs encryption settings WEP and ciphers apply to an interface such as the 2 4 GHz radio and you cannot use more than one encryption setting on an interface For example when you create an SSID with static WEP with VLANs disabled you cannot create additional SSIDs with Wi Fi Protected Access WPA authentication because the SSIDs use different encryption settings If you find that the security setting for an SSID conflicts with the settings for another SSID you can delete one or more SSIDs to eliminate the conflict Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 212 OL 206
125. 0 Configuring a Network Interface Device on the L3 Interface Configuring a Network Interface Device NID enables support for the NID functionality on the router without including a NID hardware in the network This feature combines the Customer Premises Equipment CPE and the NID functionality into a physical device The following are the advantages of configuring the NID functionality e Eliminates a physical device e Supports both the managed CPE feature set and the NID requirements Note This feature is supported only if you have purchased the DATA technology package functionality datak9 licensing package For more information about managing software activation licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Configuring the NID SUMMARY STEPS Step 1 The following steps describe how to configure the NID enable I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces HZ Configuring a Network Interface Device on the L3 Interface Step2 configure terminal Step3 interface gigabitethernet slot port Step4 port tagging Step5 encapsulation dotlq vian id Step6 set cos cos value Step7 end DETAILED STEPS Command Purpose St
126. 0 0 66 125 91 254 50 ip route 0 0 0 0 0 0 0 0 64 174 91 254 50 ip route 0 0 0 0 0 0 0 0 63 203 35 136 80 ip route 0 0 0 0 0 0 0 0 63 203 35 137 80 ip route 0 0 0 0 0 0 0 0 63 203 35 138 80 ip route 0 0 0 0 0 0 0 0 63 203 35 139 80 ip route 0 0 0 0 0 0 0 0 63 203 35 140 80 ip route 0 0 0 0 0 0 0 0 63 203 35 141 80 ip route 0 0 0 0 0 0 0 0 Dialer1 150 no ip http server ip pim bidir enable PC IP address behind CPE access list 101 permit ip 192 168 0 0 0 0 255 255 any access list 103 permit ip 192 168 0 0 0 0 255 255 any Watch multiple IP addresses because peers are alternated among them when the CPE is connected Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide a OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port W dialer watch list 1 ip 64 161 31 254 255 255 255 255 dialer watch list 1 ip 64 174 91 254 255 255 255 255 dialer watch list 1 ip 64 125 91 254 255 255 255 255 I Dial backup will kick in if primary link is not available 5 minutes after CPE starts up dialer watch list 1 delay route check initial 300 dialer list 1 protocol ip permit Direct traffic to an interface only if the dialer is assigned an IP address route map main permit 10 match ip address 101 match interface Diale
127. 0 2 GI0 3 Onboard WLAN Wlan ap0 not supported not supported not supported not supported Onboard WLAN GE connection to MGF Wlan Gi0 0 not supported not supported not supported not supported Onboard ISM GE interface on the PCIe service module name ISM 0 0 service module name ISM 0 0 service module name ISM 0 0 service module name ISM 0 0 not supported Onboard ISM GE connection to MGF service module name ISM 0 1 service module name ISM 0 1 service module name ISM 0 1 service module name ISM 0 1 not supported USB usbflash0 usbflash0O usbflash0O usbflash0 usbflash0 usbflash1 usbflash1 usbflash1 usbflash1 usbflash1 usbtoken0 usbtoken0O usbtoken0 usbtoken0 usbtoken0 usbtokenl usbtoken1 usbtoken1 usbtoken1 usbtoken1 Interfaces on HWIC __ interface0 0 interfaceO O port _ interface0 O port interface0 0 port lt int gt 0 0 lt port gt and VWIC port interfaceO port _ interfaceO 1 port interfaceO 1 port lt int gt 0 1 lt port gt interfaceO 1 interfaceO 2 port interfaceO 2 port interfaceO 2 port lt int gt 0 2 lt port gt port interface 0 3 port interface 0 3 port _ interface 0 3 port Interfaces on Double interfaceO 1 interfaceO port interfaceO 1 port interfaceO 1 port lt int gt 0 1 lt port gt WANE Ber interfaceO 3 port _ interface0 3 port interface0 3 port Interfaces on SM not supported not supported interface 1 p
128. 00 E7 00000000 HI EEEEEEEE EPC 00000000 Stat 34018002 00000000 24100000 00000003 00000000 0000002b 00000003 00000000 64219118 00070808 00000000 63e10000 34018001 ffff80fda fffffffe 3401ff02 6408d464 e57fce22 607a0d44 Process Level Context Reg MSW zero 00000000 AT 00000000 vO 00000000 v1 00000000 a0 00000000 al 00000000 a2 00000000 a3 00000000 to 00000000 EL 00000000 E2 00000000 t3 S FErerere t4 00000000 00000000 63e10000 00000000 00000440 00000000 00070804 00000000 00000000 00000000 64928378 00000001 fLffLOOfEL 6079eee0 ErrPC Cause 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ffffffff 00000000 00000000 00000000 00000000 00000000 00000000 00000000 f LELLLLLE ffffffff 00000020 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ffffffff 00000000 00000000 00000000 00000000 How to Use the ROM Monitor Typical Tasks Ti 0x61d839 8 I 0x60e36fa8 I 34018001 00000001 00000003 00000000 64219118 62ad0000 63e10000 63e10000 e7400884 00000000 00000000 63ab871 c 63c1c2d8 642190b8 6429274c 61d839f 8 ea545255 bfcO05f2c 6401a6f4 00000000 64049cf0 63360000 63360000 62ad0000 63e10000 63e10000 e7400884 00000000 644822e8 61d86d84 63c1c2d8 I OL 20696 04 lt Appendix C Using ROM Monitor HI Howto Use the ROM Monitor Typical Tasks 5 t6
129. 00 01 24 c2900 universalk9 mz bin 63930368 bytes total 51007488 bytes free Displaying File Content To display the content of a file that is stored in flash memory enter the more flash0 command in privileged EXEC mode S Note Use flashi in the command syntax to access CF in slot 1 Use flasho in the command syntax to access CF in slot 0 Router more flash0 c29xx i mz 00000000 7F454C46 01020100 00000000 00000000 gb A Veneers averas 00000010 00020061 00000001 80008000 00000034 SRARONA RAE E ikte Nee ee 00000020 00000054 20000001 00340020 00010028 sel gau of anaf 00000030 00050008 00000001 0000011C 80008000 Ghevaxe fedkete the Sra 00000040 80008000 00628A44 00650EEC 00000007 sakur lt DYD resl 00000050 0000011C 0000001B 00000001 00000006 Ea dea FRR 00000060 80008000 0000011C 00004000 00000000 Shel iae a Er y e Oal AUS eas 00000070 00000000 00000008 00000000 00000021 Bye SES iai a r Gai aL 00000080 00000001 00000002 8000C000 0000411C Gietse ieee A V Ay 00000090 00000700 00000000 00000000 00000004 bade trees 000000A0 00000000 00000029 00000001 00000003 weeds eee 000000B0 8000C700 0000481C 00000380 00000000 S5GO HY Beles 000000C0 00000000 00000004 00000000 0000002F Bde SG wah Sede S esa 000000D0 00000001 10000003 8000CA80 00004B9C PE PE pint es ones 000000E0 00000020 00000000 00000000 00000008 ce PERPA 000000F0 00000000 0000002F 00000001 10000003 ETE EEE 00000100 8000CAA0 00004BBC 00623FA4 000000
130. 00 58 c38xx tmp 1580 rw 6462268 Mar 06 1993 06 14 02 c38xx ata 63930368 bytes total 51007488 bytes free amp Note Determine whether the new system image is the first file or the only file listed in the dir flash0 command output is not required if it is the first file or only file listed configure terminal Use this command to enter global configuration mode Router configure terminal Router config no boot system Use this command to delete all entries in the bootable image list which specifies the order in which the router attempts to load the system images at the next system reload or power cycle Router config no boot system If the new system image is the first file or the only file displayed in the dir flash0 command output you do not need to perform the following step boot system flash0 system image filename Use this command to load the new system image after the next system reload or power cycle For example Router config boot system flash0O c2900 universalk9 mz bin Optional Repeat to specify the order in which the router should attempt to load any backup system images exit Use this command to exit global configuration mode Router config exit Router I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cis
131. 00 EES E o 45 00000110 00000000 00000008 00000000 3C1C8001 EE E PEREA 00000120 679C4A80 3C018001 AC3DC70C 3C018001 g J lt G lt 00000130 AC3FC710 3C018001 AC24C714 3C018001 G lt FSG lt 4 00000140 AC25C718 3C018001 AC26C71C 3C018001 PEG lt amp G lt 00000150 AC27C720 3C018001 AC30C724 3C018001 LEG RI 0GS lt 00000160 AC31C728 3C018001 AC32C72C 3C018001 1G lt 2G lt More q OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E Appendix B Using CompactFlash Memory Cards File Operations on CompactFlash Memory Cards Displaying Geometry and Format Information To display the geometry and format information of a CF flash file system enter the show flash0 filesys command in privileged EXEC mode amp Note Use flash1 in the command syntax to access CF in slot 1 Use 1asho in the command syntax to access CF in slot 0 Router show flashO filesys xkx x ATA Flash Card Geometry Format Info ATA CARD GEOMETRY Number of Heads 4 Number of Cylinders 490 Sectors per Cylinder 32 Sector Size 512 Total Sectors 62720 ATA CARD FORMAT Number of FAT Sectors 31 Sectors Per Cluster 8 Number of Clusters 7796 Number of Data Sectors 62560 Base Root Sector 155 Base FAT Sector 93 Base Data Sector 187 Deleting Files To delete a file from a CF memory card ente
132. 00 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software W How to Upgrade the 10S Image on the Access Point Step 3 Step 4 Command Purpose no shutdown Enables the Gigabit Ethernet interface changing its state from administratively down to administratively up Example Router config if no shutdown Router config if exit Exits configuration mode for the Gigabit Ethernet interface and returns to global configuration mode Example Router config if exit Router config Secure an IP Address on the Access Point Example To secure an IP address on the access point so it can communicate with an external server where a Cisco IOS image is located use the DHCP server functionality on the router The host router provides the access point DHCP server functionality through the DHCP pool The access point communicates with the external server and setup option 43 for the controller IP address in the DHCP pool configuration The following example shows a dhcp pool configuration ip dhcp pool embedded ap pool network 192 168 10 0 255 255 255 0 dns server 171 70 168 183 default router 192 168 10 1 int vlanl ip address 192 168 10 0 255 255 255 0 Confirm Connectivity and Settings Example Perform the following steps to confirm connectivity 1 Ping the external server from the router to conf
133. 00 Vlan N No carrier Down Gi0 2 200 carrier N A Static N A Total Local MEPs 3 Local MIPs None Router Use the show ethernet cfm maintenance points remote command to display information about remote maintenance point domains or levels The following example displays the continuity check messages exchanged between remote MEPs On router 1 Routerl show ethernet cfm maintenance points remote MPID Domain Name MacAddress TESt Ptst Lvl Domain Ingress RDI MA Type Id SrvcInst EVC Name Age Local MEP Info 110 customer 70ca 9b4d a400 Up Up 7 customer Gi0 2 customer1101 Vlan 100 N A N A 12s MPID 100 Domain customer MA customer1101 410 enterprise 70ca 9b4d a400 Up Up 6 enterprise Gid 1 custservice Vlan 110 N A N A 12s MPID 400 Domain enterprise MA custservice 43 carrier 70ca 9b4d a400 Up Up 2 carrier Gi0 2 carrier Vlan 200 N A N A 12s MPID 44 Domain carrier MA carrier Total Remote MEPs 3 Router1 On router 2 Router2 show ethernet cfm maintenance points remote MPID Domain Name MacAddress TES PESE Lvl Domain Ingress RDI MA Type Id SrvcInst EVC Name Age Local MEP Info Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EN Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP 100 customer 7 customer customer1101 N A MPID 400 enterpri
134. 0696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Basic Router Configuration WE Configuring Dynamic Routes DETAILED STEPS Command Task Step 1 router rip Enters router configuration mode and enables RIP on the router Example Router gt configure terminal Router config router rip Router config router Step 2 version 1 2 Specifies use of RIP version 1 or 2 Example Router config router version 2 Router config router Step 3 network ip address Specifies a list of networks on which RIP is to be applied using the address of the network of each Example directly connected network Router config router network 192 168 1 1 Router config router network 10 10 7 1 Router config router Step 4 no auto summary Disables automatic summarization of subnet routes into network level routes This allows subprefix Example routing information to pass across classful network Router config router no auto summary boundaries Router config router Step 5 end Exits router configuration mode and enters privileged EXEC mode Example Router config router end Router Example The following configuration example shows RIP version 2 enabled in IP network 10 0 0 0 and 192 168 1 0 To see this configuration use the show running config command from privileged EXEC mode Router show running confi
135. 11b radios On the 802 11g radio the default option sets rates 1 2 5 5 and 11 to basic and sets rates 6 9 12 18 24 36 48 and 54 to enabled These rate settings allow both 802 11b and 802 11g client devices to associate to the wireless device 802 11 radio On the 5 GHz radio the default option sets rates 6 0 12 0 and 24 0 to basic and sets rates 9 0 18 0 36 0 48 0 and 54 0 to enabled On the 802 11g n 2 4 GHz radio the default option sets rates 1 0 2 0 5 5 and 11 0 to enabled On the 802 11g n 5 GHz radio the default option sets rates to 6 0 12 0 and 24 0 to enabled The modulation coding scheme MCS index range for both 802 11g n radios is 0 to 15 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Radio Settings Step 4 Step 5 Configuring MCS Rates Wl Command Purpose end Returns to privileged EXEC mode copy running config Optional Saves your entries in the configuration file startup config Use the no form of the speed command to remove one or more data rates from the configuration This example shows how to remove data rates basic 2 0 and basic 5 5 from the configuration ap1200 configure terminal ap1200 config interface dotilradio 0 ap1200 config if no speed basic 2 0 basic 5 5 ap1200 config if end Configuring MCS Rates Modulation coding
136. 133 16 16 DSP groups on slot 3 This command is not applicable to slot 3 DSP groups on slot 4 This command is not applicable to slot 4 2 DSP resource allocation failure show voice dsp sorted list Use this command to display the hunt order in which DSPs are utilized for particular services in this example voice conferencing and transcoding are shown for slot 0 Router show voice dsp sorted list slot 0 DSP id selection list for different service for Card 0 Voice 01 02 03 04 05 06 07 Conf 07 06 05 04 03 02 01 Xcode 01 02 03 04 05 06 07 show voice dsp capabilities slot number dsp number Use this command to display capabilities data for a particular DSP on a particular slot in this example DSP 2 on slot 0 Router show voice dsp capabilities slot 0 dsp 2 DSP Type SP2600 43 Card 0 DSP id 2 Capabilities Credits 645 G711Credits 15 HC Credits 32 MC Credits 20 FC Channel 43 HC Channel 20 MC Channel 32 Conference 8 party credits G711 58 G729 107 G722 129 ILBC 215 Secure Credits Sec LC Xcode 24 Sec HC Xcode 64 Sec MC Xcode 35 Sec G729 conf 161 Sec G722 conf 215 Sec ILBC conf 322 Sec G711 conf 92 Max Conference Parties per DSP G711 88 G729 48 G722 40 ILBC 24 Sec G711 56 Sec G722 24 Sec G729 32 Sec ILBC 16 I OL 20696 04 EEE Chapter Configuring Next Generation High Density PVDM3 Modules HZ How to Verify and Troubleshoot the Functionality of the PVDM3 Card
137. 153 codec 9722 64 no vad dial peer voice 203 voip destination pattern 408555 5 9 session protocol sipv2 session target ipv4 10 1 32 153 codec g723r53 gatekeeper shutdown telephony service sdspfarm units 5 sdspfarm transcode sessions 128 sdspfarm tag 1 G711_ANY sdspfarm tag 2 UNIVERAL sdspfarm tag 4 CONFERENCE max ephones 40 max dn 80 ip source address 10 1 32 147 port 2000 max conferences 32 gain 6 transfer system full consult create cnf files version stamp Jan 01 2002 00 00 00 I alias exec dsp show voice dsp group slot 0 line con 0 exec timeout 0 0 line aux 0 line vty 0 4 login exception data corruption buffer truncate scheduler allocate 20000 1000 no process cpu autoprofile hog end I OL 20696 04 m Chapter HE Additional References Additional References The following sections provide references related to the PVDM3 on Cisco Gateway Routers feature Related Documents Related Topic Document Title Comprehensive command reference information for Cisco IOS voice commands Cisco IOS Voice Command Reference Configuration information for Cisco Voice Gateway Routers that are configured for Cisco Unified Communications Manager Cisco Unified Communications Manager and Cisco IOS Interoperability Guide Complete hardware installation instructions for installing the PVDM3 Cisco 2900 Series and 3900 Series Integrated Services Routers Hardwar
138. 2 a If the DRAM is equal to or greater than the new system image s minimum memory requirements proceed to the Ensuring Adequate Flash Memory for the New System Image section on page 183 b If the DRAM is less than the new system image s minimum flash requirements you must upgrade your DRAM See the hardware installation guide for your router Select the system image in the Cisco IOS Upgrade Planner at http www cisco com cgi bin Software Iosplanner Planner tool iosplanner cgi You must have an account at Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Write down the minimum memory requirements for the image as displayed in the File Download Information table Use the show version command to display the router processor and memory Add the memory sizes to calculate the amount of DRAM in your router For example if your memory sizes are 231424 KB and 30720 KB for a total of 262144 KB it would be 256 MB of DRAM P Tip To convert from kilobytes KB to megabytes MB divide the number of kilobytes by 1024 Compare the amount of DRAM in the router to the minimum memory requirements from Step 2 a Ifthe DRAM is equal to or greater than the new system image s minimum memory requirements proceed to the Ensuring Adequate Flash Memory for the New System Image section on page 183 b Ifthe DR
139. 2 State UP firmware 26 0 133 Max signal voice channel 16 16 Max credits 240 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX _GROUP_VOICE complexity FLEX Shared credits 240 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 dsp 3 State UP firmware 26 0 133 Max signal voice channel 16 16 Max credits 240 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX _GROUP_VOICE complexity FLEX Shared credits 240 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 158 OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 4 Step 5 How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways W dsp 4 State UP firmware Max signal voice channel Max credits 240 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 240 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 26 0
140. 23 1 23 1 23 323 1 23 oo you I I I 9 amp E 10 Tis ES 12 a 13 14 Ss es 15 16 a 17 iss 18 19 20 21 2 22 s 23 mU T a e S M a a a a EO S TAN S a A S T show voice dsp group all Use this command to display information for each DSP group for example Router show voice dsp group all DSP groups on slot 0 dsp 1 26 0 135 43 43 State UP firmware Max signal voice channel Max credits 645 num_of_sig_chnls_allocated 35 Transcoding channels allocated Group FLEX _GROUP_VOICE Shared credits 630 Signaling channels allocated Voice channels allocated 1 Credits used rounded up Voice channels Ch01 Slot 0 Device idx 0 PVDM Slot 0 Dsp Type SP2600 15 voice port dsp 2 26 0 135 43 43 State UP firmware Max signal voice channel Max credits 645 num_of_sig_chnls_allocated 0 Transcoding channels allocated Group FLEX _GROUP_VOICE Shared credits 645 Signaling channels allocated Voice channels allocated 0 Credits used rounded up 0 Slot 0 Device idx 0 PVDM Slot 0 Dsp Type SP2600 dsp 3 State UP firmware 26 0 135 Max signal voice channel 42 43 0 1 1 23 2 0 complexity FLEX reserved credits 0 35 codec g7llalaw credits allocated 15 0 complexity FLEX reserved credits 0 0 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Service
141. 4 Chapter Configuring Security Features amp Configuring VPN W Note The Cisco Easy VPN client feature supports configuration of only one destination peer If your application requires creation of multiple VPN tunnels you must manually configure the IPSec VPN and Network Address Translation Peer Address Translation NAT PAT parameters on both the client and the server Cisco 3900 series 2900 series and 1900 series ISRs can be also configured to act as Cisco Easy VPN servers letting authorized Cisco Easy VPN clients establish dynamic VPN tunnels to the connected network For information on configuring Cisco Easy VPN servers see the Easy VPN Server feature at http www cisco com en US docs ios 12_2t 12_2t8 feature guide ftunity html Site to Site VPN Example The configuration of a site to site VPN uses IPSec and the generic routing encapsulation GRE protocol to secure the connection between the branch office and the corporate network Figure 2 shows a typical deployment scenario Figure 2 Site to Site VPN Using an IPSec Tunnel and GRE 121783 Branch office containing multiple LANs and VLANs Fast Ethernet LAN interface With address 192 165 0 0 16 also the inside interface for NAT VPN client Cisco 3900 series 2900 series or 1900 series ISR Fast Ethernet or ATM interface With address 200 1 1 1 also the outside interface for NAT LAN interface Connects to the Internet with outside interface
142. 5134 1706 Cisco IOS Software C2900SM Software C2900 UNIVERSALK9 M Experimental Version 12 4 20090709 004325 ypatel secport2 128 Copyright c 1986 2009 by Cisco Systems Inc Compiled Thu 16 Jul 09 12 55 by ypatel This product contains cryptographic features and is subject to United States and local country laws governing import export transfer and use Delivery of Cisco cryptographic products does not imply third party authority to import export distribute or use encryption Importers exporters distributors and users are responsible for compliance with U S and local country laws By using this product you agree to comply with applicable laws and regulations If you are unable to comply with U S and local laws return this product immediately A summary of U S laws governing Cisco cryptographic products may be found at http www cisco com wwl export crypto tool stqrg html If you require further assistance please contact us by sending email to export cisco com Cisco c2911 revision 1 0 with 987136K 61440K bytes of memory Processor board ID 3 Gigabit Ethernet interfaces 1 terminal line DRAM configuration is 64 bits wide with parity enabled 255K bytes of non volatile configuration memory 62960K bytes of USB Flash usbflashO Read Write 248472K bytes of ATA System CompactFlash 0 Read Write 248472K bytes of ATA CompactFlash 1 Read Write Press RETURN to get started Nov 22 09 20 19 839 LINK 3 UPDO
143. 6 04 Chapter Upgrading the Cisco 10S Software How to Upgrade the Ciscol0S Image W Step12 Optional Configure the print variable Usage is TFTP_VERBOSE 0 1 2 where print O is quiet 1 in progress 2 verbose Step 13 Use the set command to display the ROM monitor environment variables to verify that you have configured them correctly For example rommon gt set Step14 Download the system image as specified by the ROM monitor environmental variables using the tftpdnld r command Without the r option the command downloads the specified image and saves it in flash memory deleting all existing data in all partitions in flash memory Using the r option downloads and boots the new software but does not save the software to flash memory rommon gt tftpdnld r A prompt is displayed Do you wish to continue y n in y Entering y confirms that you want to continue with the TFTP download What to Do Next Proceed to the Loading the New System Image section on page 192 Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash Memory Because the system image is stored on an external CompactFlash memory card you can use a PC with a compact flash card reader to format the card and copy a new system image file onto the card However this upgrade method is not commonly used For more information about using flash memory cards see Appendix B Using CompactFlash Memory Cards
144. 72 10 0 1 auth port 1645 acct port 1646 config aaa group server radius group1 config sg radius server 172 20 0 1 auth port 1000 acct port 1001 config sg radius exit config aaa group server radius group2 config sg radius server 172 20 0 1 auth port 2000 acct port 2001 config sg radius exit pPpppprpprpp rp U W W W a a gt w tg Configuring RADIUS Authorization for User Privileged Access and Network Services AAA authorization limits the services that are available to a user When AAA authorization is enabled the wireless device uses information retrieved from the user s profile which is in the local user database or on the security server to configure the user session The user is granted access to a requested service only if the user profile allows it You can use the aaa authorization command in global configuration mode with the radius keyword to set parameters that restrict a user s network access to privileged EXEC mode The aaa authorization exec radius command sets these authorization parameters e Use RADIUS for privileged EXEC access authorization if authentication was performed by using RADIUS e Use the local database if authentication was not performed by using RADIUS Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrate
145. 8 19 20 21 IP_ADDRESS 171 68 171 0 IP_SUBNET_MASK 255 255 254 0 DEFAULT_GATEWAY 171 68 170 3 TFTP_SERVER 171 69 1 129 TFTP_FILE c2801 is mz 113 2 0 3 Q tfitpdnld VVVVVV IP_ADDRESS 171 68 171 0 IP_SUBNET_MASK 255 255 254 0 DEFAULT_GATEWAY 171 68 170 3 TRIP SERVER 171 69 1 129 TFTP_FILE c2801 is mz 113 2 0 3 Q Receiving c2801 is mz 113 2 0 3 Q from 171 69 1 129 File reception completed Copying file c2801 is mz 113 2 0 3 Q to flash Erasing flash at 0x607c0000 program flash location 0x60440000 rommon 22 gt Sample Output for the set ROM Monitor Command rommon 3 gt set PS1l rommon gt IP_ADDRESS 172 18 16 76 IP_SUBNET_MASK 255 255 255 192 DEFAULT_GATEWAY 172 18 16 65 What to Do Next TFTP_SERVER 172 18 16 2 TFTP_FILE anyname rel22_Jan_16 c2801 i mz Prrrr Prrrr rrr rrr rrr rrr rd I If you want to configure the router to load a specified image at the next system reload or power cycle see the Loading and Managing System Images section in Cisco IOS Configuration Fundamentals Command Reference Troubleshooting Crashes and Hangs stack context frame sysret meminfo This section lists and describes some ROM monitor commands that can be used to troubleshoot router crashes and hangs Most ROM monitor debug commands are functional only when the router crashes or hangs If you enter a debug command when crash information is not ava
146. 8 101 1 Router config if Specifies the destination endpoint of the router for the GRE tunnel crypto map map name Example Router config if crypto map static map Router config if Assigns a crypto map to the tunnel Note Dynamic routing or static routes to the tunnel interface must be configured to establish connectivity between the sites See Cisco IOS Security Configuration Guide Secure Connectivity Release 12 4T for details exit Example Router config if exit Router config Exits interface configuration mode and returns to global configuration mode ip access list standard extended access list name Example Router config ip access list extended vpnstaticl Router config acl Enters ACL configuration mode for the named ACL that the crypto map uses permit protocol source source wildcard destination destination wildcard Example Router config acl permit gre host 192 168 100 1 host 192 168 101 1 Router config acl Specifies that only GRE traffic is permitted on the outbound interface exit Example Router config acl exit Router config 1 ACL access control list Returns to global configuration mode I OL 20696 04 m Chapter Configuring Security Features HZ Configuring VPN Configuration Example The following configuration example shows a portion of the configuration file for a site to site VPN using a
147. 900 Series Integrated Services Routers Generation 2 Software Configuration Guide B 10 OL 20696 04 APPENDIX Using ROM Monitor The ROM monitor is accessed during power up or reload when the router does not find a valid system image the last digit of the boot field in the configuration register is 0 or you enter the Break key sequence during the first 5 seconds after reloading the router The following sections describe how to use the ROM monitor in the Cisco 3900 series 2900 series 1900 series integrated services routers ISRs to manually load a system image or upgrade the system image for disaster or when there are no TFTP servers or network connections e Prerequisites for Using the ROM Monitor page C 1 e Information About the ROM Monitor page C 1 e How to Use the ROM Monitor Typical Tasks page C 3 e Additional References page C 27 Prerequisites for Using the ROM Monitor Connect a terminal or PC to the router console port For help see the hardware installation guide for your router Information About the ROM Monitor Before using the ROM monitor you should understand the following concepts e ROM Monitor Mode Command Prompt page C 1 e Why is the Router in ROM Monitor Mode page C 2 e When do I use ROM Monitor page C 2 e Tips for Using ROM Monitor Commands page C 2 e Accessibility page C 3 ROM Monitor Mode Command Prompt The ROM monitor uses the rommon x gt command prompt The x variable begins at 1 a
148. 96 04 Chapter Configuring the Wireless Device Configuring Wireless Settings W Security Types Table 1 describes the four security types that you can assign to an SSID Table 1 Types of SSID Security Security Type Description Security Features Enabled No Security This is the least secure option You should use this option None only for SSIDs used in a public space and assign it to a VLAN that restricts access to your network Static WEP Key This option is more secure than no security However Mandatory WEP Client devices static WEP keys are vulnerable to attack If you cannot associate using this SSID configure this setting you should consider limiting without a WEP key that matches the association to the wireless device based on MAC wireless device key address See Cipher Suites and WEP at Cisco com for configuration procedures http www cisco com en US docs routers access wireless software guide SecurityCipherSuitesWEP html Or If your network does not have a RADIUS server consider using an access point as a local authentication server See Using the Access Point as a Local Authenticator at Cisco com for instructions http www cisco com en US docs routers access wireless software guide SecurityLocalAuthent html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 TEEN Chapter Configuring the Wireless
149. AM is less than the new system image s minimum memory requirements you must upgrade your DRAM See the hardware installation guide for your router E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image W Ensuring Adequate Flash Memory for the New System Image This section describes how to check whether your router has enough flash memory to upgrade to the new system image and if necessary how to properly delete files in flash memory to make room for the new system image Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs have two external CF slots and two USB slots Use the secondary CF for overflow files if required Table 3 lists CF slot number name and size Table 3 Compact Flash Slot Number Name and Size Slot Number CF Filename Size Slot02 flasho 256MB Slot1 flash1 0 The maximum storage capacity for the CF in Slot0 and Slot is 4GB 2 SlotO is the default CF slot CF in Slot0 stores system image configuration and data files CF must be present in this slot for the router to boot and perform normal file operations Table 4 lists the USB slot number name and size Table 4 USB Slot Number Name and Size Slot Number USB Filename Size SlotO usbflash0o 64MB Slotl usbflash1 0 1 The max
150. Aironet extensions if they are disabled Configuring the Ethernet Encapsulation Transformation Method When the wireless device receives data packets that are not 802 3 packets the wireless device must format the packets to 802 3 by using an encapsulation transformation method These are the two transformation methods e 802 1H This method provides optimum performance for Cisco wireless products e RFC 1042 Use this setting to ensure interoperability with non Cisco wireless equipment RFC1042 does not provide the interoperability advantages of 802 1H but is used by other manufacturers of wireless equipment To configure the encapsulation transformation method follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal interface dotllradio 0 1 payload encapsulation snap dotih end oF wN copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 E Chapter Configuring Radio Settings W Enabling and Disabling Public Secure Packet Forwarding DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Command Purpose configure terminal Enters global configuration mode interface dotl1lradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 payload en
151. Apafi CISCO Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide December 23 2014 Cisco Systems Inc www cisco com Cisco has more than 200 offices worldwide Addresses phone numbers and fax numbers are listed on the Cisco website at www cisco com go offices Text Part Number OL 20696 04 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS INFORMATION AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California Berkeley UCB as part of UCB s public domain version of the UNIX operating system All rights reserved Copyright 1981 Regents of the University of California NOTWITHSTANDING ANY OTHER WARRANTY HEREIN ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS CISCO A
152. C mode Verifying the Controlling Port Authorization State Use the show authentication sessions and show dot1x commands to verify the Controlling Port Authorization state c1921 show authentication sessions Method dot1ix MAC Address unknown Interface Gid 1 Domain DATA Session ID 030303030000000A002CFCBC Status Authz Success c1921 show authentication sessions interface gi0 1 Interface GigabitEthernet0 1 MAC Address Unknown IP Address Unknown Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 120 E OL 20696 04 Configuring Identity Features on Layer 3 Interface _ Chapter Configuring Identity Features on Layer 3 Interface Status Domain Oper host mode Oper control dir Authorized By Vlan Group Session timeout Idle timeout Common Session ID Acct Session ID Handle Runnable methods list Method State dot1x c1921 show dotix inter Authz Success DATA single host both Authentication Server N A N A N A 030303030000000A002CFCBC 0x0000000D 0x7C00000B Authc Success face g0 1 Dot1x Info for GigabitEthernet0 1 PAE PortControl ControlDirection HostMode QuietPeriod ServerTimeout SuppTimeout ReAuthMax MaxReq TxPeriod AUTHENTICATOR FORCE_AUTHORIZED Both SING 60 40 30 2 2 30 1E_HOST c1921 show authenticat
153. C or terminal If Ctrl Break does not work see the Standard Break Key Sequence Combinations During Password Recovery tech note Example Sample Output for the reload Command Use break key sequence to enter rom monitor Router reload Proceed with reload Sep 23 15 54 25 871 command telnet gt send break confirm SSYS 5 R ELOAD Reload requested by console Reload Reason Reload System received an abort due to Break Key signal 0x3 code 0x0 PC 0x4008b5dc Cause 0x20 rommon 1 gt context 0x43laaf40 Status Reg 0x3400c102 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor Typical Tasks i Troubleshooting Tips The Break key sequence varies depending on the software on your PC or terminal See the Standard Break Key Sequence Combinations During Password Recovery tech note What to Do Next e Proceed to the Displaying Commands and Command Syntax in ROM Monitor Mode help section on page C 7 e If you use the Break key sequence to enter ROM monitor mode when the router would otherwise have booted the system image you can exit ROM monitor mode by doing one of the following Enter the i or reset command which restarts the booting process and loads the system image Enter the cont command which c
154. CS can authenticate administrators who are accessing the wireless device through the CLI Configuring TACACS Login Authentication SUMMARY STEPS To configure AAA authentication you define a named list of authentication methods and then apply the list to various interfaces The method list defines the types of authentication to be performed and the sequence in which they are performed it must be applied to a specific interface before any defined authentication methods are performed The only exception is the default method list which is named default The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined A method list describes the sequence and authentication methods to be used to authenticate a user You can designate one or more security protocols for authentication thus ensuring a backup system for authentication in case the initial method fails The software uses the first method listed to authenticate users If that method fails to respond the software selects the next authentication method in the method list This process continues until there is successful communication with a listed authentication method or until all defined methods are exhausted If authentication fails at any point in this cycle that is the security server or local username database responds by denying the user access the authentication process stops and no other authentication methods ar
155. Cisco 10S CLI for Initial Configuration Examples Using the Cisco 10S CLI to Perform Initial Configuration Tl Specifying a Default Route Example ip routing ip route 192 168 24 0 255 255 255 0 172 28 99 2 ip default network 192 168 24 0 Sample Output for the show ip route Command Router show ip route Codes C connected S static I IGRP R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area El OSPF external type 1 E2 OSPF external type 2 E EGP i IS IS L1 IS IS level 1 L2 IS IS level 2 candidate default Gateway of last resort is 172 28 99 2 to network 192 168 24 0 172 24 0 0 255 255 255 0 is subnetted 1 subnets C 172 24 192 0 is directly connected GigaEthernet0 S 172 24 0 0 255 255 0 0 1 0 via 172 28 99 0 s 192 168 24 0 1 0 via 172 28 99 2 172 16 0 0 255 255 255 0 is subnetted 1 subnets Cc 172 16 99 0 is directly connected GigaEthernet1 Router Configuring Virtual Terminal Lines for Remote Console Access Virtual terminal vty lines are used to allow remote access to the router This section shows you how to configure the virtual terminal lines with a password so that only authorized users can remotely access the router The router has five virtual terminal lines by default However you can create additional virtual terminal lines as described in the Cisco IOS Terminal Services Configuration Guide Release 12 4 S
156. Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide ios E OL 20696 04 Chapter Configuring Security Features Configuring Dynamic Multipoint VPN W VLAN 1 is the internal home network interface vlan 1 ip address 10 1 1 1 255 255 255 0 ip nat inside ip inspect firewall in Inspection examines outbound traffic crypto map static map no cdp enable I FE4 is the outside or Internet exposed interface interface fastethernet 4 ip address 210 110 101 211 255 255 255 0 acl 103 permits IPsec traffic from the corp router as well as denies Internet initiated traffic inbound ip access group 103 in ip nat outside no cdp enable crypto map to_corporate Applies the IPsec tunnel to the outside interface I Utilize NAT overload in order to make best use of the single address provided by the ISP ip nat inside source list 102 interface Ethernet1 overload ip classless ip route 0 0 0 0 0 0 0 0 210 110 101 1 no ip http server I acl 102 associated addresses used for NAT access list 102 permit ip 10 1 1 0 0 0 0 255 any acl 103 defines traffic allowed from the peer for the IPsec tunnel access list 103 permit udp host 200 1 1 1 any eq isakmp access list 103 permit udp host 200 1 1 1 eq isakmp any access list 103 permit esp host 200 1 1 1 any Allow ICMP for debugging but should be disabled because of security implications access list 103 permit
157. Command Purpose Step1 ethernet loopback stop local Stops Ethernet external loopback on a subinterface interface gigabitethernet slot port sub port id session id Enter the value of the loopback session ID to specify the loopback session that you want to stop Example Router ethernet loopback stop local interface gigabitethernet 0 2 1101 id 1 Step2 show ethernet loopback active Displays information to verify if the loopback session has ended Example Router show ethernet loopback active Configuration Examples for Ethernet Data Plane Loopback This example shows how to configure Ethernet data plane loopback using single tagging Router gt enable Router configure terminal Router config interface gigabitethernet 0 2 1101 Router config subif encapsulation dotiq 100 Router config subif ethernet loopback permit external Router config subif end This example shows how to configure Ethernet data plane loopback using double tagging Router gt enable Router configure terminal Router config interface gigabitethernet 0 2 1101 Router config subif encapsulation dotlq 100 second doti1lgq 1101 Router config subif ethernet loopback permit external Router config subif end This example shows how to start an Ethernet data plane loopback Router ethernet loopback start local interface gigabitethernet 0 2 1101 external timeout none I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series
158. Config file buffer size 32768 Mode Button on Performing the Upgrade Step 1 Step 2 To upgrade to Unified software follow these steps Issue the service module wlan ap 0 bootimage unified command to change the access point boot image to the Unified upgrade image which is also known as a recovery image Router conf terminal Router config service module wlan ap 0 bootimage unified Router config end amp Note If the service module wlan ap 0 bootimage unified command does not work successfully check to see whether the software license is still eligible On the access point console use the show boot command to identify the access point s boot image path autonomous AP show boot BOOT path list flash ap801 rcvk9w8 mx ap801 rcevk9w8 mx Issue the service module wlan ap 0 reload command to perform a graceful shutdown and reboot the access point and complete the upgrade process Session into the access point and monitor the upgrade process See the Cisco Express Setup section on page 210 for details about using the Web based configuration page to configure the wireless device settings Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring the Wireless Device Upgrading to Cisco Unified Software Hi Troubleshooting an Upgrade or Reverting the AP to Autonomous Mode Q
159. Console Cisco 3900 series 2900 series and 1900 series ISRs provide an additional mechanism for configuring the system through a USB serial console port The traditional RJ 45 serial console port is also available Power Management Some modules and interface cards that are inserted in new slots provide hardware and software power management features described below e High efficiency AC power supplies e Electrical components with built in power saving features such as RAM select and clock gating e Ability to disable unused clocks to modules and peripherals e Ability to power down unused modules and put peripherals into a reset state put front panel ports and unused internal components in a shutdown or reset state Advanced Capability CompactFlash Cisco 3900 series 2900 series and 1900 series ISRs use Advanced Capability CF memory to store the system image configuration files and some software data files SFP Gigabit Ethernet Port Cisco 2921 Cisco 2951 and Cisco 3900 Series routers have an SFP Gigabit Ethernet port that supports copper and fiber concurrent connections Media can be configured for failover redundancy when the network goes down For more information see the Configuring Backup Data Lines and Remote Management section on page 57 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 C
160. Controllers e Unified Wireless LAN Access Points Voice e Cisco IOS Voice Port Configuration Guide e SCCP Controlled Analog FXS Ports with Supplementary Features in Cisco IOS Gateways Modules e Cisco SRE Internal Service Modules Configuration Guide e Cisco Services Ready Engine Configuration Guide e Cisco SRE Service Modules Configuration Guide e Connecting Cisco EtherSwitch Service Modules to the Network e Cisco EtherSwitch Service Modules Feature Guide Searching Cisco Documents To search a Hyper Text Markup Language HTML document using a web browser press Ctrl F Windows or Cmd F Apple In most browsers the option to search whole words only invoke case sensitivity or search forward and backward is also available To search a PDF document in Adobe Reader use the basic Find toolbar Ctrl F or the Full Reader Search window Shift Ctrl F Use the Find toolbar to find words or phrases within a specific document Use the Full Reader Search window to search multiple PDF files simultaneously and to change case sensitivity and other options Adobe Reader s online help has more information about how to search PDF documents Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 g is Preface W Searching Cisco Documents Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Gene
161. DMMs Transmitted 117 DMRs Revd 117 1DMs Transmitted 0 Revd 0 LMMs Transmitted 0 LMRs Revd 0 VSMs Transmitted 0 VSRSs Revd 0 SLMs Transmitted 0 SLRs Revd 0 Test ID 0 Router1 Last clearing of counters RP monitor Tx active yes RP monitor Rx active yes 148 150 Router config show ethernet cfm pm session detail 0 00 00 00 000 UTC Mon Jan 1 1900 Router show ethernet cfm pm session db 0 TX Time FWD RX Time FWD Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces TX Time BWD Sec nSec Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface RX Time BWD Sec nSec Frame Delay Sec nSec Session ID 0 kkkkkkkkkkxkkxkkxkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk 3591 3591 1340722 930326034 1340663 866898528 3591 3591 1340663 866791722 1340722 930707484 0 274644 KKK KKK KK KK KK KKK KKK KKK KKK KKK KK KK KK KK KKK KK KK KKK KK KK KKK KK KKK KKK KKK KEK KK KKK EKER EK 3591 3591 1340723 927640626 1340664 864182604 3591 3591 1340664 864091056 1340723 927976302 0 244128 KKK KKK KKK KKK KKK KKK KK KEK KK KKK RK KKK KKK KKK KK KKK KK KK KKK KK KKK KK KK KKK KKK KKK KK KKEKKEKE 3591 3591 1340724 927640626
162. Displays a brief status of the interfaces that are configured for IP Example e Verify that the Ethernet interfaces are up and Router show ip interface brief configured correctly Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 E AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration Examples Configuring the GigabitEthernet Interface Example interface GigabitEthernet0 0 description GE int to HR group ip address 172 16 3 3 255 255 255 0 duplex auto speed auto no shutdown Sample Output for the show ip interface brief Command Router show ip interface brief Interface IP Address OK Method Status Protocol GigabitEthernet0 0 172516 3 3 YES NVRAM up up GigabitEthernet0 1 unassigned YES NVRAM administratively down down Router Specifying a Default Route or Gateway of Last Resort IP Routing This section describes how to specify a default route with IP routing enabled For alternative methods of specifying a default route see the Configuring a Gateway of Last Resort Using IP Commands tech note The Cisco IOS software uses the gateway router of last resort if it does not have a better route for a packet and if the destination is not a connected network This section describes how to select a network as a default route a candidate route for computing the gat
163. E HE HE HE FE HE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE FE HE HE HE HE HE HE HE FE HE FE FE HE FE FE HE FE FE HE HE FE HE HE HE HE FE HE HE FE HE HE HE HE HE HE HE HE HE HE E HE FHE HE HE FHE HE HE FHE HE HE HE HE HE FE HE HE HE HE HE HE HE HE HH HEHE HE HE HE HE HE HE HE HE AE HE HE HE HE HE HE HE HE HE HE HE HE HE E HE HE FE FE HE FE FE HE FE HE HE TE HE HE TE FE EE HE FE EE TE FE EE E E E E E E A EERE EEREHREEHEEHH OK Smart Init is enabled smart init is sizing iomem TYPE MEMORY_REQ HWIC Slot 0 0x00200000 HWIC Slot 1 0x00200000 HWIC Slot 2 0x00200000 HWIC Slot 3 0x00200000 PVDM SIMM 0 0x00200000 PVDM SIMM 1 0x00200000 SM Slot 1 0x00600000 ISM Slot 2 0x00600000 Onboard devices amp buffer pools 0x0228F000 TOTAL 0x03A8F000 Rounded IOMEM up to 60Mb Using 5 percent iomem 60Mb 1024Mb Restricted Rights Legend OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E AppendixC Using ROM Monitor HI How to Use the ROM Monitor Typical Tasks Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 cisco Systems Inc 170 West Tasman Drive San Jose California 9
164. E HE HE HE HE FE HE HE HE HE HE HE HE E HE HE FE HE HE FE HE HE FE HE HE HE HE HE HE HE FE HE FE FE HE FE FE HE FE FE HE HE HE HE FE HE HE FE FE HE FHE HE HE HE HE HE HE HE HE HE HE HE HE HE HE HE HE FHE HE HE FHE HE HE HE HE HE HE HE HE HE HE HE HH FE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE HE HE HE HE HE FE HE HE FE HE HE FE HE HE FE HE HE HE HE E HE FE FE HE FHE FE HE FE FE HE HE FE HE FE FE HE FE HE HE FE HE FE HE HE FHE HE HE HE Ha HE HE HE HE FHE HE HE FHE HE HE FHE HE HE FE HE HE HE HE HE HE HE HE H FE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE HE HE HE FE HE HE FE HE E HE HE FE HE HE FE HE HE TE HE HE TE HE HE TE FE EE TE FE EE E E E E E E E E EHEER EEHEEHEEREEEREEHEEHEEHH OK Smart Init is enabled smart init is sizing iomem TYPE MEMORY_REQ HWIC Slot 0 0x00200000 HWIC Slot 1 0x00200000 HWIC Slot 2 0x00200000 HWIC Slot 3 0x00200000 PVDM SIMM 0 0x00200000 PVDM SIMM 1 0x00200000 SM Slot 1 0x00600000 ISM Slot 2 0x00600000 Onboard devices amp buffer pools 0x0228F000 TOTAL 0x03A8F000 Rounded IOMEM up to 60Mb Using 5 percent iomem 60Mb 1024Mb Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 cisco Systems Inc 170 West Tasman Dr
165. EPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 7 interface dialer dialer rotary group number 8 ip address negotiated 9 encapsulation encapsulation type 10 dialer pool number 11 dialer string dial string isdn subaddress 12 dialer group group number 13 exit 14 dialer list dialer group protocol protocol name permit deny list access list number access group Command Purpose isdn switch type switch type Example Router config isdn switch type basic net3 Router config Specifies the ISDN switch type The example specifies a switch type used in Australia Europe and the United Kingdom For details on other supported switch types see Cisco IOS Dial Technologies Command Reference interface type number Example Router config interface bri 0 Router config if Enters configuration mode for the ISDN BRI encapsulation encapsulation type Example Router config if encapsulation ppp Router config if Sets the BRIO interface encapsulation type dialer pool member number Example Router config if dialer pool member 1 Router config if Specifies the dialer pool membership isdn switch type switch type Example Router config if isdn switch type basic net3 Router config if Specifies the ISDN switch type exit Example Router config if exit Router config Exits interface configuration mode and enters g
166. Ethernet speed we recommend that you use auto the default setting Step4 duplex auto full half Configures the duplex setting we recommend that you use auto the default setting Step5 end Returns to privileged EXEC mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ms 287 Chapter Administering the Wireless Device WE Configuring the Access Point for Wireless Network Management Command Purpose Step6 show running config Verifies your entries Step7 copy running config startup config Optional Saves your entries in the configuration file Configuring the Access Point for Wireless Network Management You can enable the wireless device for wireless network management The wireless network manager WNM manages the devices on your wireless LAN Enter the following command to configure the wireless device to interact with the WNM AP config wlccp wnm ip address ip address Enter the following command to check the authentication status between the WDS access point and the WNM AP show wlccp wnm status Possible statuses are not authenticated authentication in progress authentication fail authenticated and security keys setup Configuring the Access Point for Local Authentication and Authorization You can configure AAA to operate without a server by configuring the wireless device to implement AAA
167. Example Router config end Returns to privileged EXEC mode Step6 show running config Displays the running configuration file Example Router config show running config e Verify that you properly configured the idle privileged EXEC timeout Examples The following example shows how to set the console idle privileged EXEC timeout to 2 minutes 30 seconds line console exec timeout 2 30 The following example shows how to set the console idle privileged EXEC timeout to 10 seconds line console exec timeout 0 10 Configuring Gigabit Ethernet Interfaces SUMMARY STEPS This sections shows how to assign an IP address and interface description to an Ethernet interface on your router For comprehensive configuration information on Gigabit Ethernet interfaces see the Configuring LAN Interfaces chapter of Cisco IOS Interface and Hardware Component Configuration Guide http www cisco com en US docs ios 12_2 interface configuration guide icflanin html For information on interface numbering see Software Configuration Guide for your router enable show ip interface brief configure terminal interface gigabitethernet 0 port description string ip address ip address mask no shutdown end O o N A a SY DN show ip interface brief E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appen
168. Express Setup tool Step 1 Establish a Console connection to the wireless device and get the BVI IP address by entering the show interface bvil IOS command Step2 Open a browser window and enter the BVI IP address in the browser window address line Press enter and an Enter Network Password window appears Step3 Enter your username Cisco is the default User Name Step4 Enter the wireless device password Cisco is the default password The Summary Status page appears See the following URL for details about using the web browser configuration page http cisco com en US docs wireless access_point 12 4_10b_JA configuration guide scg12410b chap4 first html wp 1103336 Cisco IOS CLI To configure the Autonomous wireless device establish a session between the router and the access point then use the Cisco IOS CLI tool e Configuring the Radio page 210 e Configuring Wireless Security Settings page 211 e Configuring Wireless Quality of Service page 214 Optional e Configuring the Access Point in Hot Standby Mode page 215 Optional Configuring the Radio Configure the radio parameters on the wireless device to transmit signals See Chapter 9 Configuring Radio Settings for specific configuration procedures Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 210 OL 20696 04 Chapter Configuring the Wireless Device Configuring Wire
169. F memory card see the hardware installation guide for your router How to Format CompactFlash Memory Cards This section contains the following procedures e Determining the File System on a CompactFlash Memory Card page B 2 e Formatting CompactFlash Memory as a Class C File System page B 3 Determining the File System on a CompactFlash Memory Card To determine the file system of a CF memory card enter the show flash all command in privileged EXEC mode e If geometry and format information does not appear in the output the card is formatted with a Class B flash file system Class B files systems are not supported on CF inserted in Cisco 3900 Series 2900 Series and 1900 Series Integrated Services Routers e If geometry and format information appears in the output the card is formatted with a Class C flash file system The following examples show sample outputs for Class B and Class C flash file systems amp Note Use flash1 in the command syntax to access CF in slot1 Use flasho in the command syntax to access CF in slot0 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide B 2 OL 20696 04 _ Appendix B Using CompactFlash Memory Cards How to Format CompactFlash Memory Cards W External Card with Class B Flash File System Example The geometry and format information does not appear Router show flash all Partition
