Cisco Systems C819GUK9 User's Manual
Contents
1. Table 5 2 Modem Data Profile Parameters profile number Number for the profile that you are creating You can create up to 16 profiles apn Access point name You must get this information from the service provider authentication Type of authentication for example CHAP PAP Username Username provided by your service provider Password Password provided by your service provider CDMA Modem Activation and Provisioning Activation procedures may differ depending upon your carrier Consult your carrier and perform one of the following procedures as appropriate e Manual activation e Activating using over the air service provisioning The following table lists the activation and provisioning processes supported by different wireless carriers Table 5 3 Activation and Provisioning Process Carrier Manual Activation using MDN MSID MSL Sprint OTASP Activation Verizon Wireless IOTA for Data Profile refresh Sprint 1 OTASP Over the Air Service Provisioning 2 IOTA Internet Over the Air Manual Activation Note You must have valid mobile directory number MDN mobile subsidy lock MSL and mobile station identifier MSID information from your carrier before you start this procedure To configure a modem profile manually use the following command beginning in EXEC mode cellular unit cdma activate manual mdn msid msl Besides being activated the modem data profile is provisioned through the2. Chapter 8 Configuring the Serial Interface How to Configure Serial Interfaces W Once there are no more frames to transmit the state machine transitions to the wait transmit finish state The machine waits for the transmit FIFO in the serial controller to empty starts a delay timer with a value defined by the half duplex timer rts drop delay interface command and transitions to the wait RTS drop delay state When the timer in the wait RTS drop delay state expires the state machine deasserts RTS and transitions to the wait CTS drop state A timeout timer with a value set by the half duplex timer cts drop timeout interface command starts and the state machine waits for the CTS to deassert The default is 250 ms Once the CTS signal is deasserted or the timeout timer expires the state machine transitions back to the ready state If the timer expires before CTS is deasserted an error counter is incremented which can be displayed by issuing the show controllers command for the serial interface in question As shown in Figure 4 a half duplex DTE receive state machine for low speed interfaces idles and receives frames in the ready state A giant frame is any frame whose size exceeds the maximum transmission unit MTU If the beginning of a giant frame is received the state machine transitions to the in giant state and discards frame fragments until it receives the end of the giant frame At this point the state machine transitions bac
3. Cisco 819 Series Integrated Services Routers Software Configuration Guide ia g OL 23590 02 amp CHAPTER Wireless Device Overview The Cisco 819 ISRs provide Internet VPN data and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users These fixed routers are capable of bridging and multiprotocol routing between LAN and WAN ports and provide advanced features such as antivirus protection The fixed 3G routers can be used as the primary WAN connectivity and as a backup for critical applications and can also be used as the primary WAN connection Note ScanSafe There are two SIM card slots in the Cisco 819 ISRs For information on how to install the SIM cards see Cisco 819 Integrated Services Router Hardware Installation Guide e ScanSafe page 2 1 e TFTP support with Ethernet WAN interface page 2 2 e LEDs page 2 2 The Cisco Integrated Services Router G2 ISR G2 family delivers numerous security services including firewall intrusion prevention and VPN These security capabilities have been extended with Cisco ISR Web Security with Cisco ScanSafe for a web security and web filtering solution that requires no additional hardware or client software Cisco ISR Web Security with Cisco ScanSafe enables branch offices to intelligently redirect web traffic to the cloud to enforce granular security and acceptable use policies over user web traffic With this solution you can
4. Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 EN Chapter 11 Configuring PPP over Ethernet with NAT Hs Configuration Example amp Note Commands marked by default are generated automatically when you run the show running config command vpdn enable vpdn group 1 request dialin protocol pppoe interface vlan 1 ip address 192 168 1 1 255 255 255 0 no ip directed broadcast default ip nat inside interface FastEthernet 4 no ip address no ip directed broadcast default ip nat outside pppoe enable group global pppoe client dial pool number 1 no sh interface dialer 0 ip address negotiated ip mtu 1492 encapsulation ppp ppp authentication chap dialer pool 1 dialer group 1 dialer list 1 protocol ip permit ip nat inside source list 1 interface dialer 0 overload ip classless default ip route 10 10 25 2 255 255 255 255 dialer 0 ip nat pool pooll 192 168 1 0 192 168 2 0 netmask 255 255 252 0 ip nat inside source list acll pool pooll Cisco 819 Series Integrated Services Routers Software Configuration Guide uau OL 23590 02 Chapter 11 Configuring PPP over Ethernet with NAT Configuration Example Wl Verifying Your Configuration Use the show ip nat statistics command in privileged EXEC mode to verify the PPPoE with NAT configuration You should see verification output similar to the following example Router show
5. I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide gy Chapter 6 Hs Configuring Backup Interfaces SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 To configure your router with a backup interface perform these steps beginning in global configuration mode 1 interface type number 2 backup interface interface type interface number 3 exit Command Purpose interface type number Example Router config interface xxx 0 Router config if Enters interface configuration mode for the interface for which you want to configure backup This can be a serial interface ISDN interface or asynchronous interface backup interface interface type interface number Example Router config if backup interface serial 0 Router config if Assigns an interface as the secondary or backup interface This can be a serial interface or asynchronous interface For example a serial interface could be configured to back up a serial 0 interface The example shows a serial interface configured as the backup interface for the ATM 0 interface exit Example Router config if exit Router config Exits the configuration interface mode Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Configuring Backup Data Lines and Remote Management Chapter 6 Configuring Backup Data Line