170. GRE tunnel as described in the preceding sections aaa new model aaa authentication login rtr remote local aaa authorization network rtr remote local aaa session id common username usernamel password 0 password1 interface tunnel 1 ip address 10 62 1 193 255 255 255 252 tunnel source fastethernet 0 tunnel destination interface 192 168 101 1 ip route 20 20 20 0 255 255 255 0 tunnel 1 crypto isakmp policy 1 encryption 3des authentication pre share group 2 crypto isakmp client configuration group rtr remote key secret password dns 10 50 10 1 10 60 10 1 domain company com pool dynpool I crypto ipsec transform set vpn1 esp 3des esp sha hmac 1 crypto ipsec security association lifetime seconds 86400 I crypto dynamic map dynmap 1 set transform set vpn1 reverse route I crypto map static map 1 ipsec isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr remote crypto map dynmap client configuration address respond I Defines the key association and authentication for IPsec tunnel crypto isakmp policy 1 hash md5 authentication pre share crypto isakmp key cisco123 address 200 1 1 1 I Defines encryption and transform set for the IPsec tunnel crypto ipsec transform set set1 esp 3des esp md5 hmac Associates all crypto values and peering address for the IPsec tunnel crypto map to_corporate 1 ipsec isakmp set peer 200 1 1 1 set transform set setl match address 105 Cisco 3900 Series
171. Generation 2 Software Configuration Guide I OL 20696 04 E Chapter Configuring Next Generation High Density PVDM3 Modules HZ Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Table 2 Example of a DSP Numbering Scheme for PVDM3 Only PVDM2 Only and Mixed Installation PVDM slot 0 PVDM slot 1 PVDM slot 2 PVDM slot 3 PVDM3 Only PVDM3 256 PVDM3 16 PVDM3 64 PVDM3 192 DSP ID 1 2 3 4 5 6 7 13 14 19 20 21 22 23 Device ID 0 0 0 1 1 1 2 4 4 6 6 6 7 7 PVDM2 Only PVDM2 32 PVDM2 64 PVDM2 16 PVDM2 48 DSP ID 1 2 5 6 7 8 9 13 14 15 Mixed Installation PVDM DM PVDM3 256 PVDM3 32 DSP ID 1 2 23 24 25 26 27 28 29 Device ID 2 2 23 3 3 DSP Image for the PVDM3 The DSP image for the PVDM3 supports all features supported on PVDM2 except Cisco Fax Relay The DSP image provides feature capability to implement the signal processing layer for a TDM to IP gateway TDM to IP gateway for voice telephony including support for multicast conferencing through the mixing of multiple IP streams out a single TDM port Low level processing of CAS from a T1 E1 interface through the use of digital signaling channels Control and low level processing of the signaling for analog telephony interface implemented on Cisco s voice interface card VIC hardware Support for Voice Band Data VBD through the use of upspeeding channels Support of facsimile using
172. Guide I oL 20696 04 ESEN AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration SUMMARY STEPS 1 enable 2 configure terminal 3 line aux 0 4 See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port DETAILED STEPS Command or Action Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 configure terminal Enters global configuration mode Example Router configure terminal Step3 line aux 0 Starts the line configuration command collection mode for the auxiliary line Example Router config line aux 0 Step4 See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port Verifying Network Connectivity This section describes how to verify network connectivity for your router Prerequisites e Complete all previous configuration tasks in this document e The router must be connected to a properly configured network host SUMMARY STEPS 1 enable 2 ping ip address hostname 3 telnet ip address hostname Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide A 14 OL 20696 04 Appendix A Cisco 10S CLI for Initial Configuration Using the Cisco 10S CLI to Pe
173. IC 3 PVDM 0 PVDM 1 PVDM 2 PVDM 3 SM 1 SM 2 SM 3 SM 4 Viewing Module and Interface Card Status on the Router Multi gigabit Fabric MGF displays module and interface card details To show the details of the MGF use the show platform mgf command in privileged EXEC mode The following example displays the output for the show platform mgf module command when entered on a Cisco 3945 ISR Table 1 on page 175 displays the information code that appears in the output Router show platform mgf module Registered Module Information Code NR Not Registered TM Trust Mode SP Scheduling Profile BL Buffer Level TR Traffic Rate PT Pause Threshold slot vlan type ID TM SP BL TR PT ISM NR EHWIC 0 NR EHWIC 1 NR EHWIC 2 NR EHWIC 3 NR PVDM 0 NR PVDM 1 NR PVDM 2 NR PVDM 3 NR SM 1 T SM 6 UP 1 high 1000 high SM 2 1 SM 6 UP 1 high 1000 high SM 3 NR SM 4 NR Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide EZE OL 20696 04 Chapter Configuring Multi Gigabit Fabric Communication Viewing Platform Information W Table 1 Show Platform MGF Module Information Code Code Description NR Not registered TM Trust mode User Priority UP or Differentiated Service Code DSCP SP Scheduling profile BL Buffer level TR Traffic rate PT Pause threshold level Viewing Multi Gigabit Fabric Statistics
174. IGRP routes indicated by D You should see verification output similar to the following Router show ip route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 i IS IS su IS IS summary L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets 10 108 1 0 is directly connected Loopback0O D 3 0 0 0 8 90 409600 via 2 2 2 1 00 00 02 Ethernet0 0 Q Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide EN OL 20696 04 Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces This chapter provides procedures for configuring the network interface device functionality Ethernet data plane loopback IEEE connectivity fault management and Y 1731 performance monitoring and contains the following sections e Configuring a Network Interface Device on the L3 Interface page 25 e Ethernet Data Plane Loopback page 28 e CFM Support on Routed Port and Port MEP page 34 e Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface page 5
175. ILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 ip dhcp excluded address ow_address high_address Excludes the wireless device IP address from the range of addresses that the wireless device assigns Enter the IP address in four groups of characters such as 10 91 6 158 The wireless device assumes that all IP addresses in a DHCP address pool subnet are available for assigning to DHCP clients You must specify the IP addresses that the DHCP server should not assign to clients Optional To enter a range of excluded addresses enter the address at the low end of the range followed by the address at the high end of the range Step3 ip dhcp pool pool_name Creates a name for the pool of IP addresses that the wireless device assigns in response to DHCP requests and enters DHCP configuration mode Step4 network subnet_number mask prefix length Assigns the subnet number for the address pool The wireless device assigns IP addresses within this subnet Optional Assigns a subnet mask for the address pool or specifies the number of bits that compose the address prefix The prefix is an alternative way of assigning the network mask The prefix length must be preceded by a forward slash Step5 lease days hours minutes infinite Configures the duration of the lease for IP addresses assigned by the wireless device e days configure the lease dur
176. IOS Image onthe Access Point W IP address of remote host 255 255 255 255 192 0 0 1 filename to write on tftp host 2900 universalk9 mz writing c2900 mz successful ftp write How to Upgrade the IOS Image on the Access Point This section describes how to upgrade the Cisco IOS image on the access point To upgrade the IOS image on the access point establish connectivity between the access point and the download server by following these steps e Define the WAN Interface on the Router page 199 e Secure an IP Address on the Access Point page 200 e Confirm Connectivity and Settings page 200 e Upgrading the IOS Image on the Access Point page 201 Define the WAN Interface on the Router To define a WAN interface to connect to a TFTP network for image download follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface gigabitethernet slot port 2 ip address ip address mask 3 no shutdown 4 exit DETAILED STEPS Command Purpose Step 1 interface gigabitethernet s ot port Example Router config interface gigabitethernet 0 0 Router config if Enters the configuration mode for a Gigabit Ethernet interface on the router Step2 ip address ip address mask Example Router config if ip address 192 168 12 2 255 255 255 0 Router config if Sets the IP address and subnet mask for the specified Gigabit Ethernet interface I OL 20696 04 Cisco 39
177. IUS is facilitated through authentication authorization and accounting AAA and can be enabled only through AAA commands Note For complete syntax and usage information for the commands used in this section see Cisco IOS Security Command Reference These sections describe RADIUS configuration e Default RADIUS Configuration page 265 e Configuring RADIUS Login Authentication page 265 required e Defining AAA Server Groups page 267 optional e Configuring RADIUS Authorization for User Privileged Access and Network Services page 269 optional e Displaying the RADIUS Configuration page 270 Default RADIUS Configuration RADIUS and AAA are disabled by default To prevent a lapse in security you cannot configure RADIUS through a network management application When enabled RADIUS can authenticate users who are accessing the wireless device through the command line interface CLI Configuring RADIUS Login Authentication To configure AAA authentication you define a named list of authentication methods and then apply the list to various interfaces The method list defines the types of authentication to be performed and the sequence in which they are performed it must be applied to a specific interface before any defined authentication methods are performed The only exception is the default method list which is named default The default method list is automatically applied to all interfaces except those that have a name
178. M configuration If you need to set the router I O memory permanently by using a manual method use the memory size iomem Cisco IOS command If you set the I O memory from the Cisco IOS software you must restart the router for I O memory to be set properly When the configured I O memory exceeds the IOS limit 1G IOS will automatically set an appropriate I O memory size and print this message IOMEM size calculated is greater than maximum allowed during boot up 1 iomemset i o memory percentage Command or Action Purpose Step1 iomemset i o memory percentage Reallocates the percentage of DRAM used for I O memory Example rommon gt iomemset 15 and processor memory OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide ra AppendixC Using ROM Monitor HI Howto Use the ROM Monitor Typical Tasks Examples In the following example the percentage of DRAM used for I O memory is set to 15 rommon 2 gt iomemset usage iomemset smartinit 5 10 15 20 25 30 40 50 rommon 3 gt rommon 3 gt iomemset 15 Invoking this command will change the io memory percent XWARNING IOS may not keep this value Do you wish to continue y n n y rommon 4 gt meminfo Current Memory configuration is Onboard SDRAM Size 128 MB Start Addr 0x10000000 eee Bank 0 128 MB Boas Bank 1 0 MB Dimm 0
179. MMARY STEPS 1 configure terminal 2 interface dotilradio 0 1 3 world mode dotl1ld country_code code both indoor outdoor world mode roaming legacy 4 end 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface doti1radio 0 1 Enters interface configuration mode for the radio interface Step3 world mode Enables world mode dot11d country code code e Enter the dot11d option to enable 802 11d world mode both indoor outdoor world mode roaming legacy When you enter the dot11d option you must enter a 2 character ISO country code for example the ISO country code for the United States is US You can find a list of ISO country codes at the ISO website After the country code you must enter indoor outdoor or both to indicate the placement of the wireless device e Enter the legacy option to enable Cisco legacy world mode e Enter the world mode roaming option to place the access point in a continuous world mode configuration Note Aironet extensions must be enabled for legacy world mode operation but Aironet extensions are not required for 802 11d world mode Aironet extensions are enabled by default Step4 end Returns to privileged EXEC mode Step5 copy running config startup config Optional Saves your entries in the configuration file Use the no form of the world mode command to disable world mode C
180. ND THE ABOVE NAMED SUPPLIERS DISCLAIM ALL WARRANTIES EXPRESSED OR IMPLIED INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R Any Internet Protocol IP addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers Any examples command display output network topology diagrams and other figures included in the document are shown for illustrative purposes only Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Software Configurati
181. P failure detection that is ten times faster than existing technology The DSP Resource Manager has been enhanced so that PVDM3 modules can pool DSP resources and share DSP resources across voice service modules when there is a combination of PVDM2 based using 5510 DSP modules and PVDM3 based modules in one router This supports the coexistence of PVDM2 PVDM2 DM and PVDM3 modules on separate boards in the same router However any PVDM2 modules inadvertently deployed on the same voice card as PVDM3 modules are shut down amp Note Different generation PVDM types can exist on different voice cards within the same router but not on the same voice card Each voice card in a router can support only PVDM2 or PVDM3 modules There cannot be a combination of the two different PVDM types on the same voice card There can be only one type of PVDM on the router motherboard either PVDM2 or PVDM3 modules not a combination of the two PVDM2s can reside on a network module within a router that supports PVDM3 modules on the motherboard but PYDM2 and PVDM3 modules cannot be mixed on the network module and PVDM2s and PVDM3s may not be mixed on the router motherboard Contents e Prerequisites for Configuring the PVDM3 Module on Cisco Voice Gateway Routers page 146 e Restrictions for Configuring the PVDM3 Module on Cisco Voice Gateway Routers page 146 e Information About Configuring the PYDM3 Module on Cisco Voice Gateway Routers page 147
182. PS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 dir flash0 partition number Use this command to list files in flash memory rommon gt dir flash0 program load complete entry point 0x4000000 size 0x18fa0 Directory of flash0 2 48296872 rw c3900 universalk9 mz SPA Note whether the new system image is the first file or the only file listed in the dir flash0 command output confreg 0x2102 Use this command to set the configuration register so that after the next system reload or power cycle the router loads a system image from the boot system commands in the startup configuration file rommon gt confreg 0x2102 boot flash0 partition number filename Use this command to force the router to load the new system image rommon gt boot flash0 c2900 universalk9 mz binT After the system loads the new system image press Return a few times to display the Cisco IOS CLI prompt enable Use this command to enable privileged EXEC mode and enter your password if prompted Router gt enable Password lt password gt Router configure terminal Use this command to enter global configuration mode Router configure terminal Router config no boot system Eliminate all entries in the bootable image list which specifies the system image that the router loads at startup Router config no boot system If the new system image is the first file or only the file displayed
183. ROM Monitor Typical Tasks ELOAD Reload requested by console Reload Reason Reload RELEASE SOFTWARE fcl Technical Support http www cisco com techsupport Copyright c 2009 by cisco Systems ine Total memory size 2560 MB On board 512 MB DIMMO 2048 MB C2911 platform with 2621440 Kbytes of main memory Main memory is configured to 72 72 On board DIMM0 bit mode with ECC enabled Readonly ROMMON initialized rommon 1 gt What to Do Next Proceed to the Displaying Commands and Command Syntax in ROM Monitor Mode help section on page C 7 Displaying Commands and Command Syntax in ROM Monitor Mode help This section describes how to display ROM monitor commands and command syntax options SUMMARY STEPS 1 2 or help 2 command DETAILED STEPS Command or Action Purpose Step1 or help Example rommon 1 gt Example rommon 1 gt help Displays a summary of all available ROM monitor commands Step2 command Example rommon 16 gt display Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Displays syntax information for a ROM monitor command I OL 20696 04 lt Appendix C HI Howto Use the ROM Monitor Typical Tasks Examples Sample Output for the help ROM Monitor Command rommon 1 gt help alias set and display aliases command boot boot
184. Router config enable secret greentree Specifies an additional layer of security over the enable password command e Do not use the same password that you entered in Step 3 end Example Router config end Returns to privileged EXEC mode enable Example Router gt enable Enables privileged EXEC mode e Verify that your new enable or enable secret password works end Example Router config end Optional Returns to privileged EXEC mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix A Cisco 10S CLI for Initial Configuration Using the Cisco 10S CLI to Perform Initial Configuration W Configuring the Console Idle Privileged EXEC Timeout This section describes how to configure the console line s idle privileged EXEC timeout By default the privileged EXEC command interpreter waits 10 minutes to detect user input before timing out When you configure the console line you can also set communication parameters specify autobaud connections and configure terminal operating parameters for the terminal that you are using For more information on configuring the console line see the Configuring Operating Characteristics for Terminals chapter in Cisco IOS Configuration Fundamentals Configuration Guide and Troubleshooting Fault Management and Logging chapter in the C
185. S Command Purpose Step1 configure terminal Enters global configuration mode Step2 no boot mode button Disables the access point s mode button Step3 end Returns to privileged EXEC mode Note It is not necessary to save the configuration You can check the status of the mode button by executing the show boot or show boot mode button command in privileged EXEC mode The status does not appear in the running configuration The following shows typical responses to the show boot and show boot mode button commands ap show boot BOOT path list flash c1200 k9w7 mx v123_7_ja 20050430 c1200 k9w7 mx v123_7_ja 20050430 Config file flash config txt Private Config file flash private config Enable Break no Manual boot no Mode button on Enable IOS break no HELPER path list NVRAM Config file buffer size 32768 ap show boot mode button on apt Note As long as the privileged EXEC password is known you can use the boot mode button command to restore the mode button to normal operation Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Preventing Unauthorized Access to Your Access Point W Preventing Unauthorized Access to Your Access Point You can prevent unauthorized users from reconfiguring the wireless device and viewing configuration information Typic
186. SRs have introduced new slots on the chassis The first column in Table 3 lists the new slot names The second column lists the corresponding old slot names Modules previously inserted in the old slots now insert in the new slots with the help of an adapter card For instance network modules NMs enhanced network modules NMEs and extension voice modules EVMs use an adapter or carrier card to insert into the SM slot See your router s hardware installation guide for adapter information Table 3 New Slot Names and Old Slot Names New Slot Names Old Slot Names EHWIC HWIC HWIC DW WIC VWIC VIC ISM AIM PVDM3 PVDM SM NM NME EVM SPE 1 AIM is not supported in this release See your hardware installation guide for more information 2 The SPE is available only on the Cisco 3900 series ISRs Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Overview of the Hardware and Software New Slots and Ports by Platform W New Slots and Ports by Platform This section provides the type and number of the slots and ports available in the Cisco 3900 series 2900 series and 1900 series ISRs e Cisco 3900 Series ISRs page 5 e Cisco 2900 Series ISRs page 5 e Cisco 1900 Series ISRs page 6 Cisco 3900 Series ISRs Table 4 lists the slots and ports available on Cisco 3900 series rout
187. Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide This example shows how to configure Ethernet CFM for single tagged packets I OL 20696 04 i Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP Rou Rou Rou Rou Rou Rou Rou Rou Rou Rou Rou Rou ter gt enable ter configure terminal ter config ethernet cfm ieee ter config ethernet cfm global ter config ethernet cfm domain customer level 7 ter config ecfm service customer1101 vlan 100 direction down ter config ecfm srv continuity check ter config interface gigabitethernet 0 2 ter config if ethernet cfm mep domain customer mpid 100 service customer1101 ter config if ecfm mep interface gigabitethernet 0 2 1 ter config subif encapsulation dotiq 100 ter config subif end Verifying the Ethernet CFM Configuration for Single Tagged Packets Use the following commands to verify Ethernet CFM configured for single tagged packets show ethernet cfm domain show ethernet cfm maintenance points local show ethernet cfm maintenance points remote show ethernet cfm error configuration Use the show ethernet cfm domain command to display the maintenance point domains configured in the network In the following example customer enterprise and carrier maintenance point domains are configured Router
188. Step7 interface cellular 0 Specifies the cellular interface Example Router config interface cellular 0 Step8 dialer string string CDMA only dialer string string specifies the or dialer group dialer group number Example Router config if dialer string cdma cdma Example Router config if dialer group 2 wee sm NAR dialer script The dialer script is defined by using the chat script command GSM only dialer group dialer group number maps a dialer list to the dialer interface Configuring DDR Backup Using Floating Static Route To configure a floating static default route on the secondary interface use the following commands beginning in global configuration mode amp Note Make sure you have IP classless enabled on your router SUMMARY STEPS 1 configure terminal 2 ip route network number network mask ip address interface administrative distance name name OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E Chapter Configuring Backup Data Lines and Remote Management WE Configuring Backup Interfaces DETAILED STEPS Command or Action Purpose Step1 configure terminal Enters global configuration mode from the terminal Example Router configure terminal Step2 lip route network number network mask ip address Establishes a floating static route with the
189. Support on Routed Port and Port MEP IEEE Connectivity Fault Management CFM is an end to end per service Ethernet layer Operations Administration and Maintenance OAM protocol CFM includes proactive connectivity monitoring fault verification and fault isolation for large Ethernet metropolitan area networks MANs and WANs amp Note This feature is supported only if you have purchased the DATA technology package functionality datak9 licensing package For more information about managing software activation licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Restrictions for Configuring Ethernet CFM e A specific domain must be configured If it is not an error message is displayed e Multiple domains different domain names having the same maintenance level can be configured However associating a single domain name with multiple maintenance levels is not permitted Configuring Ethernet CFM Port MEP Complete these steps to configure and enable Ethernet CFM on a port Maintenance End Point MEP SUMMARY STEPS Step 1 enable Step2 configure terminal Step3 ethernet cfm ieee Step4 ethernet cfm global Step5 ethernet cfm domain domain name level value Step6 service service name port Step7 continuity check interval value Step8 end Step9 configure terminal Step10 interface gigabitethernet slot port Step11 ethernet cfm mep domain
190. T 38 Fax Relay technology Support of high speed modems V 32 and V 34 using Modem Relay technology Interface with Secure Telephony STU phones using Secure Telephony over IP standard technology Support for interfacing VoIP channel to Land Mobile Radio LMR networks Support for secure VoIP through the implementation of SRTP for both encryption and authentication of RTP packets Support for text telephony Baudot using Text Relay technology The DSP image for the PVDM3 also provides a complete set of features to implement the signal processing layer of an IP to IP gateway and an IP based conference server Highlights of this functionality include G 711 transcoding for implementing a LAN WAN gateway Universal Transcoding between any two voice codecs narrowband or wideband Trans scripting services for conversion between SRTP configurations or between secured and unsecured networks IP based voice conferencing including narrowband and wideband participants Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules DSP Farms Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Mi DSP Farm is enhanced to support increased transcoding and conference density For DSPs on PVDM3 modules existing resource allocation and management mechanisms a
191. Under certain mis configuration situations it can be impossible to establish a console connection with the router due to a speed mismatch or other incompatibility The most obvious symptom is erroneous characters in the console display If a ROM monitor failure of this type occurs you may need to change a jumper setting on the motherboard so that the router can boot for troubleshooting Procedures for accessing the motherboard and jumper locations are described in the installation of internal components section of the hardware installation document for your router The jumper to be changed is DUART DFLT which sets the console connection data rate to 9600 regardless of user configuration The jumper forces the data rate to a known good value Do not manually reload or power cycle the router unless reloading or power cycling is required for troubleshooting a router crash The system reload or power cycle can cause important information to be lost that is needed for determining the root cause of the problem 1 stack or k context frame number sysret a a YS N meminfo I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide AppendixC Using ROM Monitor HI How to Use the ROM Monitor Typical Tasks DETAILED STEPS Command or Action Purpose Step1 stack Optional Obtains a stack trace or e For detailed i
192. WN Interface GigabitEthernet0 0 changed state to up Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 1 changed state to down Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 2 changed state to down Nov 22 09 20 19 839 SLINEPROTO 5 UPDOWN Line protocol on Interface GigabitEthernet0 0 64 changed state to down Nov 22 09 20 19 839 LINEPROTO t5 UPDOWN Line protocol on Interface GigabitEthernet0 1 64 changed state Router gt What to Do Next If you want to configure the router to load a specified image at the next system reload or power cycle see the following documents e Booting Commands chapter of Cisco IOS Configuration Fundamentals Command Reference e Cisco IOS Configuration Fundamentals Configuration Guide Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 12 OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor Typical Tasks i Modifying the Configuration Register confreg A This section describes how to modify the configuration register by using the confreg ROM monitor command You can also modify the configuration register setting from the Cisco IOS command line interface CLI by using the config register command in global configuration mode Caution Do not set the configuration register by using the config register 0x0 command after setting
193. a Plane Loopback feature The Cisco IOS Master Command List at http www cisco com en US docs ios mcl allreleasemcl all_book html provides more information about these commands Caution amp Because debugging output is assigned high priority in the CPU process it can diminish the performance of the router or even render it unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff Note Before you run any of the debug commands listed in the following table ensure that you run the logging buffered debugging command and then turn off console debug logging using the no logging console command Table 2 debug Commands for Ethernet Data Plane Loopback Configuration debug Command Purpose debug elb pal pd all Displays all the debugging information about the Ethernet data plane loopback configuration debug elb pal pd error Displays debugging information about Ethernet data plane loopback configuration errors debug elb pal pd event Displays debugging information about Ethernet data plane loopback configuration changes I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP CFM
194. ace configuration mode see the Example section on page 73 exit Example Router config if exit Router config Exits interface configuration mode and enters global configuration mode interface type number Example Router config interface Dialer 3 Router config if Creates dialer interface and enters configuration mode for the dialer interface dialer watch group group number Example Router config if dialer watch group 1 Router config if Specifies the group number for the dialer watch list exit Example Router config if exit Router config Exits interface configuration mode and enters global configuration mode ip nat inside source list access list number interface type number pool name overload Example Router config ip nat inside source list 101 interface Dialer 3 overload Enables dynamic translation of addresses on the inside interface I OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management W Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port Command Purpose Step11 ip route prefix mask ip address interface type Sets the IP route to point to the dialer interface number ip address interface as a default gateway Example Router config ip route 0 0 0 0 0 0 0 0 22 0 0 2 Router config Step12 access list access list number deny permit source D
195. ace gigabitethernet slot port Specifies an interface and enters the interface Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Example Router config ecfm srv interface gigabitethernet 0 2 configuration mode I OL 20696 04 E Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP Command Purpose Step 9 ethernet cfm mep domain domain name mpid mpid value service service name Example Router config if ethernet cfm mep domain customer mpid 100 service customer1101 Sets a port to a maintenance domain and defines it as an MEP Note The values for domain and service must be the same as the values configured for CFM MPID Specifies the maintenance endpoint identifier Step 10 interface gigabitethernet slot port subinterface Example Router config if ecfm mep interface gigabitethernet 0 2 1101 Specifies a subinterface and enters the subinterface configuration mode Step 11 encapsulation dotlq vlan id second dotiq inner vlan id Example Router config subif encapsulation dotiq 100 second dotiq 30 Defines the encapsulation format as IEEE 802 1Q dotlq and specifies the VLAN identifier Use the second dotlq keyword and the inner vlan id argument to specify the VLAN tag Step 12 end Exa
196. adar signals on the channel The following sample messages are displayed on the access point console showing the beginning and end of the CAC scan Mar 6 07 37 30 423 DOT11 6 DFS_SCAN_START DFS Scanning frequency 5500 MHz for 60 seconds Mar 6 07 37 30 385 DOT11 6 DFS_SCAN_COMPLETE DFS scan complete on frequency 5500 MHz When operating on any of the DFS channels listed in Table 2 in addition to performing the CAC the access point constantly monitors the channel for radar If radar is detected the access point stops forwarding data packets within 200 ms and broadcasts five beacons that include an 802 11h channel switch announcement indicating the channel number that the access point begins using The following example message displays on the access point console when radar is detected Mar 6 12 35 09 750 DOT11 6 DFS_TRIGGERED DFS triggered on frequency 5500 MHz When radar is detected on a channel that channel may not be used for 30 minutes The access point maintains a flag in non volatile storage for each channel that it detects radar on in the last 30 minutes After 30 minutes the flag is cleared for the corresponding channel If the access point is rebooted before a flag is cleared the non occupancy time is reset to 30 minutes when the channel initializes Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 mw 235 Chapter Config
197. address of 210 110 101 1 VPN client Another router which controls access to the corporate network LAN interface Connects to the corporate network with inside interface address of 10 1 1 1 Corporate office network IPSec tunnel with GRE oOo co nn oc on S N For more information about IPSec and GRE configuration see the Configuring Security for VPNs with IPSec chapter of Cisco IOS Security Configuration Guide Secure Connectivity Release 12 4T at http www cisco com en US docs ios sec_secure_connectivity configuration guide 12_4t sec_secure_connectivity_12_4t_book html Configuration Examples Each example configures a VPN over an IPSec tunnel using the procedure given in the Configure a VPN over an IPSec Tunnel section on page 94 Then the specific procedure for a remote access configuration is given followed by the specific procedure for a site to site configuration I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide gy Chapter Configuring Security Features WE Configuring VPN The examples shown in this chapter apply only to the endpoint configuration on the Cisco 3900 series 2900 series and 1900 series ISRs Any VPN connection requires both endpoints to be properly configured in order to function See the software configuration documentation as needed to configure VPN for
198. aining system images http www cisco com en US docs ios fundamentals configuration guide cf_system_images html Removing inserting and upgrading compact flash memory cards Hardware installation guide for your router Connecting your PC to the router console port Technical Assistance Description Hardware installation guide for your router Link Technical Assistance Center TAC home page containing 30 000 pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content http www cisco com public support tac home shtml 1 You must have an account at Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Wireless Device Overview Wireless devices also known as access points provide a secure affordable and easy to use wireless LAN solution that combines mobility and flexibility with the enterprise class features required by networking professionals When configured as an access point the wireless device serves as the connection point between wireless and wired networks or as the center point of a stand alone wire
199. allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 645 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 Slot 0 Device idx 1 PVDM Slot 0 Dsp Type SP2600 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 EEN Chapter Configuring Next Generation High Density PVDM3 Modules HZ How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways dsp 7 State UP firmware 26 0 135 Max signal voice channel 32 32 Max credits 480 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 465 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 1 Credits used rounded up 15 Voice channels Ch01 voice port 0 1 1 23 1 codec g7llalaw credits allocated 15 Slot 0 Device idx 0 PVDM Slot 1 Dsp Type SP2600 DSP groups on slot 1 DSP groups on slot 2 dsp 1 State UP firmware 26 0 133 Max signal voice channel 16 16 Max credits 240 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 240 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 dsp
200. ally the network administrators must have access to the wireless device while restricting access to users who connect through a terminal or workstation from within the local network To prevent unauthorized access to the wireless device configure one of these security features e Username and password pairs which are locally stored on the wireless device These pairs authenticate each user before the user can access the wireless device You can also assign a specific privilege level read only or read write to each username and password pair For more information see the Configuring Username and Password Pairs section on page 261 The default username is Cisco and the default password is Cisco Usernames and passwords are case sensitive amp Note The characters TAB and are invalid characters for passwords e Username and password pairs are stored centrally in a database on a security server For more information see the Controlling Access Point Access with RADIUS section on page 265 Protecting Access to Privileged EXEC Commands amp A simple way of providing terminal access control in your network is to use passwords and assign privilege levels Password protection restricts access to a network or network device Privilege levels define what commands users can issue after they have logged in to a network device Note For complete syntax and usage information for the commands used in this section
201. ance N A Direction External Time out sec none Status on Start time 10 17 46 930 UTC Mon Oct 21 2013 Time left N A Dot1q Dotlad s 100 Second dotiq s 1101 Source Mac Address Any Destination Mac Address Any Ether Type Any Class of service Any Llc oui Any Total Active Session s 1 Total Internal Session s Total External Session s s 0 s 1 Use the show ethernet loopback active command to display the summary of the active loopback sessions on the main interface Router show ethernet loopback permitted Loopback Session ID 1 Interface GigabitEthernet0 2 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 32 OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Ethernet Data Plane Loopback Wi Service Instance N A Direction External Time out sec none Status on Start time 10 14 23 507 UTC Mon Oct 21 2013 Time left N A Dot1iq Dotlad s 1 100 Second dotiq s 1 1101 Source Mac Address Any Destination Mac Address Any Ether Type Any Class of service Any Llc oui Any Total Active Session s 1 Total Internal Session s 0 s Total External Session s 1 Troubleshooting the Ethernet Data Plane Loopback Configuration A Table 2 lists the debug commands to troubleshoot issues pertaining to the Ethernet Dat
202. and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP Total Remote MEPs 4 Use the show ethernet cfm maintenance points remote command to view the details of a remote maintenance point domain On router 1 Routerl show ethernet cfm maintenance points remote domain carrier service carrier MPID Domain Name Lvl Domain ID RDI MA Name EVC Name Local MEP Info 43 carrier 2 carrier carrier N A MPID 44 Domain Total Remote MEPs 1 On router 2 carrier MA MacAddress IfSt Pest Ingress Type Id SrvciInst Age 5657 a86c fa92 Up Up Gi0 2 S C 100 1101 N A Os carrier Router2 show ethernet cfm maintenance points remote domain carrier service carrier MPID Domain Name Lvl Domain ID RDI MA Name EVC Name Local MEP Info 44 carrier 2 carrier carrier N A MPID 43 Domain carrier MA MacAddress IfSt PESE Ingress Type Id SrvcInst Age 5657 9945 04fa Up Up Gi0 2 S C 100 1101 N A 0s carrier Use the ping command to verify if Loopback Messages LBM and Loopback Replies LBR are successfully sent and received between the routers Routerl ping ethernet mpid 44 domain carrier service carrier cos 5 Type escape sequence to abort Ethernet CFM loopback messages to 5657 a86c fa92 5 5 Sending 5 Success rate
203. and in privileged EXEC mode To indicate a file that is stored in a CF memory card precede the filename with flash1 or flash0 amp Note Use flash1 in the command syntax to access CF in slot 1 Use flasho in the command syntax to access CF in slot 0 Examples Copying Files In the following example the file my config1 on the CF memory card is copied into the startup config file in the system memory Router copy flashO my configl startup config Destination filename startup config OK 517 bytes copied in 4 188 secs 129 bytes sec wi Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Appendix B Using CompactFlash Memory Cards File Operations on CompactFlash Memory Cards W In the following example the file my config2 on the CF memory card is copied into the running config file in the system memory Router copy flashO my config2 running config Destination filename running config 709 bytes copied in 0 72 secs Displaying Files To display a list of files on a CF memory card enter the dir flash0 command in privileged EXEC mode amp Note Use flash1 in the command syntax to access CF in slot 1 Use flasho in the command syntax to access CF in slot 0 Router dir flash0 Directory of flash0 1580 rw 6462268 Mar 06 2004 06 14 02 c2900 universalk9 mz data 3 Yw 6458388 Mar 01 2004
204. antenna on the wireless device s left connector you should use this setting for both receive and transmit When you look at the wireless device s back panel the left antenna is on the left To select the antennas that the wireless device uses to receive and transmit data follow these steps beginning in privileged EXEC mode 1 configure terminal 2 interface dotilradio 0 1 3 gain dB 4 antenna receive diversity left right 5 antenna transmit diversity left right 6 end 7 copy running config startup config Command Purpose configure terminal Enters global configuration mode interface dotllradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 gain dB Specifies the resultant gain of the antenna attached to the device Enter a value from 128 to 128 dB If necessary you can use a decimal point in the value such as 1 5 antenna receive diversity left right Sets the receive antenna to diversity left or right Note For best performance with two antennas leave the receive antenna setting at the default setting diversity For one antenna attach the antenna on the right and set the antenna for right Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter C
205. arn the name of the system image file and the use of the copy flashOlflash1 tftp privileged EXEC command to copy the system image c3900 2is mz to a TFTP server The router uses the default username and password Router show flash0 flash1 System flash directory File Length Name status 1 4137888 c3900 c2is mz 4137952 bytes used 12639264 available 16777216 total 16384K bytes of processor board System flash Read Write Router copy flash0 flash1 tftp IP address of remote host 255 255 255 255 172 16 13 110 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ES AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration filename to write on tftp host c3600 c2is mz writing c3900 c2is mz successful ftp write Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide A 18 OL 20696 04 APPENDIX B Using CompactFlash Memory Cards Cisco 3900 Series 2900 Series and 1900 Series Integrated Services Routers ISR use Advanced Capability CompactFlash CF external memory to store the system image configuration files and some software data files CF supports True IDE mode and Multi Word DMA mode The following sections explain how to manage directories and files on the CF e Requirements an
206. as number 2 network ip address 3 end Command Purpose router eigrp as number Example Router config router eigrp 109 Router config Enters router configuration mode and enables EIGRP on the router The autonomous system number identifies the route to other EIGRP routers and is used to tag the EIGRP information network ip address Example Router config network 192 145 1 0 Router config network 10 10 12 115 Router config Specifies a list of networks on which EIGRP is to be applied using the IP address of the network of directly connected networks end Example Router config router end Router Exits router configuration mode and enters privileged EXEC mode I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Basic Router Configuration WE Configuring Dynamic Routes Example The following configuration example shows the EIGRP routing protocol enabled in IP networks 192 145 1 0 and 10 10 12 115 The EIGRP autonomous system number is 109 To see this configuration use the show running config command beginning in privileged EXEC mode Router show running config router eigrp 109 network 192 145 1 0 network 10 10 12 115 Verifying Configuration To verify that you have properly configured IP EIGRP enter the show ip route command and look for E
207. asic on the 802 11b 2 4 GHz radio Enter basic 1 0 basic 2 0 basic 5 5 basic 6 0 basic 9 0 basic 11 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 and basic 54 0 to set these data rates to basic on the 802 11g 2 4 GHz radio Note If the client must support the basic rate that you select it cannot associate to the wireless device If you select 12 Mb s or higher for the basic data rate on the 802 11g radio 802 11b client devices cannot associate to the wireless device 802 11g radio Enter basic 6 0 basic 9 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 and basic 54 0 to set these data rates to basic on the 5 GHz radio e Optional Enter range or throughput or ofdm throughput no ERP protection to automatically optimize radio range or throughput When you enter range the wireless device sets the lowest data rate to basic and sets the other rates to enabled When you enter throughput the wireless device sets all data rates to basic Optional On the 802 11g radio enter speed throughput ofdm to set all OFDM rates 6 9 12 18 24 36 and 48 to basic required and to set all the CCK rates 1 2 5 5 and 11 to disabled This setting disables 802 11b protection mechanisms and provides maximum throughput for 802 11g clients However it prevents 802 11b clients from associating to the access point e Optional Enter default to set the data rates to factory default settings not supported on 802
208. ast messages Unicast messages are addressed to one device on the network Multicast messages are addressed to multiple devices on the network Cipher suites are sets of encryption and integrity algorithms designed to protect radio communication on your wireless LAN You must use a cipher suite to enable Wi Fi Protected Access WPA or Cisco Centralized Key Management CCKM Cipher suites that contain TKIP provide the best security for your wireless LAN Cipher suites that contain only WEP are the least secure See Configuring WEP and Cipher Suites for encryption procedures http www cisco com en US docs routers access wireless software guide SecurityCipherSuitesWEP html Configuring Wireless VLANs If you use VLANs on your wireless LAN and assign SSIDs to VLANs you can create multiple SSIDs by using any of the four security settings defined in the Security Types section on page 213 A VLAN can be thought of as a broadcast domain that exists within a defined set of switches A VLAN consists of a number of end systems either hosts or network equipment such as bridges and routers connected by a single bridging domain The bridging domain is supported on various pieces of network equipment such as LAN switches that operate bridging protocols between them with a separate group of protocols for each VLAN See Configuring Wireless VLANs at Cisco com for more about wireless VLAN architecture http www cisco com en US docs routers access
209. ation http www cisco com en US docs interfaces_modules services_modules ax 1 0 developer guide axpdev html The Cisco 3900 series and Cisco 2900 series ISRs support the following application interfaces e TAPI page 142 e AXL page 142 e Gatekeeper Transaction Message Protocol GKTMP page 142 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Unified Communications on Cisco Integrated Services Routers HZ Online Insertion and Removal TAPI AXL The standard Cisco Unified TAPI provides an unchanging programming interface for different implementations The goal of Cisco in implementing TAPI for the Cisco Unified Communications Manager platform remains to conform as closely as possible to the TAPI specification while providing extensions that enhance TAPI and expose the advanced features of Cisco Unified Communications Manager to applications See Basic TAPI Implementation at Cisco com for information http www cisco com en US docs voice_ip_comm cucm tapi_dev 7_0_1 tpdevch4 html The AXL API provides a mechanism for inserting retrieving updating and removing data from the Cisco Unified Communications Manager database by using an eXtensible Markup Language XML Simple Object Access Protocol SOAP interface This approach allows a programmer to access the database by using XML and receive the data in XML form instead
210. ation in number of days e optional hours configure the lease duration in number of hours e optional minutes configure the lease duration in number of minutes e infinite set the lease duration to infinite I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E Chapter Administering the Wireless Device HZ Configuring the Access Point to Provide DHCP Service Step 6 Step 7 Step 8 Step 9 Command Purpose default router address address2 address 8 Specifies the IP address of the default router for DHCP clients on the subnet One IP address is required however you can specify up to eight addresses in one command line end Returns to privileged EXEC mode show running config Verifies your entries copy running config startup config Optional Saves your entries in the configuration file Use the no forms of these commands to return to default settings The following example shows how to configure the wireless device as a DHCP server how to exclude a range of IP address and how to assign a default router AP configure terminal AP config ip dhcp excluded address 172 16 1 1 172 16 1 20 config ip dhcp pool wishbone AP AP dhcp config AP dhcp config AP dhcp config AP dhcp config end network 172 16 1 0 255 255 255 0 lease 10 default router 172 16 1 1
211. ation mode Step2 interface dotilradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 Step3 packet retries value Sets the maximum data retries Enter a setting from 1 to 128 Step4 end Returns to privileged EXEC mode Step5 copy running config startup config Optional Saves your entries in the configuration file Use the no form of the packet retries command to reset the setting to the default Configuring the Fragmentation Threshold The fragmentation threshold determines the size at which packets are fragmented sent as several pieces instead of as one block Use a low setting in areas where communication is poor or where there is a great deal of radio interference The default setting is 2346 bytes To configure the fragmentation threshold follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal interface dotllradio 01 1 fragment threshold value end CrP 0N copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 250 OL 20696 04 Chapter Configuring Radio Settings DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Enabling Short Slot Time for 802 11g Radios W Command Purpose configure terminal Enters global configuration mode interface dot1lradio
212. ator Guide Setting up the Network Setting up Cisco Unified IP Phones Setting up Call Handling Configuring Additional Call Features Setting up Secure SRST Integrating Voice Mail with Cisco Unified SRST For SIP specific SRST information see Cisco Unified SIP SRST System Administrator Guide To configure SIP SRST features see the Cisco Unified SIP SRST 4 1 chapter Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chapter Unified Communications on Cisco Integrated Services Routers HZ Call Control Protocols Cisco Unified SIP Proxy CUSP Gatekeeper The Cisco Unified SIP Proxy CUSP is a high performance highly available Session Initiation Protocol SIP server for centralized routing and SIP signaling normalization By forwarding requests between call control domains the Cisco Unified SIP Proxy provides the means for routing sessions within enterprise and service provider networks To configure CUSP features see Configuring Cisco Unified SIP Proxy Version 1 1 3 for an Enterprise Network at http www cisco com en US docs voice_ip_comm cusp rel1_1_3 configuration guide cuspgd113 html An H 323 Gatekeeper is an optional node in an H 323 network that manages endpoints such as H 323 terminals gateways and Multipoint Control Units MCUs as well as Cisco Unified Communications
213. basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 basic 54 0 range throughput ofdm throughput default 802 11n 2 4 GHz radio 1 0 11 0 12 0 18 0 2 0 24 0 36 0 48 0 5 5 54 0 6 0 9 0 basic 1 0 basic 11 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 basic 5 5 basic 54 0 basic 6 0 basic 9 0 default m0 7 m0 m1 m10 m11 m12 m13 m14 m15 m2 m3 m4 m5 m6 m7 m8 15 m8 m9 ofdm only ofdm range throughput 802 11n 5 GHz radio 12 0 18 0 24 0 36 0 48 0 54 0 6 0 9 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 basic 54 0 basic 6 0 basic 9 0 default m0 7 m0 m1 m10 m11 m12 m13 m14 m15 m2 m3 m4 m5 m6 m7 m8 15 m8 m9 range throughput Sets each data rate to basic or enabled or enters range to optimize range or enters throughput to optimize throughput e Optional Enter 1 0 2 0 5 5 and 11 0 to set these data rates to enabled on the 802 11b 2 4 GHz radio Enter 1 0 2 0 5 5 6 0 9 0 11 0 12 0 18 0 24 0 36 0 48 0 and 54 0 to set these data rates to enabled on the 802 11g 2 4 GHz radio Enter 6 0 9 0 12 0 18 0 24 0 36 0 48 0 and 54 0 to set these data rates to enabled on the 5 GHz radio e Optional Enter basic 1 0 basic 2 0 basic 5 5 and basic 11 0 to set these data rates to b
214. be a dial tone when a telephone is lifted However when DSP oversubscription occurs and a caller goes off hook dead air is received With this feature the caller receives a fast busy tone instead of silence This feature is not supported on application controlled endpoints Foreign Exchange Office FXO signaling endpoints and BRI and Primary Rate Interface PRI endpoints The following lists the maximum number of different fast busy tone specific to country that can be supported by each PVDM type e PVDM3 16 1 e PVDM3 32 1 e PVDM3 64 2 e PVDM3 128 3 e PVDM3 192 3 e PVDM3 256 3 Prior to Cisco IOS Release 15 0 1 M a new call attempt failed and dead silence occurred when DSPs were oversubscribed When the PVDM3 is installed a fast busy tone is broadcast to session application endpoints when DSP oversubscription occurs for both analog ports and digital ports except PRI and BRI FXO signaling and application controlled endpoints are not supported This feature does not apply to insufficient DSP credits due to mid call codec changes while a call is already established Online Insertion and Removal Cisco 3900 Series ISRs support only managed online insertion and removal All voice ports and controllers should be shut down Transcoding conferencing and MTP DSPfarm profiles need to be shut down in addition to the controller and voice port shutdown Also remove the DSP sharing that is DSO group and DSPfarm sharing If the power
215. be response gratuitous period 30 speed 12 0 Use the no form of the command to disable the GPR feature Disabling and Enabling Aironet Extensions By default the wireless device uses Cisco Aironet 802 11 extensions to detect the capabilities of Cisco Aironet client devices and to support features that require specific interaction between the wireless device and associated client devices Aironet extensions must be enabled to support these features Load balancing Wireless device uses Aironet extensions to direct client devices to an access point that provides the best connection to the network on the basis of such factors as number of users bit error rates and signal strength Message Integrity Check MIC MIC is an additional WEP security feature that prevents attacks on encrypted packets called bit flip attacks The MIC implemented on the wireless device and all associated client devices adds a few bytes to each packet to make the packets tamper proof Cisco Key Integrity Protocol CKIP Cisco s WEP key permutation technique is based on an early algorithm presented by the IEEE 802 1 1i security task group The standards based algorithm Temporal Key Integrity Protocol TKIP does not require Aironet extensions to be enabled World mode legacy only Client devices with legacy world mode enabled receive carrier set information from the wireless device and adjust their settings automatically Aironet extensions are not required for
216. caching When ARP caching is optional the wireless device responds on behalf of clients with IP addresses known to the wireless device but forwards out of its radio port any ARP requests addressed to unknown clients When the wireless device learns the IP addresses for all associated clients it drops ARP requests not directed to its associated clients Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 296 OL 20696 04 Chapter Administering the Wireless Device Configuring Multiple VLAN and Rate Limiting for Point to Multipoint Bridging W Configuring ARP Caching To configure the wireless device to maintain an ARP cache for associated clients follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 dotl1 arp cache optional 3 end 4 show running config 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 dotl1l arp cache optional Enables ARP caching on the wireless device e Optional Use the optional keyword to enable ARP caching only for the client devices whose IP addresses are known to the wireless device Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file The
217. capsulation Sets the encapsulation transformation method to RFC 1042 snap dotih snap or 802 1h dotih the default setting end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Enabling and Disabling Public Secure Packet Forwarding amp Public Secure Packet Forwarding PSPF prevents client devices that are associated to an access point from inadvertently sharing files or communicating with other client devices that are associated to the access point PSPF provides Internet access to client devices without providing other capabilities of a LAN This feature is useful for public wireless networks like those installed in airports or on college campuses Note SUMMARY STEPS To prevent communication between clients associated to different access points you must set up protected ports on the switch to which the wireless devices are connected See the Configuring Protected Ports section on page 247 for instructions on setting up protected ports To enable and disable PSPF using command line interface CLI commands on the wireless device you use bridge groups You can find a detailed explanation of bridge groups and instructions for implementing them in this document e Cisco IOS Bridging and IBM Networking Configuration Guide Release 12 2 Click this link to browse to the Configuring Transparent Bridging chapter http www cisco com en
218. ce data module 2 MGF Multi Gigabit Fabric 3 CF CompactFlash Conventions This document uses the following conventions amp Convention bold font Indication Commands and keywords and user entered text appear in bold font italic font values are in italic font Document titles new or emphasized terms and arguments for which you supply Elements in square brackets are optional xlylz Required alternative keywords are grouped in braces and separated by vertical bars xlylz Optional alternative keywords are grouped in brackets and separated by vertical bars string A nonquoted set of characters Do not use quotation marks around the string or the string will include the quotation marks courier font Terminal sessions and information the system displays appear in courier font lt gt Non printing characters such as passwords are in angle brackets Default responses to system prompts are in square brackets eg indicates a comment line An exclamation point or a pound sign at the beginning of a line of code Note P Means reader take note Tip A Means the following information will help you solve a problem Caution Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Means reader be careful In this situation you might perform an a
219. ce goes down When the primary interface goes down the floating static route is used See the Configuring DDR Backup Using Floating Static Route section on page 63 e Cellular Wireless Modem To configure the 3G wireless modem as backup with Network Address Translation NAT and IPSec on either Global System for Mobile Communications GSM or code division multiple access CDMA networks see Cellular Wireless Modem as Backup with NAT and IPSec Configuration section on page 64 amp Note serial interface You cannot configure a backup interface for the cellular interface or any other asynchronous I OL 20696 04 i Chapter Configuring Backup Data Lines and Remote Management WE Configuring Backup Interfaces Configuring DDR Backup Using Dialer Watch To initiate dialer watch you must configure the interface to perform dial on demand routing DDR and backup Use traditional DDR configuration commands such as dialer map for DDR capabilities To enable dialer watch on the backup interface and create a dialer list use the following commands in interface configuration mode SUMMARY STEPS 1 configure terminal 2 interface type number 3 dialer watch group group number 4 dialer watch list group number ip ip address address mask 5 dialer list dialer group protocol protocol name permit deny list access list number access group 6 ip access list access list number permit ip source add
220. cess point or wireless device has no configuration until it associates to a controller The configuration on the wireless device can be modified by the controller only when the networking is up and running The controller manages the wireless device configuration firmware and control transactions such as 802 1x authentication All wireless traffic is tunneled through the controller Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 SEN Chapter Wireless Device Overview W Management Options See Why Migrate to a Cisco Unified Wireless Network at Cisco com for more about this network architecture design http www cisco com en US prod collateral wireless ps5678 ps652 1 product_at_a_glance090 Oaecd805df476 pdf Management Options The wireless device runs its own version of Cisco IOS software that is separate from the Cisco IOS software operating on the router You can configure and monitor the access point with several different tools e Cisco IOS software command line interface CLI e Simple Network Management Protocol SNMP e Web browser interface http cisco com en US docs wireless access_point 12 4_10b_JA configuration guide scg12410b chap2 gui html Note The web browser interface is fully compatible with Microsoft Internet Explorer version 6 0 on Windows 98 2000 and XP platforms and with Netscape version 7 0 on Window
221. cisco com en US docs ios voice h323 configuration guide 12_4t vh_12_4t_book html I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Unified Communications on Cisco Integrated Services Routers W Unified Communications Gateways Cisco Unified Border Element Cisco Unified Border Element Cisco UBE is a session border controller that provides the necessary services for interconnecting independent Unified Communications networks securely flexibly and reliably Media packets can flow either through the gateway thus hiding the networks from each other or around the border element if so configured The Cisco UBE is typically used to connect enterprise networks to service provider SIP trunks or to interconnect different nodes in an enterprise network where protocol or feature incompatibilities exist or where extra secure demarcation between segments of the network is needed The Cisco Unified Border Element provides the following network to network interconnect capabilities e Session Management Real time session setup and tear down services call admission control ensuring QoS routing of calls if an error occurs statistics and billing e Interworking H 323 and SIP protocol conversion SIP normalization DTMF conversion transcoding codec filtering e Demarcation Point of fault isolation topology hiding establishing a
222. co 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration 6 end 7 show ip route DETAILED STEPS Command or Action Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 configure terminal Enters global configuration mode Example Router configure terminal Step3 ip routing Enables IP routing Example Router config ip routing Step4 ip route dest prefix mask next hop ip address Establishes a static route admin distance permanent Example Router config ip route 192 168 24 0 255 25525507172 728992 Step5 ip default network network number Selects a network as a candidate route for computing the a gateway of last resort ip route dest prefix mask next hop ip address Creates a static route to network 0 0 0 0 0 0 0 0 for computing the gateway of last resort Example Router config ip default network 192 168 24 0 Example Router config ip route 0 0 0 0 0 0 0 0 172 28 99 1 Step6 end Returns to privileged EXEC mode Example Router config end Step7 show ip route Displays the current routing table information e Verify that the gateway of last resort is set Example Router show ip route Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide A 10 OL 20696 04 Appendix A
223. co 10S Image Step7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 show version Use this command to display the configuration register setting Router show version Cisco Internetwork Operating System Software coneigusabion register is 0x0 Router If the last digit in the configuration register is 0 or 1 proceed to Step 9 However if the last digit in the configuration register is between 2 and F proceed to Step 12 configure terminal Use this command to enter global configuration mode Router configure terminal Router config config register 0x2102 Use this command to set the configuration register so that after the next system reload or power cycle the router loads a system image from the boot system commands in the startup configuration file Router config config register 0x2102 exit Use this command to exit global configuration mode Router config exit Router copy run start Use this command to copy the running configuration to the startup configuration Router copy run start reload Use this command to reload the operating system Router reload When prompted to save the system configuration enter no System configuration has been modified Save yes no no Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco IOS Software
224. co 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ES AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration Saving Your Router Configuration This section describes how to avoid losing your configuration at the next system reload or power cycle by saving the running configuration to the startup configuration in NVRAM The NVRAM provides 256KB of storage on the router SUMMARY STEPS 1 enable 2 copy running config startup config DETAILED STEPS Command or Action Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 copy running config startup config Saves the running configuration to the startup configuration Example Router copy running config startup config Saving Backup Copies of Configuration and System Image To aid file recovery and minimize downtime in case of file corruption we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server SUMMARY STEPS 1 enable 2 copy nvram startup config ftp rep tftp 3 show flash0 flash1 4 copy flash0 flash1 ftp rep tftp Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide A 16 OL 20696 04 Appendix A Cisco 10S CLI
225. col source addr source mask destination addr destination mask Named Standard ip access list standard name deny source source wildcard any Extended ip access list extended name permit deny protocol source addr source mask any destination addr destination mask any To create refine and manage access lists see the following sections of the Access Control Lists section of Cisco IOS Security Configuration Guide Securing the Data Plane Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html e Creating an IP Access List and Applying It to an Interface e Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values e Refining an IP Access List e Displaying and Clearing IP Access List Data Using ACL Manageability Access Groups An access group is a sequence of access list definitions bound together with a common name or number An access group is enabled for an interface during interface configuration Use the following guidelines when creating access groups e The order of access list definitions is significant A packet is compared against the first access list in the sequence If there is no match that is if neither a permit nor a deny occurs the packet is compared with the next access list and so on e All parameters must match the access list before the packet is permitted or denied e There
226. config startup config Command Purpose configure terminal Enters global configuration mode interface dotllradio 0 1 Enters interface configuration mode for the radio interface The 2 4 GHz and the 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 11n 5 GHz radio is radio 1 power local Sets the transmit power for the radio or the 5 GHz radio so that the power level is allowed in your regulatory domain These options are available for the 2 4 GHz 802 11n radio in dBm 81 9111114115117 maximum end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Use the no form of the power local command to return the power setting to maximum the default setting Limiting the Power Level for Associated Client Devices amp You can also limit the power level on client devices that associate to the wireless device When a client device associates to the wireless device the wireless device sends the maximum power level setting to the client Note Cisco AV VID documentation uses the term Dynamic Power Control DPC to refer to limiting the power level on associated client devices To specify a maximum allowed power setting on all client devices that associate to the wireless device follow these steps beginning in privileged EXEC mode OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated S
227. configured server hosts and use them for a particular service The server group is used with a global server host list which lists the IP addresses of the selected server hosts Server groups can also include multiple host entries for the same server if each entry has a unique identifier the combination of the IP address and UDP port number allowing different ports to be individually defined as RADIUS hosts providing a specific AAA service If you configure two different host entries on the same RADIUS server for the same service such as accounting the second configured host entry acts as a failover backup to the first one You use the server group server configuration command to associate a particular server with a defined group server You can either identify the server by its IP address or identify multiple host instances or entries by using the optional auth port and acct port keywords To define the AAA server group and associate a particular RADIUS server with it follow these steps beginning in privileged EXEC mode 1 configure terminal 2 aaa new model 3 radius server host hostname ip address auth port port number acct port port number timeout seconds retransmit retries key string aaa group Server radius group name server ip address end Sl Se 3Sr S show running config I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Config
228. ction down Example Router config ecfm service customer1101 vlan 100 direction down Enters the CFM service configuration mode vlan Specifies the VLAN Step7 continuity check Example Router config ecfm srv continuity ch eck Enables sending continuity check messages Step 8 interface gigabitethernet slot port Example Router config ecfm srv interface gigabitethernet 0 2 Specifies an interface and enters the interface configuration mode Step 9 ethernet cfm mep domain domain name mpid mpid value service service name Example Router config if ethernet cfm mep domain customer mpid 100 service customer1101 Sets a port to a maintenance domain and defines it as an MEP Note The values for domain and service must be the same as the values that were configured for CFM Step 10 interface gigabitethernet slot port subinterface Example Router config if ecfm mep interface gigabitethernet 0 2 1 Specifies a subinterface and enters the subinterface configuration mode Step 11 encapsulation dotlq vlan id Example Router config subif encapsulation dotliq 100 Defines the encapsulation format as IEEE 802 1Q dotlq and specifies the VLAN identifier Step 12 end Example Router config subif end Returns the router to the privileged EXEC mode Configuration Example for Ethernet CFM Single Tagged Packets Cisco 3900 Series Cisco 2900
229. ction that could result in equipment damage or loss of data I OL 20696 04 E Preface HI Related Documentation Timesaver Means the described action saves time You can save time by performing the action described in the paragraph A Warning Means reader be warned in this situation you might perform an action that could result in bodily injury Related Documentation In addition to the Cisco 1900 series Cisco 2900 series and Cisco 3900 series ISR Software Configuration Guide this document the following reference guides are included Type of Document Links Hardware Read Me First for the Cisco 1900 Series 2900 Series and 3900 Series Integrated Services Routers Regulatory Compliance and Safety Information for Cisco 1900 Series Integrated Services Routers Cisco 2900 Series and 3900 Series Integrated Services Routers Hardware Installation Guide Cisco 1900 Series Integrated Services Routers Hardware Installation Guide Cisco Modular Access Router Cable Specifications Installing Replacing and Upgrading Components in Cisco Modular Access Routers and Integrated Services Routers Overview of Cisco Network Modules for Cisco Access Routers Cisco Interface Cards for Cisco Access Routers Installing Cisco Network Modules in Cisco Access Routers Installing Cisco Interface Cards in Cisco Access Routers Regulatory Compliance Declarations of Conformity and Regulatory Informati
230. d method list explicitly defined A method list describes the sequence and authentication methods to be used to authenticate a user You can designate one or more security protocols for authentication thus ensuring a backup system for authentication in case the initial method fails The software uses the first method listed to authenticate users If that method fails to respond the software selects the next authentication method in the method list This process continues until there is successful communication with a listed authentication method or until all defined methods are exhausted If authentication fails at any point in this cycle that is the security server or local username database responds by denying the user access the authentication process stops and no other authentication methods are attempted I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device HZ Controlling Access Point Access with RADIUS To configure login authentication follow these steps beginning in privileged EXEC mode This procedure is required SUMMARY STEPS 1 configure terminal 2 aaa new model 3 4 5 6 end 7 show running config 8 DETAILED STEPS Command aaa authentication login default ist name method method2 line console tty vty line number ending line number login authe
231. d Cisco 1900 series ISRs support Cisco IOS software entitlement Your router is shipped with the software image and the corresponding permanent licenses for the technology packages and features that you specified preinstalled You do not need to activate or register the software prior to use If you need to upgrade or install a new technology package or feature see Software Activation on Integrated Services Router http www cisco com en US docs routers access sw_activation SA_on_ISR html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 6 OL 20696 04 Chapter Overview of the Hardware and Software Getting Started W Getting Started Step 1 Step 2 Step 3 Step 4 See the router specific hardware installation guide to install the router in an appropriate location Connect the router with the appropriate cables Supply power to the router and perform the initial software configuration using Cisco Configuration Professional Express After the initial configuration is completed perform the following steps Follow instructions in the Basic Router Configuration section on page 9 to perform additional router configurations Optional If you are setting up the Cisco 1941 W ISR follow instructions in the Configuring the Wireless Device section on page 207 to configure the embedded wireless device on the router Follow instructions in
232. d Restrictions page B 1 e Online Insertion and Removal page B 2 e How to Format CompactFlash Memory Cards page B 2 e File Operations on CompactFlash Memory Cards page B 4 e Directory Operations on a CompactFlash Memory Card page B 7 Requirements and Restrictions CompactFlash Support e Only Advanced Capability CF purchased from Cisco operate in Cisco 3900 Series 2900 Series and 1900 Series Integrated Services Routers e Legacy CF will not operate in Cisco 3900 Series 2900 Series and 1900 Series Integrated Services Routers When legacy CF is inserted the following error message appears WARNING Unsupported compact flash detected Use of this card during normal operation can impact and severely degrade performance of the system Please use supported compact flash cards only Formatting CompactFlash e Only Class C file systems are supported on Cisco Compact Flash CF e We recommend that you format new CF to initialize a new flash file system Proper formatting lets ROM monitor recognize and boot the flash memory The CF can be formatted on an ISR and files copied to or from any PC that is equipped with a CF memory reader If you use a PC to format the CF use the Microsoft File Allocation Table FAT32 file system CompactFlash Slots and Files e Cisco 3900 series 2900 series and 1900 series ISRs have 2 external CF slots e CF in Slot0 can store the system image configuration and data files The CF must be present in this slot
233. d Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device W Controlling Access Point Access with TACACS To specify RADIUS authorization for privileged EXEC access and network services follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 aaa authorization network radius 3 aaa authorization exec radius 4 end 5 show running config 6 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Ste p2 aaa authorization network radius Configures the wireless device for user RADIUS authorization for all network related service requests Step3 aaa authorization exec radius Configures the wireless device for user RADIUS authorization to determine whether the user has privileged EXEC access The exec keyword might return user profile information such as autocommand information Step4 end Returns to privileged EXEC mode Step5 show running config Verifies your entries Step6 copy running config startup config Optional Saves your entries in the configuration file To disable authorization use the no aaa authorization network exec method command in global configuration mode Displaying the RADIUS Configuration To display the RADIUS configuration use the show running config command in privileged EXEC mode Controlling Access Point Access with TACACS
234. d integration of firewall policy generation with call control e Provide a solution without compromising on network security To configure UC Trusted Firewall features see Cisco Unified Communications Trusted Firewall Control at http www cisco com en US docs voice_ip_comm cucme feature guide TrustedFirewallControll html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 138 OL 20696 04 Chapter Unified Communications on Cisco Integrated Services Routers Applications and Application Interfaces APIs Hi Signaling and Media Authentication and Encryption The Media and Signaling Authentication and Encryption Feature for Cisco IOS MGCP Gateways feature provides support for Cisco Secure Survivable Remote Site Telephony SRST and voice security features that include authentication integrity and encryption of voice media and related call control signaling See Media and Signaling Authentication and Encryption Feature on Cisco IOS MGCP Gateways at Cisco com for configuration information http www cisco com en US docs ios 12_3t 12_3t11 feature guide gtsecure html The Media and Signaling Encryption SRTP TLS on DSP Farm Conferencing feature provides secure conferencing capability for Cisco Unified Communications Manager Unified CM networks including authentication integrity and encryption of voice media and related call control signaling to and
235. de OL 20696 04 Chapter Administering the Wireless Device W Managing the System Time and Date Configuring the Time Zone To manually configure the time zone follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 clock timezone zone hours offset minutes offset 3 end 4 show running config 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 clock timezone zone hours offset Sets the time zone minutes offset Because the wireless device keeps internal time in UTC this command is used only for display purposes and when the time is manually set e For zone enter the name of the time zone to be displayed when standard time is in effect The default is UTC e For hours offset enter the hours offset from UTC e Optional For minutes offset enter the minutes offset from UTC Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file 1 UTC universal time coordinated The minutes offset variable in the clock timezone command in global configuration mode is available for situations where a local time zone is a percentage of an hour different from UTC For example the time zone for some sections of Atlantic Canada AST is UTC 3 5 where the 3 mean
236. dia Resource Management at Cisco com for more information http www cisco com en US docs voice_ip_comm cucm admin 7_0_1 ccmsys a05media html wp 1056492 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Unified Communications on Cisco Integrated Services Routers W Voice Security Packet Voice Data Module The Next Generation Packet Voice Data Module PVDM3 digital signal processor DSP modules provide up to four times the density per slot of existing audio applications on Cisco voice gateway routers One universal DSP image for these DSP modules provides resources for time division multiplexing to Internet Protocol TDM to IP gateway functionality for digital and analog interfaces audio transcoding and audio conferencing This enhanced DSP architecture accommodates a new packet processing engine for rich media voice applications and supports the TDM voice framework used by the PVDM2 module The PDVM3 has a Gigabit Ethernet interface with a Multi Gigabit Fabric to increase IP throughput and a DSP hardware based health monitor provides DSP failure detection that is ten times faster than existing technology To configure PVDM3 features see the Configuring Next Generation High Density PVDM3 Modules section on page 145 Voice Security The Cisco 3900 series and Cisco 2900 series ISRs support the following voice sec
237. ding the new system image e Loading the New System Image from the Cisco IOS Software page 192 e Loading the New System Image from ROM Monitor Mode page 195 Loading the New System Image from the Cisco IOS Software To load the new system image from the Cisco IOS software follow these steps SUMMARY STEPS 1 dir flash0 configure terminal no boot system Optional boot system flash0 system image filename oF YY N Optional Repeat to specify the order in which the router should attempt to load any backup system images 6 exit 7 show version 8 If the last digit in the configuration register is 0 or 1 proceed to Step 9 However if the last digit in the configuration register is between 2 and F proceed to Step 12 9 configure terminal 10 config register 0x2102 11 exit 12 copy run start 13 reload Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 192 OL 20696 04 Chapter Upgrading the Cisco 10S Software DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 How to Upgrade the Ciscol0S Image W 14 When prompted to save the system configuration enter no 15 When prompted to confirm the reload enter y 16 show version dir flash0 Use this command to display a list of all files and directories in flash memory Router dir flash0 Directory of flash0 3 rw 6458388 Mar 01 1993 00
238. dix A Cisco 10S CLI for Initial Configuration DETAILED STEPS Command or Action Using the Cisco 10S CLI to Perform Initial Configuration W Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 show ip interface brief Displays a brief status of the interfaces that are configured for IP Example e Learn which type of Ethernet interface is on your Router show ip interface brief router Step3 configure terminal Enters global configuration mode Example Router configure terminal Step4 interface gigabitethernet 0 port Specifies the gigabit Ethernet interface and enters interface configuration mode Example Note For information on interface numbering see Router config interface gigabitethernet 0 0 Software Configuration Guide Step5 description string Optional Adds a description to an interface configuration e The description helps you remember what is attached to Example this interface The description can be useful for Router config if description GE int to 2nd troubleshooting floor south wing Step6 ip address ip address mask Sets a primary IP address for an interface Example Router config if ip address 172 16 74 3 255 255 255 0 Step7 no shutdown Enables an interface Example Router config if no shutdown Step8 end Returns to privileged EXEC mode Example Router config end Step9 show ip interface brief
239. domain name mpid mpid value service service name Step12 end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 34 OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces CFM Support on Routed Port and Port MEP W DETAILED STEPS Command Purpose Step1 enable Enables the privileged EXEC mode Enter your password when prompted Example Router gt enable Step2 configure terminal Enters the global configuration mode Example Router configure terminal Step3 ethernet cfm ieee Enables the IEEE version of CFM Example Router config ethernet cfm ieee Step4 ethernet cfm global Enables CFM processing globally on the router Example Router config ethernet cfm global Step5 ethernet cfm domain domain name level Defines a CFM maintenance domain at a specified level Welue and enters the Ethernet CFM configuration mode level can be any value from 0 to 7 Example Router config ecfm ethernet cfm domain carrier level 2 Step6 service service name port Creates a service on the interface and sets the config ecfm srv submode Example Router config ecfm Service carrier port Step7 continuity check interval value Enables sending continuity check messages at the set interval Example Router config ecfm srv continuity ch eck interval 100m Step8 j end Returns the ro
240. dress argument clears the automatic binding for a specific client IP address Specifying an asterisk clears all automatic bindings clear ip dhcp conflict Clears an address conflict from the DHCP address database Specifying the address argument clears the conflict for a specific IP address Specifying an asterisk clears conflicts for all addresses clear ip dhcp server statistics Resets all DHCP server counters to 0 To enable DHCP server debugging use the following command in privileged EXEC mode debug ip dhcp server events packets linkage Use the no form of the command to disable debugging for the wireless device DHCP server Configuring the Access Point for Secure Shell amp This section describes how to configure the Secure Shell SSH feature Note For complete syntax and usage information for the commands used in this section see the Secure Shell Commands section in Cisco IOS Security Command Reference for Release 12 4 Understanding SSH SSH is a protocol that provides a secure remote connection to a Layer 2 or Layer 3 device There are two versions of SSH SSH version 1 and SSH version 2 This software release supports both SSH versions If you do not specify the version number the access point defaults to version 2 SSH provides more security for remote connections than Telnet by providing strong encryption when a device is authenticated The SSH feature has an SSH se
241. ds of authentication are used only if the previous method returns an error not if it fails Select one of these methods e local Use the local username database for authentication You must enter username information into the database Use the username password command in global configuration mode e tacacs Use TACACS authentication You must configure the TACACS server before you can use this authentication method line console tty vty line number ending line number Enters line configuration mode and configure the lines to which you want to apply the authentication list login authentication default list name Applies the authentication list to a line or set of lines e Ifyou specify default use the default list created with the aaa authentication login command e For list name specify the list created with the aaa authentication login command end Returns to privileged EXEC mode show running config Verifies your entries copy running config startup config Optional Saves your entries in the configuration file To disable AAA use the no aaa new model command in global configuration mode To disable AAA authentication use the no aaa authentication login default list name method method2 command in global configuration mode To either disable TACACS authentication for logins or to return to the default value use the no login authentication default list name
242. e Router config crypto map exit Router config Step 5 crypto map map name seq num ipsec isakmp Creates a crypto map profile dynamic dynamic map name discover profile profile name Example Router config crypto map static map 1 ipsec isakmp dynamic dynmap Router config Apply the Crypto Map to the Physical Interface The crypto maps must be applied to each interface through which IPSec traffic flows Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security associations database With the default configurations the router provides secure connectivity by encrypting the traffic sent between remote sites However the public interface still allows the rest of the traffic to pass and provides connectivity to the Internet To apply a crypto map to an interface follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 crypto map map name 3 exit DETAILED STEPS Command or Action Purpose Step 1 interface type number Enters the interface configuration mode for the interface to which you are applying the crypto map Example Router config interface fastethernet 4 Router config if Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 102 OL 20696 04 Chapter Configuring Security Features
243. e Router show interface loopback 0 LoopbackO is up line protocol is up Hardware is Loopback Internet address is 200 200 100 1 24 MTU 1514 bytes BW 8000000 Kbit DLY 5000 usec reliability 255 255 txload 1 255 rxload 1 255 Encapsulation LOOPBACK loopback not set Last input never output never output hang never Last clearing of Show interface counters never Queueing strategy fifo Output queue 0 0 0 drops input queue 0 75 0 drops Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Basic Router Configuration Configuring Command Line Access W 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 0 packets input 0 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 abort 0 packets output 0 bytes 0 underruns 0 output errors 0 collisions 0 interface resets 0 output buffer failures 0 output buffers swapped out Another way to verify the loopback interface is to ping it Router ping 200 200 100 1 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 200 200 100 1 timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 1 2 4 ms Configuring Command Line Access amp To configure parameters to control access to the router follow these steps begin
244. e 5 end 6 copy running config startup config Command Purpose configure terminal Enters global configuration mode interface dotllradio 01 1 Enters interface configuration mode for the radio interface The 2 4 GHz and the 802 11 g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 1 1n 5 GHz radio is radio 1 rts threshold value Sets the RTS threshold Enter an RTS threshold from 0 to 2347 rts retries value Sets the maximum RTS retries Enter a setting from 1 to 128 end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Use the no form of the rts command to reset the RTS settings to defaults I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings W Configuring the Maximum Data Retries Configuring the Maximum Data Retries The maximum data retries setting determines the number of attempts that the wireless device makes to send a packet before it drops the packet The default setting is 32 To configure the maximum data retries follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dotilradio 0 1 3 packet retries value 4 end 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configur
245. e Installation Guide Standards Standard Title None MIBs MIB MIBs Link CISCO DSP MGMT MIB To locate and download MIBs for selected platforms Cisco IOS releases and feature sets use Cisco MIB Locator found at http www cisco com go mibs RFCs RFC Title None Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide ice E OL 20696 04 Configuring Next Generation High Density PVDM3 Modules Chapter Configuring Next Generation High Density PVDM3 Modules Feature Information for Configuring the PVDM3 Module on Cisco Voice Gateway Routers W Technical Assistance Description Link The Cisco Support and Documentation website http www cisco com cisco web support index html provides online resources to download documentation software and tools Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies Access to most tools on the Cisco Support and Documentation website requires a Cisco com user ID and password Feature Information for Configuring the PVDM3 Module on Cisco Voice Gateway Routers Table 3 lists the release history for this feature Not all commands may be available in your Cisco IOS software release For release information about a specific command see the command reference documentation
246. e attempted To configure login authentication follow these steps beginning in privileged EXEC mode This procedure is required 1 configure terminal aaa new model aaa authentication login default ist name method method2 line console tty vty line number ending line number login authentication default list name eo a F vN end I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device HZ Controlling Access Point Access with TACACS 7 show running config 8 copy running config startup config DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 n E Command Purpose configure terminal Enters global configuration mode aaa new model Enables AAA aaa authentication login default list name method1 method2 Creates a login authentication method list e To create a default list that is used when a named list is not specified in the login authentication command use the default keyword followed by the methods that are to be used in default situations The default method list is automatically applied to all interfaces e For list name specify a character string to name the list you are creating e For methodl specify the actual method the authentication algorithm tries The additional metho
247. e delay Example Router config if backup delay enable delay Specifies the delay between the physical interface going down and the backup interface being enabled and the delay between the physical interface coming back up and the backup interface being disabled exit Example Router config if exit Router config Exits configuration interface mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Gigabit Ethernet Failover Media Configuring Backup Interfaces i Cisco 2921 Cisco 2951 and Cisco 3900 Series routers provide a Gigabit Ethernet GE small form factor pluggable SFP port that supports copper and fiber concurrent connections Media can be configured for failover redundancy when the network goes down Note Do not connect back to back Cisco 2921 Cisco 2951 or Cisco 3900 Series routers with failover or as auto detect configured This is not a supported configuration and the behavior is unpredictable Assigning Primary and Secondary Failover Media SUMMARY STEPS DETAILED STEPS Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 1 Step 2 To assign primary and secondary failover media on the GE SFP port follow these
248. e hardware installation guide for your router to install the chassis connect cables and supply power to the hardware Timesaver Before supplying power to the router disconnect all WAN cables from the router to keep it from trying to run the AutoInstall process The router may try to run AutoInstall if you power it up while there is a WAN connection on both ends and the router does not have a valid configuration file stored in NVRAM for instance when you add a new interface It can take several minutes for the router to determine that AutoInstall is not connected to a remote TCP IP host Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide oL 20696 04 EN AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration This section contains the following procedures e Configuring the Router Hostname page A 2 Optional e Configuring the Enable and Enable Secret Passwords page A 3 Required e Configuring the Console Idle Privileged EXEC Timeout page A 5 Optional e Configuring Gigabit Ethernet Interfaces page A 6 Required e Specifying a Default Route or Gateway of Last Resort page A 8 Required e Configuring Virtual Terminal Lines for Remote Console Access page A 11 Required e Configuring the Auxiliary Line page A 13 Optional e Ve
249. e in the Radio Network DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface doti11lradio 01 1 Enters interface configuration mode for the radio interface The 2 4 GHz and 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 11n 5 GHz radio is radio 1 Step3 station role Sets the wireless device role A e Set the role to non root bridge with or without wireless non root bridge wireless clients clients to root access point or bridge or to workgroup bridge root access point ap only Note The bridge mode radio supports point to point bridge wireless clients configuration only fallback repeater shutdown Note The repeater and wireless clients commands are not supported on Cisco 1941 W Integrated Services Routers workgroup bridge multicast mode lt client infrastructure gt Note The scanner command is not supported on 1941 W universal lt Ethernet client MAC Integrated Services Routers address gt e The Ethernet port is shut down when any one of the radios is configured as a repeater Only one radio per access point may be configured as a workgroup bridge or repeater A workgroup bridge can have a maximum of 25 clients presuming that no other wireless clients are associated to the root bridge or access point Step4 end Returns to privileged EXEC mode Step5 copy running config startup config Optional Saves your entries in the
250. e or circumstance where a server fails you can configure an access point to act as a local authentication server The access point can authenticate up to 50 wireless client devices using Light Extensible Authentication Protocol LEAP Extensible Authentication Protocol Flexible Authentication Secure Tunneling EAP FAST or MAC based authentication The access point performs up to five authentications per second You configure the local authenticator access point manually with client user names and passwords because it does not synchronize its database with Remote Authentication Dial In User Service RADIUS servers You can specify a VLAN and a list of SSIDs that a client is allowed to use See Using the Access Point as a Local Authenticator at Cisco com for details about setting up the wireless device in this role http www cisco com en US docs routers access wireless software guide SecurityLocalAuthent html I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring the Wireless Device HZ Configuring Wireless Settings Configuring WEP and Cipher Suites Wired Equivalent Privacy WEP encryption scrambles the data transmitted between wireless devices to keep the communication private Wireless devices and their wireless client devices use the same WEP key to encrypt and decrypt data WEP keys encrypt both unicast and multic
251. e specified protocol is passing through the firewall a dynamic access list is created to allow the passage of return traffic The timeout parameter specifies the length of time that the dynamic access list remains active without return traffic passing through the router When the timeout value is reached the dynamic access list is removed and subsequent packets possibly valid ones are not permitted Use the same inspection name in multiple statements to group them into one set of rules This set of rules can be activated elsewhere in the configuration by using the ip inspect inspection name in out command when you configure an interface at the firewall For additional information about configuring a Cisco IOS Firewall see Cisco IOS Firewall Overview at http www cisco com en US docs ios security configuration guide sec_ios_firewall_ov html The Cisco IOS Firewall may also be configured to provide voice security in Session Initiated Protocol SIP applications SIP inspection provides basic inspection functionality SIP packet inspection and detection of pinhole openings as well protocol conformance and application security For more information see Cisco IOS Firewall SIP Enhancements ALG and AIC at http www cisco com en US docs ios security configuration guide sec_sip_alg_aic html Zone Based Policy Firewall The Cisco IOS Zone Based Policy Firewall can be used to deploy security policies by assigning interfaces to d
252. e the console line speed Table D 1 describes the configuration register bits Table D 1 Bit Number Configuration Register Bit Descriptions Hexadecimal 00 03 0x0000 0x00 OF Boot field The boot field setting determines whether the router loads an operating system and where it obtains the system image See Table D 2 for details 06 0x0040 Causes the system software to ignore the contents of NVRAM 07 0x0080 OEM bit enabled I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Appendix D Changing the Configuration Register Settings HI About the Configuration Register Table D 1 Bit Number Configuration Register Bit Descriptions continued Hexadecimal 08 0x0100 Controls the console Break key e Factory default Setting bit 8 causes the processor to ignore the console Break key e Clearing bit 8 causes the processor to interpret Break as a command to force the router into the ROM monitor mode halting normal operation Break can always be sent in the first 60 seconds while the router is rebooting regardless of the configuration register settings 09 0x0200 This bit controls the system boot e Setting bit 9 causes the system to use the secondary bootstrap e Factory default Clearing bit 9 causes the system to boot from flash memory e This bit i
253. ee the Configuring Terminal Operating Characteristics for Dial In Sessions section Line passwords and password encryption is described in the Cisco IOS Security Configuration Guide Release 12 4 See the Security with Passwords Privilege Levels and Login Usernames for CLI Sessions on Networking Devices section If you want to secure the vty lines with an access list see Access Control Lists Overview and Guidelines Also see the Cisco IOS Password Encryption Facts tech note I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration SUMMARY STEPS 1 enable configure terminal password password login end show running config o N oO os FF Y DN DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command or Action line vty line number ending line number From another network device attempt to open a Telnet session to the router Purpose enable Example Router gt enable Enables privileged EXEC mode e Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode line vty line number ending line number Example Router config line vty 0 4 Starts the line configuration command collection mode
254. eed to 1000 Mbps only Step7 shutdown Example Router config if shutdown Disables the interface changing its state from administratively UP to administratively DOWN Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Examples Command or Action Configuring Third Party SFPs W Purpose Step 8 no shutdown Example Router config if no shutdown Enables the interface changing its state from administratively DOWN to administratively UP Step 9 exit Example Router config if exit Router config Exits the configuration mode and returns the global configuration mode This example shows how to configure a third party SFP on a Cisco ISR G2 Series Router Router con Router con Router con Router con Router con Router con Router con Router con fig if fig if fig if fig if fig if fig if Router configure terminal service unsupported transceiver fig interface ethernet 0 3 0 media type sfp speed 100 shutdown no shutdown exit fig exit OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Backup Data Lines and Remote Management WE C
255. efines an extended access list that source wildcard indicates which addresses need translation Example Router config access list 1 permit 192 168 0 0 0 0 255 255 any Step13 dialerwatch list group number ip ip address Evaluates the status of the primary link address mask delay route check initial seconds based on the existence of routes to the peer The address 22 0 0 2 is the peer IP address of the ISP Example Router config dialer watch list 1 ip 22 0 0 2 255 255 255 255 Router config Step 14 line aux console tty vty line number Enters configuration mode for the line ending line number interface Example Router config line console 0 Router config line Step15 modem enable Switches the port from console port to auxiliary port function Example Router config line modem enable Router config line Step16 exit Exits interface configuration mode Example Router config line exit Router config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 72 OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 17 Step 18 Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port W Co
256. eload the router sequentially processes each boot 0x02 OxF system command in global configuration mode that is stored in the configuration file until the system boots successfully If no boot system commands are stored in the configuration file or if executing those commands is unsuccessful then the router attempts to boot the first image file in flash memory Table D 3 shows how each setting combination of bits 10 and 14 affects the IP broadcast address Table D 3 Broadcast Address Configuration Register Bit Combinations Bit 10 Bit 14 Broadcast Address lt net gt lt host gt 0 0 lt ones gt lt ones gt 1 0 lt ones gt lt zeros gt 1 1 lt zeros gt lt zeros gt 0 1 lt zeros gt lt ones gt Table D 4 shows the console line speed for each setting combination of bits 5 11 and 12 Table D 4 Console Line Speed Configuration Register Bit Combinations Console Line Speed Bit 5 Bit 11 Bit 12 baud 1 1 1 115200 1 0 1 57600 1 1 0 38400 1 0 0 19200 0 0 0 9600 0 1 0 4800 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Appendix D Changing the Configuration Register Settings W Changing the Configuration Register Settings Table D 4 Console Line Speed Configuration Register Bit Combinations continued Console Line Speed Bit5 Bit 11 Bit 12 baud
257. ement board in the same slot or in an empty slot Step4 hw module sm slot oir start Restores power to the module Example Router hw module sm 1 oir start Restart the controller and voice ports SUMMARY STEPS 1 configure terminal controller el slot port no shutdown exit voice port slot number port no shutdown Pe Od a a a exit Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 152 OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Mi DETAILED STEPS Command or Action Purpose Step1 configure terminal Enters global configuration mode Example Router configure terminal Step2 controller e1 slot port Enters config controller mode Example Router config controller e1 0 0 0 Step3 no shutdown Restarts the controller port Example Router config controller no shutdown Step4 exit Exits config controller mode Example Router config controller exit Step5 voice port slot number port Enters config voiceport mode Example Router config voice port 0 0 0 1 Step6 no shutdown Restarts the voice port Example Router config voiceport no shutdown Step7 exit Exits config voiceport mode Example Router config voiceport exit Cisco 3900 Series Cisco 2900 Series
258. emory size IO packet NVRAM size memory size 191KB Start Addr Start Addr 0x00 384 MB in 64 bit mode Available main memory starts at 0xa0015000 10 percent of main memory 00000000 64049cb0 00000000 6429274c 00000000 60e36fa8 ffrffffff ea545255 fffffffFt fffffffFt f fffffFt bytes 0x10000000 000000 size 393132KB You can also use the meminfo l command to show the supported DRAM configurations for the router The following is sample output for the command Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor Typical Tasks i rommon 4 gt meminfo 1 The following 64 bit memory configs are supported Onboard SDRAM DIMM SOCKET 0 TOTAL MEMORY Bank 0 Bank1 Bank 0 Bank 1 128 MB 0 MB 0 MB 0 MB 128 MB 128 MB 0 MB 64 MB 0 MB 192 MB 128 MB 0 MB 64 MB 64 MB 256 MB 128 MB 0 MB 128 MB 0 MB 256 MB 128 MB 0 MB 128 MB 128 MB 384 MB 128 MB 0 MB 256 MB 0 MB 384 MB Troubleshooting Tips See the following tech notes e Troubleshooting Router Crashes e Understanding Software forced Crashes e Troubleshooting Router Hangs Exiting ROM Monitor Mode This section describes how to exit ROM monitor mode and enter the Cisco IOS command line interface CLI The method that you use to exit ROM monitor mode depends on how your router entered ROM mo
259. en your username or password click Cancel at the login dialog box and follow the instructions that appear Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 lt AppendixC Using ROM Monitor Hs Additional References Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 28 OL 20696 04 APPENDIX D Changing the Configuration Register Settings The following sections describe the 16 bit configuration register in NVRAM in the Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs e About the Configuration Register page D 1 e Changing the Configuration Register Settings page D 4 e Displaying the Configuration Register Settings page D 5 e Configuring the Console Line Speed Cisco IOS CLI page D 5 About the Configuration Register The router has a 16 bit configuration register in NVRAM Each bit has value 1 on or set or value 0 off or clear and each bit setting affects the router behavior upon the next reload power cycle You can use the configuration register to e Force the router to boot into the ROM monitor bootstrap program e Select a boot source and default boot filename e Enable or disable the Break function e Control broadcast addresses e Recover a lost password e Chang
260. ep1 enable Enables the privileged EXEC mode Enter your password when prompted Example Router gt enable Step2 configure terminal Enters the global configuration mode Example Router configure terminal Step3 interface gigabitethernet slot port Specifies an interface and enters the interface configuration mode Example Router config interface gigabitethernet 0 2 Step4 port tagging Inserts the VLAN ID into a packet header to identify which Virtual Local Area Network VLAN the packet Example belongs to Router config if port tagging Step5 encapsulation dotiq vlan id Defines the encapsulation format as IEEE 802 1Q dotlq and specifies the VLAN identifier Example Router config if port tagging encaps ulation dotlq 10 Step6 set cos cos value Sets the Layer 2 class of service CoS value to an outgoing packet end Example Router config if port tagging set cos 6 Step7 en Exits the interface configuration mode Example Router config if port tagging end Configuration Example This configuration example shows how to configure the NID Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide EN OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Configuring a Network Interface Device on the L3 Interface Router gt enable Router configure terminal Router confi
261. er Enters line configuration mode and configures the lines for which to apply the authentication list Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Controlling Access Point Access with RADIUS W Command Purpose Step5 login authentication default Applies the authentication list to a line or set of lines lsrname e Ifyou specify default use the default list that you created with the aaa authentication login command e For list name specify the list that you created with the aaa authentication login command Step6 end Returns to privileged EXEC mode Step7 show running config Verifies your entries Step8 copy running config startup config Optional Saves your entries in the configuration file To disable AAA use the no aaa new model command in global command mode To disable AAA authentication use the no aaa authentication login default Jist name method1 method2 command in global command mode To either disable RADIUS authentication for logins or to return to the default value use the no login authentication default Jist name command in line configuration mode Defining AAA Server Groups SUMMARY STEPS You can configure the wireless device to use AAA server groups to group existing server hosts for authentication You select a subset of the
262. er ISR This chapter contains the following sections e Authentication Methods page 115 e Controlling Port Authorization State page 119 e Flexible Authentication page 122 e Host mode page 122 e Open Access page 122 e Control Direction Wake on LAN page 123 e Preauthentication Access Control List page 126 e Downloadable Access Control List page 127 e Filter ID or Named Access Control List page 127 e IP Device Tracking page 127 amp Note Critical authentication which is also known as Inaccessible Authentication Bypass or AAA Fail Policy does not support the Identity features on the Onboard Gigabit Ethernet Layer 3 ports Authentication Methods Identity features support various types of authentication methods that are suitable for different kinds of end hosts and users The two methods that are mainly used are e IEFE 802 1X e MAC Authentication Bypass MAB Configuring the IEEE 802 1X Perform these steps to configure the IEEE 802 1X on the Cisco 1921 ISR Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 g s Chapter Configuring Identity Features on Layer 3 Interface HI Authentication Methods SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 1 enable configure terminal interface gigabitethernet slot port authentication port control auto dot1x pae authe
263. eries Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Unified Communications on Cisco Integrated Services Routers Online Insertion and Removal W Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EN Chapter Unified Communications on Cisco Integrated Services Routers HZ Online Insertion and Removal Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 144 OL 20696 04 Configuring Next Generation High Density PVDM3 Modules The next generation packet voice data module PVDM3 digital signal processor DSP modules provide up to four times the density per slot of existing audio applications on Cisco voice gateway routers One universal DSP image for these DSP modules provides resources for time division multiplexing to Internet Protocol TDM to IP gateway functionality for digital and analog interfaces audio transcoding and audio conferencing This enhanced DSP architecture accommodates a new packet processing engine for rich media voice applications and supports the TDM voice framework used by the PVDM2 module The PVDM3 has a Gigabit Ethernet interface with a MultiGigabit Fabric to increase IP throughput and a DSP hardware based health monitor provides DS
264. eries and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Unified Communications on Cisco Integrated Services Routers Call Control Protocols W Session Initiation Protocol SIP Session Initiation Protocol SIP is a peer to peer multimedia signaling protocol developed in the IETF IETF RFC 3261 Session Initiation Protocol is ASCII based It resembles HTTP and it reuses existing IP protocols such as DNS and SDP to provide media setup and tear down See Cisco IOS SIP Configuration Guide for more information For router configuration information under SIP see Basic SIP Configuration chapter of the Cisco IOS SIP Configuration Guide Voice gateways provide voice security through SIP enhancements within the Cisco IOS Firewall SIP inspect functionality SIP packet inspection and detection of pin hole openings is provided as well as protocol conformance and application security The user is given more granular control on the policies and security checks applied to SIP traffic and capability to filter out unwanted messages For more information see Cisco IOS Firewall SIP Enhancements ALG and AIC at Cisco com Media Gateway Control Protocol MGCP H 323 Media Gateway Control Protocol MGCP RFC 2705 defines a centralized architecture for creating multimedia applications including Voice over IP VoIP See Cisco IOS MGCP and Related Protocols Configuration
265. ers To view the installation guide see the following URL http www cisco com en US docs routers access 2900 hardware installation guide Hardware_Installati on_Guide html Table 4 Cisco 3900 Series Routers Dbl Wide GE RJ 45 Router EHWIC SM SM ISM PVDM3 CF SFP ports SPE Cisco 3945 4 4 1 1 4 2 3 1 Cisco 3945E 3 4 1 0 3 2 4 1 Cisco 3925 4 2 1 1 4 2 33 1 Cisco 3925E 3 2 1 0 3 2 44 1 1 One RJ 45 GE two combo GE SFPs 2 Four RJ 45 GE or three RJ 45 GE one combo GE SFP or two RJ 45 GE two combo GE SFP 3 One RJ 45 GE two combo GE SFPs or three RJ 45 GEs 4 Four RJ 45 GE or three RJ 45 GE one combo GE SFP or two RJ 45 GE two combo GE SFP Cisco 2900 Series ISRs Table 5 lists the slots and ports available on Cisco 2900 series routers To view the installation guide see the following URL http www cisco com en US docs routers access 2900 hardware installation guide Hardware_Installati on_Guide html Table 5 Cisco 2900 Series Routers Dbl Wide GE RJ 45 GE RJ 45 Router EHWIC SM SM ISM PVDM3 CF ports SFP ports Cisco 2951 4 2 2 1 3 2 2 1 Cisco 2921 4 1 1 1 3 2 2 1 Cisco 2911 4 1 1 1 2 2 3 0 Cisco 2901 4 0 0 1 2 2 3 0 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Overview of the Hardware and Software E Common Ports
266. ervice Module SRTP Secure Real time Transport Protocol Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 168 E OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide TDM Time Division Multiplexing UHPI Universal Host Port Interface VIC Voice Interface Card VLAN Virtual LAN VNM Voice Network Module VWIC Voice WAN Interface Card Glossary I OL 20696 04 lt Chapter Configuring Next Generation High Density PVDM3 Modules WE Glossary Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 170 OL 20696 04 Configuring Multi Gigabit Fabric Communication Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs use a multi gigabit fabric MGF for the new modules and interface cards to inter communicate on the router Legacy modules that support Cisco High Speed Intrachassis Module Interconnect HIMI also support the MGF Next generation module drivers integrate with the MGF to perform port configurations configure packet flow and control traffic buffering On the router side there are no user configurable features on the MGF All configurations are performed from
267. ervices Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings W Configuring Radio Transmit Power SUMMARY STEPS 1 configure terminal 2 interface dotilradio 0 1 3 power client level 4 end 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface dot11radio 01 1 Enters interface configuration mode for the radio interface The 2 4 GHz and 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 11n 5 GHz radio is radio 1 Step3 power client These options are available for 802 1 1n 2 4 GHz clients in dBm local 819111114115117 maximum These options are available for 802 11n 5 GHz clients in dBm local 8111113114115 maximum Sets the maximum power level allowed on client devices that associate to the wireless device Setting the power level to local sets the client power level to that of the access point Setting the power level to maximum sets the client power to the allowed maximum Note The settings allowed in your regulatory domain might differ from the settings listed here Step 4 end Returns to privileged EXEC mode Step5 copy running config startup config Optional Saves your entries in the configuration file Use the no form of the power client command to disable the maximum power level for associated clients
268. es Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring the Wireless Device HI Related Documentation Related Documentation See the following documentation for additional autonomous and unified configuration information Autonomous Documentation Table 2 Unified Documentation Table 3 Table 2 Autonomous Documentation Network Design Links Description Wireless Overview Wireless Device Overview Describes the roles of the wireless device on the network Configuration Links Configuring the Radio Configuring Radio Settings Describes how to configure the wireless radio Security Links Authentication Types for Wireless Devices http www cisco com en US docs routers access wireless software guide Security AuthenticationTypes html Describes the authentication types that are configured on the access point RADIUS and TACACS 4 Servers ina Wireless Environment http www cisco com en US docs routers access wireless software guide SecurityRadiusTacacs_1 html Describes how to enable and configure the RADIUS and TACACS and provides detailed accounting information and flexible administrative control over authentication and authorization processes RADIUS and TACACS are facilitated through AAA and can be enabled only through AAA commands Using the Access Point as a Local Authenticator http ww
269. es sec Router Router dir flash0 Directory of flash0 1 rw 48311224 Mar 2 1901 11 32 50 00 00 c3900 universalk9 mz SSA XFR_20090407 2 rw 185667 Jan 27 2021 09 03 54 00 00 crashinfo_20210127 090354 3 rw 983 Feb 14 2021 12 41 52 00 00 running config 260173824 bytes total 211668992 bytes free Router Ensuring Adequate DRAM for the New System Image Prerequisites This section describes how to check whether your router has enough DRAM for upgrading to the new system image Choose the Cisco IOS release and system image to which you want to upgrade See the Information About Upgrading the System Image section on page 178 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 1 Select the system image in the Cisco IOS Upgrade Planner at http www cisco com cgi bin Software Iosplanner Planner tool iosplanner cgi 2 Write down the minimum memory requirements for the image as displayed in the File Download Information table 3 show version 4 Add the memory sizes that are displayed in the show version command output to calculate your router s DRAM size 5 Compare the calculated DRAM size with the minimum memory requirements from Step
270. es the manual control of the port authorization state mab Example Router config if mab Enables MAC based authentication on a port end Example Router config if end Router Returns to privileged EXEC mode Verifying the MAB Use the show authentication sessions command to verify the configuration c1921 show authentication sessions MAC Address Method 0201 0201 0201 mab Interface Gid 1 Domain DATA Session ID 0303030300000004002500A8 Status Authz Success c1921 show authentication sessions interface Gi0 1 Interface GigabitEthernet0 1 MAC Address 0201 0201 0201 IP Address Unknown 02 01 02 01 02 01 Authz Success User Name Status Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide os OL 20696 04 Configuring Identity Features on Layer 3 Interface _ Chapter Configuring Identity Features on Layer 3 Interface Domain DATA Oper host mode single host Oper control dir both Authorized By Vlan Group AAA Policies Authentication Server N A Controlling Port Authorization State Session timeout N A Idle timeout N A Common Session ID 0303030300000004002500A8 Acct Session ID 0x00000007 Handle 0x3D000005 Runnable methods list Method State mab Authc Success c1921 Controlling Port Authorization State You can control the port authorization by using the foll
271. escribe the Cisco 3900 series 2900 series and 1900 series ISRs e Feature Information page 2 e New Features by Platform page 4 e New Slots page 4 e New Slots and Ports by Platform page 5 e Common Ports page 6 e Licensing page 6 e Getting Started page 7 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Overview of the Hardware and Software WE Feature Information Feature Information Table 1 Feature Information Feature Description Services Performance Engine SPEs are modular motherboards on Cisco 3900 series ISRs The SPE houses PVDM3 slots system memory slots and the ISM slot The SPE provides a modular approach to system upgrades You simply slide out the SPE from the router to replace internal modules or upgrade the SPE to improve router performance See Cisco 2900 series and 3900 series Integrated Services Routers Hardware Installation Guide for instructions Cryptographic Engine Accelerator Cisco 3900 series routers with either Services Performance Engine 200 or Services Performance Engine 250 have an onboard cryptographic accelerator that is shared between SSLVPN and IPSec By default acceleration of SSL is disabled so IPSec performance is maximized See the Configuring Security Features section on page 87 in this guide for information about enabling the SSLVPN feature USB
272. ets 0 packets drop 0 input error packets 0 output error packets 0 resource errors packets 0 gaints vlan id 2 BP throttle change count 0 Current throttle flag 0 TX messages at congestion count 0 show voice dsp statistics ack Use this command to display ACK statistics for the device Router show voice dsp statistics ack DSP ACK RETRY TOTAL WAITING ID DEPTH COUNT RETRANSMITTION FOR ACK ACK is enabled debug voice dsp crash dump Use this command to display debugging information for the crash dump feature for detailed information about this see the section Voice DSP Crash Dump File Analysis in Cisco IOS Voice Troubleshooting and Monitoring Guide Router debug voice dsp crash dump keepalives Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers This section provides an example of a running configuration This example is for reference purposes only and contains IP addresses and telephone numbers that are not actual valid addresses and telephone numbers they are provided for illustrative purposes only Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ECN Chapter Configuring Next Generation High Density PVDM3 Modules W Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers show running config Example Router show running config Building con
273. ettings W Configuring Radio Channel Settings DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Command Purpose configure terminal Enters global configuration mode interface dotllradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 channel frequency least congested width 20 40 above 40 below dfs Sets the default channel for the wireless device radio To search for the least congested channel on startup enter least congested Use the width option to specify a bandwidth to use This option is available for the Cisco 800 series ISR wireless devices and consists of three available settings 20 40 above and 40 below e Choosing 20 sets the channel width to 20 MHz e Choosing 40 above sets the channel width to 40 MHz with the extension channel above the control channel e Choosing 40 below sets the channel width to 40 MHz with the extension channel below the control channel Note The channel command is disabled for 5 GHz radios that comply with European Union regulations on dynamic frequency selection DFS See the Enabling and Disabling World Mode section on page 239 for more information end Returns to privileged EXEC mode copy running config startup config Dynamic Frequency Selection Optional Saves your entries in the configuration file Access
274. eueing strategy fifo Output queue 0 40 size max 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 0 packets input 0 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 watchdog 0 multicast 0 pause input 0 input packets with dribble condition detected 0 packets output 0 bytes 0 underruns 0 output errors 0 collisions 0 interface resets 0 0 0 0 unknown protocol drops babbles 0 late collision 0 deferred lost carrier 0 no carrier 0 pause output output buffer failures 0 output buffers swapped out Interface statistics for CPU 30 second input rate 0 packets sec 30 second output rate 0 packets sec 0 packets input 0 bytes 0 overruns Received 0 broadcasts 0 multicast 0 unicast 0 runts 0 giants 0 jabbers 0 input errors 0 CRC 0 fragments 0 pause input 0 packets output 0 bytes 0 underruns 0 broadcast 0 multicast 0 unicast 0 late collisions 0 collisions 0 deferred 0 bad bytes received 0 multiple 0 pause output Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 176 OL 20696 04 Upgrading the Cisco IOS Software This module describes how to upgrade the Cisco Internet Operating System IOS software image on the following hardware e Cisco 3900 series ISRs e Cisco 2900 series ISRs e Cisco 1900 ser
275. eway of last resort The way in which routing protocols propagate the default route information varies for each protocol For comprehensive configuration information about IP routing and IP routing protocols see Cisco IOS IP Configuration Guide In particular see the Configuring IP Addressing chapter and all Part 2 IP Routing Protocols chapters You can configure integrated routing and bridging IRB so the router can route and bridge simultaneously The router will act as an IP host on the network whether routing is enabled or not To read more about IRB see the following URL at Cisco com http www cisco com en US tech tk389 tk8 15 tk855 tsd_technology_support_sub protocol_home html IP routing is automatically enabled in the Cisco IOS software When IP routing is configured the system will use a configured or learned route to forward packets including a configured default route Note This task section does not apply when IP routing is disabled To specify a default route when IP routing is disabled see the Configuring a Gateway of Last Resort Using IP Commands tech note at Cisco com Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix A Cisco 10S CLI for Initial Configuration Default Routes Default Network Using the Cisco 10S CLI to Perform Initial Configuration W A router might not be able t
276. f the available memory is less than the new system image s minimum flash requirements proceed to Step 4 From the displayed output of the dir flash0 command compare the number of bytes total to the size of the system image to which you want to upgrade a Ifthe total memory is less than the new system image s minimum flash requirements you must upgrade your compact flash memory card See the hardware installation guide for your router b If the total memory is equal to or greater than the new system image s minimum flash requirements proceed to Step 5 dir all flash0 From the displayed output of the dir all flash0 command write down the names and directory locations of the files that you can delete Optional copy flash0 tftp rep Optional Repeat Step 7 for each file that you identified in Step 6 delete flash0 directory path filename Repeat Step 9 for each file that you identified in Step 6 dir flash0 partition number From the displayed output of the dir flash0 command compare the number of bytes available to the size of the system image to which you want to upgrade a If the available memory is less than the new system image s minimum flash requirements then you must upgrade your compact flash memory card to a size that can accommodate both the existing files and the new system image See the hardware installation guide for your router b If the available memory is equal to or greater than the new
277. face Card and Module Interfaces page 15 Configuring a Loopback Interface page 15 Routing Configuration Configuring Command Line Access page 17 Configuring Static Routes page 19 Configuring Dynamic Routes page 21 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 Chapter Basic Router Configuration HZ Default Configuration Default Configuration When you boot up your Cisco router for the first time you notice some basic configuration has already been performed Use the show running config command to view the initial configuration as shown in the following example Router show running config Building configuration Current configuration 723 bytes version 12 4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Router boot start marker boot end marker logging message counter syslog I no aaa new model no ipv6 cef ip source route ip cef multilink bundle name authenticated archive log config hidekeys interface GigabitEthernet0 0 no ip address shutdown duplex auto speed auto interface GigabitEthernet0 1 no ip address shutdown duplex auto speed auto interface GigabitEthernet0 2 no ip address shutdown duplex auto speed auto ip forward protocol nd
278. figuration voice card 0 Mixed PVDM3 and PVDM2 C5510 DSP cards detected Mixed DSP types in this slot is an unsupported configuration PVDM2 C5510 DSP cards have been disabled Current configuration 3726 bytes version 12 4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Router boot start marker boot end marker card type t1 0 0 card type t1 2 0 card type t1 2 1 logging message counter syslog logging buffered 10000000 no aaa new model clock timezone PST 8 no network clock participate slot 2 network clock participate wic 0 network clock select 1 T1 0 0 1 no ipv6 cef ip source route ip cef ip host hostname 223 255 254 254 255 255 255 255 ntp update calendar ntp server 10 1 32 153 ntp peer 10 1 32 153 multilink bundle name authenticated isdn switch type primary ni voice card 0 dsp services dspfarm voice card 2 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers W voice service voip al
279. figuration Guide OL 20696 04 EIN Chapter Configuring Security Features HZ SGT over Ethernet Tagging DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Step7 Command or Action Purpose enable Example Router config enable Enables the privileged EXEC mode Enter your password if prompted configure terminal Example Router config configure terminal Enters the global configuration mode interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters the interface configuration mode cts manual Example Router config if cts manual Enables the interface for CTS SGT authorization and forwarding and enters the CTS manual interface configuration mode propagate sgt Example Router config if cts manual propagate sgt Enables L2 SGT imposition for egress traffic on the interface Note If you configure cts manual command CTS SGT propagation is enabled by default To disable CTS SGT propagation use no propagate sgt command policy static sgt tag trusted Example Router config if cts manual policy static sgt 77 trusted Configures a static SGT ingress policy on the interface and defines the trustworthiness of an SGT received on the interface Note The trusted keyword indicates that the interface is trustworthy for CTS The SGT value received via the ethernet packet on this interface is tru
280. following example shows how to configure ARP caching on an access point AP configure terminal AP config dot11 arp cache AP config end Configuring Multiple VLAN and Rate Limiting for Point to Multipoint Bridging This feature modifies the way that point to multipoint bridging can be configured to operate on multiple VLANs with the ability to control traffic rates on each VLAN amp Note A rate limiting policy can be applied only to Fast Ethernet ingress ports on non root bridges In a typical scenario multiple VLAN support permits users to set up point to multipoint bridge links with remote sites with each remote site on a separate VLAN This configuration provides the capability for separating and controlling traffic to each site Rate limiting ensures that no remote site consumes more than a specified amount of the entire link bandwidth Only uplink traffic can be controlled by using the Fast Ethernet ingress ports of non root bridges Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 nE Chapter Administering the Wireless Device W Configuring Multiple VLAN and Rate Limiting for Point to Multipoint Bridging Using the class based policing feature you can specify the rate limit and apply it to the ingress of the Ethernet interface of a non root bridge Applying the rate at the ingress of the Ethernet interface ensures that
281. g interface gigabitethernet 0 2 Router config if port tagging Router config if port tagging encapsulation dotiq 10 Router config if port tagging set cos 6 Router config if port tagging end Verifying the NID Configuration Use the following commands to verify the port tagging sessions e show run int ping Use the show run int command to display the port tagging sessions Router show run int gi0 2 Building configuration Current configuration 10585 bytes interface GigabitEthernet0 2 no ip address duplex auto speed auto port tagging encapsulation dotliq 10 set cos 6 exit end interface GigabitEthernet0 2 1101 encapsulation dot1Q 100 ip address 132 1 101 4 255 255 255 0 I interface GigabitEthernet0 2 1102 encapsulation dot1Q 100 ip address 132 1 102 4 255 255 255 0 Use the ping command to verify the connectivity with port tagging configured Router ping 132 1 101 3 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 132 1 101 3 timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 1 1 4 ms router Troubleshooting the NID Configuration Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Table 1 lists the debug commands to troubleshoot the issues pertaining to the NID functionality The Cisco IOS Master Command List at http www cisco com en US docs ios mc
282. g router rip version 2 network 10 0 0 0 network 192 168 1 0 no auto summary Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 22 OL 20696 04 Chapter Basic Router Configuration Verifying Configuration Configuring Dynamic Routes W To verify that you have properly configured RIP enter the show ip route command and look for RIP routes signified by R You should see a verification output like the example shown below Router show ip route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external N1 OSPF NSSA external type 1 El OSPF external type 1 E2 OSPF external type 2 i IS IS su IS IS summary O OSPF IA OSPF inter area N2 OSPF NSSA external type 2 L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets C 10 108 1 0 is directly connected Loopback0 R 3 0 0 0 8 120 1 via 2 2 2 1 00 00 02 Ethernet0 0 Configuring Enhanced Interior Gateway Routing Protocol SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 To configure Enhanced Interior Gateway Routing Protocol GRP EGRP follow these steps beginning in global configuration mode 1 router eigrp
283. g Verifies your entries Step7 copy running config Optional Saves your entries in the configuration file startup config If you use the wireless device IP address as its hostname the IP address is used and no DNS query occurs If you configure a hostname that contains no periods a period followed by the default domain name is appended to the hostname before the DNS query is made to map the name to an IP address The default domain name is the value set by the ip domain name command in global configuration mode If there is a period in the hostname Cisco IOS software looks up the IP address without appending any default domain name to the hostname To remove a domain name use the no ip domain name name command in global configuration mode To remove a name server address use the no ip name server server address command in global configuration mode To disable DNS on the wireless device use the no ip domain lookup command in global configuration mode Displaying the DNS Configuration To display the DNS configuration information use the show running config command in privileged EXEC mode amp Note When DNS is configured on the wireless device the show running config command sometimes displays a server IP address instead of its name Creating a Banner You can configure a message of the day MOTD and a login banner The MOTD banner appears on all connected terminals at login and is useful for sending messages
284. g in privileged EXEC mode 1 configure terminal username name privilege level password encryption type password login local end show running config eo 0 FF WY DN copy running config startup config I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device HZ Protecting Access to Privileged EXEC Commands DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 username name privilege level Enters the username privilege level and password for each user password encryption type password e For name specify the user ID as one word Spaces and quotation marks are not allowed e Optional For level specify the privilege level the user has after gaining access The range is 0 to 15 Level 15 gives privileged EXEC mode access Level gives user EXEC mode access e For encryption type enter 0 to specify that an unencrypted password will follow Enter 7 to specify that a hidden password will follow e For password specify the password the user must enter to gain access to the wireless device The password must be from to 25 characters can contain embedded spaces and must be the last option specified in the username command Step3 login local Enables local password checking at login time Authentication is based on the u
285. ggregator is configured as a PPP over Ethernet PPPoE server The ISDN peer router is any router that has an ISDN interface and can communicate through a public ISDN network to reach your Cisco router ISDN interface The ISDN peer router provides Internet access for your Cisco router during the ATM network downtime This portion of the example configures the aggregator vpdn enable no vpdn logging vpdn group 1 accept dialin protocol pppoe virtual template 1 interface Ethernet3 description 4700ref 1 ip address 40 1 1 1 255 255 255 0 media type 10BaseT interface Ethernet4 ip address 30 1 1 1 255 255 255 0 media type 10BaseT interface Virtual Templatel ip address 22 0 0 2 255 255 255 0 ip mtu 1492 peer default ip address pool adsl interface ATMO no ip address pvc 1 40 encapsulation aal5snap protocol pppoe no atm limi keepalive ip local pool adsl 22 0 0 1 ip classless ip route 0 0 0 0 0 0 0 0 22 0 0 1 50 ip route 0 0 0 0 0 0 0 0 30 1 1 2 80 This portion of the example configures the ISDN peer isdn switch type basic net3 interface Ethernet0 ip address 30 1 1 2 255 0 0 0 interface BRIO description to 836 dialbackup no ip address encapsulation ppp dialer pool member 1 isdn switch type basic net3 I interface Dialer0 E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configura
286. gital signal processor Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EGN Chapter Configuring Next Generation High Density PVDM3 Modules WE Glossary Glossary AGC Automatic Gain Control BCN Backward Congestion Notification CM Connection manager TDM COS Class of service 802 1p DA Fthernet Destination Address DMA Direct Memory Access DSA Distributed Switch Architecture DSP Digital Signal Processor DSPRM DSP Resource Manager DTMF Dual tone multi frequency ECAN Echo Canceller EVSM Extended Voice Service Module FC Flex Complexity FPGA Field Programmable Gate Array HC High Complexity HDLC High level Data Link Control Protocol HPI Host Port Interface LC Low Complexity MAC Media Access Control MC Medium Complexity McBSP Multi Channel Buffer Serial Port MTBF Mean Time Between Failures MTP Media Termination Point NTE Named Telephone Events OIR Online Insertion and Removal PCE Packet Classification Engine PVDM3 Next generation Packet Voice Data Module PVDM2 PVDM hosting 5510 DSP QOS Quality of Service REA Ethernet Ready Announcement like bootp message RI Restart indication from DSP Device RTP Real time Transport Protocol SA Ethernet source address SGMII Serial Gigabit Media Independent Interface SM S
287. global configuration mode 1 crypto isakmp policy priority hash md5 sha group 1 2 5 lifetime seconds exit o N os FF Y DN Command or Action encryption des 3des aes aes 192 aes 256 authentication rsa sig rsa encr pre share Purpose crypto isakmp policy priority Example Router config crypto isakmp policy 1 Router config isakmp Creates an IKE policy that is used during IKE negotiation The priority is a number from 1 to 10000 with 1 being the highest Also enters the ISAKMP policy configuration mode encryption des 3des aes aes 192 aes 256 Example Router config isakmp encryption 3des Router config isakmp Specifies the encryption algorithm used in the IKE policy The example specifies 168 bit DES hash md5 sha Example Router config isakmp hash md5 Router config isakmp Specifies the hash algorithm used in the IKE policy The example specifies the MD5 algorithm The default is SHA 1 authentication rsa sig rsa encr pre share Example Router config isakmp authentication pre share Router config isakmp Specifies the authentication method used in the IKE policy The example specifies a pre shared key group 11215 Example Router config isakmp group 2 Router config isakmp Specifies the Diffie Hellman group to be used in an IKE policy I OL 20696 04 lt C
288. gned After authentication on the port use the show ip access list privileged EXEC command to display the downloaded ACL on the port Filter ID or Named Access Control List Filter Id also works as a dACL but the ACL commands are configured on the authenticator Authentication authorization and accounting AAA provides the name of the ACL to the authenticator IP Device Tracking The IP Device Tracking feature is required for the dACL and Filter ID features to function To program a dACL or Filter ID in a device IP address is required IP device tracking provides the IP address of the corresponding device to the Enterprise Policy Manager EPM module to convert the dACLs to each user by adding the IP address to them Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chapter Configuring Identity Features on Layer 3 Interface HZ IP Device Tracking Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 128 OL 20696 04 Unified Communications on Cisco Integrated Services Routers The following sections describe Unified Communications UC application services that are supported on Cisco 3900 series and Cisco 2900 series integrated services routers ISRs e Modules and Interface Cards page 130 e Call Control page 130 Cisco Unified Communicati
289. gnize the 54 Mb s data rate and do not operate if data rates higher than 11 Mb s are set to required on the connecting access point To configure the radio data rates follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dotllradio 011 3 speed parameters 4 end 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface dot11radio 011 Enters interface configuration mode for the radio interface The 2 4 GHz and the 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 1 1n 5 GHz radio is radio 1 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings W Configuring Radio Data Rates Step 3 228 E Command Purpose speed 802 11b 2 4 GHz radio 1 0 11 0 2 0 5 5 basic 1 0 basic 11 0 basic 2 0 basic 5 5 range throughput 802 11g 2 4 GHz radio 1 0 2 0 5 5 6 0 9 0 11 0 12 0 18 0 24 0 36 0 48 0 54 0 basic 1 0 basic 2 0 basic 5 5 basic 6 0 basic 9 0 basic 11 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 basic 54 0 range throughput ofdm default 802 11a 5 GHz radio 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 basic 6 0 basic 9 0
290. guration Guide OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces CFM Support on Routed Port and Port MEP W DETAILED STEPS Command Purpose Step1 enable Enables the privileged EXEC mode Enter your password when prompted Example Router gt enable Step2 configure terminal Enters the global configuration mode Example Router configure terminal Step3 ethernet cfm ieee Enables the IEEE version of CFM Example Router config ethernet cfm ieee Step4 ethernet cfm global Enables CFM processing globally on the router Example Router config ethernet cfm global Step5 jethernet cfm domain domain name level Defines a CFM maintenance domain at a specified level ORO and enters Ethernet CFM configuration mode level can be any value from 0 to 7 Example Router config ecfm ethernet cfm domain customer level 7 Step6 service service name vlan vlan id Enters the CFM service configuration mode inner vlan inner vlan id direction down The following are the parameters e vlan Specifies the VLAN Example e inner vlan The inner vlan keyword and the inner Router config ecfm service vlan id argument specify the VLAN tag for customer tr or vlan 100 inner vlan 30 double tagged packets direction down Step7 j continuity check Enables sending continuity check messages Example Router config ecfm srv continuity ch eck Step8 jinterf
291. guration file for the VPN and IPSec tunnel described in this chapter aaa new model aaa authentication login rtr remote local aaa authorization network rtr remote local aaa session id common username usernamel password 0 password1 I crypto isakmp policy 1 encryption 3des authentication pre share group 2 lifetime 480 crypto isakmp client configuration group rtr remote key secret password dns 10 50 10 1 10 60 10 1 domain company com pool dynpool I crypto ipsec transform set vpn1 esp 3des esp sha hmac crypto ipsec security association lifetime seconds 86400 crypto dynamic map dynmap 1 set transform set vpnl reverse route crypto map static map 1 ipsec isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr remote crypto map dynmap client configuration address respond Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 Chapter Configuring Security Features WE Configuring VPN crypto ipsec client ezvpn ezvpnclient connect auto group 2 key secret password mode client peer 192 168 100 1 interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static map interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside Configure a Site to Site GRE Tunnel To configure a site to site GRE tunnel follow these steps beginning in global configurat
292. guration mode Example Router configure terminal Step3 ip sla operation number Enables the IP SLA configuration operation number The IP SLA operation you want to Example configure Router config ip sla 1101 Step4 ethernet y1731 delay DMM domain value Configures a two way delay measurement vlan vian id mpid value cos value source mpid value Note Both single tagging and double tagging are supported or The following are the parameters ethernet y1731 delay DMM domain value AEI Aen g vlan vlan id inner vlan inner vlan iq delay Specifies the delay distribution parameter mpid value cos value source mpid N value _ Note DMMis the only supported delay distribution arameter Example 3 Router config ip sla ethernet y1731 ae delay DMM domain customer vlan 100 e vlan Specifies the VLAN id 3101 1 id 4101 praia Oe i FONEEME ALO e inner vlan The inner vlan keyword and the inner ST vlan id argument specify the VLAN tag for double tagged packets Router config ip sla ethernet y1731 e cos Specifies the CoS The value can be any delay DMM domain customer vlan 100 inner vlan 1101 mpid 3101 cos 1 number between 0 and 7 source mpid 4101 amp Note For double tagged packets the cos value corresponds to the value specified for the outer tag e mpid Specifies the destination MPID e source Specifies the source MPID Step5 aggregate interval seconds Configures the Y 1731 aggregation parameter where
293. gure terminal Enters global configuration mode Step3 config register 0x0 Example Router config config register 0x0 Changes the configuration register settings e The 0x0 setting forces the router to boot to the ROM monitor at the next system reload Step4 exit Example Router config exit Exits global configuration mode Step5 write memory Example Router write memory Sets to boot the system image from flash memory Step6 reload Example Router reload lt output deleted gt rommon 1 gt Reloads the operating system e Because of the 0x0 configuration register setting the router boots to ROM monitor mode Examples The following example shows how to set the configuration register to boot to ROM monitor mode Router gt Router gt enable Router config exit Router Router write memory OK Router reload Router configure terminal Enter configuration commands one per line End with CNTL Z Router config config register 0x0 Sep 23 16 01 24 351 SYS 5 CONFIG_I Building configuration Proceed with reload confirm Configured from console by console Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor Aug 24 11 09 31 167 SSYS 5 R Command System Bootstrap Version 15 0 1r M1 How to Use the
294. hapter Configuring Security Features HZ Configuring VPN Command or Action Purpose Step 6 lifetime seconds Specifies the lifetime from 60 to 86400 seconds for an IKE SA5 Example Router config isakmp lifetime 480 Router config isakmp Step 7 exit Exits IKE policy configuration mode and enters global configuration mode Example Router config isakmp exit Router config ISAKMP Internet Security Association Key and Management Protocol DES data encryption standard MD5 Message Digest 5 SHA 1 Secure Hash standard NORE CO IN SA security association Configure Group Policy Information To configure the group policy follow these steps beginning in global configuration mode SUMMARY STEPS 1 crypto isakmp client configuration group group name default 2 key name 3 dns primary server 4 domain name 5 exit 6 ip local pool default poolname low ip address high ip address DETAILED STEPS Command or Action Purpose Step 1 crypto isakmp client configuration group Creates an IKE policy group containing attributes group name default to be downloaded to the remote client Also enters the ISAKMP group policy Example configuration mode Router config crypto isakmp client configuration group rtr remote Router config isakmp group Step 2 key name Specifies the IKE pre shared key for the group policy Example Router config isakmp group key secret password R
295. hapter Overview of the Hardware and Software Feature Information W Table 1 Feature Information continued Feature Description New Modules and Cisco 3900 series 2900 series and 1900 series ISRs introduce the Interface Cards following new modules and interface cards which are inserted in the following new router slots e EHWIC e PVDM3 e ISM e SM Note See the router s product page at Cisco com for a complete list of supported modules and interfaces Multi Gigabit Fabric Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs use a Communication MGF for the new modules and interface cards to inter communicate on the router Legacy modules that support Cisco HIMP also support MGF to inter communicate on the router Next generation module drivers integrate with the MGF to perform port configurations configure packet flow and control traffic buffering All configurations are performed from the module side which may or may not lead to changes on the MGF For more information see the Configuring Multi Gigabit Fabric Communication section on page 171 Integrated Application Cisco 3900 series 2900 series and 1900 series ISRs offer integrated Services Features security features and voice features e See the Configuring Security Features section on page 87 e See the Unified Communications on Cisco Integrated Services Routers section on page 129 SPE Services Performance Engine USB
296. he default gateway address For example rommon gt DEFAULT_GATEWAY 172 16 23 40 Set the TFTP server IP address which is the location from which the software will be downloaded rommon gt TFTP_SERVER 172 16 23 33 Set the name and directory location to which the image file will be downloaded onto the router For example rommon gt TFTP_FILE archive rel22 lt image name gt Optional Set the input port to use a Gigabit Ethernet port Usage is GE_PORT 0 1 2 For example rommon gt GE_PORT 0 Optional Set the Ethernet media type Usage is TFTP_ MEDIA_TYPE 0 1 where Copper 0 and Fiber 1 rommon gt TFTP_MEDIA_TYPE 1 Optional Decide whether the router will perform a checksum test on the downloaded image Usage is TFTP_CHECKSUME 01 1 where 1 checksum test is performed default and 0 no checksum test For example rommon gt TFTP_CHECKSUM 0 Optional Set the number of times that the router will attempt Address Resolution Protocol ARP and TFTP download The default is 7 attempts For example rommon gt TFTP_RETRY_COUNT 10 Optional Set the amount of time in seconds before the download process times out The default is 2400 seconds 40 minutes The following example shows 1800 seconds 30 minutes TFTP_TIMEOUT 1800 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 2069
297. he login dialog box and follow the instructions that appear If you know the Cisco IOS release and feature set you want to download go directly to http www cisco com kobayashi sw center index shtml For more information before selecting the Cisco IOS release and feature set go to the Software Download Center at http www cisco com public sw center index shtml For more information about Loading and Managing System images go to http www cisco com en US docs ios fundamentals configuration guide cf_system_images html How to Upgrade the Cisco IOS Image This section provides information about upgrading the Cisco IOS image on the router e Saving Backup Copies of Your Old System Image and Configuration page 180 e Ensuring Adequate DRAM for the New System Image page 181 e Ensuring Adequate Flash Memory for the New System Image page 183 e Copying the System Image into Flash Memory page 186 e Loading the New System Image page 192 e Saving Backup Copies of Your New System Image and Configuration page 197 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image Saving Backup Copies of Your Old System Image and Configuration To avoid unexpected downtime in the event you encounter serious problems using a new system image or startup configuration we reco
298. hen you create the password for example to create the password abc 123 do this 1 Enter abc 2 Enter Crtl V 3 Enter 123 When the system prompts you to enter the enable password you need not precede the question mark with the Ctrl V you can simply enter abc 123 at the password prompt Note The characters TAB and are invalid characters for passwords Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file The enable password is not encrypted and can be read in the wireless device configuration file The following example shows how to change the enable password to 1u2c3k4y5 The password is not encrypted and provides access to level 15 standard privileged EXEC mode access AP config enable password 11u2c3k4y5 Protecting Enable and Enable Secret Passwords with Encryption To provide an additional layer of security particularly for passwords that cross the network or that are stored on a TFTP server you can use either the enable password or enable secret command in global configuration mode The commands accomplish the same thing that is you can establish an encrypted password that users must enter to access privileged EXEC mode the default or any privilege level that you specify We recommend that you use the enable secret command because it uses an improved encryption algo
299. hentication and Authorization page 288 Configuring the Authentication Cache and Profile page 290 Configuring the Access Point to Provide DHCP Service page 292 Configuring the Access Point for Secure Shell page 295 Configuring Client ARP Caching page 296 Configuring Multiple VLAN and Rate Limiting for Point to Multipoint Bridging page 297 Disabling the Mode Button Function You can disable the mode button on the wireless device by using the no boot mode button command I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device HZ Disabling the Mode Button Function A Caution amp This command disables password recovery If you lose the privileged EXEC mode password for the access point after entering this command you will need to contact the Cisco Technical Assistance Center TAC to regain access to the access point command line interface CLI Note To reboot the wireless device use the service module wlan ap reset command from the Cisco IOS CLI See the Rebooting the Wireless Device section on page 274 for information about this command The mode button is enabled by default To disable the access point s mode button Follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 no boot mode button 3 end DETAILED STEP
300. herSwitch service modules as Layer 2 switches using Cisco StackWise technology e NME 16ES 1G ME 16ES 1G P ME X 23ES 1G ME X 23ES 1G P ME XD 48ES 2S P e NME XD 24ES 1S P e N e N e N N The Cisco EtherSwitch service modules are supported by either the IP base image formerly known as standard multilayer image SMI or the IP services image formerly known as the enhanced multilayer image EMI The IP base image provides Layer 2 features including access control lists quality of service QoS static routing and the Routing Information Protocol RIP The IP services image provides a richer set of enterprise class features including Layer 2 features and full Layer 3 routing IP unicast routing IP multicast routing and fallback bridging To distinguish it from the Layer 2 static routing and RIP the IP services image includes protocols such as the Enhanced Interior Gateway Routing Protocol EIGRP and the Open Shortest Path First OSPF Protocol Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers support the following Cisco EtherSwitch service modules for SM to SM or SM to ISM communication e NME 16ES 1G e NME 16ES 1G P e NME X 23ES 1G e NME X 23ES 1G P Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 172 OL 20696 04 Chapter Configuring Multi Gigabit Fabric Communication Cisco High S
301. hernet PM packet receive events debug epmpal tx Enables debugging of Ethernet PM packet transmit events Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 56 OL 20696 04 Configuring Backup Data Lines and Remote Management Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs support remote management and backup data connectivity by means of ISDN The following sections describe how to configure backup data lines and remote management e Configuring Backup Interfaces page 57 e Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port page 69 e Configuring Data Line Backup and Remote Management Through the ISDN S T Port page 76 e Configuring Third Party SFPs page 81 Configuring Backup Interfaces This section contains the following topics e Configuring the Backup Interface page 57 e Configuring Gigabit Ethernet Failover Media page 59 e Configuring Cellular Dial on Demand Routing Backup page 61 Configuring the Backup Interface When the router receives an indication that the primary interface is down the backup interface is enabled After the primary connection is restored for a specified period the backup interface is disabled amp Note For dial on demand routing DDR backup even if the backup interface comes out of standby mode the router does not enab
302. high priority in the CPU process it can diminish the performance of the router or even render it unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff Note Before you run any of the debug commands listed in the following table ensure that you run the logging buffered debugging command and then turn off console debug logging using the no logging console command Table 3 debug Commands for Ethernet CFM Configuration debug Command Purpose debug ethernet cfm all Enables all Ethernet CFM debug messages debug ethernet cfm diagnostic Enables low level diagnostic debugging of Ethernet CFM general events or packet related events debug ethernet cfm error Enables debugging of Ethernet CFM errors debug ethernet cfm packets Enables debugging of Ethernet CFM message packets debug ecfmpal all Enables debug messages for all Ethernet CFM platform events debug ecfmpal api Displays debug messages for all Ethernet CFM platform API events debug ecfmpal common Displays debug messages for all Ethernet CFM platform common events debug ecfmpal ecfmpal Enables debugging of all Ethernet CFM platform events debug ecfmpal epl Enables debugging of all Ethernet CFM platform endpoint list EPL events debug ecfmpal isr Enables debugging of all Ethernet CFM platform i
303. his central device In contrast IP phones normally send voice signals directly between phones without the need to go through a central device Conference services however require a network based conference bridge In an IP telephony network using Cisco Unified Communications Manager the Conferencing and Transcoding for Voice Gateway Routers feature provides the conference bridging service Cisco Unified Communications Manager uses a DSP farm to mix voice streams from multiple participants into a single conference call stream The mixed stream is played out to all conference attendees minus the voice of the receiving attendee The Ad Hoc and Meet Me conferencing features are supported a conference can be either of these types e Ad Hoc The person controlling the conference presses the telephone conference button and adds callers one by one e Meet Me Participants call in to a central number and are joined in a single conference Participants whose end devices use different codec types are joined in a single conference no additional transcoding resource is needed I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Next Generation High Density PVDM3 Modules HZ Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Broadcast Fast Busy Tone for DSP Oversubscription There should always
304. his example specifies a console terminal for access password password Example Router config line password 5dr4Hepw3 Router config line Specifies a unique password for the console terminal line login Example Router config line login Router config line Enables password checking at terminal session login exec timeout minutes seconds Example Router config line exec timeout 5 30 Router config line Sets the interval that the EXEC command interpreter waits until user input is detected The default is 10 minutes Optionally add seconds to the interval value This example shows a timeout of 5 minutes and 30 seconds Entering a timeout of 0 0 specifies never to time out line aux console tty vty line number Example Router config line line vty 0 4 Router config line Specifies a virtual terminal for remote console access password password Example Router config line password aldf2ad1 Router config line Specifies a unique password for the virtual terminal line login Example Router config line login Router config line Enables password checking at the virtual terminal session login end Example Router config line end Router Exits line configuration mode and returns to privileged EXEC mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generati
305. ic characters The string cannot start with a number is case sensitive and allows spaces but ignores leading spaces By default no password is defined e Optional For encryption type only type 5 a Cisco proprietary encryption algorithm is available If you specify an encryption type you must provide an encrypted password an encrypted password you copy from another access point wireless device configuration Note If you specify an encryption type and then enter a clear text password you cannot reenter privileged EXEC mode You cannot recover a lost encrypted password by any method Step 3 service password encryption Optional Encrypts the password when the password is defined or when the configuration is written Encryption prevents the password from being readable in the configuration file Step 4 end Returns to privileged EXEC mode Step 5 copy running config startup config Optional Saves your entries in the configuration file Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 260 OL 20696 04 Chapter Administering the Wireless Device Protecting Access to Privileged EXEC Commands W If both the enable and enable secret passwords are defined users must enter the enable secret password Use the level keyword to define a password for a specific privilege level After you specify the level and set a password give the password only
306. ice FXO ear and mouth E amp M and foreign exchange station FXS These voice gateway are highly scalable from just a few analog connections to up to 24 T1 or El interfaces The Cisco ISR series voice gateway routers can communicate with the Cisco Unified Communications Manager using Session Initiation Protocol SIP H 323 or Media Gateway Control Protocol MGCP The Cisco IOS voice gateway routers can also connect directly to other Cisco voice gateway routers using SIP or H 323 and to various other VoIP destinations and call agents For more information see ISDN Voice Video and Data Call Switching with Router TDM Switching Features at http www cisco com en US tech tk652 tk653 technologies_tech_note09186a00804794c6 shtml For details about tuning voice ports see Cisco IOS Voice Port Configuration Guide Release 12 4T at Cisco com at http www cisco com en US docs ios voice voiceport configuration guide 12_4t vp_12_4t_book html The Integrated Data Voice and Video Services for ISDN Interfaces feature allows multimedia communications between H 320 endpoints and H 323 SIP or Skinny Client Control Protocol SCCP endpoints See Integrating Data Voice and Video Services for ISDN Interfaces at Cisco com for details about setting up a Video gateway http www cisco com en US docs ios 12_4t 12_4t11 h320gw html See Cisco IOS H 323 Configuration Guide Release 12 4T at Cisco com for details about the H 323 protocol http www
307. ices Routers Generation 2 Software Configuration Guide If the access point enters Bootloader mode manually configure the IP address default router netmask and default gateway to upgrade the IOS image The IP address must be assigned to the same subnet as the VLAN1 interface on the router Here is an example configuration ap set CONTROLLER_TYPE 0x05A4 DEFAULT_ROUTER 192 168 10 1 ENABLE_BREAK yes IOS_STATIC_DEFAULT_GATEWAY 192 168 10 1 IP_ADDR 192 168 10 2 MANUAL_BOOT yes NETMASK 255 255 255 0 PEP_PRODUCT_ID AP801AGN A K9 PRODUCT_MODEL_NUM AP801AGN A K9 TOP_ASSY_SERIAL_NUM FHKTESTTEST ap copy tftp 223 255 254 254 saek ap801 k9w7 tar 124 10b JDA flashO ap801 k9w7 tar 124 10b JDA I OL 20696 04 Chapter Upgrading the Cisco 10S Software HE Additional References Additional References The following sections provide references related to upgrading the system image on your router Related Documents and Websites Related Topic Document Title or Website Matching Cisco IOS releases and features to hardware Cisco Feature Navigator http www cisco com go fn Downloading system images Displaying minimum DRAM and flash memory requirements Cisco IOS Upgrade Planner http www cisco com cgi bin Software Iosplanner Planner tool iosplanner cgi Choosing and downloading system images Software Download Center http www cisco com kobayashi sw center index shtml Loading and maint
308. ices Routers Generation 2 Software Configuration Guide fair queue crypto ipsec client ezvpn hw client interface Dialer2 ip address negotiated ip mtu 1492 ip nat outside ip virtual reassembly encapsulation ppp load interval 30 dialer pool 2 dialer idle timeout 0 dialer persistent dialer group 2 ppp authentication chap callin ppp chap hostname ciscoenzo2 sbcglobal net ppp chap password 0 Enzo221 Configuring Backup Interfaces i ppp pap sent username ciscoenzo2 sbcglobal net password 0 Enzo221 ppp ipcp dns request no cdp enable crypto ipsec client ezvpn hw client pri I ip local policy route map track primary if ip forward protocol nd I no ip http server no ip http secure server ip dns server ip nat inside source route map nat2cell interface Dialerl overload ip nat inside source route map nat2dsl interface Dialer2 overload ip route 0 0 0 0 0 0 0 0 Dialer2 track 234 ip route 0 0 0 0 0 0 0 0 Dialerl 253 ip sla 1 icmp echo 128 107 248 247 source interface Dialer2 frequency 5 ip sla schedule 1 life forever start time now 1 permit any 2 permit 10 1 0 0 0 0 255 255 access list access list access list access list access list access list access list access list access list dialer list dialer list no cdp run I 100 100 101 101 102 131 131 deny permit permit permit permit deny permit 1 protocol 2 protocol ip 10 1 0 0 0 ip any any
309. ide gy Chapter Configuring Security Features HZ Configuring VPN DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Command or Action Purpose crypto ipsec client ezvpn name Example Router config crypto ipsec client ezvpn ezvpnclient Router config crypto ezvpn Creates a Cisco Easy VPN remote configuration and enters Cisco Easy VPN remote configuration mode group group name key group key Example Router config crypto ezvpn group ezvpnclient key secret password Router config crypto ezvpn Specifies the IPSec group and IPSec key value for the VPN connection peer ipaddress hostname Example Router config crypto ezvpn peer 192 168 100 1 Router config crypto ezvpn Specifies the peer IP address or hostname for the VPN connection Note A hostname can be specified only when the router has a DNS server available for hostname resolution Note Use this command to configure multiple peers for use as backup If one peer goes down the Easy VPN tunnel is established with the second available peer When the primary peer comes up again the tunnel is reestablished with the primary peer mode client network extension network extension plus Example Router config crypto ezvpn mode client Router config crypto ezvpn Specifies the VPN mode of operation exit Example Router config crypto ezvpn exit Router config
310. ied image from a network TFTP server e Boot the image stored on the USB flash device Note Platforms can boot from USB in ROM monitor with or without a compact flash device It is not necessary to use a bootloader image from the compact flash device Partitions such as usbflash0 2 image_name are not supported on USB flash drives The boot usbflash lt x gt command will boot the first file on the device if it is a valid image You can override the default boothelper image setting by setting the BOOTLDR Monitor environment variable to point to another image Any system image can be used for this purpose e Options for the boot command are x load image but do not execute and v verbose I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide AppendixC Using ROM Monitor HI Howto Use the ROM Monitor Typical Tasks Examples The following example shows how to load boot flash memory and USB boot flash memory rommon 7 gt boot flash0 c2900 universalk9 mz SSA program load complete entry point 0x80803000 size 0x1b340 IOS Image Load Test Digitally Signed Development Software program load complete entry point 0x81000000 size 0x3968d28 Self decompressing the image Ha HE HE HE HE HE HE HE HE HE HE EE HE HE EE HE HE HE HE HE HE HE HH EE HE HH FE HE HE HE HE a aH HH HH HH HE HE HE HE HE HE HE H FE HE HE HE HE H
311. ient devices that are associated to different access points on your wireless LAN you must set up protected ports on the switch to which the wireless devices are connected To define a port on your switch as a protected port follow these steps beginning in privileged EXEC mode 1 configure terminal interface interface id switchport protected end eo Aa YS DS Command show interfaces interface id switchport copy running config startup config Purpose configure terminal Enters global configuration mode interface interface id Enters interface configuration mode Enter the type and number of the switch port interface to configure such as wlan gigabitethernet0 switchport protected Configures the interface to be a protected port end Returns to privileged EXEC mode show interfaces interface id switchport Verifies your entries copy running config startup config Optional Saves your entries in the configuration file I OL 20696 04 EE Chapter Configuring Radio Settings HZ Configuring the Beacon Period and the DTIM To disable protected port use the no switchport protected command For detailed information on protected ports and port blocking see the Configuring Port Based Traffic Control chapter in Catalyst 3550 Multilayer Switch Software Configuration Guide 12 1 12c EAI Click this link to browse to that guide http www cisco com en US docs swi
312. ies ISRs e Cisco 1941W Wireless Device This module contains the following sections e Restrictions for Upgrading the System Image page 177 e Information About Upgrading the System Image page 178 e How to Upgrade the Cisco IOS Image page 179 e How to Upgrade the IOS Image on the Access Point page 199 e Additional References page 202 Restrictions for Upgrading the System Image e Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs download images to new Advanced Capability CompactFlash CF memory cards Legacy CF will not operate in Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs When legacy CF is inserted the following error message appears WARNING Unsupported compact flash detected Use of this card during normal operation can impact and severely degrade performance of the system Please use supported compact flash cards only e Slot0 is the default CF slot CF in Slot0 stores system image configuration and data files CF must be present in this slot for the router to boot and perform normal file operations e Cisco IOS images for the access point download images to the CF embedded on the access point I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Upgrading the Cisco 10S Software HZ Information About Upgrading the System Image Table 1 describes the slo
313. ifferent zones and configuring a policy to inspect the traffic moving between these zones The policy specifies a set of actions to be applied on the defined traffic class For additional information about configuring zone based policy firewall see the Zone Based Policy Firewall section of Cisco IOS Security Configuration Guide Securing the Data Plane Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 90 OL 20696 04 Chapter Configuring Security Features Configuring Cisco 10S IPS W Configuring Cisco IOS IPS Cisco IOS Intrusion Prevention System IPS technology enhances perimeter firewall protection by taking appropriate action on packets and flows that violate the security policy or represent malicious network activity Cisco IOS IPS identifies attacks using signatures to detect patterns of misuse in network traffic Cisco IOS IPS acts as an in line intrusion detection sensor watching packets and sessions as they flow through the router scanning each to match currently active loaded attack signatures When Cisco IOS IPS detects suspicious activity it responds before network security can be compromised it logs the event and depending on the action s configured to be taken for the detected signature s
314. ig ip sla 1101 router config ip sla ethernet y1731 delay DMM domain customer vlan 100 mpid 3101 cos 1 router config sla y1731 delay aggregate interval 30 router config sla y1731 delay exit router config ip sla schedule 1102 life forever start time now router config end This example shows how to configure two way delay measurement using double tagging router gt enable router configure terminal router config ip sla 1101 router config ip sla ethernet y1731 delay DMM domain customer vlan 100 inner vlan 1101 mpid 3101 cos 1 source mpid 4101 router config sla y1731 delay aggregate interval 30 router config sla y1731 delay exit router config ip sla schedule 1101 life forever start time now router config end Verifying Two Way Delay Measurement Configuration Use the following commands to verify the performance monitoring sessions e show run sec ip sla e show ip sla summary e show ip sla statistics entry number e show ip sla configuration entry number e show ethernet cfm pm session summary e show ethernet cfm pm session detail session id Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 52 OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface e show ethernet cfm pm session
315. ign Guide at http www cisco com en US docs voice_ip_comm cucme vrf design guide vrfDesignGuide html Applications and Application Interfaces APIs The Cisco 3900 series and Cisco 2900 series ISRs support the following applications and application interfaces e Cisco Unity Express page 140 e Voice XML page 140 e Hoot n Holler page 141 e Hoot n Holler page 141 e Cisco Application Extension Platform page 141 e APIs page 141 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chapter Unified Communications on Cisco Integrated Services Routers W Applications and Application Interfaces APIs Cisco Unity Express Voice XML Cisco Unity Express provides integrated messaging voicemail Automated Attendant services and optional interactive voice response IVR for the small and medium sized office or branch office The application is delivered on either a network module or advanced integration module both of which are supported on a variety of voice enabled integrated services routers This application is ideal for companies that need the following e Integrated messaging voicemail Automated Attendant or interactive voice response IVR services at the branch or small office to support local users e Up to 250 users per site e Networking of multiple Cisco Unity Express systems for easy management of messages across s
316. ilable the following error message appears xxx kernel context state is invalid can not proceed The ROM monitor commands in this section are all optional and can be entered in any order _ Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor Router Crashes Router Hangs How to Use the ROM Monitor Typical Tasks W A router or system crash is a situation in which the system detects an unrecoverable error and restarts itself The errors that cause crashes are typically detected by processor hardware which automatically branches to special error handling code in the ROM monitor The ROM monitor identifies the error prints a message saves information about the failure and restarts the system For detailed information about troubleshooting crashes see the Troubleshooting Router Crashes and Understanding Software forced Crashes tech notes A router or system hang is a situation in which the system does not respond to input at the console port or to queries sent from the network such as Telnet and Simple Network Management Protocol SNMP Router hangs occur when e The console does not respond e Traffic does not pass through the router Router hangs are discussed in detail in the Troubleshooting Router Hangs tech note ROM Monitor Console Communication Failure Restrictions SUMMARY STEPS
317. imum storage capacity for the USB in Slot0 and Slot is 4GB Prerequisites In order to check whether your router has enough flash memory for a new system image you need to obtain the image s flash requirements from Cisco Choose the Cisco IOS release and system image to which you want to upgrade See the Information About Upgrading the System Image section on page 178 e Select the system image in the Cisco IOS Upgrade Planner at http www cisco com cgi bin Software Iosplanner Planner tool iosplanner cgi You must have an account at Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear From the File Download Information table write down the minimum flash requirements for the image Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image SUMMARY STEPS 10 11 12 enable dir flash0 From the displayed output of the dir flash0 command compare the number of bytes available to the minimum flash requirements for the new system image a Ifthe available memory is equal to or greater than the new system image s minimum flash requirements proceed to the Copying the System Image into Flash Memory section on page 186 b I
318. in Banner You can configure a login banner to appear on all connected terminals This banner appears after the MOTD banner and appears before the login prompt appears To configure a login banner follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 banner login c message c 3 end 4 show running config 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Ste p2 banner login c message c Specifies the login message For c enter the delimiting character of your choice such as a pound sign and press the Return key The delimiting character signifies the beginning and end of the banner text Characters after the ending delimiter are discarded For message enter a login message up to 255 characters You cannot use the delimiting character in the message Step3 end Returns to privileged EXEC mode Step4 show running config Verifies your entries Step5 copy running config startup config Optional Saves your entries in the configuration file E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Configuring Ethernet Speed and Duplex Settings W To delete the login banner use the no banner login command in global configuration mode The following example sh
319. in local mode The wireless device then handles authentication and authorization No accounting is available in this configuration Note SUMMARY STEPS You can configure the wireless device as a local authenticator for 802 1x enabled client devices to provide a backup for your main server or to provide authentication service on a network without a RADIUS server See Using the Access Point as a Local Authenticator at Cisco com for detailed instructions on configuring the wireless device as a local authenticator http www cisco com en US docs routers access wireless software guide SecurityLocalAuthent html To configure the wireless device for local AAA follow these steps beginning in privileged EXEC mode 1 configure terminal aaa new model aaa authentication login default local aaa authorization exec local aaa authorization network local username name privilege evel password encryption type password fF oo FPF YN end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 288 OL 20696 04 Chapter Administering the Wireless Device Configuring the Access Point for Local Authentication and Authorization W 8 show running config 9 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 aaa new model Enables AAA Step3 aaa authenticati
320. inal Access Controller Access Control System Plus 3 WPA Wireless Protected Access 4 CCKM Cisco Centralized Key Management 5 WEP Wired Equivalent Privacy 6 AES Advanced Encryption Standard 7 MIC Message Integrity Check 8 TKIP Temporal Key Integrity Protocol 9 SSID service set identifiers 10 QoS quality of service Table 3 Unified Documentation Network Design Links Why Migrate to the Cisco Unified Wireless Network http www cisco com en US solutions ns175 networking_solutions_product s_genericcontent0900aecd805299ff html Wireless LAN Controller WLC FAQ http www cisco com en US products ps6366 products_qanda_item09186a0 08064a991 shtml Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges versions 12 4 10b JA and 12 3 8 JEC http www cisco com en US docs wireless access_point 12 4_10b_JA command reference cr2410b html Cisco Aironet 1240AG Access Point Support Documentation http www cisco com en US docs wireless access_point 1240 quick guide ap1240qs html Cisco 4400 Series Wireless LAN Controllers Support Documentation http www cisco com en US products ps6366 tsd_products_support_series_home html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 E Chapter Configuring the Wireless Device HI Related Documentation Cisco
321. ine If you use TFTP Configure the TFTP application to operate as a TFTP server not a TFTP client Specify the outbound file directory to which you will download and store the system image e Download the new Cisco IOS software image into the workstation or PC See the Where Do I Download the System Image section on page 179 e Establish a console session to the router We recommend that you connect your PC directly to the router console port See the hardware installation guide for your router e Verify that the TFTP or RCP server has IP connectivity to the router If you cannot successfully ping between the TFTP or RCP server and the router do one of the following Configure a default gateway on the router Make sure that the server and the router each have an IP address in the same network or subnet See the Determining IP Addresses Frequently Asked Questions tech note P Tip For more detailed information on how to perform the prerequisites see the Software Installation and Upgrade Procedure tech note SUMMARY STEPS 1 enable 2 copy tftp flash0 or copy rcp flash0 When prompted enter the IP address of the TFTP or ROP server When prompted enter the filename of the Cisco IOS software image to be installed When prompted enter the filename as you want it to appear on the router eo aAa w If an error message appears that says Not enough space on device do one of the following as appr
322. ing NTP packets the server with the best stratum is selected Click this URL for more information on NTP and strata http www cisco com en US docs ios 12_1 configfun configuration guide fcd303 html wp 1001075 If multiple servers are at the same stratum a configured server is preferred rather than a broadcast server If multiple servers pass both tests the first one to send a time packet is selected SNTP chooses a new server only if the client stops receiving packets from the currently selected server or if according to the above criteria SNTP discovers a better server Configuring SNTP SNTP is disabled by default To enable SNTP on the access point use one or both of the commands listed in Table 2 in global configuration mode Table 2 SNTP Commands Command Purpose sntp server address hostname Configures SNTP to request NTP packets from an version number NTP server sntp broadcast client Configures SNTP to accept NTP packets from any NTP broadcast server Enter the sntp server command once for each NTP server The NTP servers must be configured to respond to the SNTP messages from the access point If you enter both the sntp server command and the sntp broadcast client command the access point accepts time from a broadcast server but prefers time from a configured server if the strata are equal To display information about SNTP use the show sntp EXEC command Configuring Time and Date Manually If no o
323. int to point network topology e The granularity of the clock for delay measurement is in seconds and nanoseconds e CFM Y 1731 packets work with a maximum of two VLAN tags The expected behavior is not observed with more VLAN tags Also CFM Y 1731 packets do not work with untagged cases Configuring Two Way Delay Measurement The following steps show how to configure two way delay measurement Both single and double tagging methods are included in the steps listed below SUMMARY STEPS Step 1 enable Step2 configure terminal Step3 ip sla operation number Step4 ethernet y1731 delay DMM domain value vlan vlan id mpid value cos value source mpid value or ethernet y1731 delay DMM domain value vlan vian id inner vlan inner vian id mpid value cos value source mpid value Step5 aggregate interval seconds Step6 exit Step7 ip sla schedule operation number start time start time now Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 50 OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface Step8 end DETAILED STEPS Command Purpose Step1 enable Enables the privileged EXEC mode Enter your password when prompted Example Router gt enable Step2 configure terminal Enters the global confi
324. ion mode SUMMARY STEPS 1 interface type number 2 ip address ip address mask 3 tunnel source interface type number 4 tunnel destination default gateway ip address 5 crypto map map name 6 exit 7 ip access list standard extended access list name 8 permit protocol source source wildcard destination destination wildcard 9 exit DETAILED STEPS Command or Action Purpose Step 1 interface type number Creates a tunnel interface and enters interface configuration mode Example Router config interface tunnel 1 Router config if Step 2 ip address ip address mask Assigns an address to the tunnel Example Router config if 10 62 1 193 25572557 255 7252 Router config if Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 106 OL 20696 04 _ Chapter Configuring Security Features Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 3 Step 4 Step5 Step 6 Step7 Step 8 Step 9 Command or Action Configuring VPN W Purpose tunnel source interface type number Example Router config if tunnel source fastethernet 0 Router config if Specifies the source endpoint of the router for the GRE tunnel tunnel destination default gateway ip address Example Router config if tunnel destination 192 16
325. ion sessions Interface Gid 1 MAC Address unknown Method dot1ix Domain DATA Status Authz Failed c1921 show authentication sessions interface gi0 1 Interface MAC Address IP Address Status Domain Oper host mode Oper control dir Session timeout Idle timeout Common Session ID Acct Session ID Handle Runnable methods list Method State dot1x GigabitEthernet0 1 Unknown Unknown Authz Failed DATA single host both N A N A 0303030300000009002AB7FC 0x0000000C O0x8BO0000A Authc Failed c1921 show dot1x interface g0 1 Dot1x Info for GigabitEthernet0 1 PAE PortControl ControlDirection HostMode QuietPeriod ServerTimeout SuppTimeout ReAuthMax Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide AUTHENTICATOR _ UNAUTHORIZED HOST Controlling Port Authorization State Session ID 0303030300000009002AB7FC I OL 20696 04 EEE Chapter Configuring Identity Features on Layer 3 Interface HI Flexible Authentication MaxReq TxPeriod Flexible Authentication Flexible Authentication sequencing allows a user to enable all or some authentication methods on a router port and specify the order in which the methods should be executed Configuring Flexible Authentication Host mode For more information about configuring of Flexible Authentication see http www cisco
326. ip 10 0 0 0 0 ip host 1 1 1 icmp any host ip 10 0 0 0 0 ip any any ip permit ip permit route map track primary if permit 10 match ip address 102 set interface Dialer2 Nul1l0 route map nat2dsl permit 10 match ip address 101 match interface Dialer2 0 0 255 10 4 0 0 0 0 0 255 255 255 255 any 1 any 128 107 248 247 255 255 255 any log input I OL 20696 04 E Chapter Configuring Backup Data Lines and Remote Management WE Configuring Backup Interfaces I route map nat2cell permit 10 match ip address 101 match interface Dialer1 control plane l I line con 0 exec timeout 0 0 line aux 0 line 0 0 0 exec timeout 0 0 script dialer cdma login modem InOut no exec transport input all transport output all autoselect ppp rxspeed 3100000 txspeed 1800000 line 67 no activation character no exec transport preferred none transport input all transport output pad telnet rlogin lapb ta mop udptn v120 ssh line vty 0 4 login exception data corruption buffer truncate scheduler allocate 20000 1000 event manager applet pri_back event track 234 state any action 2 0 cli command clear ip nat trans forced I end Router Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 6 OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Conso
327. irm connectivity 2 Enter the service module wlan ap 0 session command to establish a session into the access point For instructions see Starting a Wireless Configuration Session section on page 207 3 Ping the external server from the access point to confirm connectivity The following example shows a sample router and access point configuration interface Wlan GigabitEthernet0 0 interface GigabitEthernet0 0 ip address dhcp duplex auto speed auto I interface wlan ap0 E Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco 10S Software How to Upgrade the IOS Image onthe Access Point W description Service module interface to manage the embedded AP ip address 10 0 0 1 255 0 0 0 arp timeout 0 interface GigabitEthernet0 1 no ip address shutdown duplex auto speed auto interface Vlanl ip address 192 168 10 1 255 255 255 0 ip forward protocol nd ip route 0 0 0 0 0 0 0 0 GigabitEthernet0 0 no ip http server Upgrading the IOS Image on the Access Point amp Follow the image upgrade instructions at Cisco com using the IOS CLI http www cisco com en US docs wireless access_point 12 3_8_JA configuration guide s38mfw html wp1035609 Note amp Note Example Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Serv
328. is 100 percent Router1 round trip min avg max 1 1 1 ms Use the traceroute command to send the Ethernet CFM traceroute messages Router traceroute ethernet mpid 44 domain carrier service carrier Type escape sequence to abort Tracing the route to 5657 a86c fa92 on Domain carrier Traceroute sent via Gi0 2 B Intermediary Bridge Target Destination Per hop Timeout MAC Forwarded TTL 64 Linktrace Timeout is 5 seconds Level 2 service carrier Relay Action Previous Hop Ingr Action Egr Action Ingress Egress Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces CFM Support on Routed Port and Port MEP W 1 5657 a86c fa92 Gi0 2 IngOk RlyHit MEP Not Forwarded 5657 9945 04fa Router Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 39 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP Configuring Ethernet CFM Single Tagged Packets Complete these steps to configure and enable Ethernet CFM for single tagged packets SUMMARY STEPS Step 1 enable Step2 configure terminal Step3 ethernet cfm ieee Step4 ethernet cfm gl
329. isco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 274 OL 20696 04 Chapter Administering the Wireless Device Managing the System Time and Date W Monitoring the Wireless Device This section provides commands for monitoring hardware on the router e Displaying Wireless Device Statistics page 275 e Displaying Wireless Device Status page 275 Displaying Wireless Device Statistics Use the service module wlan ap0 statistics command in privileged EXEC mode to display wireless device statistics The following is sample output for the command CLI reset count 0 CLI reload count 1 Registration request timeout reset count 0 Error recovery timeout reset count 0 Module registration count 10 The last IOS initiated event was a cli reload at 04 27 32 041 UTC Fri Mar 8 2007 Displaying Wireless Device Status Use the service module wlan ap0 status command in privileged EXEC mode to display the status of the wireless device and its configuration information The following is sample output for the command Service Module is Cisco wlan ap0O Service Module supports session via TTY line 2 Service Module is in Steady state Service Module reset on error is disabled Getting status from the Service Module please wait Image path flash c8xx_19xx_ap k9w7 mx acregr c8xx_19xx_ap k9w7 mx acre gr System uptime 0 days 4 hours 28 minutes 5 seconds Router d was
330. isco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 240i OL 20696 04 Chapter Configuring Radio Settings Disabling and Enabling Short Radio Preambles W Disabling and Enabling Short Radio Preambles SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 The radio preamble sometimes called a header is a section of data at the head of a packet that contains information that the wireless device and client devices need when sending and receiving packets You can set the radio preamble to long or short e Short A short preamble improves throughput performance e Long A long preamble ensures compatibility between the wireless device and all early models of Cisco Aironet Wireless LAN Adapters If these client devices do not associate to the wireless devices you should use short preambles You cannot configure short or long radio preambles on the 5 GHz radio To disable short radio preambles follow these steps beginning in privileged EXEC mode 1 configure terminal 2 interface dotilradio 0 1 3 no preamble short 4 end 5 copy running config startup config Command Purpose configure terminal Enters global configuration mode interface dotllradio 0l 1 Enters interface configuration mode for the 2 4 GHz radio interface no preamble short Disables short preambles and enable long preambles end Re
331. isco IOS Network Management Configuration Guide SUMMARY STEPS 1 enable configure terminal line console 0 end 7 F WC DN show running config DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Command or Action exec timeout minutes seconds Purpose enable Example Router gt enable Enables privileged EXEC mode e Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode line console 0 Example Router config line console 0 Configures the console line and starts the line configuration command collection mode exec timeout minutes seconds Example Router config line exec timeout 0 0 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Sets the idle privileged EXEC timeout which is the interval that the privileged EXEC command interpreter waits until user input is detected e The example shows how to specify no timeout Setting the exec timeout value to 0 causes the router to never log out once logged in This could have security implications if you leave the console without manually logging out using the disable command I OL 20696 04 E AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration Command or Action Purpose Step 5 end
332. it 10 which controls the host portion of the IP broadcast address See Table D 3 for the combined effect of bits 10 and 14 15 0x8000 Enables diagnostic messages and ignores the contents of NVRAM 1 OEM Original Equipment Manufacturer 2 CLI command line interface m_ Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Appendix D Changing the Configuration Register Settings About the Configuration Register Hil Table D 2 describes the boot field which is the lowest four bits of the configuration register bits 3 2 1 and 0 The boot field setting determines whether the router loads an operating system and where the router obtains the system image Table D 2 Boot Field Configuration Register Bit Descriptions Boot Field Bits 3 2 1 and 0 Meaning 0000 At the next power cycle or reload the router boots to the ROM monitor bootstrap program To use the ROM monitor you must use a terminal or PC that is 0x0 oe connected to the router console port For information about connecting the router to a PC or terminal see the hardware installation guide for your router In ROM monitor mode you must manually boot the system image or any other image by using the boot ROM monitor command 0001 Boots the first image in flash memory as a system image 0x01 0010 1111 At the next power cycle or r
333. it number called Security Group Tag SGT SGT is then propagated between network hops to allow intermediary devices switches and routers to enforce policies based on the identity tag CTS capable devices have built in hardware capabilities than can send and receive packets with SGT embedded in the MAC L2 layer This feature is called L2 SGT imposition This allows Ethernet interfaces on the device to be enabled for L2 SGT imposition to enable the device to insert an SGT in the packet that is to be carried to its next hop Ethernet neighbor SGT over Ethernet Tagging is a type of hop by hop propagation of SGTs embedded in clear text unencrypted Ethernet packets Restrictions for SGT over Ethernet Tagging e SGT over Ethernet Tagging is supported on plain text Ethernet frames only e SGT over Ethernet Tagging is supported on on board Gigabit Ethernet interfaces on the following Cisco ISR G2 Series routers Cisco ISR G2 2951 Cisco ISR G2 3945 Cisco ISR G2 3900 E Series Cisco ISR G2 1921 ISR G2 1941 ISR G2 2901 ISR G2 2911 ISR G2 2921 Configuring SGT over Ethernet Tagging Perform these steps to configure SGT over Ethernet Tagging SUMMARY STEPS 1 enable configure terminal interface gigabitethernet s ot port cts manual propagate sgt policy static sgt tag trusted BS Sl ee NS end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Con
334. ites The application features follow e Affordable messaging greeting services for increased customer service and rich employee communications e Intuitive telephone prompts and a web based interface provide fast convenient voicemail and Automated Attendant administration e Cisco Unity Express can view sort search and play back voice messages using the display of a Cisco Unified IP Phone or your e mail client e Scalable solution from 4 to 16 concurrent voicemail or Automated Attendant calls and 12 to 250 mailboxes e Deployable with Cisco Unified Communications Manager Express Cisco Unified Communications Manager Cisco Unity and Cisco Unity Connection systems See the Unity Express Configuration guides at Cisco com for more information http www cisco com en US products sw voicesw ps2237 products_installation_and_configuration_g uides_list html Cisco IOS unified communications routers provide many rich voice capabilities including Voice Extensible Markup Language VoiceXML browser services VoiceXML is an open standard markup language used to create voice enabled Web browsers and interactive voice response IVR applications Available on a wide range of Cisco IOS Software voice gateways these services are used in conjunction with a VoiceXML application service such as Cisco Unified Customer Voice Portal CVP Other VoiceXML applications can also use the Cisco IOS routers as a VoiceXML browser to provide IVR services to ca
335. itor Mode help section on page C 7 Entering ROM Monitor Mode This section provides two ways to enter ROM monitor mode e Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor Mode page C 4 e Setting the Configuration Register to Boot to ROM Monitor Mode page C 5 Prerequisites Connect a terminal or PC to the router console port For help see the hardware installation guide for your router Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I oL 20696 04 g cs AppendixC Using ROM Monitor HI How to Use the ROM Monitor Typical Tasks Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor Mode To enter ROM monitor mode by reloading the router and entering the Break key sequence follow these steps SUMMARY STEPS 1 enable 2 reload 3 Press Ctrl Break DETAILED STEPS Command or Action Purpose Step1 enable Example Router gt enable Enables privileged EXEC mode e Enter your password if prompted Step2 reload Example Router reload Reloads the operating system Step3 Press Ctrl Break Example Router send break Interrupts the router reload and enters ROM monitor mode e You must perform this step within 60 seconds after you enter the reload command e The Break key sequence varies depending on the software on your P
336. ive San Jose California 95134 1706 Cisco IOS Software C2900SM Software C2900 UNIVERSALK9 M Experimental Version 12 4 20090709 004325 ypatel secport2 128 Copyright c 1986 2009 by Cisco Systems Inc Compiled Thu 16 Jul 09 12 55 by ypatel This product contains cryptographic features and is subject to United States and local country laws governing import export transfer and use Delivery of Cisco cryptographic products does not imply third party authority to import export distribute or use encryption Importers exporters distributors and users are responsible for compliance with U S and local country laws By using this product you Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 10 OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor Typical Tasks Ti agree to comply with applicable laws and regulations If you are unable to comply with U S and local laws return this product immediately A summary of U S laws governing Cisco cryptographic products may be found at http www cisco com wwl export crypto tool stqrg html If you require further assistance please contact us by sending email to export cisco com Cisco c2911 revision 1 0 with 987136K 61440K bytes of memory Processor board ID 3 Gigabit Ethernet interfaces 1 terminal line DRAM configuration is 64 bits wide with parity enabled 255K bytes
337. ivileged EXEC mode 1 configure terminal 2 aaa authorization network tacacs 3 aaa authorization exec tacacst 4 end 5 show running config 6 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 aaa authorization network tacacs Configures the wireless device for user TACACS authorization for all network related service requests Step3 aaa authorization exec tacacs Configures the wireless device for user TACACS authorization to determine whether the user has privileged EXEC access The exec keyword might return user profile information such as autocommand information Step4 end Returns to privileged EXEC mode Step5 show running config Verifies your entries Step6 copy running config startup config Optional Saves your entries in the configuration file I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Administering the Wireless Device W Administering the Wireless Hardware and Software To disable authorization use the no aaa authorization network exec method command in global configuration mode Displaying the TACACS Configuration To display TACACS server statistics use the show tacacs command in privileged EXEC mode Administering the Wireless Hardware and Software This section provides instruction
338. l allreleasemcl all_book html provides more information about these commands I OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces W Ethernet Data Plane Loopback A Caution amp Because debugging output is assigned high priority in the CPU process it can diminish the performance of the router or even render it unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff Note Before you run any of the debug commands listed in the following table ensure that you run the logging buffered debugging command and then turn off console debug logging using the no logging console command Table 1 debug Commands for NID Configuration debug Command Purpose debug ethernet nid configuration Enables debugging of configuration related issues debug ethernet nid packet egress Enables debugging of packet processing VLAN tag push on the egress side debug ethernet nid packet ingress Enables debugging of packet processing VLAN tag pop on the ingress side Ethernet Data Plane Loopback amp The Ethernet Data Plane Loopback feature provides a means for remotely testing the throughput of an Ethernet port You can verify the maximum rate of frame transmission with no frame loss Note amp Note This feature is supported only if you have pu
339. l configuration command is used e Optional For key string specify the authentication and encryption key used between the wireless device and the RADIUS daemon running on the RADIUS server Note The key is a text string that must match the encryption key that is used on the RADIUS server Always configure the key as the last item in the radius server host command Leading spaces are ignored but spaces within and at the end of the key are used If you use spaces in your key do not enclose the key in quotation marks unless the quotation marks are part of the key To configure the wireless device to recognize more than one host entry that is associated with a single IP address enter this command as many times as necessary making sure that each UDP port number is different The wireless device software searches for hosts in the order in which you specify them Set the timeout retransmit and encryption key values to use with the specific RADIUS host Step4 aaa group server radius group name Defines the AAA server group with a group name This command puts the wireless device in a server group configuration mode Step5 server ip address Associates a particular RADIUS server with the defined server group Repeat this step for each RADIUS server in the AAA server group Each server in the group must be previously defined in Step 2 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services R
340. l period that separates an unqualified name from the domain name At boot time no domain name is configured However if the wireless device configuration comes from a BOOTP or DHCP server then the default domain name might be set by the BOOTP or DHCP server if the servers were configured with this information Ste p3 ip name server server addressI Specifies the address of one or more name servers to use for name and address server address2 resolution server address6 l You can specify up to six name servers Separate server addresses with a space The first server specified is the primary server The wireless device sends DNS queries to the primary server first If that query fails the backup servers are queried Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 mw 283 Chapter Administering the Wireless Device W Creating a Banner Command Purpose Step4 ip domain lookup Optional Enables DNS based hostname to address translation on the wireless device This feature is enabled by default If your network devices require connectivity with devices in networks for which you do not control name assignment you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme DNS Step5 end Returns to privileged EXEC mode Step6 show running confi
341. lash0 USB flash device inserted in port 0 e usbflash1 USB flash device inserted in port 1 Step11 TFTP_MACADDR MAC_address Example rommon gt TFTP_MACADDR 000e 8335 360 Optional Sets the Media Access Controller MAC address for this router Step12 TFTP_RETRY_COUNT retry_times Example rommon gt TFTP_RETRY_COUNT 10 Optional Sets the number of times that the router attempts Address Resolution Protocol ARP and TFTP download The default is 18 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor Command or Action How to Use the ROM Monitor Typical Tasks Ti Purpose Step 13 TETP_TIMEOUT time Optional Sets the amount of time in seconds before the download process times out The default is 7200 seconds 120 minutes Example TFTP_TIMEOUT 1800 Step14 TETP_ ACK RETRY time Optional Sets the amount of time in seconds before the client will resend the ACK packet to indicate to the server to continue transmission of the remaining packets The Example default is 5 seconds TFTP_TIMEOUT 6 Step15 TFTP_VERBOSE setting Optional Configures how the router displays file download progress with these options Example e 0 No progress is displayed rommon gt TFTP_VERBOSE 2 e 1 Exclamation points are displayed to indicate fi
342. late radar detection on the current channel using the debug dot11 dfs simulate command The following example simulates radar on dfs channel 36 Five beacons are sent ap gt enable Password ap debug dot11 dotilradiol dfs simulate 36 5 The following is an example message displayed on the console when radar is detected Mar 6 12 35 09 750 DOG11 6 DFS_TRIGGERED DFS triggered on frequency 5500 MHz Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 238 OL 20696 04 Chapter Configuring Radio Settings Enabling and Disabling World Mode W Setting the 802 11n Guard Interval The 802 11n guard interval is the period in nanoseconds between packets Two settings are available short 400ns and long 800ns To to set the 802 11n guard interval follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dotllradio 0 1 3 guard interval any long 4 end 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface dotl1radio 0 1 Enters interface configuration mode for the radio interface The 802 1 1n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 Step3 guard interval any long Specifies a guard interval e any allows either the short 400ns or long 800ns guard interval e l
343. le Port or Auxiliary Port W Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port When customer premises equipment such as a Cisco 3900 series ISR is connected to an ISP an IP address is dynamically assigned to the router or the IP address is assigned by the router peer through the centrally managed function The dial backup feature can be added to provide a failover route in case the primary line fails Cisco 3900 series ISRs can use the auxiliary port for dial backup and remote management Figure shows the network configuration used for remote management access and for providing backup to the primary WAN line Figure 1 Dial Backup and Remote Management Through the Auxiliary Port 6 om l 2 g 1 Cisco 3900 series A Main WAN link primary connection to Internet service provider router 2 Modem B Dial backup serves as a failover link for Cisco 3900 routers when primary line goes down 3 PC c Remote management serves as dial in access to allow changes or updates to Cisco IOS configurations Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 go eo Chapter Configuring Backup Data Lines and Remote Management W Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port SUMMARY STEPS DETAILED STEPS Step 1 Step 2
344. le download progress This is the default setting e 2 Detailed progress is displayed during the file download process for example Initializing interface Interface link state up ARPing for 1 4 0 1 ARP reply for 1 4 0 1 received MAC address 00 00 0c 07 ac 01 Step 16 set Displays the ROM monitor environment variables Verify that you correctly configured the ROM monitor environment variables Example rommon gt set Step17 tftpdnld h r Downloads the system image specified by the ROM monitor environment variables Example e Entering h displays command syntax help text romion 2 tfepanid e Entering r downloads and boots the new software but does not save the software to flash memory e Using no option that is using neither h nor r downloads the specified image and saves it in flash memory Step18 y Confirms that you want to continue with the TFTP download Example Do you wish to continue y n n y Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 g cio AppendixC Using ROM Monitor HI How to Use the ROM Monitor Typical Tasks Examples Sample Output for Recovering the System Image tftpdnid rommon rommon rommon rommon rommon rommon Invoke this command for disaster recovery only all existing data in all partitions on flash will be lost Do you wish to continue y n In Yy WARNING 16 17 1
345. le the backup interface unless the router receives the traffic specified for that backup interface To configure the router with a backup interface follow these steps beginning in global configuration mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 E57 Chapter Configuring Backup Data Lines and Remote Management WE Configuring Backup Interfaces SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 1 interface type number 2 backup interface interface type interface number 3 backup delay enable delay disable delay 4 exit Command Purpose interface type number Example Router config interface atm 0 0 0 Router config if Enters interface configuration mode for the interface for which you want to configure backup The example shows configuration of a backup interface for an ATM WAN connection backup interface interface type interface number Example Router config if backup interface bri 0 0 1 Router config if Assigns an interface as the secondary or backup interface This can be a serial interface or an asynchronous interface For example a serial interface could be configured to back up a serial 0 2 1 interface The example shows a BRI interface configured as the backup interface for the ATM 0 0 0 interface backup delay enable delay disabl
346. lename configuration variable 7 Optional Set the GE_PORT 0 11 2 3 port number for download 8 Optional Set the TFTP_MEDIA_TYPE 0 1 copper or fiber 9 Optional Set the TFTP_MACADDR mac address of unit 10 Optional Set the TFTP_VERBOSE 0 1 2 print setting variable 11 Optional Set the TFTP_RETRY_COUNT retry_times configuration variable 12 Optional Set the TFTP_TIMEOUT timeout of operation in seconds 13 Optional Set the TFTP_ACK_RETRY ack retry in seconds 14 Optional Set the TFTP_CHECKSUM 0 1 perform checksum test on image I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Step 8 Step 9 Step 10 Step 11 15 Optional Set the TFTP_DESTINATION flash0 flash1 usbflashO usbflash1 flash destination device for file 16 Optional Set the GE_SPEED_MODE speed configuration 17 Use the set command to verify that you have set the variables correctly 18 Use the tftpdnld r command to download the image Enter ROM monitor mode Set the IP address of the router For example rommon gt IP_ADDRESS 172 16 23 32 Set the IP subnet mask For example rommon gt IP_SUBNET_MASK 255 255 255 224 Set t
347. less network In large installations wireless users within radio range of an access point can roam throughout a facility while maintaining seamless uninterrupted access to the network With a management system based on Cisco IOS software wireless devices are Wi Fi CERTIFIED 802 1 1a compliant 802 11b compliant 802 11 g compliant and 802 1 1n compliant wireless LAN transceivers This module contains the following information e Software Modes page 203 e Management Options page 204 Software Modes The access point is shipped on the Cisco 1941W integrated services router and it includes an autonomous image and recovery image on the access point s flash The default mode is autonomous however the access point can be upgraded to operate in Cisco Unified Wireless mode Each mode is described below Autonomous mode Supports standalone network configurations where all configuration settings are maintained locally on the wireless device Each autonomous device can load its starting configuration independently and still operate in a cohesive fashion on the network Cisco Unified Wireless mode Operates in conjunction with a Cisco Unified Wireless LAN controller where all configuration information is maintained within the controller In the Cisco Unified Wireless LAN architecture wireless devices operate in the lightweight mode using Lightweight Access Point Protocol LWAPP as opposed to autonomous mode The lightweight ac
348. less LANs Note When you configure the access point as a DHCP server it assigns IP addresses to devices on its subnet The devices communicate with other devices on the subnet but not beyond it If data needs to be passed beyond the subnet you must assign a default router The IP address of the default router should be on the same subnet as the access point configured as the DHCP server For detailed information on DHCP related commands and options see the DHCP part in Cisco IOS IP Addressing Services Configuration Guide Release 12 4 Click this URL to browse to the DHCP part http www cisco com en US docs ios ipaddr configuration guide iad_dhcp_rdmp_ps6350_TSD_Products_Configuration_Guide_Chapter html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Configuring the Access Point to Provide DHCP Service W To configure an access point to provide DHCP service and to specify a default router follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 ip dhcp excluded address ow_address high_address 3 ip dhcp pool pool_name 4 network subnet_number mask prefix length 5 lease days hours minutes infinite 6 default router address address2 address 8 7 end 8 show running config 9 copy running config startup config DETA
349. less Settings W Configuring Wireless Security Settings e Configuring Authentication page 211 e Configuring WEP and Cipher Suites page 212 e Configuring Wireless VLANs page 212 e Configuring the Access Point in Hot Standby Mode page 215 Configuring Authentication Authentication types are tied to the Service Set Identifiers SSIDs that are configured for the access point If you want to serve different types of client devices with the same access point configure multiple SSIDs Before a wireless client device can communicate on your network through the access point it must authenticate to the access point by using open or shared key authentication For maximum security client devices should also authenticate to your network using MAC address or Extensible Authentication Protocol EAP authentication Both of these authentication types rely on an authentication server on your network See Authentication Types for Wireless Devices at Cisco com to select an authentication type http www cisco com en US docs routers access wireless software guide Security AuthenticationTypes html See RADIUS and TACACS Servers in a Wireless Environment at Cisco com to set up a maximum security environment http www cisco com en US docs routers access wireless software guide SecurityRadiusTacacs_1 html Configuring Access Point as Local Authenticator To provide local authentication service or backup authentication service for a WAN link failur
350. less device transmits only unicast packets at this rate multicast packets are sent at one of the data rates set to basic e Disabled The wireless device does not transmit data at this rate Note At least one data rate must be set to basic You can use the data rate settings to set an access point to serve client devices operating at specific data rates For example to set the 2 4 GHz radio for 11 Mb s service only set the 11 Mb s rate to basic and set the other data rates to disabled To set the wireless device to serve only client devices operating at 1 and 2 Mb s set 1 and 2 to basic and set the rest of the data rates to disabled To set the 2 4 GHz 802 11g radio to serve only 802 11g client devices set any orthogonal frequency division multiplexing OFDM data rate 6 9 12 18 24 36 48 54 to basic To set the 5 GHz radio for 54 Mb s service only set the 54 Mb s rate to basic and set the other data rates to disabled Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Radio Settings amp Configuring Radio Data Rates W You can configure the wireless device to set the data rates automatically to optimize either the range or the throughput When you enter range for the data rate setting the wireless device sets the 1 Mb s rate to basic and sets the other rates to enabled The range setting
351. llers To configure a Voice XML gateway on the Cisco 3900 series or Cisco 2900 series Integrated Services Router see http www cisco com en US docs ios voice ivr configuration guide ivrapp01 html wp 1010676 Cisco IOS voice features having to do with Cisco IOS Tcl IVR and VoiceXML for developers and network administrators who are installing configuring and maintaining a Tcl or VoiceXML application on a Cisco voice gateway are provided at http www cisco com en US docs ios voice ivr configuration guide Roadmap html wp 1008602 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Unified Communications on Cisco Integrated Services Routers Hoot n Holler Applications and Application Interfaces APIs W Cisco Hoot n Holler network solution uses Cisco IOS Multicast and Cisco IOS Voice over IP technologies The Cisco IP based Hoot network uses bandwidth when it is in use when it is not the same bandwidth can be used to carry other traffic The IP backbone interoperates with existing Hoot amp Holler end station equipment such as microphones turrets Hoot phones or squawk boxes as well as bridges and mixers for a seamless transition Brokerage houses can adapt this solution to eliminate costly private telco circuits and reap significant operational cost savings up to millions of dollars per year for a rapid return on inves
352. lobal configuration mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 73 es OL 20696 04 _ Chapter Configuring Backup Data Lines and Remote Management Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Configuring Data Line Backup and Remote Management Through the ISDN S T Port W Command Purpose interface dialer dialer rotary group number Example Router config interface dialer 0 Router config if Creates a dialer interface numbered 0 to 255 and enters interface configuration mode ip address negotiated Example Router config if ip address negotiated Router config if Specifies that the IP address for the interface is obtained through PPP IPCP IP Control Protocol address negotiation The IP address is obtained from the peer encapsulation encapsulation type Example Router config if encapsulation ppp Router config if Sets the encapsulation type for the interface dialer pool number Example Router config if dialer pool 1 Router config if Specifies the dialer pool to be used In the example the dialer pool setting associates the dialer 0 interface with the BRIO interface because the BRIO dialer pool
353. lomicroseconds Step5 end Returns to privileged EXEC mode Step6 copy running config startup config Optional Saves your entries in the configuration file Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 248 OL 20696 04 Chapter Configuring Radio Settings Configure RTS Threshold and Retries W Configure RTS Threshold and Retries SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 The request to send RTS threshold determines the packet size at which the wireless device issues an RTS before sending the packet A low RTS threshold setting can be useful in areas where many client devices are associating with the wireless device or in areas where the clients are far apart and can detect only the wireless device and not detect each other You can enter a setting ranging from 0 to 2347 bytes Maximum RTS retries is the maximum number of times the wireless device issues an RTS before stopping the attempt to send the packet over the radio Enter a value from to 128 The default RTS threshold is 2347 for all access points and bridges and the default maximum RTS retries setting is 32 To configure the RTS threshold and maximum RTS retries follow these steps beginning in privileged EXEC mode 1 configure terminal 2 interface dotilradio 0 1 3 rts threshold value 4 rts retries valu
354. lover Router config if Step 5 end Exits to global configuration mode Enabling Auto Detect The Auto Detect feature is enabled if media type is not configured This feature automatically detects which media is connected and links up If both media are connected whichever media comes up first is linked up amp Note The Auto Detect feature only works with GigE SFPs This feature does not detect 100M SFPs Use the no media type command in interface configuration mode to enable the Auto Detect feature To configure the Auto Detect feature follow these steps beginning in global configuration mode SUMMARY STEPS 1 configure terminal 2 interface gigabitethernet slot port 3 no media type Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide o p OL 20696 04 _ Chapter Configuring Backup Data Lines and Remote Management DETAILED STEPS Command Configuring Backup Interfaces il Purpose Step 1 configure terminal Example Router configure terminal Router config Enters global configuration mode Step 2 interface gigabitethernet s ot port Example Router config interface gigabitethernet O 1 Router config if Enters interface configuration mode Step 3 no media type Example Router config if no media type GigabitEthernet0 1 Changing media to UNKNOWN
355. low connections h323 to h323 allow connections h323 to sip allow connections sip to h323 allow connections sip to sip fax protocol cisco archive log config hidekeys controller T1 0 0 0 cablelength long Odb dsO group 1 timeslots 1 24 type e amp m immediate start controller T1 0 0 1 cablelength long 0db pri group timeslots 1 24 controller T1 2 0 controller T1 2 1 controller T1 2 0 0 cablelength long 0db controller T1 2 0 1 cablelength long 0db interface GigabitEthernet0 0 mtu 9600 ip address 10 1 32 147 255 255 0 0 duplex auto speed auto no cdp enable interface GigabitEthernet0 1 mtu 9600 ip address 10 1 1 1 255 255 255 0 duplex auto speed auto media type rj45 no cdp enable interface GigabitEthernet0 2 no ip address shutdown duplex auto speed auto no cdp enable interface Serial0 0 1 23 no ip address encapsulation hdlc isdn switch type primary ni isdn incoming voice voice no cdp enable I OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules W Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers ip forward protocol nd ip route 223 255 254 254 255 255 255 255 10 1 0 1 no ip http server no ip http secure server nls resp timeout 1 cpd cr id 1 control plane voice port 0 0 0 1 voice port 0 0 1 23 mgcp fax t38
356. minfo ROM Monitor Command page C 24 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Appendix Using ROM Monitor Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Sample Output for the stack ROM Monitor Command rommon 6 gt stack Kernel Level Stack Trace Initial SP 0x642190b8 Frame 0 FP 0x642190b8 PC Frame Frame Frame A FP 0x642190b8 PC 2 FP 0x642190d0 PC Frame 3 FP 0x642190f 8 PC 4 FP 0x64219118 PC Process Level Stack Trace Initial SP 0x64049cb0 FP 0x64049cb0 PC FP 0x64049cc8 PC FP 0x64049ce0 PC FP 0x64049e90 PC FP 0x64049ec8 PC Frame Frame Frame Frame Frame BWDNYP OO Initial PC 0x607a0d44 RA 0x607a0d44 0 bytes 0x61d839f8 24 bytes 0x6079b6c4 40 bytes 0x6079ff70 32 bytes 0x6079eaec 0 bytes Initial PC Ox60e3b7 4 RA 0x60e3b7 4 24 bytes Ox60e36fa8 24 bytes 0x607a5800 432 bytes 0x607a8988 56 bytes 0x64049f14 0 bytes Sample Output for the context ROM Monitor Command rommon 7 gt context Kernel Level Context Reg MSW Zero 00000000 AT 00000000 vO 00000000 v1 00000000 a0 00000000 al 00000000 a2 00000000 a3 00000000 t 00000000 t1 00000000 t2 00000000 t 00000000 t4 T EFEFEFEEEE t5 2 EELEPELE t 000000
357. mmand Purpose line aux console tty vty Jine number ending line number Example Router config line aux 0 Router config Enters configuration mode for the auxiliary interface flowcontrol none software lock in out hardware in out Example Router config flowcontrol hardware Router config Enables hardware signal flow control Example The following configuration example specifies an IP address for the ATM interface through PPP and IP Control Protocol IPCP address negotiation and specifies dial backup over the console port ip name server 192 168 28 12 ip dhcp excluded address 192 168 1 1 ip dhcp pool 1 import all network 192 168 1 0 255 255 255 0 default router 192 168 1 1 Need to use your own correct ISP phone number modemcap entry MY USER_MODEM MSC amp F1S0 1 chat script Dialout ABORT ERROR ABORT BUSY TIMEOUT 45 CONNECT c AT I interface vlan 1 ip address 192 168 1 1 255 255 255 0 ip nat inside ip tcp adjust mss 1452 hold queue 100 out OK ATDT 5555102 T Dial backup and remote management physical interface interface Asyncl no ip address encapsulation ppp dialer in band dialer pool member 3 async default routing async dynamic routing async mode dedicated ppp authentication pap callin I interface ATMO mtu 1492 no ip address no atm ilmi keepalive pve 0 35 pppoe
358. mmend that you save backup copies of your current startup configuration file and Cisco IOS software system image file on a server For more detailed information see the Managing Configuration Files chapter and the Loading and Maintaining System Images chapter of Cisco IOS Configuration Fundamentals Guide at http www cisco com en US docs ios fundamentals configuration guide 12_4t cf_12_4t_book html To save backup copies of the startup configuration file and the system image file complete the following steps SUMMARY STEPS 1 enable 2 copy nvram startup config ftp rep tftp 3 dir flash0 flash1 4 copy flash0 ftp rep tftp DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Command or Action Purpose enable Example Router gt enable Enables privileged EXEC mode e Enter your password if prompted copy nvram startup config ftp rcp tftp Example Router copy nvram startup config ftp Copies the startup configuration file to a server e The configuration file copy can serve as a backup copy e Enter the destination URL when prompted dir flash0 Example Router dir flash0 Displays the layout and contents of a flash memory file system flash0 is aliased onto flash e Learn the name of the system image file copy flash0 ftp rep tftp Example Router copy flash0 ftp Copies a file from flash memory to a server e Copy
359. mote management access and backup for the primary WAN line Figure 2 shows a dial backup link that goes through a customer premises equipment CPE splitter a digital subscriber line access multiplexer DSLAM and a central office CO splitter before connecting to the ISDN switch Figure 2 Data Line Backup Through CPE Splitter DSLAM and CO Splitter a 1 Cisco 3900 series router A Primary DSL interface FE interface Cisco 3900 series router DSLAM B Dial backup and remote management through the ISDN interface ISDN S T port serves as a failover link when the primary line goes down ATM aggregator ISDN switch ISDN c Provides administrator with remote management capability through the ISDN interface when the primary DSL link is down serves as dial in access to allow changes or updates to Cisco IOS configuration ISDN peer router w 0 0 eA UO N Web server 8 Administrator Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 76 OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S T Port W Figure 3 shows a dial backup link that goes directly from the router to the ISDN switch Figure 3 Data Line Backup Directly from Router to ISDN Switch
360. mple router service module wlan ap0 session Trying 10 21 0 20 2002 Open ap gt 1 GEO Gigabit Ethernet 0 P Tip If you want to create an IOS software alias for the Console to session into the wireless device enter the alias exec dot11radio service module wlan ap 0 session command at the EXEC prompt After entering this command you automatically skip to the dot11 radio level in the IOS Closing the Session To close the session between the wireless device and the router s console perform both of the following steps Wireless Device 1 Control Shift 6 x Router 2 disconnect 3 Press Enter twice Configuring Wireless Settings N Note If you are configuring the autonomous wireless device for the first time start a configuration session between the router and the access point before attempting to configure basic wireless settings See the Starting a Wireless Configuration Session section on page 207 Configure the wireless device with the appropriate software tool e Unified software Cisco Express Setup page 210 e Autonomous software Cisco IOS CLI page 210 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 SENN Chapter Configuring the Wireless Device HZ Configuring Wireless Settings Cisco Express Setup To configure the Cisco Unified wireless device use the web browser Cisco
361. mple Router config subif end Returns the router to the privileged EXEC mode Configuration Example for Ethernet CFM Double Tagged Packets This example shows how to configure Ethernet CFM for double tagged packets Router gt enable Router configure terminal Router config ethernet cfm ieee Router config ethernet cfm global Router config subif end Router config ecfm ethernet cfm domain customer level 7 Router config ecfm service customer1101 vlan 100 inner vlan 30 direction down Router config ecfm srv continuity check Router config ecfm srv interface gigabitethernet 0 2 Router config if ethernet cfm mep domain customer mpid 100 service customer1101 Router config if ecfm mep interface gigabitethernet 0 2 1101 Router config subif encapsulation dotiq 100 second doti1q 30 Verififying the Ethernet CFM Configuration for Double Tagged Packets Use the following commands to verify Ethernet CFM configured for double tagged packets e show ethernet cfm maintenance points local e show ethernet cfm maintenance points remote e ping ethernet mpid mpid value domain domain name service service name cos value e traceroute ethernet mpid mpid value domain domain name service service name e show ethernet cfm error configuration Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Co
362. n the small office and also many advanced features not available with traditional telephony solutions The ability to deliver IP telephony and data routing by using a single converged solution allows customers to optimize their operations and maintenance costs resulting in a very cost effective solution that meets office needs Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 130 OL 20696 04 _ Chapter Unified Communications on Cisco Integrated Services Routers Call Control W A Cisco Unified CME system is extremely flexible because it is modular A Cisco Unified CME system consists of a router that serves as a gateway and one or more VLANs that connect IP phones and phone devices to the router See Cisco Unified Communications Manager Express CME Overview at http www cisco com en US docs voice_ip_comm cucme admin configuration guide cmeover html Unified Survivable Remote Site Telephony Cisco Unified Survivable Remote Site Telephony SRST enables Cisco routers to provide call handling support for Cisco IP phones when they lose connection to Cisco Unified Communications Manager CUCM installations or when the WAN connection is down In a centralized deployment under normal conditions Cisco IP phones are controlled by the Cisco Unified Communications Manager located at a central site like the headquarters of an enterprise When connection t
363. nabled Although this example is based on a TACACS server the access point could be configured for Admin authentication using RADIUS version 12 3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password encryption hostname ap username Cisco password 7 123A0C041104 username admin privilege 15 password 7 01030717481C091D25 ip subnet zero aaa new model aaa group server radius rad_eap server 192 168 134 229 auth port 1645 acct port 1646 aaa group server radius rad_mac server 192 168 134 229 auth port 1645 acct port 1646 aaa group server radius rad_acct server 192 168 134 229 auth port 1645 acct port 1646 aaa group server radius rad_admin server 192 168 134 229 auth port 1645 acct port 1646 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache aaa group server tacacs tac_admin server 192 168 133 231 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 290 E OL 20696 04 Chapter Administering the Wireless Device aaa aaa aaa aaa aaa aaa aaa aaa all aaa bri I int no no shu Configuring the Authentication Cache and Profile Hi group server radius rad_pmip
364. nal Router config if ecfm mep end ig ecfm ethernet cfm domain carrier level 2 ig ecfm service carrier port ig ecfm srv continuity check interval 100m Router config interface gigabitethernet 0 2 Router config if ethernet cfm mep domain carrier mpid 44 service carrier Verifying the Ethernet CFM Configuration on a Port MEP Use the following commands to verify Ethernet CFM configured on a port MEP e show ethernet cfm domain e show ethernet cfm maintenance points local e show ethernet cfm maintenance points remote e ping ethernet mpid mpid value domain domain name service service name cos value e traceroute ethernet mpid mpid value domain domain name service service name e show ethernet cfm error configuration Use the show ethernet cfm domain command to view details about CFM maintenance domains Router show ethernet cfm domain carrier Domain Name carrier Level 2 Total Services 1 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces CFM Support on Routed Port and Port MEP W Services Type Id Dir CC CC int Static rmep Crosscheck MaxMEP Source MA Name Port none Dwn Y 100ms Disabled Disabled 100 Static carrier Router Use the show ethernet cfm maintenance points local command to view the MEPs that are
365. nd Router show running interface gigabitethernet 0 0 interface gigabitethernet 0 0 ip address 50 0 0 1 255 255 255 0 cts manual no propagate sgt policy static sgt 77 trusted end Verifying SGT over Ethernet Tagging Use the show cts interface brief command to display the CTS interface specific configuration Router show cts interface brief Interface gigabitethernet 0 0 CTS is enabled mode MANUAL Propagate SGT Enabled Static Ingress SGT Policy Peer SGT Td Peer SGT assignment Trusted Use the show cts platform interface interface name stats detail command to display platform specific CTS related statistics Router show cts platform interface gigabitethernet 0 0 stats detail Interface gigabitethernet 0 0 L2 SGT Statistics Pkts In 31627 Pkts policy SGT assigned 24 Pkts Out 6866 Pkts Drop malformed packet 0 Pkts Drop invalid SGT ug I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Security Features HZ SGT over Ethernet Tagging Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 114 OL 20696 04 Configuring Identity Features on Layer 3 Interface This chapter describes the identify features supported on the Onboard Gigabit Ethernet Layer 3 ports of the Cisco 1921 Integrated Services Rout
366. nd increments each time you press Return or Enter in ROM monitor mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide oL 20696 04 g ca AppendixC Using ROM Monitor HI Information About the ROM Monitor Why is the Router in ROM Monitor Mode The router boots to ROM monitor mode when one of the following occurs e During power up or reload the router did not find a valid system image e The last digit of the boot field in the configuration register is 0 for example 0x100 or 0x0 e The Break key sequence was entered during the first 60 seconds after reloading the router To exit ROM monitor mode see the Exiting ROM Monitor Mode section on page C 25 When do I use ROM Monitor Use ROM monitor in the following situations e Manually loading a system image You can load a system image without configuring the router to load that image in future system reloads or power cycles This can be useful for testing a new system image or for troubleshooting See the Loading a System Image boot section on page C 8 e Upgrading the system image when there are no TFTP servers or network connections and a direct PC connection to the router console is the only viable option See information about upgrading the system image in the configuration documentation for your router e During troubleshooting if the router crashes and hangs See the T
367. nd maintaining network borders gathering statistics and billing information on each network segment separately e Security Provides interworking between encrypted and non encrypted network segment SIP registration services DOS protection authentication services and toll fraud protection on H 323 or SIP trunks See Cisco Unified Border Element Configuration Guide at Cisco com for more information http www cisco com en US docs ios voice cube configuration guide vb_book vb_book html Unified Messaging Gateway The Cisco Unified Messaging Gateway provides an open and secure method of intelligently routing messages and exchanging subscriber and directory information within a unified messaging network It acts as the central hub in a network of Cisco unified messaging solutions and third party gateways that interface with older voicemail systems Unified Messaging Gateway is ideal for companies that need the following key features e Scales the unified messaging network as required for branch office customers and larger distributed enterprises e Simplifies configuration tasks and centralize voicemail system management e Transparently integrates Cisco Unified Communications solutions into existing voicemail installations e Integrates small to large scale unified messaging deployments that consist of more than five Cisco Unity Express systems e Integrates up to 10 000 mixed Cisco Unity Express Cisco Unity and Cisco Unity Connection
368. nfigure the Controlling Port Authorization state SUMMARY STEPS 1 enable configure terminal interface gigabitethernet slot port authentication port control auto mab ea on F WY HN end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EN Chapter HZ Controlling Port Authorization State DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Command or Action Purpose enable Example Router gt enable Enables privileged EXEC mode Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode authentication port control auto force authorized force unauthorized Example Router config if authentication port control auto force authorized force unauthorized Enables the manual control of the port authorization state auto Allows only EAPol traffic until successful authentication force authorized Allows all traffic requires no authentication force unauthorized Allows no traffic mab Example Router config if mab Enables MAC based authentication on a port end Example Router config if end Router Returns to privileged EXE
369. nfiguring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide CFM Support on Routed Port and Port MEP W Use the show ethernet cfm maintenance points local command to view the local MEPs The following is a sample output of the show ethernet cfm maintenance points local command Router show ethernet cfm maintenance points local MPID Domain Name MacAddress T St Ptst Lvl Domain ID Ingress RDI MA Name Type Id SrvcInst EVC Name Age Local MEP Info 100 customer 8843 e154 6f01 Up Up 7 customer Gi0 2 1101 customer1101 S C 100 30 N A N A 58s MPID 100 Domain customer MA customer1101 Router Use the show ethernet cfm maintenance points remote command to display the remote maintenance point domains In the following example customer carrier and enterprise are the maintenance point domains that are configured On router 1 Routerl show ethernet cfm maintenance points remote MPID Domain Name MacAddress TES Ptst Lvl Domain ID Ingress RDI MA Name Type Id SrvcInst EVC Name Age Local MEP Info 110 customer 8843 e154 6f01 Up Up 7 customer Gi0 2 1101 customer1101 S C 100 30 N A N A 58s MPID 100 Domain customer MA customer1101 43 carrier 8843 e154 6f01 Up Up 2 carrier Gi0 2 2 carrier S C 50 20 N A N A 58s MPID 44 Domain carrier MA carrier 410 en
370. nformation on how to effectively use this k command in ROM monitor mode see the Troubleshooting Router Hangs tech note Example rommon gt stack Step2 context Optional Displays the CPU context at the time of the fault e If it is available the context from kernel mode and Example process mode of a loaded image is displayed rommon gt context Step3 frame number Optional Displays an entire individual stack frame e The default is O zero which is the most recent frame Example rommon gt frame 4 Step4 sysret Optional Displays return information from the last booted system image Example e The return information includes the reason for rommon gt sysret terminating the image a stack dump of up to eight frames and if an exception is involved the address at which the exception occurred Step5 meminfo 1 Optional Displays memory information including e Main memory size starting address and available Example range Tommon 2 TEMES e Packet memory size e NVRAM size Alternatively using the meminfo l command provides information on supported DRAM configurations for the router Examples This section provides the following examples e Sample Output for the stack ROM Monitor Command page C 23 e Sample Output for the context ROM Monitor Command page C 23 e Sample Output for the frame ROM Monitor Command page C 24 e Sample Output for the sysret ROM Monitor Command page C 24 e Sample Output for the me
371. ning in global configuration mode Note SUMMARY STEPS The TTY lines are asynchronous lines used for inbound or outbound modem and terminal connections and can be seen in a router or access server configuration as line x The specific line numbers are a function of the hardware built into or installed on the router or access server In Cisco ISR G2 series routers the TTY lines are incremented by 1 and start with line number3 instead of line number 2 in Cisco ISR G1 series routers In ISR G2 series routers line number 2 cannot be accessed since it has been used for the second core feature TTY lines are not static and line numbers can be changed in future when more features are added similar to the second core 1 line aux console tty vty line number password password login exec timeout minutes seconds line aux console tty vty line number password password login o N os FF ooN end OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E Chapter Basic Router Configuration WE Configuring Command Line Access DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Step7 Step 8 Command Purpose line aux console tty vty line number Example Router config line console 0 Router config line Enters line configuration mode and specifies the type of line T
372. nitor mode e If you reload the router and enter the Break key sequence to enter ROM monitor mode when the router would otherwise have booted the system image you can exit ROM monitor mode by doing either of the following Enter the i command or the reset command which restarts the booting process and loads the system image Enter the cont command which continues the booting process and loads the system image e If your router entered ROM monitor mode because it could not locate and load the system image perform the steps in the following procedure SUMMARY STEPS 1 dir flash0 directory 2 boot flash0 directory filename or boot filename tftpserver or boot filename Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I oL 20696 04 g c25 AppendixC Using ROM Monitor HI How to Use the ROM Monitor Typical Tasks DETAILED STEPS Command or Action Purpose Step1 dir flash0 directory Displays a list of the files and directories in flash memory e Locate the system image that you want the router to Example load nomon me eke e If the system image is not in flash memory use the second or third option in Step 2 Step2 boot flash0 directory filename In order the examples here direct the router to or e Boot the first image or a specified image in flash memory boot filename tftpserver e Boot the specified image
373. nitored access point goes off line and the standby access point takes its place in the network matching settings ensure that client devices can switch easily to the standby access point See Hot Standby Access Points at Cisco com for more information http www cisco com en US docs routers access wireless software guide RolesHotStandby html Upgrading to Cisco Unified Software To run the access point in Cisco Unified mode upgrade the software by following these major steps e Preparing for the Upgrade page 215 e Performing the Upgrade page 216 e Downgrading the Software on the Access Point page 217 e Recovering Software on the Access Point page 217 Software Prerequisites e Cisco 1941W ISRs are eligible to upgrade to Cisco Unified software if the router is running IP Base feature set and Cisco IOS Release 15 0 1 M e To use the embedded access point in a Cisco Unified Architecture the Cisco wireless LAN controller WLC must be running version 5 1 or later Preparing for the Upgrade Perform these tasks to prepare for the upgrade e Secure an IP Address on the Access Point page 215 e Prior to the Upgrade page 216 Secure an IP Address on the Access Point Secure an IP address on the access point so it can communicate with the WLC and download the Unified image upon boot up The host router provides the access point DHCP server functionality through the DHCP pool Then the access point communicates with the WLC and setup option
374. nning config Verifies your entries Step9 copy running config startup config Optional Saves your entries in the configuration file To disable AAA use the no aaa new model command in global configuration mode To disable authorization use the no aaa authorization network exec method command in global configuration mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 ms 289 Chapter Administering the Wireless Device W Configuring the Authentication Cache and Profile Configuring the Authentication Cache and Profile The authentication cache and profile feature allows the access point to cache the authentication and authorization responses for a user so that subsequent authentication and authorization requests do not need to be sent to the AAA server Note On the access point this feature is supported only for Admin authentication The following commands that support this feature are included in Cisco IOS Release 12 3 7 cache expiry cache authorization profile cache authentication profile aaa cache profile Note See Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges Versions 12 4 10b JA and 12 3 8 JEC for information about these commands The following is a configuration example for an access point configured for Admin authentication using TACACS with the authorization cache e
375. nterrupt service request ISR events I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface Y 1731 Performance Monitoring PM provides a standard Ethernet PM function that includes measurement of Ethernet frame delay frame delay variation frame loss and frame throughput measurements specified by the ITU T Y 1731 standard and interpreted by the Metro Ethernet Forum MEF standards group amp Note This feature is supported only if you have purchased the DATA technology package functionality datak9 licensing package For more information about managing software activation licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Frame Delay Ethernet frame delay measurement is used to measure frame delay and frame delay variations Ethernet frame delay is measured using the Delay Measurement Message DMM method Restrictions for Configuring Two Way Delay Measurement Follow the guidelines and restrictions listed here when you configure two way delay measurement e Y 1731 PM measurement works only for a po
376. ntication default list name copy running config startup config Purpose Step1 configure terminal Enters global configuration mode Step2 aaa new model Enables AAA Step3 aaa authentication login default list name method method2 Creates a login authentication method list e To create a default list that is used when a named list is not specified in the login authentication command use the default keyword followed by the methods that are to be used in default situations The default method list is automatically applied to all interfaces e For list name specify a character string to name the list you are creating e For method1 specify the actual method the authentication algorithm tries The additional methods of authentication are used only if the previous method returns an error not if it fails Select one of these methods e local tuUse the local username database for authentication You must enter username information in the database Use the username password global configuration command e radius Use RADIUS authentication You must configure the RADIUS server before you can use this authentication method For more information see the Identifying the RADIUS Server Host section of the Configuring Radius and TACACS Servers chapter in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Step4 line console tty vty line number ending line numb
377. nticator aAa WwW DN end Command or Action Purpose enable Example Router gt enable Enables privileged EXEC mode Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode authentication port control auto Example Router config if authentication port control auto Enables the manual control of the port authorization state dot1x pae authenticator Example Router config if dot1x pae authenticator Configures the port as an IEEE 802 1x Port Access Entity PAE authenticator end Example Router config if end Router Returns to privileged EXEC mode Verifying the IEEE 802 1X Use the show authentication sessions command to verify the configuration c1921 show authentication sessions Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Identity Features on Layer 3 Interface Interface Gid 1 MAC Address 000d e105 c771 Method dot1ix Status Authz Success Domain DATA c1921 show authentication sessions interface Gi0 1 Interface MAC Address IP Address User Name Status Domain Oper host mode Oper control dir
378. o 2921 Integrated Services Router Cisco 2951 Integrated Services Router Cisco 3900 Integrated Services Router Cisco 3900E Series Integrated Services Routers Cisco 892 F Gigabit Ethernet Security Router Cisco 898 EA Gigabit Ethernet Security Router EHWIC 1GE SFP 1 enable 2 configure terminal 3 service unsupported transceiver 4 interface type slot subslot port number I OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management WE Configuring Third Party SFPs media type sfp speed value shutdown no shutdown o o N Q o exit DETAILED STEPS Command or Action Purpose Step 1 enable Example Router gt enable Enables the privileged EXEC mode Enter your password if prompted Step2 configure terminal Example Router configure terminal Enters the global configuration mode Step3 service unsupported transceiver Example Router config service unsupported transceiver Enables third party SFP support Step4 interface type slot subslot port number Example Router config interface ethernet 0 3 0 Selects an interface to configure Step5 media type sfp Example Router config if media type sfp Changes media type to SFP Step6 speed value Example Router config if speed 100 Configures the speed of the interface Note For 1OOBASE SFPs configure the speed to 100 Mbps only Similarly for 1OOOBASE SFPs configure the sp
379. o CUCM breaks for example as result of a failure in the network Unified SRST automatically detects the failure and auto configures the router for providing backup call processing functionality During a WAN failure the router allows all the phones to re register to the remote site router in SRST mode allowing all inbound and outbound dialing to be routed off to the PSTN on a backup Foreign Exchange Office FXO BRI or Primary Rate Interface PRI connection Unified SRST provides redundancy for both Cisco IP as well as Analog phones to ensure that the telephone system remains operational during network failures Both Skinny Client Control Protocol SCCP and session initiation protocol SIP based Cisco IP phones are supported with the Unified SRST When the WAN link or connection to the Cisco Unified Communications Manager is restored call handling reverts back to the Cisco Unified Communications Manager automatically without need for any human intervention For general Unified SRST information see Cisco Unified SRST System Administrator Guide e For information on how the H 323 and Media Gateway Control Protocol MGCP call control protocols relate to SRST see Cisco Unified SRST System Administrator Guide For H 323 see H 323 Gateways and SRST at Cisco com For MGCP see MGCP Gateways and SRST at Cisco com e Configurations of major SRST features are provided in the following chapters of the Cisco Unified SRST System Administr
380. o determine the routes to all other networks To provide complete routing capability the common practice is to use some routers as smart routers and give the remaining routers default routes to the smart router Smart routers have routing table information for the entire internetwork These default routes can be passed along dynamically or can be configured into the individual routers Most dynamic interior routing protocols include a mechanism for causing a smart router to generate dynamic default information that is then passed along to other routers If a router has an interface that is directly connected to the specified default network the dynamic routing protocols running on the router will generate or source a default route In the case of RIP the router will advertise the pseudo network 0 0 0 0 In the case of IGRP the network itself is advertised and flagged as an exterior route A router that is generating the default for a network also may need a default of its own One way a router can generate its own default is to specify a static route to the network 0 0 0 0 through the appropriate device Gateway of Last Resort SUMMARY STEPS When default information is being passed along through a dynamic routing protocol no further configuration is required The system periodically scans its routing table to choose the optimal default network as its default route In the case of RIP there is only one choice network 0 0 0 0 In the case
381. o routers e Entering a Directory and Determining Which Directory You Are In page B 7 e Creating a New Directory page B 8 e Removing a Directory page B 9 Entering a Directory and Determining Which Directory You Are In To enter a directory of a CF memory card enter the ed command in privileged EXEC mode The cd command specifies or changes the default directory or file system If you enter cd only without specifying a file system the router enters the default home directory which is flashO If you enter ca flash1 the router enters the flash directory Router cd To determine which directory you are in enter the pwd command in privileged EXEC mode The CLI displays which directory or file system is specified as the default by the ed command Router pwd To display a list of files in the directory that you are in enter the dir command in privileged EXEC mode The command line interface will display the files in the file system that was specified as the default by the cd command Router dir Directory of flash0 1580 rw 6462268 Mar 06 2004 06 14 02 c2900 universalk9 mz 3600ata 3 rw 6458388 Mar 01 2004 00 01 24 c2900 universalk9 mz 63930368 bytes total 51007488 bytes free Entering a Directory Example To enter the config directory Router cd config To verify that you are in the config directory I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Genera
382. obal Step5 ethernet cfm domain domain name level level id Step6 service service name vlan vlan id direction down Step7 continuity check Step8 interface gigabitethernet slot port Step9 ethernet cfm mep domain domain name mpid value service service name Step10 interface gigabitethernet s ot port subinterface Step11 encapsulation dotlq vlan id Step12 end DETAILED STEPS Command Purpose Step1 enable Enables the privileged EXEC mode Enter your password when prompted Example Router gt enable Step2 configure terminal Enters the global configuration mode Example Router configure terminal Step3 ethernet cfm ieee Enables the IEEE version of CFM Example Router config ethernet cfm ieee Step4 jethernet cfm global Enables CFM processing globally on the router Example Router config ethernet cfm global Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Command CFM Support on Routed Port and Port MEP W Purpose Step5 ethernet cfm domain domain name level value Example Router config ethernet cfm domain customer level 7 Defines a CFM maintenance domain at a specified level and enters the Ethernet CFM configuration mode level can be any value from 0 to 7 Step 6 service service name vlan vlan id dire
383. of IGRP there might be several networks that can be candidates for the system default The Cisco IOS software uses both administrative distance and metric information to determine the default route gateway of last resort The selected default route appears in the gateway of last resort display of the show ip route EXEC command If dynamic default information is not being passed to the software candidates for the default route are specified with the ip default network global configuration command In this usage the ip default network command takes an unconnected network as an argument If this network appears in the routing table from any source dynamic or static it is flagged as a candidate default route and is a possible choice as the default route If the router has no interface on the default network but does have a route to it it considers this network as a candidate default path The route candidates are examined and the best one is chosen based on administrative distance and metric The gateway to the best default path becomes the gateway of last resort 1 enable 2 configure terminal 3 ip routing 4 ip route dest prefix mask next hop ip address admin distance permanent 5 ip default network network number or ip route dest prefix mask next hop ip address I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide AppendixA Cis
384. of by using a binary library or DLL The AXL API methods known as requests use a combination of HTTPS and SOAP SOAP is an XML remote procedure call RPC protocol The server receives the XML structures and executes the request If the request completes successfully the system returns the appropriate AXL response All responses are named identically to the associated requests except that the word Response is appended See Cisco Unified Communications Manager XML Developers Guide Release 7 0 1 at Cisco com for information http www cisco com en US docs voice_ip_comm cucm devguide 7_0_1 ccmdvCh1 html Gatekeeper Transaction Message Protocol GKTMP The Cisco Gatekeeper Transaction Message Protocol GKTMP and application programming interface APJ is available for your use See GKTMP Commands GK API Guide Version 4 4 at Cisco com for the latest Gatekeeper API inputs and outputs http www cisco com en US docs ios 12_3 gktmpv4_3 guide gk_cli html Online Insertion and Removal lt a Online insertion and removal OIR is a feature that allows you to replace modules without turning off the router and without affecting the operation of other interfaces OIR of a module provides uninterrupted operation to network users maintains routing information and ensures session preservation For instructions on inserting removing and replacing the module see the hardware installation guide for your router at Cisco com Cisco 3900 S
385. of non volatile configuration memory 62960K bytes of USB Flash usbflash0O Read Write 248472K bytes of ATA System CompactFlash 0 Read Write 248472K bytes of ATA CompactFlash 1 Read Write Press RETURN to get started Nov 22 09 20 19 839 Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 0 changed state to up LINK 3 UPDOWN Interface GigabitEthernet0 1 changed state to down Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 2 changed state to down Nov 22 09 20 19 839 LINEPROTO 5 UPDOWN Line protocol on Interface GigabitEthernet0 0 64 changed state to down Nov 22 09 20 19 839 SLINEPROTO t5 UPDOWN Line protocol on Interface GigabitEthernet0 1 64 changed state Router gt rommon 1 gt boot usbflash1 c2900 universalk9 mz SSA program load complete entry point 0x80803000 size 0x1b340 IOS Image Load Test Digitally Signed Development Software program load complete entry point 0x81000000 size 0x3968d28 Self decompressing the image Hat HE HE HE HE HE HE HEE EE HE HE HE HE HE HE EE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE EE EE HE HE HE FE a HE HE Ha FE HE HE HH HH HE HE HE HE HE HE HE H Ht HE HE HE HE HE HE HE HE FE HE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE FE HE HE FE HE HE HE HE FE HE FE FE HE FE FE HE FE FE HE HE HH HE FE FE HE FHE HE HE FHE HE HE HE FE HE HE HE HE HE HE FHE HE HE FHE HE HE FHE HE HE HE HE HE HE HE HE HE HE HE HH Ha E HE HE HE H
386. olicies Session timeout N A Idle timeout N A Common Session ID 030303030000000C00310024 Acct Session ID 0x0000000F Handle 0x8C00000D Runnable methods list Method State dot1ix Authc Success c1921 show dotix interface g0 1 Dot1x Info for GigabitEthernet0 1 PAE AUTHENTICATOR PortControl AUTO ControlDirection In HostMode SINGLE_HOST QuietPeriod 60 ServerTimeout 0 SuppTimeout 30 ReAuthMax 2 MaxReq 2 TxPeriod 30 Preauthentication Access Control List When Open Access is installed we recommend that a default port access control list ACL is configured on the authenticator The ACL allows the end point to get a minimum access to the network to get its IP Address and running Configuring the Preauthentication Access Control List For information about preconfiguring ACL see http www cisco com c en us td docs switches lan catalyst6500 ios 12 2S Y configuration guide sy_s wcg port_acls html wp 1039754 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 126 OL 20696 04 Chapter Configuring Identity Features on Layer 3 Interface Downloadable Access Control List W Downloadable Access Control List A Downloadable ACL is also referred to as dACL For a dACL to work on a port the ip device tracking feature should be enabled and the end point connected to the port should have an IP address assi
387. omain names to IP addresses you must first identify the hostnames specify the name server that is present on your network and enable the DNS This section contains the following configuration information e Default DNS Configuration page 283 e Setting Up DNS page 283 e Displaying the DNS Configuration page 284 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Configuring a System Name and Prompt W Default DNS Configuration Table 3 describes the default DNS configuration Table 3 Default DNS Configuration Feature Default Setting DNS enable state Disabled DNS default domain name None configured DNS servers No name server addresses are configured Setting Up DNS To set up the wireless device to use the DNS follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 ip domain name name 3 ip name server server address1 server address2 server address6 4 ip domain lookup 5 end 6 show running config 7 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 ip domain name name Defines a default domain name that the software uses to complete unqualified hostnames names without a dotted decimal domain name Do not include the initia
388. ommand page 263 e Logging Into and Exiting a Privilege Level page 264 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Protecting Access to Privileged EXEC Commands W Setting the Privilege Level for a Command To set the privilege level for a command mode follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 privilege mode level level command 3 enable password level evel password 4 end 5 show running config or show privilege 6 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 privilege mode level level command Sets the privilege level for a command e For mode enter configure for global configuration mode exec for EXEC mode interface for interface configuration mode or line for line configuration mode e For level the range is from 0 to 15 Level 1 is for normal user EXEC mode privileges Level 15 is the level of access permitted by the enable password e For command specify the command to which you want to restrict access Step3 enable password level level password _ Specifies the enable password for the privilege level e For level the range is from 0 to 15 Level 1 is for normal user EXEC mode privileges e For password specify a
389. on and Accounting comprehensive solution that allows easy access to a broad range of web resources and web enabled applications using native HTTP over SSL HTTPS browser support SSL VPN delivers three modes of SSL VPN access clientless thin client and full tunnel client support For additional information about configuring SSL VPN see the SSL VPN section of Cisco IOS Security Configuration Guide Secure Connectivity Release 12 4T at http www cisco com en US docs ios sec_secure_connectivity configuration guide 12_4t sec_secure_connectivity_12_4t_book html Authentication Authorization and Accounting Authentication Authorization and Accounting AAA network security services provide the primary framework through which you set up access control on your router Authentication provides the method of identifying users including login and password dialog challenge and response messaging support and depending on the security protocol you choose encryption Authorization provides the method for remote access control including one time authorization or authorization for each service per user account list and profile user group support and support of IP Internetwork Packet Exchange IPX AppleTalk Remote Access ARA and Telnet Accounting provides the method for collecting and sending security server information used for billing auditing and reporting such as user identities start and stop times executed commands such as
390. on 2 Software Configuration Guide OL 20696 04 Chapter Basic Router Configuration Example Configuring Static Routes W The following configuration shows the command line access commands You do not need to input the commands marked default These commands appear automatically in the configuration file generated when you use the show running config command I line con 0 exec timeout 10 0 password 4youreyesonly login transport input none default stopbits 1 default line vty 0 4 password secret login I Configuring Static Routes SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Static routes provide fixed routing paths through the network They are manually configured on the router If the network topology changes the static route must be updated with a new route Static routes are private routes unless they are redistributed by a routing protocol To configure static routes follow these steps beginning in global configuration mode 1 ip route prefix mask ip address interface type interface number ip address 2 end Command Purpose ip route prefix mask ip address interface type Specifies the static route for the IP packets interface number ip address For details about this command and about f additional parameters that can be set see Cisco Example IOS IP Command Reference Volume 2 of 4 Router config ip route 192 168 1 0 Routing Protocols Release 12 3 255 255 0 0 10
391. on Guide 2009 2014 Cisco Systems Inc All rights reserved Preface This preface describes the objectives audience organization conventions of this guide and the references that accompany this document set The following sections are provided e Objectives page 1 e Audience page 1 e Organization page 1 e Conventions page 3 e Related Documentation page 4 e Searching Cisco Documents page 5 Objectives This guide provides an overview and explains how to configure the various features for the Cisco 1900 series Cisco 2900 series and Cisco 3900 series integrated services routers generation 2 ISR G2 Some information may not apply to your particular router model Audience This document is written for experienced technical workers who install monitor and troubleshoot routers under a service contract or who work for an information technology IT department Organization This guide is divided into three parts e Part 1 Configuring the Router e Part 2 Configuring the Access Point e Part 3 Appendix Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 E Preface W Organization Part 1 Configuring the Router Description Module 1 Overview of Hardware and Software Describes new hardware and software features in this release features by platform ne
392. on for Cisco Access Products with 802 1 1la b g and 802 11b g Radios Regulatory Compliance and Safety Information for Cisco 2900 Series Integrated Services Routers Regulatory Compliance and Safety Information for Cisco 3900 Series Integrated Services Routers Software Activation Software Activation for Cisco Integrated Services Routers Cisco IOS Software Activation Configuration Guide Configuration Cisco CP Express User s Guide Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Preface Searching Cisco Documents W Type of Document Links Cisco Internet Operating Cisco IOS software release 15 0 is the next IOS release following the Cisco System Software IOS IOS 12 4 24 T release For information about new features in Cisco IOS software release 15 0 see the Cisco IOS software pages at Cisco com Go here to read a product bulletin that specifies the software feature sets available for Cisco 1900 2900 and 3900 Series Integrated Services Routers in release 15 0 It also issues recommendations for Flash and DRAM memory configuration http www cisco com en US prod collateral fiosswrel ps8802 ps5460 product_bulletin_c25 566278_ps10537_Products_Bulletin html Wireless e Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges versions 12 4 10b JA and 12 3 8 JEC e Wireless LAN
393. on login default local Sets the login authentication to use the local username database The default keyword applies the local user database authentication to all interfaces Step4 aaa authorization exec local Configures user AAA authorization to determine whether the user is allowed to run an EXEC shell by checking the local database Step5 aaa authorization network local Configures user AAA authorization for all network related service requests Step6 username name privilege level Enters the local database and establishes a username based password encryption type password authentication system Repeat this command for each user e For name specify the user ID as one word Spaces and quotation marks are not allowed e Optional For level specify the privilege level that the user has after gaining access The range is 0 to 15 Level 15 gives privileged EXEC mode access Level 0 gives user EXEC mode access e For encryption type enter 0 to specify that an unencrypted password follows Enter 7 to specify that a hidden password follows e For password specify the password that the user must enter to gain access to the wireless device The password must be from 1 to 25 characters long can contain embedded spaces and must be the last option specified in the username command Note The characters TAB and are invalid characters for passwords Step7 end Returns to privileged EXEC mode Step8 show ru
394. onfiguration register bits only from the ROM monitor To change the configuration register using the ROM monitor see Appendix C Using ROM Monitor To configure the console line speed from the Cisco IOS command line interface complete the following steps SUMMARY STEPS 1 enable configure terminal line console 0 PF N speed baud DETAILED STEPS Command or Action Purpose Step1 enable Enables privileged EXEC mode Enter your password if prompted Example Router gt enable Password password Router Step2 configure terminal Enters global configuration mode Example Router configure terminal Router config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I oL 20696 04 g Dos Appendix D Changing the Configuration Register Settings HZ Configuring the Console Line Speed Cisco IOS CLI Command or Action Purpose Step3 line console 0 Specifies the console line and enters line configuration mode Example Router config line console 0 Router config line Step4 speed baud Specifies the console line speed Possible values in baud 1200 2400 4800 9600 19200 38400 57600 115200 Example Router config line speed baud Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide D 6 OL 20696 04
395. onfiguring Radio Settings Step5 Step 6 Step7 Enabling and Disabling Gratuitous Probe Response W Command Purpose antenna transmit Sets the transmit antenna to diversity left or right diversity left right Note For best performance with two antennas leave the receive antenna setting at the default setting diversity For one antenna attach the antenna on the right and set the antenna for right end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Enabling and Disabling Gratuitous Probe Response SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Gratuitous Probe Response GPR aids in conserving battery power in dual mode phones that support cellular and WLAN modes of operation GPR is available on 5 Ghz radios and is disabled by default You can configure two GPR settings e Period tThis setting determines the time between GPR transmissions in Kusec intervals from 10 to 255 similar to the beacon period e Speed tThe speed is the data rate used to transmit the GPR Selecting a longer period reduces the amount of RF bandwidth consumed by the GPR with the possibility of shorter battery life Selecting higher transmission speeds also reduces the amount of bandwidth consumed but at the expense of a smaller cell size To enable GPR and set its parameters follow these steps beginning in privileged EXEC
396. onfiguring Third Party SFPs Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 84 OL 20696 04 Configuring Power Efficiency Management The Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers generation 2 ISR G2 have hardware and software features for reducing power consumption The hardware features include high efficiency AC power supplies and electrical components with built in power saving features such as RAM select and clock gating See your router s hardware installation guide for more information on these hardware features The software features include Energy Wise a power efficiency management feature that will power down unused modules and disable unused clocks to the modules and peripherals on the router ISR G2s must be running Cisco IOS Release 15 0 1 M or later to support Energy Wise Detailed configuration procedures are included in the Cisco EnergyWise Configuration Guide which can be found at Cisco com The following sections provide general information about the Energy Wise feature running on ISR G2s e Modules and Interface Supporting EnergyWise page 85 e Restrictions for Power Efficiency Management and OIR page 86 Modules and Interface Supporting EnergyWise Table 1 lists the modules and interface cards that are supported for use with Energy Wise at the time of this product release
397. ong allows only the long 800ns guard interval Step4 end Returns to privileged EXEC mode Step5 copy running config Optional Saves your entries in the configuration file startup config Enabling and Disabling World Mode You can configure the wireless device to support 802 11d world mode Cisco legacy world mode or world mode roaming When you enable world mode the wireless device adds channel carrier set information to its beacon Client devices with world mode enabled receive the carrier set information and adjust their settings automatically For example a client device used primarily in Japan could rely on world mode to adjust its channel and power settings automatically when it travels to Italy and joins a network there Cisco client devices detect whether the wireless device is using 802 11d or Cisco legacy world mode and automatically use the world mode that matches the mode used by the wireless device You can also configure world mode to be always on In this configuration the access point essentially roams between countries and changes its settings as required World mode is disabled by default To enable world mode follow these steps beginning in privileged EXEC mode I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings W Enabling and Disabling World Mode SU
398. onnection name module module vlan id module module2 command to redirect VLAN traffic flows from SM to SM or SM to ISM connections on the MGF The following two modules as well as others support VLAN traffic redirection e Cisco Etherswitch service module e Cisco Services Ready Engine internal service module ISM SRE See the module documentation to validate HIMI support I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Multi Gigabit Fabric Communication W Viewing Platform Information Viewing Platform Information The following sections explain how to view VLAN slot module interface card and MGF statistics on the router e Viewing VLAN and Slot Assignments page 174 e Viewing Module and Interface Card Status on the Router page 174 e Viewing Multi Gigabit Fabric Statistics page 175 Viewing VLAN and Slot Assignments Slots on the router are optionally assigned to VLANs From privileged EXEC mode enter the show platform mgf command then press Enter to display VLAN and slot assignments on the router An asterisk next to the slot indicates that the vlan is the slot s default VLAN The following example displays output from a Cisco 3945 ISR amp Note VLANI is the default when no other VLAN are listed Router show platform mgf VLAN Slots 1 ISM EHWIC 0 EHWIC 1 EHWIC 2 EHW
399. ons Manager Express page 130 Unified Survivable Remote Site Telephony page 131 Cisco Unified SIP Proxy CUSP page 132 Gatekeeper page 132 e Call Control Protocols page 132 Trunk side Protocols page 132 Line side Protocols page 133 e Unified Communications Gateways page 134 TDM Gateways page 135 Cisco Unified Border Element page 136 Unified Messaging Gateway page 136 e IP Media Services page 137 Conferencing Transcoding and Media Termination Point MTP page 137 RSVP Agent page 137 Trusted Relay Point TRP page 137 Packet Voice Data Module page 138 e Voice Security page 138 UC Trusted Firewall page 138 Signaling and Media Authentication and Encryption page 139 Virtual Route Forward page 139 e Applications and Application Interfaces APIs page 139 Cisco Unity Express page 140 Voice XML page 140 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chapter Unified Communications on Cisco Integrated Services Routers HE Modules and Interface Cards Hoot n Holler page 141 Cisco Application Extension Platform page 141 APIs page 141 e Online Insertion and Removal page 142 Modules and Interface Cards Cisco 3900 series and Cisco 2900 series ISRs support Unified Communications UC modules and interface cards in the following slots e Next generation packet voice data
400. onsidered if randomly scheduled Next Scheduled Start Time Start Time already passed Group Scheduled FALSE Randomly Scheduled FALSI Life seconds Forever Entry Ageout seconds never GI Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 x Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface Recurring Starting Status of entry SNM Statistics Parameters Frame offset 1 Distribution Delay Two Way Number of Bins 10 Everyday FALSE P RowStatus Active Bin Boundaries 5000 10000 15000 20000 25000 30000 35000 40000 45000 1 Distribution Delay Variation Two Way Number of Bins 10 Bin Boundaries 5000 10000 15000 20000 25000 30000 35000 40000 45000 1 Aggregation Period 30 History Number of intervals 2 Router show ethernet cfm pm session summary Number of Configured Session Number of Active Session 2 Number of Inactive Session Router Session ID 0 Sla Session ID 1101 Level 7 Service Type S C Service Id 100 1101 Direction Down Session Version 0 Source Mac 5352 a824 04fr Destination Mac 5067 a87c fa92 Session Operation Proactive Session Status Active MPID 4101 Tx active yes Rx active yes Timeout timer stopped
401. ontains different sets of Cisco IOS features therefore select an appropriate system image to suit your network requirements Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 178 OL 20696 04 Chapter Upgrading the Cisco IOS Software How to Upgrade the Ciscol0S Image W Which Cisco IOS Release Is Running on My Router Now To determine the Cisco IOS release that is currently running on your router and the filename of the system image enter the show version command in user EXEC or privileged EXEC mode How Do I Choose the New Cisco IOS Release and Feature Set To determine which Cisco IOS releases and feature are supported on your platform go to Cisco Feature Navigator at http www cisco com go cfn You must have an account at Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Cisco 3900 series 2900 series and 1900 series ISRs support Cisco IOS software entitlement and enforcement See Software Activation on Cisco Integrated Services Routers at Cisco com for feature and package license information Where Do Download the System Image To download a system image you must have an account at Cisco com to gain access to the following websites If you do not have an account or have forgotten your username or password click Cancel at t
402. ontinues the booting process and loads the system image Setting the Configuration Register to Boot to ROM Monitor Mode This section describes how to enter ROM monitor mode by setting the configuration register to boot to ROM monitor mode at the next system reload or power cycle For more information about the configuration register see the Changing the Configuration Register Settings document at http www cisco com en US docs routers access 1800 184 1 software configuration guide b_creg html A Caution Do not set the configuration register by using the config register 0x0 command after you have set the baud rate To set the configuration register without affecting the baud rate use the current configuration register setting by entering the show ver inc configuration command and then replacing the last rightmost number with a 0 in the configuration register command SUMMARY STEPS 1 enable configure terminal config register 0x0 exit write memory a FF oN reload Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide oL 20696 04 g cs AppendixC Using ROM Monitor HI Howto Use the ROM Monitor Typical Tasks DETAILED STEPS Command or Action Purpose Step1 enable Example Router gt enable Enables privileged EXEC mode e Enter your password if prompted Step2 configure terminal Example Router confi
403. opriate e If you are certain that all the files in flash memory should be erased enter y twice when prompted to erase flash before copying e If you are not certain that all files in flash memory should be erased press Ctrl Z and follow the instructions in the Ensuring Adequate Flash Memory for the New System Image section on page 183 7 If the error message does not appear enter no when prompted to erase the flash memory before copying Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 a is7 Chapter Upgrading the Cisco 10S Software W How to Upgrade the Cisco 10S Image DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Troubleshooting Tips enable Use this command to enter privileged EXEC mode Enter your password if prompted Router gt enable Password lt password gt Router copy tftp flash0 or copy rep flash0 Use one of these commands to copy a file from a server to flash memory Router copy tftp flash0 When prompted enter the IP address of the TFTP or RCP server Address or name of remote host 10 10 10 2 When prompted enter the filename of the Cisco IOS software image to be installed Source filename c2900 universalk9 mz bin amp Note The filename is case sensitive When prompted enter the filename as you want it to appear on the r
404. ort interfacel 2 port _ interface 2 port interface 1 4 port interface 1 4 port Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 E Chapter Basic Router Configuration WE Configuring Gigabit Ethernet Interfaces Table 1 Slots Ports Logical Interface Interfaces 1941 Interfaces by Cisco Router continued 2901 2911 amp 2921 2951 amp 3925 amp 3945 3925E amp 3945E Interfaces on Double Wide SM not supported not supported not supported interface 2 port interface4 port interface 2 port interface 4 port Interfaces HWIC on SM Interfaces VWIC on SM not supported not supported interfacelwic slot port interface 1 2 wic slot port interface 1 4 wic slot port interface 1 2 wic slot port interface 1 4 wic slot port 1 On the Cisco 2901 router the numbering format for configuring an asynchronous interface is 0 slot port To configure the line associated with an asynchronous interface simply use the interface number to specify the asynchronous line For example line 0 1 0 specifies the line associated with interface serial 0 1 0 on a WIC 2A S in slot 1 Similarly line 0 2 1 specifies the line associated with interface async 0 2 1 on a WIC 2AM in slot 2 MGF multi gigabit fabric Applies only to Cisco 2951 Cisco
405. ous level 0 SHUT Transitions Successful Unsuccessful SHUT 1 0 FRUGAL 0 1 FULL 1 0 Slot 0 3 Levels supported 0x441 SHUT FRUGAL FULL CURRENT level 10 FULL Previous level 10 FULL Transitions Successful Unsuccessful SHUT 0 0 FRUGAL 0 0 FULL 0 0 Step2 show voice call slot port amp Note If you are connected using a Telnet session you must enter the terminal monitor command before the show voice call command to see console messages This step is not necessary if you are connected to the console port Use this command to display statistics for voice calls on a specific slot and port for example Router show voice call 0 1 1 23 0717123 I vtsp level 0 state S_CONNECT callid 0x0011 B01 state S_TSP_CONNECT clld 4085001112 cllg 4085001112 07171723 2 vtsp level 0 state S_CONNECT callid 0x0012 B02 state S_TSP_CONNECT clld 4085001112 cllg 4085001112 0 1 1 23 3 0 1 1 23 4 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Next Generation High Density PVDM3 Modules HZ How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 Step 3 1 23 1 23 1 23 1 23 1 23 1 23 L 23 123 1 23 1 23 1 23 1 23 D323 1 23 1
406. outer Typically the same filename is entered as was used in Step 4 Destination filename c2900 universalk9 mz bin If an error message appears that says Not enough space on device do one of the following as appropriate e If you are certain that all the files in flash memory should be erased enter y when prompted twice to confirm that flash memory will be erased before copying Accessing tftp 10 10 10 2 c2900 universalk9 mz bin Erase flash0O before copying confirm y Erasing the flash filesystem will remove all files Continue confirm y Erasing device eeeeeeeeececeeeceecececececececececeeeceeceeeeeeeeeeeeceecee e If you are not certain that all the files in flash memory should be erased press Ctrl Z and follow the instructions in the Ensuring Adequate Flash Memory for the New System Image section on page 183 If the error message does not appear enter no when prompted to erase the flash memory before copying Accessing tftp 10 10 10 2 c2900 universalk9 mz bin Erase flash0O before copying confirm no See the Common Problems in Installing Images Using TFTP or an RCP Server tech note Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 188 OL 20696 04 Chapter Upgrading the Cisco 10S Software What to Do Next How to Upgrade the Ciscol0S Image W Proceed to the Loading the New System Image
407. outer config isakmp group Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 96 OL 20696 04 _ Chapter Configuring Security Features Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Step 3 Step 4 Step5 Step 6 Command or Action Configuring VPN W Purpose dns primary server Example Router config isakmp group dns 10 50 10 1 Router config isakmp group Specifies the primary DNS server for the group You may also want to specify WINS servers for the group by using the wins command domain name Example Router config isakmp group domain company com Router config isakmp group Specifies group domain membership exit Example Router config isakmp group exit Router config Exits IKE group policy configuration mode and enters global configuration mode ip local pool default poolname low ip address high ip address Example Router config ip local pool dynpool 30 30 30 20 30 30 30 30 Router config Specifies a local address pool for the group For details about this command and additional parameters that can be set see Cisco IOS Dial Technologies Command Reference 1 DNS Domain Name System 2 WINS Windows Internet Naming Service I OL 20696 04
408. outers Generation 2 Software Configuration Guide Appendix B Using CompactFlash Memory Cards W File Operations on CompactFlash Memory Cards amp Note Use flash1 in the command syntax to access CF in slot 1 Use 1asho in the command syntax to access CF in slot 0 Formatting CompactFlash Memory as a Class C Flash File System Example Router format flash0 Format operation may take a while Continue confirm Format operation will destroy all data in flashO Continue confirm Enter volume ID up to 64 chars default flash Current Low End File System flash card in flash will be formatted into DOS File System flash card Continue confirm Format Drive communication amp lst Sector Write OK Weiting Monl ib SeGhOrsy c2y aiv di don Vase Rae bees sae E ME REE S BLESSES DANSE Oe ew ead Monlib write complete Format All system sectors written OK Format Total sectors in formatted partition 250592 Format Total bytes in formatted partition 128303104 Format Operation completed successfully Format of flash complete File Operations on CompactFlash Memory Cards Copying Files This section describes the following file operations for external CF memory cards e Copying Files page B 4 e Displaying Files page B 5 e Displaying File Content page B 5 e Displaying Geometry and Format Information page B 6 e Deleting Files page B 6 e Renaming Files page B 6 To copy files enter the copy comm
409. outers Generation 2 Software Configuration Guide OL 20696 04 Chapter Administering the Wireless Device Controlling Access Point Access with RADIUS W Command Purpose Step6 end Returns to privileged EXEC mode Step7 show running config Verifies your entries Step8 copy running config startup config Optional Saves your entries in the configuration file Step9 aaa authorization exec radius Enables RADIUS login authentication See the Configuring RADIUS Login Authentication section of the Configuring Radius and TACACS Servers chapter in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points To remove the specified RADIUS server use the no radius server host hostname ip address command in global configuration mode To remove a server group from the configuration list use the no aaa group server radius group name command in global configuration mode To remove the IP address of a RADIUS server use the no server ip address command in sg radius configuration mode In the following is example the wireless device is configured to recognize two different RADIUS group servers group and group2 Group has two different host entries on the same RADIUS server which are configured for the same services The second host entry acts as a failover backup to the first entry config aaa new model config radius server host 172 20 0 1 auth port 1000 acct port 1001 config radius server host 1
410. over the network from the specified TFTP server hostname or IP address or boot filename e Boot from the boothelper image because it does not recognize the device ID This form of the command is Example used to netboot a specified image ROMMON gt boot flash0 myi f EER S ii You can override the default boothelper image setting by setting the BOOTLDR Monitor environment Example variable to point to another image Any system image ROMMON gt boot someimage 172 16 30 40 can be used for this purpose Note Options to the boot command are x load image but Example do not execute and v verbose ROMMON gt boot Examples Sample Output for the dir flash Command in ROM Monitor mode rommon gt dir flash0 File size Checksum File name 2229799 bytes 0x220627 0x469e c2801 j m2 113 4T What to Do Next If you want to configure the router to load a specified image at the next system reload or power cycle see the Loading and Managing System Images section in Cisco IOS Configuration Fundamentals Command Reference Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 26 OL 20696 04 Appendix Using ROM Monitor Additional References Additional References W The following sections provide references related to using the ROM monitor Related Documents Related Topic Document Title Connecting your PC
411. ow these steps beginning in global configuration mode 1 aaa new model 2 aaa authentication login default ist name method method2 3 aaa authorization network exec commands Zevel reverse access configuration default list name method method2 4 username name nopassword password password password encryption type encrypted password Command or Action Purpose aaa new model Example Router config aaa new model Router config Enables the AAA access control model aaa authentication login default Jist name method method2 Example Router config aaa authentication login rtr remote local Router config Specifies AAA authentication of selected users at login and specifies the method used This example uses a local authentication database You could also use a RADIUS server for this For details see Cisco IOS Security Configuration Guide Securing User Services Release 2 4T and Cisco IOS Security Command Reference aaa authorization network exec commands level reverse access configuration default list name method method2 Example Router config aaa authorization network rtr remote local Router config Specifies AAA authorization of all network related service requests including PPP and specifies the method of authorization This example uses a local authorization database You could also use a RADIUS server
412. owing methods e Force authorized This is the default setting that disables IEEE 802 1X and causes a port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without IEEE 802 1 X based authentication of the client e Force unauthorized This causes a port to remain in the unauthorized state ignoring all the authentication attempts made by a client A router cannot provide authentication services to clients through the interface e Auto This enables IEEE 802 1X authentication and causes a port to start in the unauthorized state allowing only Extensible Authentication Protocol over LAN EAPoL frames to be sent and received through a port The authentication process begins when the link state of the port transitions from down to up or when an EAPoL start frame is received The router requests the identity of the client and begins relaying authentication messages between the client and the authentication server Each client attempting to access the network is uniquely identified by the router with the help of the client s MAC address If the client is successfully authenticated the port state changes to authorized and all the frames from the authenticated client are allowed through the port If authentication fails the port remains in the unauthorized state but authentication can be retried Configuring the Controlling Port Authorization State Perform these steps to co
413. ows how to configure a login banner for the wireless device using the dollar sign as the beginning and ending delimiter AP config banner login Access for authorized users only Please enter your username and password AP config Configuring Ethernet Speed and Duplex Settings The Cisco 1941 W ISR interface supports only 1000 Mbps speed and duplex settings by default and the interface is always up When the wireless device receives inline power from a switch any change in the speed or duplex settings that resets the Ethernet link reboots the wireless device a Note The speed and duplex settings on the wireless device Ethernet port must match the Ethernet settings on the port to which the wireless device is connected If you change the settings on the port to which the wireless device is connected change the settings on the wireless device Ethernet port to match The Ethernet speed and duplex are set to auto by default To configure Ethernet speed and duplex follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface fastethernet0 3 speed 10 100 auto 4 duplex auto full half 5 end 6 show running config 7 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface fastethernet0 Enters configuration interface mode Step3 speed 10 100 auto Configures the
414. peed Intrachassis Module Interconnect HIMI e NME XD 48ES 2S P e NME XD 24ES 1S P See the Cisco EtherSwitch Feature Guide documentation at Cisco com for configuration details http www cisco com en US docs ios 12_3t 12_3t14 feature guide miragenm html wp178781 1 Cisco High Speed Intrachassis Module Interconnect HIMI Cisco 3900 series and Cisco 2900 series routers use Cisco High Speed Intrachassis Module Interconnect HIMI to support SM to SM or SM to ISM communication through the MGF Use the connect connection name module Modulel Channel idl module Module2 Channel id2 command to establish a maximum of two HIMI connections on the Cisco 3900 series ISR routers and one HIMI connection on Cisco 2900 series andCisco 1900 series ISRs Module 1 and Module 2 are the slot port of the two modules The Channel id and Channel id2 variables must always have a value of 0 When two modules are configured in a HIMI connection the modules cannot send traffic to any other module except its HIMI dedicated partner See Cisco High Speed Intrachassis Module Interconnect HIMI Configuration Guide at Cisco com for detailed configuration instructions http www cisco com en US docs ios 12_4 12_4_mainline srdesfm1 html Note Note See the module documentation to validate HIMI support Using HIMI for VLAN Traffic Flows For HIMI configurations the port level VLAN memberships are ignored on the Multi Gigabit Fabric MGF Use the connect c
415. points with 5 GHz radios configured at the factory for use in the United States Europe Singapore Korea Japan Israel and Taiwan now comply with regulations that require radio devices to use Dynamic Frequency Selection DFS to detect radar signals and avoid interfering with them When an access points detects a radar on a certain channel it avoids using that channel for 30 minutes Radios configured for use in other regulatory domains do not use DFS When a DFS enabled 5 GHz radio operates on one of the 15 channels listed in Table 2 the access point automatically uses DFS to set the operating frequency When DFS is enabled the access point monitors its operating frequency for radar signals If it detects radar signals on the channel the access point takes these steps e Blocks new transmissions on the channel e Flushes the power save client queues e Broadcasts an 802 11h channel switch announcement e Disassociates remaining client devices e If participating in WDS sends a DFS notification to the active WDS device that it is leaving the frequency Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Radio Settings Configuring Radio Channel Settings W e Randomly selects a different 5 GHz channel e Ifthe channel selected is one of the channels in Table 2 scans the new channel for radar signals for
416. pported simultaneous BSSID on Dot11Radiol 8 Carrier Set Americas OFDM US Uniform Spreading Required Yes Current Frequency 5300 MHz Channel 60 DFS enabled Current Frequency 5300 MHz Channel 60 DFS enabled Allowed Frequencies 5180 36 5200 40 5220 44 5240 48 5260 52 5280 56 53 00 60 5320 64 5500 100 5520 104 5540 108 5560 112 5580 116 5660 13 2 5680 136 5700 140 5745 149 5765 153 5785 157 5805 161 May only be selected by Dynamic Frequency Selection DFS Listen Frequencies 5170 34 5190 38 5210 42 5230 46 5180 36 5200 40 5220 4 4 5240 48 5260 52 5280 56 5300 60 5320 64 5500 100 5520 104 5540 108 55 60 112 5580 116 5600 120 5620 124 5640 128 5660 132 5680 136 5700 140 57 45 149 5765 153 5785 157 5805 161 5825 165 DFS Blocked Frequencies none Beacon Flags 0 Beacons are enabled Probes are enabled Current Power 17 dBm Allowed Power Levels 1 2 5 8 11 14 15 17 Allowed Client Power Levels 2 5 8 11 14 15 17 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Radio Settings Configuring a Channel SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Configuring Radio Channel Settings W Use the channel command to configure a channel The command for the interface is modified to only allow you to select a
417. prevent unauthorized access to the router Example Router config enable secret criny5ho Router config no ip domain lookup Disables the router from translating unfamiliar words typos into IP addresses Example Router config no ip domain lookup Router config For complete information on global parameter commands see the Cisco IOS Release configuration guide documentation set Configuring I O Memory Allocation Example To reallocate the percentage of DRAM in use for I O memory and processor memory on Cisco 3925E and Cisco 3945E routers use the memory size iomem i o memory percentage command in global configuration mode To revert to the default memory allocation use the no form of this command This procedure enables smartinit Syntax Description i o memory percentage The percentage of DRAM allocated to I O memory The values permitted are 5 10 15 20 25 30 40 and 50 A minimum of 201 MB of memory is required for I O memory Tip We recommend that you configure the memory size iomem below 25 Any value above 25 should be used only for enhancing IPSec performance When you specify the percentage of I O memory in the command line the processor memory automatically acquires the remaining percentage of DRAM memory The following example allocates 25 of the DRAM memory to I O memory and the remaining 75 to processor memory Router config t Enter configuration commands one per
418. pri inside crypto ipsec client ezvpn hw client inside l interface Cellular0 0 0 no ip address ip access group 131 out ip nat outside ip virtual reassembly encapsulation ppp load interval 30 dialer in band dialer pool member 1 dialer idle timeout 0 dialer group 1 no peer default ip address async mode interactive no ppp lcp fast start ppp ipcp dns request ppp timeout retry 120 ppp timeout ncp 30 fair queue 64 16 0 l routing dynamic I interface ATM0 1 0 no ip address no atm ilmi keepalive no dsl bitswap interface ATM0 1 0 1 point to point ip virtual reassembly pve 0 35 pppoe client dial pool number 2 l interface Vlanl ip address 10 9 0 254 255 255 0 0 ip nat inside ip virtual reassembly interface Dialerl ip address negotiated ip access group 131 out ip nat outside ip virtual reassembly encapsulation ppp load interval 30 dialer pool 1 dialer idle timeout 0 dialer string cdma dialer persistent dialer group 1 no peer default ip address no ppp lcp fast start ppp chap hostname nousername ppp chap password 0 nopassword ppp ipcp dns request ppp timeout retry 120 ppp timeout ncp 30 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 66 OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Serv
419. psulation dotlq vlan id Defines the encapsulation format as IEEE 802 1Q dotlq and specifies the VLAN identifier or For double tagging use the second dotlq keyword and encapsulation dotia Wiancta the inner vlan id argument to specify the VLAN tag second dotiq inner vlan id Example Router config subif encapsulation dotlq 100 or Router config subif encapsulation dotiq 100 second dotiq 1101 Step5 ethernet loopback permit external Configures Ethernet external loopback on the subinterface Example Router config subif ethernet loopback permit external Step6 end Exits the subinterface configuration mode Example Router config subif end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Ethernet Data Plane Loopback W To start Ethernet data plane loopback run the following command Command Purpose Step1 ethernet loopback start local Starts Ethernet external loopback on a subinterface interface gigabitethernet i slot port sub port external timeout Enter timeout as none to have no time out period for the none loopback Example Router ethernet loopback start local interface gigabitethernet 0 2 1101 external timeout none To stop Ethernet data plane loopback perform the following steps
420. r the delete flash0 command amp Note Use flash1 in the command syntax to access CF in slot 1 Use 1asho in the command syntax to access CF in slot 0 amp Note The dir flash0 command does not display deleted files and files with errors Renaming Files To rename a file on a CF memory card enter the rename command in privileged EXEC mode amp Note Use flash1 in the command syntax to access CF in slot 1 Use 1asho in the command syntax to access CF in slot 0 Router dir flash0 Directory of flash0 3 rw 6458388 Mar 01 2004 00 00 58 c2900 universalk9 mz tmp Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Appendix B Using CompactFlash Memory Cards Directory Operations on a CompactFlash Memory Card W 1580 rw 6462268 Mar 06 2004 06 14 02 c2900 universalk9 mz 3600ata 63930368 bytes total 51007488 bytes free Router rename flash0 c2900 universalk9 mz tmp flash0 c2900 universalk9 mz Destination filename c2900 universalk9 mz Router dir flash0 Directory of flash0 1580 rw 6462268 Mar 06 2004 06 14 02 c2900 universalk9 mz 3600ata 3 rw 6458388 Mar 01 2004 00 01 24 c2900 universalk9 mz 63930368 bytes total 51007488 bytes free Directory Operations on a CompactFlash Memory Card The following sections describe directory operations for external CF memory cards on Cisc
421. r unicast traffic GET VPN enables the router to apply encryption to nontunneled that is native IP multicast and unicast packets and eliminates the requirement to configure tunnels to protect multicast and unicast traffic By removing the need for point to point tunnels meshed networks can scale higher while maintaining network intelligence features that are critical to voice and video quality such as QoS routing and multicast GET VPN offers a new standards based IP security IPsec security model that is based on the concept of trusted group members Trusted member routers use a common security methodology that is independent of any point to point IPsec tunnel relationship For additional information about configuring GET VPN see Cisco Group Encrypted Transport VPN at http www cisco com en US docs ios 12_4t 12_4t11 htgetvpn html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide o g OL 20696 04 _ Chapter Configuring Security Features SGT over Ethernet Tagging W SGT over Ethernet Tagging Cisco TrustSec CTS is an end to end network infrastructure that provides a scalable architecture for enforcement of role based access control identity aware networking and data confidentiality that helps to secure the network and its resources CTS works by identifying and authenticating each network user and resource and assigning a 16 b
422. r1 route map secondary permit 10 match ip address 103 match interface Dialer3 Change console to aux function line con 0 exec timedout 0 0 modem enable stopbits 1 line aux 0 exec timeout 0 0 To enable and communicate with the external modem properly script dialer Dialout modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 exec timeout 0 0 password cisco login scheduler max task time 5000 end Starting from Cisco IOS Release 15 3 3 M if the second core of the CPU was disabled then you do not need to include transport input all command in line 2 If the second core was enabled then the transport input all command is added to the configuration line 2 no activation character no exec transport preferred none I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Backup Data Lines and Remote Management W Configuring Data Line Backup and Remote Management Through the ISDN S T Port Configuring Data Line Backup and Remote Management Through the ISDN S T Port This section contains the following topics e Configuring ISDN Settings page 77 e Example page 80 Cisco 3900 series routers can use the ISDN S T port for remote management Figure 2 and Figure 3 show two typical network configurations that provide re
423. rames are supported on the main interface e Single VLAN is supported as a filtering option for a subinterface but VLAN list and VLAN range are not supported e Only MAC address is supported as a filtering option for the main interface e For the filtering option the destination MAC cannot be combined with inner VLAN or outer VLAN e There is no support for L3 and L4 loopback Source and destination IP address or source and destination ports will not be swapped e Connectivity Fault Management CFM packets are transparent to the data plane loopback configuration and cannot be looped back e Packets coming from the other side of the wire where loopback is configured and having the same destination MAC address are dropped e The broadcast and multicast IP addresses of the broadcast and multicast IP frames that are received cannot be used as the source IP address of the frame when it is sent back to the initiator In such a case the IP address of the subinterface is used as the source IP address of the frame when it is sent back to the initiator Configuring External Ethernet Data Plane Loopback SUMMARY STEPS Step 1 Step 2 Step 3 Step 4 Configuring external Ethernet data plane loopback is permitted on a Layer 3 main interface and subinterfaces Figure represents a sample topology to configure Ethernet data plane loopback Figure 1 Sample Topology Router 1 ra Router 2 Gi 0 0 Gi 0 2 Gi 0 2 Gi 0 0 eS Metro Ethernet es
424. ration 2 Software Configuration Guide 16 OL 20696 04 Overview of the Hardware and Software The Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs offer secure wire speed delivery of concurrent data voice and video services The modular design of these routers provides maximum flexibility allowing you to configure your router to meet evolving needs The routers offer features such as hardware based virtual private network VPN encryption acceleration intrusion protection and firewall functions and optional integrated call processing and voice mail A wide variety of legacy network modules and interfaces service modules SMs internal services modules ISMs next generation packet voice data modules PVDM3 Services Performance Engines SPEs high density interfaces for a wide range of connectivity requirements and sufficient performance and slot density for future network expansion requirements and advanced applications are available Power saving hardware and software features are incorporated throughout the series These routers provide access to the multi gigabit fabric which provides a connection between switch ports without using up external ports The logical Gigabit Ethernet GE interface on the router connects external and internal modules through the backplane for LAN and WAN switching Software feature upgrades are provided through software licensing The following sections d
425. rcd cc td doc product software ios 123 123newft 123_1 ftatosec htm Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Security Features Configuring Access Lists Hi Configuring Access Lists Access lists permit or deny network traffic over an interface based on source IP address destination IP address or protocol Access lists are configured as standard or extended A standard access list either permits or denies passage of packets from a designated source An extended access list allows designation of both the destination and the source and it allows designation of individual protocols to be permitted or denied passage For more complete information on creating access lists see the Access Control Lists section of Cisco IOS Security Configuration Guide Securing the Data Plane Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html An access list is a series of commands with a common tag to bind them together The tag is either a number or a name Table 1 lists the commands used to configure access lists Table 1 Access List Configuration Commands Access Control List ACL Type Configuration Commands Numbered Standard access list 1 99 permit deny source addr source mask Extended access list 100 199 permit deny proto
426. rchased the DATA technology package functionality datak9 licensing package For more information about managing software activation licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Internal Ethernet data plane loopback is not supported Restrictions for Configuring External Ethernet Data Plane Loopback Follow the guidelines and take note of the restrictions listed here when configuring Ethernet data plane loopback on a Layer 3 interface e Only external loopback packets coming from the wire side on the L3 dotlq subinterface and untagged main interface are supported e To perform a MAC swap the destination address and source address must be swapped for the packets that are looped back If the destination address is broadcast or multicast the MAC address is used as the source address for the packets that are looped back e Loopback operations are supported at line rate e Untagged frames are not supported on a subinterface However the frames for dotlq and ging are supported on a subinterface Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces Ethernet Data Plane Loopback Wi e dotlad is not supported on the main interface However untagged f
427. re enhanced e For the PVDM3 DSP participant per conference support is expanded to a maximum of 64 Note that this is supported only by low complexity conference in Cisco IOS Release 15 0 1 M e Transcoding or conferencing channel allocation for a new call is modified to achieve load balancing This is supported by the capability to select one channel from one DSP at a time DSP Farm Profiles Conferencing DSP farm profiles are created to allocate DSP farm resources Under the profile you select the service type conference transcode or Media Termination Point MTP associate an application and specify service specific parameters such as codecs and maximum number of sessions A DSP farm profile allows you to group DSP resources based on the service type Applications associated with the profile such as SCCP can use the resources allocated under the profile You can configure multiple profiles for the same service each of which can register with one Cisco Unified Communications Manager group The profile ID and service type uniquely identify a profile allowing the profile to uniquely map to a Cisco Unified Communications Manager group that contains a single pool of Cisco Unified Communications Manager servers Voice conferencing involves adding several parties to a phone conversation In a traditional circuit switched voice network all voice traffic passes through a central device such as a PBX Conference services are provided within t
428. ream page appears Click the tab for the radio to configure For both CoS 5 Video and CoS 6 Voice user priorities choose Low Latency from the Packet Handling drop down menu and enter a value for maximum retries for packet discard in the corresponding field The default value for maximum retries is 3 for the Low Latency setting Figure 2 This value indicates how many times the access point will try to retrieve a lost packet before discarding it Figure 2 Packet Handling Configuration Packet Handling per User Priority User Priority Packet Handling Max Retries for Packet Discard NO DISCARD 0 128 NO DISCARD 0 128 NO DISCARD 0 128 NO DISCARD 0 128 NO DISCARD 0 128 CoS 0 Best Effort CoS 1 Background CoS 2 Spare CoS 3 Excellent CoS 4 Controlled Load CoS 5 Video Reliable x NO DISCARD 9 428 CoS 6 Voice Low Latency 7 3 0 128 CoS 7 Network Control 146920 Reliable x NO DISCARD 0 128 amp Note You may also configure the CoS 4 Controlled Load user priority and its maximum retries value Click Apply You can also configure VoIP packet handling using the CLI For a list of Cisco IOS commands for configuring VoIP packet handling using the CLI consult Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
429. ress 7 interface cellular 0 8 dialer string string DETAILED STEPS Command or Action Purpose Step1 configure terminal Enters global configuration mode Example Router configure terminal Step2 interface type number Specifies the interface Example Router config interface ATM 0 Step3 dialer watch group group number Enables dialer watch on the backup interface Example Router config if dialer watch group 2 Step4 dialer watch list group number ip ip address address mask Defines a list of all IP addresses to be watched Example Router config if dialer watch list 2 ip 10 4 0 254 255 255 0 0 Step5 dialer list dialer group protocol protocol name permit Creates a dialer list for traffic of interest and permits deny list access list number access group gt access to an entire protocol Example Router config dialer list 2 protocol ip permit Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 62 OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces Tl Command or Action Purpose Step6 lip access list access list number permit ip source address Defines traffic of interest Do not use the access list permit all command to Example avoid sending traffic to the IP network This may Router config access list 2 permit 10 4 0 0 result in call termination
430. rform Initial Configuration W DETAILED STEPS Command or Action Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 ping ip address hostname Diagnoses initial network connectivity e To verify connectivity ping the next hop router or Example connected host for each configured interface to Router ping 172 16 74 5 Step3 telnet ip address hostname Logs in to a host that supports Telnet e If you want to test the vty line password perform this Example step from a different network device and use your Router telnet 10 20 30 40 router s IP address Examples The following display shows sample output for the ping command when you ping the IP address 192 168 7 27 Router ping Protocol ip Target IP address 192 168 7 27 Repeat count 5 Datagram size 100 Timeout in seconds 2 Extended commands n Sweep range of sizes n Type escape sequence to abort Sending 5 100 byte ICMP Echos to 192 168 7 27 timeout is 2 seconds BRER Success rate is 100 percent round trip min avg max 1 2 4 ms The following display shows sample output for the ping command when you ping the IP hostname username Router ping usernamel Type escape sequence to abort Sending 5 100 byte ICMP Echos to 192 168 7 27 timeout is 2 seconds trig Success rate is 100 percent round trip min avg max 1 3 4 ms Cisco 3900 Series Cisco 2900 Series and Cis
431. rifying Network Connectivity page A 14 Required e Saving Your Router Configuration page A 16 Required e Saving Backup Copies of Configuration and System Image page A 16 Optional Configuring the Router Hostname The hostname is used in CLI prompts and default configuration filenames If you do not configure the router hostname the router uses the factory assigned default hostname Router Do not expect capitalization and lower casing to be preserved in the hostname Uppercase and lowercase characters are treated as identical by many Internet software applications It may seem appropriate to capitalize a name as you would ordinarily do but conventions dictate that computer names appear in all lowercase characters For more information see RFC 1178 Choosing a Name for Your Computer The name must also follow the rules for Advanced Research Projects Agency Network ARPANET hostnames They must start with a letter end with a letter or digit and have as interior characters only letters digits and hyphens Names must be 63 characters or fewer For more information see RFC 1035 Domain Names Implementation and Specification SUMMARY STEPS 1 enable 2 configure terminal 3 hostname name 4 Verify that the router prompt displays your new hostname 5 end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide A 2 OL 20696 04 Appendix A Cisco
432. rithm If you configure the enable secret command it takes precedence over the enable password command the two commands cannot be in effect simultaneously I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide E Chapter Administering the Wireless Device HZ Protecting Access to Privileged EXEC Commands To configure encryption for enable and enable secret passwords follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 enable password level level password encryption type encrypted password or enable secret level level password encryption type encrypted password 3 service password encryption 4 end 5 copy running config startup config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 enable password level Zevel password Defines a new password or changes an existing password for encryption type encrypted password access to privileged EXEC mode or or enable secret level Zevel password Defines a secret password which is saved using a encryption type encrypted password nonreversible encryption method e Optional For level the range is from 0 to 15 Level 1 is normal user EXEC mode privileges The default level is 15 privileged EXEC mode privileges e For password specify a string from 1 to 25 alphanumer
433. roubleshooting Crashes and Hangs stack context frame sysret meminfo section on page C 20 e Disaster recovery Use one of the following methods for recovering the system image or configuration file TFTP download tftpdnld Use this method if you can connect a TFTP server directly to the fixed LAN port on your router See the Recovering the System Image tftpdnld section on page C 16 amp Note Recovering the system image is different from upgrading the system image You need to recover the system image if it becomes corrupt or if it is deleted because of a disaster that affects the memory device severely enough to require deleting all data on the memory device in order to load a system image Tips for Using ROM Monitor Commands e ROM monitor commands are case sensitive e You can halt any ROM monitor command by entering the Break key sequence Ctrl Break on the PC or terminal The Break key sequence varies depending on the software on your PC or terminal If Ctrl Break does not work see the Standard Break Key Sequence Combinations During Password Recovery tech note e To find out which commands are available on your router and to display command syntax options see the Displaying Commands and Command Syntax in ROM Monitor Mode help section on page C 7 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 2
434. rovides a secure connection between two networks over a public network such as the Internet Cisco 3900 series 2900 series and 1900 series ISRs support two types of VPNs site to site and remote access Remote access VPNs are used by remote clients to log in to a corporate network Site to site VPNs connect branch offices to corporate offices This section gives an example for each Remote Access VPN Example The configuration of a remote access VPN uses Cisco Easy VPN and an IP Security IPSec tunnel to configure and secure the connection between the remote client and the corporate network Figure 1 shows a typical deployment scenario I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Security Features WE Configuring VPN Figure 1 Remote Access VPN Using IPSec Tunnel 121782 m o 7 1 Remote networked users 2 VPN client Cisco 3900 series 2900 series or 1900 series ISR 3 Router Provides corporate office network access 4 VPN server Easy VPN server for example a Cisco VPN 3000 concentrator with outside interface address 210 110 101 1 5 Corporate office with a network address of 10 1 1 1 6 IPSec tunnel The Cisco Easy VPN client feature eliminates much of the tedious configuration work by implementing the Cisco Unity Client protocol This protocol
435. rver and an SSH integrated client The client supports the following user authentication methods e RADIUS for more information see the Controlling Access Point Access with RADIUS section on page 265 e Local authentication and authorization for more information see the Configuring the Access Point for Local Authentication and Authorization section on page 288 For more information about SSH see Part 5 Other Security Features in the Cisco IOS Security Configuration Guide for Release 12 4 I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Administering the Wireless Device W Configuring Client ARP Caching amp Note The SSH feature in this software release does not support IP Security IPsec Configuring SSH Before configuring SSH download the cryptographic software image from Cisco com For more information see the release notes for this release For information about configuring SSH and displaying SSH settings see Part 6 Other Security Features in the Cisco IOS Security Configuration Guide for Release 12 4 which is available at Cisco com at the following link http www cisco com en US docs ios security configuration guide 12_4 sec_12_4_book html Configuring Client ARP Caching You can configure the wireless device to maintain an address resolution protocol ARP cache for
436. s Sample Output for the dir usbFlash Command rommon gt dir usbflash0 program load complete entry point 0x80903000 size 0x4c400 Directory of usbflash0 2 54212244 rw c2900 universalk9 mz Sample Output for the dev ROM Monitor Command rommon 2 gt dev Devices in device table Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide C 14 OL 20696 04 Appendix Using ROM Monitor How to Use the ROM Monitor Typical Tasks Tl id name flash compact flash bootflash boot flash usbflash0O usbflash0 usbflashl usbflashl eprom eprom Modifying the I O Memory iomemset amp This section describes how to modify the I O memory by using the memory size iomemset command Note SUMMARY STEPS DETAILED STEPS Use the iomemset command only when it is necessary to temporarily set the I O memory from the ROM monitor mode Using this command improperly can adversely affect the functioning of the router The Cisco IOS software can override the I O memory percentage if the memory size iomem command is set in the NVRAM configuration If the Cisco IOS command is present in the NVRAM configuration the I O memory percentage set in the ROM monitor with the iomemset command is used only the first time the router is booted up Subsequent reloads use the I O memory percentage set by using the memory size iomem command that is saved in the NVRA
437. s e Cisco 2901 and Cisco 2911 each router supports up to two PVDM3 modules e Cisco 2921 and Cisco 2951 each router supports up to three PVDM3 modules e Cisco 3925 and Cisco 3945 each router supports up to four PVDM3 modules e Cisco 3925E and Cisco 3945E each router supports up to three PVDM3 modules All codecs that are supported on the PVDM2 are supported on the PVDM3 except that the PVDM3 does not support the G 723 G 723 1 and G 723 1A codecs The PVDM2 can be used to provide G 723 codec support or the G 729 codec can be as an alternative on the PVDM3 The PVDM3 DSP does not support Cisco Fax Relay The PVDM2 5510 DSP does support Cisco Fax Relay The coexistence of PVDM2 and PVDM3 modules on the same motherboard is not supported If these two modules are installed on the same motherboard the PYDM2 is shut down Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 146 OL 20696 04 _ Chapter Configuring Next Generation High Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers W Information About Configuring the PYVDM3 Module on Cisco Voice Gateway Routers To take full advantage of the PVDM3 cards on Cisco voice gateway routers you should understand the following concepts e Video Conference and Transcoding e DSP Resource Manager Enhancement and DSP Numbering e DSP Image for the PVDM3
438. s Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 m Chapter Configuring Radio Settings HZ Enabling the Radio Interface SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Step7 To enable the access point radio follow these steps beginning in privileged EXEC mode 1 configure terminal dot11 ssid ssid interface dotllradio 0 1 ssid ssid no shutdown end ss oo FP YS DN Command copy running config startup config Purpose configure terminal Enters global configuration mode dot11 ssid ssid Enters the SSID The SSID consists of up to 32 alphanumeric characters SSIDs are case sensitive interface dot1llradio 0 1 Enters interface configuration mode for the radio interface The 2 4 GHz and 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 11n 5 GHz radio is radio 1 ssid ssid Assigns the SSID that you created in Step 2 to the appropriate radio interface no shutdown Enables the radio port end Returns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Use the shutdown command to disable the radio port Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 22 E OL 20696 04
439. s 3 hours and the 5 means 50 percent In this case the necessary command is clock timezone AST 3 30 To set the time to UTC use the no clock timezone command in global configuration mode Configuring Summer Time Daylight Saving Time To configure summer time daylight saving time in areas where it starts and ends on a particular day of the week each year follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 clock summer time zone recurring week day month hh mm week day month hh mm offset 3 end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 278 OL 20696 04 Chapter Administering the Wireless Device Managing the System Time and Date W 4 show running config 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 clock summer time zone recurring Configures summer time to start and end on the specified days every year week day month hh mm week day month Summer time is disabled by default If you specify clock summer time hh mm offset zone recurring without parameters the summer time rules default to the United States rules e For zone specify the name of the time zone for example PDT to be displayed when summer time is in effect e Optional For week specify the week of the month
440. s 98 2000 XP and Solaris platforms Note Avoid using the CLI and the web browser tools concurrently when configuring the wireless device If you configure the wireless device using the CLI the web browser interface may display an inaccurate interpretation of the configuration This inappropriate display of information does not necessarily mean the wireless device is not configured properly Use the interface dot11radio command in global CLI configuration to place the wireless device into the radio configuration mode Network Configuration Examples Setup the access point role in any of these common wireless network configurations The access point default configuration is a root unit connected to a wired LAN or the central unit in an all wireless network e Root Access Point page 204 e Central Unit in an All Wireless Network page 205 Root Access Point An access point connected directly to a wired LAN provides a connection point for wireless users If more than one access point is connected to the LAN users can roam from one area of a facility to another without losing their connection to the network As users move out of range of one access point they automatically connect to the network associate through another access point The roaming process is seamless and transparent to the user Figure 1 shows access points acting as root units on a wired LAN Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integra
441. s Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Next Generation High Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways W Max credits 645 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 645 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 Slot 0 Device idx 0 PVDM Slot 0 Dsp Type SP2600 dsp 4 State UP firmware 26 0 135 Max signal voice channel 43 43 Max credits 645 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 645 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 Slot 0 Device idx 1 PVDM Slot 0 Dsp Type SP2600 dsp 5 State UP firmware 26 0 135 Max signal voice channel 43 43 Max credits 645 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 645 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 Slot 0 Device idx 1 PVDM Slot 0 Dsp Type SP2600 dsp 6 State UP firmware 26 0 135 Max signal voice channel 42 43 Max credits 645 num_of_sig_chnls_
442. s for performing the following tasks e Resetting the Wireless Device to the Factory Default Configuration page 274 e Rebooting the Wireless Device page 274 e Monitoring the Wireless Device page 275 Resetting the Wireless Device to the Factory Default Configuration To reset the wireless device hardware and software to its factory default configuration use the service module wlan ap0 reset default config command in the router s Cisco IOS privileged EXEC mode A Caution Because you may lose data use only the service module wlan ap0 reset command to recover from a shutdown or failed state Rebooting the Wireless Device To perform a graceful shutdown and reboot the wireless device use the service module wlan ap0 reload command in the router s Cisco IOS privileged EXEC mode At the confirmation prompt press Enter to confirm the action or enter n to cancel When running in autonomous mode the reload command saves the configuration before rebooting If the attempt is unsuccessful the following message displays Failed to save service module configuration When running in Lightweight Access Point Protocol LWAPP mode the reload function is typically handled by the wireless LAN controller WLC If you enter the service module wlan ap0 reload command you are prompted with the following message The AP is in LWAPP mode Reload is normally handled by WLC controller Still want to proceed yes Cisco 3900 Series C
443. s on Cisco Voice Gateways Voice Channels g7llperdsp 43 g726perdsp 32 g729perdsp 20 g729aperdsp 32 g723perdsp 20 g728perdsp 20 g7 23perdsp 20 gsmperdsp 32 gt gsmefrperdsp 20 gsmamrnbperdsp 20 ilbcperdsp 20 modemrelayperdsp 20 g72264Perdsp 32 h324perdsp 20 m_f_thruperdsp 43 faxrelayperdsp 32 maxchperdsp 43 minchperdsp 20 srtp_maxchperdsp 27 srtp_minchperdsp g711_srtp_perdsp 27 g729_srtp_perdsp I i I 14 faxrelay_srtp_perdsp 14 14 g729a_srtp_perdsp 24 I Step6 show voice dsp group slot number Use this command to display the current status or selective statistics of DSP voice channels for a specific DSP group For example Router show voice dsp group slot 0 dsp 1 State UP firmware 8 4 0 Max signal voice channel 16 16 Max credits 240 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 240 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used 0 Oversubscription can either be an indicator or a counter DSP type SP260x Step7 show voice dsp statistics device Use this command to display DSP voice statistics for the device Router show voice dsp statistics device DEVICE DSP CURR AI RST WDT ACK MAC TX RX PACK KEEPALIVE ID ID STATE COUNT FAIL ADDRESS COUNT TX RX SKP 0 0 0 E 1 0 0 0 0 00fa ce25 0000 51645919 37972871 29875 29875 0 0 0 0 2 1 0 0 0 0 00fa ce25 0000 51645919 37972871 29875 29875
444. s typically not modified 10 0x0400 Controls the host portion of the IP broadcast address e Setting bit 10 causes the processor to use all zeros e Factory default Clearing bit 10 causes the processor to use all ones Bit 10 interacts with bit 14 which controls the network and subnet portions of the IP broadcast address See Table D 3 for the combined effects of bits 10 and 14 05 11 12 0x0020 0x0800 0x 1000 Controls the console line speed See Table D 4 for the eight available bit combinations and console line speeds Factory default is 9600 baud where bits 5 11 and 12 are all zero clear Note You cannot change the console line speed configuration register bits from the Cisco IOS CLI You can however change these bits from the ROM monitor Or instead of changing the configuration register settings you can set the console line speed through other Cisco IOS commands 13 0x2000 Determines how the router responds to a network boot failure e Setting bit 13 causes the router to boot the default ROM software after 6 unsuccessful network boot attempts e Factory default Clearing bit 13 causes the router to indefinitely continue network boot attempts 14 0x4000 Controls the network and subnet portions of the IP broadcast address e Setting bit 10 causes the processor to use all zeros e Factory default Clearing bit 10 causes the processor to use all ones Bit 14 interacts with b
445. sco Unified mode Module 2 Configuring the Wireless Device Describes how to configure the autonomous wireless device how to upgrade the autonomous software to Cisco Unified software and how to configure a Unified wireless device Module 3 Configuring the Radio Settings Describes how to configure the radio settings for the wireless device Module 4 Administering the Wireless Device Describes many administration tasks for the wireless device Part 3 Appendix Description Appendix A Cisco IOS CLI for Initial Describes how to perform the initial Configuration configuration of the router using the Cisco IOS CLI and additional configuration procedures for the router Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 2 g OL 20696 04 Chapter Preface Appendix B Using CompactFlash Memory Cards Conventions W Describes how to use Advanced Capability CF memory cards on the router Appendix C Using ROM Monitor Describes how to use the ROM monitor to manually load a system image upgrade the system image when there are no TFTP servers or network connections or prepare for disaster recovery Appendix D Changing the Configuration Register Settings Describes the 16 bit configuration register in NVRAM and how to make changes to the register settings using the Cisco IOS CLI 1 PVDM3 packet voi
446. scription Administering the Access Point Administering the Wireless Device Describes how to administer the wireless device on the network Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 218 E OL 20696 04 Chapter Configuring the Wireless Device Related Documentation W Table 2 Autonomous Documentation continued Quality of Service http www cisco com en US docs routers access wireless software guide QualityOfService html Describes how to configure QoS on your Cisco wireless interface With this feature you can provide preferential treatment to certain traffic at the expense of other traffic Without QoS the device offers best effort service to each packet regardless of the packet contents or size It sends the packets without any assurance of reliability delay bounds or throughput Regulatory Domains and Channels http www cisco com en US docs router s access 800 860 880 890 software conf iguration guide scg_chanels html Lists the radio channels supported by Cisco access products in the regulatory domains of the world System Message http www cisco com en US docs Describes how to configure system message logging on Logging routers access wireless software guide S your wireless device ysMsgLogging html 1 RADIUS Remote Authentication Dial In User Service 2 TACACS Term
447. se 6 enterprise custservice N A MPID 44 carrier 2 carrier carrier N A MPID 43 Total Remote MEPs 3 Router2 110 Domain 410 Domain Domain 0026 99 7 0b41 Gi0 2 Vlan 100 customer MA customer1101 0026 99f7 0b41 Gid 1 Vlan 110 enterprise MA custservice 0026 99f7 0b41 Gi0 2 Vlan 200 carrier MA carrier Up Up N A 2s Up Up N A 2s Up Up N A 2s Use the show ethernet cfm error configuration command to view Ethernet CFM configuration errors if any The following is a sample output of the show ethernet cfm error configuration command Router show ethernet cfm error configuration CFMLeak Configuring Ethernet CFM Double Tagged Packets SUMMARY STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step7 Step 8 Step 9 Step 10 Step 11 Step 12 Complete these steps to configure and enable Ethernet CFM for double tagged packets enable configure terminal ethernet cfm ieee ethernet cfm global ethernet cfm domain domain name level value service service name vlan vlan id inner vlan inner vlan id direction down continuity check interface gigabitethernet slot port ethernet cfm mep domain domain name mpid mpid value service service name interface gigabitethernet slot port subinterface encapsulation dotlq v an id second dotlq inner vlan id end Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Confi
448. se steps beginning in global configuration mode SUMMARY STEPS 1 crypto dynamic map dynamic map name dynamic seq num 2 set transform set transform set name transform set name2 transform set name6 3 reverse route 4 exit 5 crypto map map name seq num ipsec isakmp dynamic dynamic map name discover profile profile name DETAILED STEPS Command or Action Purpose Step 1 crypto dynamic map dynamic map name Creates a dynamic crypto map entry and enters dynamic seq num crypto map configuration mode See Cisco IOS Security Command Reference for Example more detail about this command Router config crypto dynamic map dynmap 1 Router config crypto map Step 2 set transform set transform set name Specifies which transform sets can be used with transform set name2 transform set name6 the crypto map entry Example Router config crypto map set transform set vpnl Router config crypto map Step 3 reverse route Creates source proxy information for the crypto map entry Example See Cisco IOS Security Command Reference for Router config crypto map reverse route details Router config crypto map Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EON Chapter Configuring Security Features HZ Configuring VPN Command or Action Purpose Step 4 exit Returns to global configuration mode Exampl
449. sername specified in Step 2 Step4 end Returns to privileged EXEC mode Step5 show running config Verifies your entries Step6 copy running config startup config Optional Saves your entries in the configuration file Note To disable username authentication for a specific user use the no username name command in global configuration mode To disable password checking and allow connections without a password use the no login command in line configuration mode You must have at least one username configured and you must have login local set to open a Telnet session to the wireless device If you do not enter a username for the only username you can be locked out of the wireless device Configuring Multiple Privilege Levels By default Cisco IOS software has two modes of password security user EXEC and privileged EXEC You can configure up to 16 hierarchical levels of commands for each mode By configuring multiple passwords you can allow different sets of users to have access to specified commands For example if you want many users to have access to the clear line command you can assign it level 2 security and distribute the Level 2 password fairly widely But if you want more restricted access to the configure command you can assign it Level 3 security and distribute that password to a more restricted group of users This section includes this configuration information e Setting the Privilege Level for a C
450. specific channel number and to enable DFS To configure a channel follow these steps 1 configure terminal end show running config eo Aa YC DN Command interface dotllradiol dfs simulate channel number dfs band lt 4 gt copy running config startup config Purpose configure terminal Enters global configuration mode interface dotl1radio1 dfs simulate Enters the configuration interface for the 802 1 1a radio channel number dfs band lt 4 gt Specifies the channel to use For number enter one of the following channels 36 40 44 48 149 153 157 161 5180 5200 5220 5240 5745 5765 5785 or 5805 Enter dfs and one of the following frequency bands to use dynamic frequency selection on the selected channel 1 5 150 to 5 250 GHz 2 5 250 to 5 350 Ghz 3 5 470 to 5 725 GHz 4 5 725 to 5 825 GHz If you attempt to configure a channel that may only be selected by dfs the following message appears This channel number frequency can only be used by Dynamic Frequency Selection DFS end Returns to the privileged EXEC mode show running config Verifies your entries copy running config startup config Optional Saves your entries to the configuration file The following example selects channel 36 and configures it to use DFS on a frequency band 1 ap configure terminal ap config interface dotilradiol ap config if channel 36 ap config if
451. state from administratively down to administratively up Step 4 exit Example Router config if exit Router config Exits configuration mode for the GE interface and returns to global configuration mode Configuring Wireless LAN Interfaces The wireless LAN interface on the Cisco 1941 W router enables connection to the router through interface wlan ap0 For more information about configuring a wireless connection see the Configuring the Wireless Device section on page 207 Configuring Interface Card and Module Interfaces To configure interface cards and modules inserted in internal services module ISM enhanced high speed WAN interface card EHWIC Ethernet WAN interface card EWIC and service module SM slots see the appropriate interface card or module configuration documents on Cisco com Configuring a Loopback Interface The loopback interface acts as a placeholder for the static IP address and provides default routing information For complete information on the loopback commands see the Cisco IOS Release configuration guide documentation set To configure a loopback interface follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 ip address ip address mask 3 exit I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Basic Ro
452. sted and will be used by the device for any SGT aware policy enforcement or for egress tagging If the trusted keyword is not configured all the ingress traffic is assigned with the static SGT value specified in the configuration end Example Router config if cts manual end Exits the configuration session Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Security Features SGT over Ethernet Tagging W Example Configuring SGT over Ethernet Tagging This example shows how to configure SGT over Ethernet tagging with CTS SGT propagation enabled Router configure terminal Router config interface gigabitethernet 0 0 Router config if cts manual Router config if cts manual propagate sgt Router config if cts manual policy static sgt 77 trusted Router config if cts manual end Router show running interface gigabitethernet 0 0 interface gigabitethernet 0 0 ip address 50 0 0 1 255 255 255 0 cts manual policy static sgt 77 trusted end This example shows how to configure SGT over Ethernet tagging with CTS SGT propagation disabled Router configure terminal Router config interface gigabitethernet 0 0 Router config if cts manual Router config if cts manual no propagate sgt Router config if cts manual policy static sgt 77 trusted Router config if cts manual e
453. system image s minimum flash requirements proceed to the Copying the System Image into Flash Memory section on page 186 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco IOS Software DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 How to Upgrade the Cisco IOS Image W enable Use this command to enter privileged EXEC mode Enter your password if prompted For example Router gt enable Password Router dir flash0 Use this command to display the layout and contents of flash memory Router dir flash0 Flash CompactFlash directory File Length Name status L 6458208 c39xx tmp deleted 2 6458208 c39xxmz 12916544 bytes used 3139776 available 16056320 total 15680K bytes of ATA CompactFlash Read Write From the displayed output of the dir flash0 command compare the number of bytes available to the minimum flash requirements for the new system image e Ifthe available memory is equal to or greater than the new system image s minimum flash requirements proceed to the Copying the System Image into Flash Memory section on page 186 e Ifthe available memory is less than the new system image s minimum flash requirements proceed to Step 4 From the displayed output of the dir flash0 command compare the number of bytes total to the size of the sys
454. system image s minimum flash requirements proceed to the Copying the System Image into Flash Memory section on page 186 Proceed to the Copying the System Image into Flash Memory section on page 186 Copying the System Image into Flash Memory This section describes how to copy the system image into the compact flash memory card for your router Choose one of the following methods e Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory page 187 e Using the ROM Monitor to Copy the System Image over a Network page 189 e Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash Memory page 191 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image W Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory This section describes how to use TFTP or Remote Copy Protocol RCP to upgrade the system image This is the recommended and most common method of upgrading the system image Prerequisites The following details the logistics of upgrading the system image e Install a TFTP server or an RCP server application on a TCP IP ready workstation or PC Many third party vendors provide free TFTP server software which you can find by searching for TFTP server in a web search eng
455. systems See Cisco Unified Messaging Gateway 1 0 Command Reference at Cisco com for more information http www cisco com en US docs voice_ip_comm umg rel1_0 command reference UMG_1 0_CmdRe f html Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 136 OL 20696 04 Chapter Unified Communications on Cisco Integrated Services Routers IP Media Services W IP Media Services The Cisco 3900 series and Cisco 2900 series ISRs support the following media services e Conferencing Transcoding and Media Termination Point MTP page 137 e RSVP Agent page 137 e Trusted Relay Point TRP page 137 Conferencing Transcoding and Media Termination Point MTP RSVP Agent Cisco Enhanced Conferencing and Transcoding for Voice Gateway Routers provides conferencing and transcoding capabilities in Cisco IOS Software based gateways using the onboard Cisco Packet Voice Fax Digital Signal Processor Modules on the Cisco voice gateway routers This capability is also supported on Cisco voice gateway router platforms using the Cisco IP Communications Voice Fax Network Module and the Cisco IP Communications High Density Digital Voice Fax Network Module This feature is delivered in Cisco IOS Software and operates in conjunction with Cisco CallManager See Configuring Enhanced Conferencing and Transcoding for Voice Gateway Routers at Cisco com for configuration information
456. t number and name for the Advanced Capability CF slots Table 1 Compact Flash Slot Numbering and Naming Slot Number CF Filenames Slot0 flasho Slot1 flash1 1 Slot 0 is the default CF slot It stores the system image configurations and data files CF must be present in this slot for the router to boot and perform normal file operations 2 flash0 is aliased to flash Table 2 describes the slot number and name for the USB slots Table 2 USB Slot Numbering and Naming Slot Number USB Filenames SlotO usbflash0 Slot1 usbflash1 Information About Upgrading the System Image To upgrade the system image on your router review the following sections e Why Would I Upgrade the System Image page 178 e Which Cisco IOS Release Is Running on My Router Now page 179 e How Do I Choose the New Cisco IOS Release and Feature Set page 179 e Where Do I Download the System Image page 179 Why Would Upgrade the System Image System images contain the Cisco IOS software Your router was shipped with an image installed amp Note The Cisco 1941W access point runs a Cisco IOS image that is separate from the Cisco IOS image on the router At some point you may want to load a different image onto the router or the access point For example you may want to upgrade your IOS software to the latest release or you may want to use the same Cisco IOS release for all the routers in a network Each system image c
457. t7 HI EPC Stat 00000000 00000000 00000000 fLLLLLLL 00000000 3401 03 00000001 00000000 6408d464 e57fce22 60e3b7f4 sp s8 ra LO ErrPC Cause Sample Output for the frame ROM Monitor Command rommon 6 gt frame 2 Stack Frame 2 0x6421 0x6421 0x6421 0x6421 0x6421 0x6421 0x6421 0x6421 0x6421 0x6421 90d0 90d4 90d8 90dc 90e0 90e4 90e8 90ec 90f 0 90f4 SP sp sp sp sp sp sp sp sp sp sp te tee tteet 0x642190d0 Size 40 0x000 0x004 0x008 0x00c 0x010 0x014 0x018 0x01c 0x020 0x024 Oxffffffff Oxbfc05f2c OXETEFEFEE OXEEEFFFEE 0x6401a6f4 0x00000000 0x64049c 0 0x63360000 0x63360000 0x6079 70 Sample Output for the sysret ROM Monitor Command rommon 8 gt sysret System Return Info reason user break error address 0x801111b0 count pce 0x801111b0 Stack Trace FP 0x80005ea8 FP 0x80005eb4 FP 0x80005f74 FP 0x80005f9c F F F F 19 P 0x80005fac P 0x80005fc4 P 0x80005ffc P 0x00000000 PC PC PC PC PC PCs PC PC 0x801111b0 0x801136 94 0x8010eb44 0x800081 0x800080 18 64 Oxf 03d70 0x000000 0x000000 00 00 Sample Output for the meminfo ROM Monitor Command rommon 3 gt meminfo Current Memory configuration is Onboard SDRAM Size 128 MB Se Bank 0 128 MB 0 MB Size 256 MB Bee Bank 0 128 MB Bank 1 128 MB Main m
458. tches lan catalyst3550 software release 12 1_12c_eal configuration guide 3550scg html Configuring the Beacon Period and the DTIM The beacon period is the amount of time between access point beacons in kilomicroseconds Kmicrosecs One Kmicrosec equals 1 024 microseconds The data beacon rate always a multiple of the beacon period determines how often the beacon contains a delivery traffic indication message DTIM The DTIM tells power save client devices that a packet is waiting for them For example if the beacon period is set at 100 its default setting and if the data beacon rate is set at 2 its default setting then the wireless device sends a beacon containing a DTIM every 200 Kmicrosecs The default beacon period is 100 and the default DTIM is 2 To configure the beacon period and the DTIM follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dotilradio 0 1 3 beacon period value 4 beacon dtim period value 5 end 6 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 interface dotilradio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 1 1n 5 GHz radio is radio 1 Step3 beacon period value Sets the beacon period Enter a value in kilomicroseconds Step4 beacon dtim period value Sets the DTIM Enter a value in ki
459. ted Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Wireless Device Overview Management Options W Figure 1 Access Points as Root Units on a Wired LAN CC Ss es Access point io 135445 Central Unit in an All Wireless Network In an all wireless network an access point acts as a stand alone root unit The access point is not attached to a wired LAN it functions as a hub linking all stations together The access point serves as the focal point for communications increasing the communication range of wireless users Figure 2 shows an access point in an all wireless network Figure 2 Access Point as Central Unit in All Wireless Network Access point CORD 135443 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 TEN Chapter Wireless Device Overview W Management Options Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 206 OL 20696 04 Configuring the Wireless Device The following sections describe how to configure the wireless device on the Cisco 1941 W integrated services router ISR e Starting a Wireless Configuration Session page 207 e Configuring Wireless Settings page 209 e Upgrading to Cisco Unified Software page 215 e Related Documentation page 218 Note
460. tem image or startup configuration you can quickly revert to the previous working configuration and system image For more detailed information see the Managing Configuration Files chapter and the Loading and Maintaining System Images chapter of the Cisco IOS Configuration Fundamentals Configuration Guide at http www cisco com en US docs ios fundamentals configuration guide 12_4 cf_12_4_book html To save backup copies of the startup configuration file and the system image file complete the following steps 1 enable 2 copy nvram startup config ftp rep tftp 3 dir flash0 4 copy flash0 ftp rep tftp I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software HZ How to Upgrade the Cisco 10S Image DETAILED STEPS Command or Action Purpose Step1 enable Enables privileged EXEC mode e Enter your password if prompted Example Router gt enable Step2 copy nvram startup config ftp rep tftp Copies the startup configuration file to a server e The configuration file copy serves as a backup copy Example e Enter the destination URL when prompted Router copy nvram startup config ftp Step3 dir flash0 Displays the layout and contents of a flash memory file system Example e Write down the name of the system image file Router
461. tem image to which you want to upgrade e Ifthe total memory is less than the new system image s minimum flash requirements you must upgrade your compact flash memory card See the hardware installation guide for your router e Ifthe total memory is equal to or greater than the new system image s minimum flash requirements proceed to Step 5 dir all flash0 Use this command to display a list of all files and directories in flash memory Router dir all flasho Directory of flash 3 rw 6458388 Mar 01 1993 00 00 58 c39xx tmp 1580 rw 6462268 Mar 06 1993 06 14 02 c39xx ata 63930368 bytes total 51007488 bytes free From the displayed output of the dir all flash0 command write down the names and directory locations of the files that you can delete If you cannot delete any files you must upgrade your compact flash memory card See the hardware installation guide for your router amp Note Do not delete the system image that the router already uses If you are not sure which files can be safely deleted either consult your network administrator or upgrade your compact flash memory card to a size that can accommodate both the existing files and the new system image See the hardware installation guide for your router I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Upgrading the Cisco 10S Software
462. tep 1 Step 2 Step 3 Step 4 Step5 5 end Command or Action Purpose enable Example Router gt enable Enables privileged EXEC mode Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode interface gigabitethernet s ot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode authentication control direction in lboth Example Router config if authentication control direction in Router config if authentication control direction both Configures the port mode as unidirectional or bidirectional in The port can send packets to the host but cannot receive packets from the host both The port cannot receive packets from or send packets to the host This is the default value end Example Router config if end Router Returns to privileged EXEC mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 124 OL 20696 04 _ Chapter Configuring Identity Features on Layer 3 Interface Verifying Default Control Direction Setting Both Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Use the show authentication sessions and show dot1x commands to verify the default control direction
463. ter Configuring Multi Gigabit Fabric Communication HZ Supported Slots Modules and Interface Cards The following modules and interface cards support communication through the MGF e Wireless LAN Module in the Cisco 1941 W ISR page 172 e Cisco Etherswitch Service Modules page 172 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers support legacy interface cards and modules Some modules will require an adapter See your router s hardware installation guide at Cisco com for adapter installation information See the routers s Product page at Cisco com for a complete list of supported new and legacy modules Wireless LAN Module in the Cisco 1941W ISR When configured as an autonomous access point the wireless LAN WLAN device serves as the connection point between wireless and wired networks or as the center point of a stand alone wireless network In large installations wireless users within radio range of a device can roam throughout a facility while maintaining seamless and uninterrupted access to the network Cisco 1941W supports ISM to EHWIC communication with an integrated switch communicating through the MGF In this scenario traffic goes from the WLAN through the Multi Gigabit Fabric s CPU port and out through a port on the front panel Cisco Etherswitch Service Modules The following Cisco EtherSwitch service modules provide Cisco modular access routers the ability to stack Cisco Et
464. ter in Cisco IOS Security Configuration Guide Also see the Cisco IOS Password Encryption Facts tech note and the Improving Security on Cisco Routers tech note Restrictions If you configure the enable secret command it takes precedence over the enable password command the two commands cannot be in effect simultaneously Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 AppendixA Cisco 10S CLI for Initial Configuration HZ Using the Cisco 10S CLI to Perform Initial Configuration SUMMARY STEPS 1 enable configure terminal enable password password enable secret password end enable oO n PF YW DN end DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Command or Action Purpose enable Example Router gt enable Enables privileged EXEC mode e Enter your password if prompted configure terminal Example Router configure terminal Enters global configuration mode enable password password Example Router config enable password pswd2 Optional Sets a local password to control access to various privilege levels e We recommend that you perform this step only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command enable secret password Example
465. ter out unwanted messages For more information see Cisco IOS Firewall SIP Enhancements ALG and AIC at Cisco com Unified Communications Gateways The Cisco 3900 series and Cisco 2900 series ISRs support the following Unified Communication gateways e TDM Gateways page 135 e Cisco Unified Border Element page 136 e Unified Messaging Gateway page 136 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 134 OL 20696 04 Chapter Unified Communications on Cisco Integrated Services Routers Unified Communications Gateways W TDM Gateways Voice Gateways Video Gateway The Cisco 3900 series and Cisco 2900 series ISRs support the following type of time division multiplexing TDM gateways e Voice Gateways page 135 e Video Gateway page 135 Cisco IOS voice gateways connect TDM equipment such as private branch exchanges PBXs and the PSTN to VoIP packet networks The Cisco ISR voice gateway routers support the widest range of packet telephony based voice interfaces and signaling protocols within the industry providing connectivity support for more than 90 percent of all PBXs and public switched telephone network PSTN connection points Signaling support includes T1 E1 Primary Rate Interface PRI T1 channel associated signaling CAS E1 R2 T1 E1 QSIG protocol T1 Feature Group D FGD Basic Rate Interface BRI foreign exchange off
466. terprise 8843 e154 6f01 Up Up 6 enterprise Gi0 1 1 custservice S C 200 70 N A N A 58s MPID 400 Domain enterprise MA custservice Router1 On router 2 Router2 show ethernet cfm maintenance points remote MPID Domain Name MacAddress EESE PtSt Lvl Domain ID Ingress RDI MA Name Type Id SrvcInst EVC Name Age Local MEP Info I OL 20696 04 Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP 100 customer 0026 99f7 0b41 Up Up 7 customer Gi0 2 1101 customer1101 S C 100 30 N A N A 40s MPID 110 Domain customer MA customer1101 44 carrier 0026 99f7 0b41 Up Up 2 carrier Gi0 2 2 carrier S C 50 20 N A N A 40s MPID 43 Domain carrier MA carrier 400 enterprise 0026 99f7 0b41 Up Up 6 enterprise Gi0 1 1 custservice S C 200 70 N A N A 40s MPID 410 Domain enterprise MA custservice Router2 Use the ping command to verify if Ethernet CFM loopback messages are successfully sent and received between the routers Router ping ethernet mpid 100 domain customer service customer1101 cos 5 Type escape sequence to abort Sending 5 Ethernet CFM loopback messages to 8843 e154 6f01 timeout is 5 seconds Success rate is 100 percent 5 5 round trip min avg max 1 1 1 ms Router Use the traceroute command to send the Ethernet CFM traceroute messages Router traceroute ethernet mpid 100 domain customer service
467. that affect all network users such as impending system shutdowns The login banner also appears on all connected terminals It appears after the MOTD banner and appears before the login prompts appear Note For complete syntax and usage information for the commands used in this section see Cisco IOS Configuration Fundamentals Command Reference Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 284 OL 20696 04 Chapter Administering the Wireless Device Creating a Banner W This section contains the following configuration information e Default Banner Configuration page 285 e Configuring a Message of the Day Login Banner page 285 e Configuring a Login Banner page 286 Default Banner Configuration The MOTD and login banners are not configured Configuring a Message of the Day Login Banner You can create a single line or multiline message banner that appears on the screen when someone logs into the wireless device To configure an MOTD login banner follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 banner motd c message c 3 end 4 show running config 5 copy running config startup config DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 banner motd c message c Specifies the message of the day For c enter the delimiting
468. the module which may or may not lead to changes on the MGF Modules and interface cards inter communicate using the MGF on the router with or without CPU involvement Modules and interface cards that communicate without CPU involvement reduce load and increase performance on the router Modules and interface cards that do not utilize the MGF communicate with the CPU using the PCI Express PCIe link The following sections describe module and interface card communication through the MGF e Restrictions for Module and Interface Card Communication page 171 e Supported Slots Modules and Interface Cards page 171 e Cisco High Speed Intrachassis Module Interconnect HIMI page 173 e Viewing Platform Information page 174 Restrictions for Module and Interface Card Communication Cisco 1941W The wireless LAN WLAN module is only supported on the Cisco 1941W ISR Maximum Number of Legacy Switch Modules A maximum of two integrated switch modules are supported when a legacy module is present in the system In this scenario the two switch modules have to be externally stacked Supported Slots Modules and Interface Cards The following slots support communication through the MGF e Service module SM e Enhanced high speed WAN interface card EHWIC e Internal service module ISM Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 EEN Chap
469. the two way delay measurement configuration The Cisco IOS Master Command List at http www cisco com en US docs ios mcl allreleasemcl all_book html provides more information about these commands Caution amp Because debugging output is assigned high priority in the CPU process it can diminish the performance of the router or even render it unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff Note Before you run any of the debug commands listed in the following table ensure that you run the logging buffered debugging command and then turn off console debug logging using the no logging console command Table 4 debug Commands for Two Way Delay Measurement Configuration debug Command Purpose debug epmpal all Enables debugging of all Ethernet performance monitoring PM events debug epmpal api Enables debugging of Ethernet PM API events I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide jg Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface Table 4 debug Commands for Two Way Delay Measurement Configuration continued debug Command Purpose debug epmpal rx Enables debugging of Et
470. ther source of time is available you can manually configure the time and date after restarting the system The time remains accurate until the next system restart We recommend that you use manual configuration only as a last resort If you have an outside source to which the wireless device can synchronize you do not need to manually set the system clock This section contains the following configuration information e Setting the System Clock page 277 e Displaying the Time and Date Configuration page 277 e Configuring the Time Zone page 278 e Configuring Summer Time Daylight Saving Time page 278 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 276 OL 20696 04 Chapter Administering the Wireless Device Managing the System Time and Date W Setting the System Clock If you have an outside source on the network that provides time services such as an NTP server you do not need to manually set the system clock To set the system clock follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 clock set hh mm ss day month year or clock set hh mm ss month day year 2 show running config 3 copy running config startup config DETAILED STEPS Command Purpose Step1 clock set hh mm ss day month year Manually sets the system clock by using one of these formats or e For hh mm ss specify the time in hours 24 hour format minutes
471. tion 2 Software Configuration Guide Appendix B Using CompactFlash Memory Cards HI Directory Operations on a CompactFlash Memory Card Router pwd flash0 config Router dir Directory of flash0 config 380 rw 6462268 Mar 08 2004 06 14 02 myconfigl 203 xrw 6458388 Mar 03 2004 00 01 24 myconfig2 63930368 bytes total 51007488 bytes free Creating a New Directory To create a directory in flash memory enter the mkdir flash0 command in privileged EXEC mode amp Note Use flash1 in the command syntax to access CF in slot 1 Use 1asho in the command syntax to access CF in slot 0 Creating a New Directory Example In the following example a new directory named config is created then a new subdirectory named test config is created within the config directory Router dir flash0 Directory of flash0 1580 rw 6462268 Mar 06 2004 06 14 02 c2900 universalk9 mz 3600ata 30 rw 6458388 Mar 01 2004 00 01 24 c2900 universalk9 mz 63930368 bytes total 51007488 bytes free Router mkdir flash0 config Create directory filename config Created dir flash0 config Router mkdir flash0 config test config Create directory filename config test config Created dir flash0 config test config Router dir flash0 Directory of flash0 3 rw 6458208 Mar 01 2004 00 04 08 c2900 universalk9 mz tmp 1580 drw 0 Mar 01 2004 23 48 36 config 128094208 bytes total 121626624 bytes free
472. tion Guide OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Third Party SFPs ip address 192 168 2 2 255 255 255 0 encapsulation ppp dialer pool 1 dialer string 384020 dialer group 1 peer default ip address pool isdn ip local pool isdn 192 168 2 1 ip http server ip classless ip route 0 0 0 0 0 0 0 0 192 168 2 1 ip route 40 0 0 0 255 0 0 0 30 1 1 1 dialer list 1 protocol ip permit Configuring Third Party SFPs Small Form Factor Pluggables SFPs that are not Cisco certified are called third party SFPs Cisco approved means the SFPs have undergone rigorous testing with Cisco products and the SFPs are guaranteed to have 100 compatibility Third party SFPs are manufactured by companies that are not on the Cisco approved Vendor List AVL Currently Cisco ISR G2 routers support only Cisco approved SFPs From Release 15 3 2 T Cisco ISR G2 routers recognize third party SFPs Note Restrictions SUMMARY STEPS Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Cisco does not provide any kind of support for the third party SFPs because they are not validated by Cisco e Supports only 1OOBASE SFPs and 1000BASE SFPs under two speed configurations 100 Mbps speed for 1OOBASE SFPs 1000 Mbps speed for 1OOOBASE SFPs e Only the following routers and modules support third party SFPs Cisc
473. tment See Cisco Hoot and Holler over IP at Cisco com for information http www cisco com en US docs ios 12_2 voice configuration guide vvfhhip html See Cisco IOS Multicast for Hoot amp Holler Networks at Cisco com for information http www cisco com en US netsol ns340 ns394 ns 165 ns70 networking_solutions_white_paper09186 a00800a3e6c shtml Cisco Application Extension Platform APIs Cisco Application Extension Platform AXP is an open network platform for application development integration and hosting It is a service module on the Cisco Integrated Services Router ISR AXP realizes the Network as a Platform vision of Cisco while bringing collaborative partnerships and accelerating innovation Cisco AXP offers the following features e Linux based integration environment to develop applications that run on routers e Certified libraries to implement C Python Perl and Java applications http web server and SSH are also supported e Service APIs for integrating applications into the network e Multiple applications can run in their own virtual instance with the ability to segment and guarantee CPU memory and disk resources See Cisco Application eXtension Platform Quick Start Guide at Cisco com for Getting Started information http www cisco com en US docs interfaces_modules services_modules ax 1 0 quick guide axpqs html See Cisco Application eXtension Platform Developer Guide at Cisco com for developers inform
474. to the router console port Hardware installation guide for your router Break key sequence combinations for entering ROM monitor mode within the first 60 seconds of rebooting the router Standard Break Key Sequence Combinations During Password Recovery Upgrading the ROM monitor ROM Monitor Download Procedures for Cisco 2691 Cisco 3631 Cisco 3725 and Cisco 3745 Routers Using the boot image Rx boot to recover or upgrade the system image How to Upgrade from ROMmon Using the Boot Image Booting and configuration register commands Cisco IOS Configuration Fundamentals Command Reference Loading and maintaining system images rebooting Cisco IOS Configuration Fundamentals Configuration Guide Choosing and downloading system images Software Center at http www cisco com kobayashi sw center index shtml Router crashes Troubleshooting Router Crashes Understanding Software forced Crashes Router hangs Troubleshooting Router Hangs Technical Assistance Description Link Technical Assistance Center TAC home page containing 30 000 pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content http www cisco com public support tac home shtml 1 You must have an account at Cisco com If you do not have an account or have forgott
475. turns to privileged EXEC mode copy running config startup config Optional Saves your entries in the configuration file Short preambles are enabled by default Use the preamble short command to enable short preambles if they are disabled I OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide JE Chapter Configuring Radio Settings W Configuring Transmit and Receive Antennas Configuring Transmit and Receive Antennas You can select the antenna that the wireless device uses to receive and transmit data There are three option settings for both the receive antenna see step 4 and the transmit antenna see step 5 SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 e Gain Sets the resultant antenna gain in decibels dB e Diversity This default setting tells the wireless device to use the antenna that receives the best signal If the wireless device has two fixed non removable antennas you should use this setting for both receive and transmit e Right If the wireless device has removable antennas and you install a high gain antenna on the wireless device s right connector you should use this setting for both receive and transmit When you look at the wireless device s back panel the right antenna is on the right e Left If the wireless device has removable antennas and you install a high gain
476. up an external process break set show clear the breakpoint confreg configuration register utility cont continue executing a downloaded image context display the context of a loaded image cookie display contents of cookie PROM in hex dev list the device table dir list files in file system frame print out a selected stack frame help monitor builtin command help history monitor command history iomemset set IO memory percent meminfo main memory information repeat repeat a monitor command reset system reset rommon pref select ROMMON set display the monitor variables showmon display currently selected ROM monitor stack produce a stack trace sync write monitor environment to NVRAM sysret print out info from last system return tftpdnld tftp image download unalias unset an alias unset unset a monitor variable xmodem x ymodem image download hwpart Read HW resources partition Using ROM Monitor Displaying Files in a File System dir To display a list of the files and directories in the file system use the dir command as shown in the following example rommon 1 gt dir flash0 program load complete entry point 0x80803000 size 0x1b340 Directory of flash0 c2900 universalk9 mz SSA rel1 configuration 2 60199000 rw 14700 1267 rw rommon 2 gt dir usbflash0 program load complete entry point 0x80903000 size 0x4c400 Directory of usbflash0 2 54212244 rw c2900 universalk9 mz SSA Loading a System Image
477. ur entries in the configuration file The first part of the clock summer time global configuration command specifies when summer time begins and the second part specifies when it ends All times are relative to the local time zone The start time is relative to standard time The end time is relative to summer time If the starting month is after the ending month the system assumes that you are in the southern hemisphere To disable summer time use the no clock summer time command in global configuration mode This example shows how to set summer time to start on October 12 2000 at 02 00 and end on April 26 2001 at 02 00 AP config clock summer time pdt date 12 October 2000 2 00 26 April 2001 2 00 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide 280 OL 20696 04 Chapter Administering the Wireless Device Configuring a System Name and Prompt W Configuring a System Name and Prompt You configure the system name on the wireless device to identify it By default the system name and prompt are ap If you have not configured a system prompt the first 20 characters of the system name are used as the system prompt A greater than symbol gt is appended The prompt is updated whenever the system name changes unless you manually configure the prompt by using the prompt command in global configuration mode amp Note For complete synta
478. uration Guide Chapter Administering the Wireless Device HZ Controlling Access Point Access with RADIUS 8 copy running config startup config 9 aaa authorization exec radius DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 aaa new model Enables AAA Step3 radius server host hostname ip address auth port port number acct port port number timeout seconds retransmit retries key string Specifies the IP address or hostname of the remote RADIUS server host e Optional For auth port port number specify the user datagram protocol UDP destination port for authentication requests e Optional For acct port port number specify the UDP destination port for accounting requests e Optional For timeout seconds specify the time interval that the wireless device waits for the RADIUS server to reply before retransmitting The range is to 1000 This setting overrides the radius server timeout global configuration command setting If no timeout is set with the radius server host command the setting of the radius server timeout command is used e Optional For retransmit retries specify the number of times that a RADIUS request is resent to a server if that server is not responding or responding slowly The range is 1 to 1000 If no retransmit value is set with the radius server host command the setting of the radius server retransmit globa
479. uring Radio Settings W Configuring Radio Channel Settings amp Note The maximum legal transmit power is greater for some 5 GHz channels than for others When it randomly selects a 5 GHz channel on which power is restricted the access point automatically reduces transmit power to comply with power limits for that channel Note Cisco recommends that you use the world mode dot11d country code configuration interface command to configure a country code on DFS enabled radios The IEEE 802 1 1h protocol requires access points to include the country information element IE in beacons and probe responses By default however the country code in the IE is blank You use the world mode command to populate the country code IE CLI Commands The following sections describe CLI commands that apply to DFS Confirming that DFS is Enabled Use the show controllers dot11radiol command to confirm that DFS is enabled The command also includes indications that uniform spreading is required and channels that are in the non occupancy period due to radar detection This example shows a line from the output for the show controller command for a channel on which DFS is enabled The indications listed in the previous paragraph are shown in bold ap show controller dot11radiol I interface Dot11Radio1 Radio lt model gt Base Address 011 9290ec0 BBlock version 0 00 Software version 6 00 0 Serial number FOCO83114WK Number of su
480. urity services e UC Trusted Firewall page 138 e Signaling and Media Authentication and Encryption page 139 e Virtual Route Forward page 139 UC Trusted Firewall Cisco Unified Communications Trusted Firewall Control pushes intelligent services onto the network through a Trusted Relay Point TRP Firewall traversal is accomplished using Simple Session Traversal Utilities for NAT STUN on a TRP co located with a Cisco Unified Communications Manager Express Cisco Unified CME Cisco Unified Border Element CUBE Media Termination Point MTP Transcoder or Conference Bridge Firewall traversal for Unified Communications is often a difficult problem Voice over IP VoIP protocols use many ports for a single communication session and most of these ports those used for media H 245 and so forth are ephemeral It is not possible to configure static rules for such ports as they fall in a large range Cisco Unified Trusted Firewall opens ports dynamically based on the conversation of trusted end points By using UC Trusted Firewall in the network following things can be achieved e Firewall can be made independent of protocol because only TRP which is controlled by Call Control needs to be enhanced for various protocols Firewall does not need to change e Increase firewall performance while opening firewall ports in the media path dynamically when a VoIP call is made between two endpoints e Simplify the firewall policy configuration an
481. use channels 44 and 46 for example for radios that are close to each other Caution The presence of too many access points in the same vicinity can create radio congestion that can reduce throughput A careful site survey can determine the best placement of access points for maximum radio coverage and throughput 802 11n Channel Widths SUMMARY STEPS The 802 11n standard allows both 20 MHz and 40 Mhz channel widths consisting of two contiguous non overlapping channels for example 2 4 GHz channels 1 and 6 One of the 20 MHz channels is called the control channel Legacy clients and 20 MHz high throughput clients use the control channel Only beacons can be sent on this channel The second 20 MHz channel is called the extension channel The 40 MHz stations may use this channel and the control channel simultaneously A 40 MHz channel is specified as a channel and extension such as 1 1 In this example the control channel is channel 1 and the extension channel is above it To set the wireless device channel width follow these steps beginning in privileged EXEC mode 1 configure terminal interface dotllradio 01 1 channel frequency least congested width 20 40 above 40 below dfs end a a w N copy running config startup config OL 20696 04 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio S
482. uter Configuration WE Configuring a Loopback Interface DETAILED STEPS Example Step 1 Step 2 Step 3 Command Purpose interface type number Enters configuration mode for the loopback interface Example Router config interface Loopback 0 Router config if ip address ip address mask Sets the IP address and subnet mask for the loopback interface Example Router config if ip address 10 108 1 1 255 255 255 0 Router config if exit Exits configuration mode for the loopback interface and returns to global configuration Example mode Router config if exit Router config The loopback interface in this sample configuration is used to support Network Address Translation NAT on the virtual template interface This configuration example shows the loopback interface configured on the gigabit ethernet interface with an IP address of 200 200 100 1 24 which acts as a static IP address The loopback interface points back to virtual template1 which has a negotiated IP address interface loopback 0 ip address 200 200 100 1 255 255 255 0 static IP address ip nat outside l interface Virtual Templatel ip unnumbered loopback0O no ip directed broadcast ip nat outside Verifying Configuration To verify that you have properly configured the loopback interface enter the show interface loopback command You should see verification output similar to the following exampl
483. uter to the privileged EXEC mode Example Router config ecfm srv end Step9 configure terminal Enters the global configuration mode Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Example Router configure terminal I OL 20696 04 o Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces E CFM Support on Routed Port and Port MEP Command Purpose Step 10 interface gigabitethernet slot port Example Router config interface gigabitethernet 0 2 Specifies an interface and enters the interface configuration mode Step 11 ethernet cfm mep domain domain name mpid mpid value service service name Example Router config if ethernet cfm mep domain carrier mpid 44 service carrier Sets a port to a maintenance domain and defines it as an MEP Note The values for domain and service must be the same as the values configured for CFM Step 12 end Example Router config if ecfm mep end Returns the router to the privileged EXEC mode Configuration Example for Ethernet CFM Port MEP This example shows how to configure Ethernet CFM on a port MEP Router gt enable Router configure terminal Router config ethernet cfm ieee Router config ethernet cfm global Router con Router con Router con Router config ecfm srv end Router configure termi
484. w cisco com en US docs routers access wireless software guide SecurityLocalAuthent html Describes how to use a wireless device in the role of an access point as a local authenticator serving as a standalone authenticator for a small wireless LAN or providing backup authentication service As a local authenticator the access point performs LEAP EAP FAST and MAC based authentication for up to 50 client devices Cipher Suites and WEP http www cisco com en US docs routers access wireless software guide SecurityCipherSuitesWEP html Describes how to configure the cipher suites required for using WPA and CCKM WEP and WEP features including AES MIC TKIP and broadcast key rotation Hot Standby Access Points http www cisco com en US docs routers access wireless software guide RolesHotStandby html Describes how to configure your wireless device as a hot standby unit Configuring Wireless VLANs http www cisco com en US docs routers access wireless software guide wireless_vlans html Describes how to configure an access point to operate with the VLANs set up on a wired LAN Service Set Identifiers http www cisco com en US docs routers access wireless software guide ServiceSetID html In the role of an access point a wireless device can support up to 16 SSIDs This document describes how to configure and manage SSIDs on the wireless device Administering Links De
485. w slots common ports and getting started tasks Module 2 Basic Router Configuration Describes how to perform the basic router configuration interface configuration and routing configuration Module 3 Configuring Backup Data Lines and Describes how to configure backup interfaces Remote Management dial backup and remote management Module 4 Configuring Power Efficiency Describes the hardware and software power Management efficiency management features on the router See Cisco EnergyWise Configuration Guide for information about configuring power efficiency management on modules and interface Module 5 Configuring Security Features Describes how to configure security features Module 6 Unified Communications on Cisco Describes voice application services that are Integrated Services Routers supported on these routers Module 7 Configuring Next Generation Describes how to configure the new High Density PVDM3 Modules next generation PVDM3 installed on your router Module 8 Multi Gigabit Fabric Describes how modules and interface cards Communication inter communicate using the MGF on the router Module 9 Upgrading the Cisco IOS Software Describes how to upgrade the Cisco IOS software image on the router or the access point Part 2 Configuring the Access Point Description Module 1 Wireless Overview Describes the autonomous image and recovery image shipped on the Cisco 1941W access point flash Explains the default autonomous mode and Ci
486. wn Step5 exit Exit config controller mode Example Router config controller exit Step6 voice port slot number port Enter config voiceport mode Example Router config voice port 0 0 0 1 Step7 shutdown Administratively shuts down the voice port Example Router config voiceport shutdown Step8 exit Exit config voiceport mode Use the exit command till you are in privileged Example EXEC mode Router config voiceport exit Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 EEN Chapter Configuring Next Generation High Density PVDM3 Modules HZ Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Perform online insertion and removal SUMMARY STEPS 1 hw module sm slot oir stop 2 Confirm that the board is ready for removal The LED blinks for 3 seconds and turns off After the LED is off the board is ready for removal 3 Insert the replacement board in the same slot or in an empty slot 4 hw module sm slot oir start DETAILED STEPS Command or Action Purpose Step1 hw module sm slot oir stop Shuts down the specified module to prepare it for removal Example Router hw module sm 1 oir stop Step2 Wait until the LED signals that the board is ready for removal The LED blinks for 3 seconds and turns off After the LED is off the board is ready for removal Step3 Insert the replac
487. x and usage information for the commands used in this section see Cisco IOS Configuration Fundamentals Command Reference and Cisco IOS IP Addressing Services Command Reference This section contains the following configuration information e Default System Name and Prompt Configuration page 281 e Configuring a System Name page 281 e Understanding DNS page 282 Default System Name and Prompt Configuration The default access point system name and prompt are ap Configuring a System Name To manually configure a system name follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal hostname name end show running config oF U N copy running config startup config Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide I OL 20696 04 EN Chapter Administering the Wireless Device W Configuring a System Name and Prompt DETAILED STEPS Command Purpose Step1 configure terminal Enters global configuration mode Step2 hostname name Manually configures a system name The default setting is ap Note When you change the system name the wireless device radios reset and associated client devices disassociate and quickly reassociate Note You can enter up to 63 characters for the system name However when the wireless device identifies itself to client devices it uses only the first 15 characters
488. your Cisco voice gateway SUMMARY STEPS 1 show platform hw module power show voice call slot port show voice dsp group all show voice dsp sorted list show voice dsp capabilities slot number dsp number show voice dsp group slot number show voice dsp statistics device show voice dsp statistics tx rx show voice dsp statistics ack o o N SF FF LY DN debug voice dsp crash dump Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 _ Chapter Configuring Next Generation High Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways W DETAILED STEPS Step 1 show platform hw module power amp Note Effective with Cisco IOS Releases 15 1 1 T and 15 0 1M 2 the hw module energywise level command is not available in Cisco IOS software For more information see the Cisco 3900 Series 2900 Series and 1900 Series Software Configuration Guide Use this command to display power settings of PVDM3 service modules for example Router show platform hw module power PVDM Slot 0 1 Levels supported 0x441 SHUT FRUGAL FULL CURRENT level 10 FULL Previous level 10 FULL Transitions Successful Unsuccessful SHUT 0 0 FRUGAL 0 0 FULL 0 0 Slot 0 2 Levels supported 0x441 SHUT FRUGAL FULL CURRENT level 10 FULL Previ
Download Pdf Manuals
Related Search