6. GPS LED n OEF lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt GPS NMEA port Disabled Stream OFF DM port Disabled B Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Note CHAPTER Wireless Local Area Network A Wireless Local Area Network WLAN implements a flexible data communication system frequently augmenting rather than replacing a wired LAN within a building or campus WLANS use radio frequency to transmit and receive data over the air minimizing the need for wired connections The Cisco 819HGW and Cisco 819HWD ISRs have a Host router software running on the first core The second core runs the WLAN Access Point software If WLAN is not supported in an SKU all 1 GB DRAM memory is allocated to the first core For the SKUs that support WLAN 128 MB out of the 1 GB main memory is allocated to the second core If WLAN is not supported in an SKU all 1 GB compact flash memory is allocated to the first core For the SKUs that support WLAN 64 MB out of the 1 GB main memory is allocated to the second core WLAN is only supported on Cisco 819HGW and Cisco 819HWD ISRs introduced in IOS release 15 2 4 M1 WLAN Features Dual Radio The Cisco 819HGW and Cisco 819HWD ISRs support the following features e Dual Radio page 3 1 e Images Supported page 3 2 e CleanAir Technol
7. Note Make sure you have ip classless enabled on your router SUMMARY STEPS 1 configure terminal 2 ip route network number network mask ip address interface administrative distance name name DETAILED STEPS Command or Action Purpose Step1 configure terminal Enters global configuration mode from the terminal Example Router configure terminal Step2 ip route network number network mask Establishes a floating static route with the ip address interface administrative distance configured administrative distance through the name name specified interface A higher administrative distance should be configured for the route through the backup interface so that the backup interface is used only when the primary interface is down Example Router config ip route 0 0 0 0 Dialer 2 track 234 Cellular Wireless Modem as Backup with NAT and IPsec Configuration The following example shows how to configure the 3G wireless modem as backup with NAT and IPsec on either GSM or CDMA networks amp Note The receive and transmit speeds cannot be configured The actual throughput depends on the cellular network service Current configuration 3433 bytes version 12 4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Router boot start marker boot end marker Cisco 819 Series Integrated Services
8. pool name overload Example Router config ip nat inside source list 101 interface Dialer 3 overload Step11 ip route prefix mask ip address Sets the IP route to point to the dialer interface as interface type interface number a default gateway ip address Example Router config ip route 0 0 0 0 0 0 0 0 22200 22 Router config Step12 access list access list number deny Defines an extended access list that indicates permit source source wildcard which addresses need translation Example Router config access list 1 permit 192 168 0 0 0 0 255 255 any Step13 0 dialerwatch list group number ip Evaluates the status of the primary link based on ip address address mask delay route check the existence of routes to the peer The address ST ee eee 22 0 0 2 is the peer IP address of the ISP Example Router config dialer watch list 1 ip 22 0 0 2 255 255 255 255 Router config Step14 line aux console tty vty Enters configuration mode for the line interface line number ending line number Example Router config line console 0 Router config line Cisco 819 Series Integrated Services Routers Software Configuration Guide Pei OL 23590 02 Chapter6 Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port W Command Purpose Step 15 modem enable Switches the port from console to au
9. protocol through Telnet TACACS is a Cisco proprietary authentication protocol that provides remote access authentication and related network security services such as event logging User passwords are administered in a central database rather than in individual routers TACACS also provides support for separate modular authentication authorization and accounting AAA facilities that are configured at individual routers Ethernet is a baseband LAN protocol that transports data and voice packets to the WAN interface using carrier sense multiple access collision detect CSMA CD The term is now often used to refer to all CSMA CD LANs Ethernet was designed to serve in networks with sporadic occasionally heavy traffic requirements The IEEE 802 3 specification was developed in 1980 based on the original Ethernet technology Under the Ethernet CSMA CD media access process any host on a CSMA CD LAN can access the network at any time Before sending data CSMA CD hosts listen for traffic on the network A host wanting to send data waits until it detects no traffic before it transmits Ethernet allows any host on the network to transmit whenever the network is quiet A collision occurs when two hosts listen for traffic hear none and then transmit simultaneously In this situation both transmissions are damaged and the hosts must retransmit at some later time Algorithms determine when the colliding hosts should retransmit Cisco 860 Serie
10. Configuring the Fast Ethernet LAN Interfaces 5 25 Configuring a Loopback Interface 5 25 Example 5 26 Verifying Configuration 5 26 Configuring Static Routes 5 27 Example 5 28 Verifying Configuration 5 28 Configuring Dynamic Routes 5 28 Configuring Routing Information Protocol 5 29 Example 5 30 Verifying Configuration 5 30 Configuring Enhanced Interior Gateway Routing Protocol 5 30 Example 5 31 Verifying Configuration 5 31 CHAPTER 6 Configuring Backup Data Lines and Remote Management 6 1 Configuring Backup Interfaces 6 1 Configuring Cellular Dial on Demand Routing Backup 6 3 Configuring DDR Backup Using Dialer Watch 6 3 Configuring DDR Backup Using Floating Static Route 6 5 Cellular Wireless Modem as Backup with NAT and IPsec Configuration 6 5 Configuring Dial Backup and Remote Management Through the Console Port 6 8 Example 6 13 Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Contents W CHAPTER 7 Environmental and Power Management 7 1 Cisco EnergyWise Support 7 2 CHAPTER 8 Configuring the Serial Interface 8 1 Legacy Protocol Transport 8 2 Configuring Serial Interfaces 8 2 Information About Configuring Serial Interfaces 8 3 Cisco HDLC Encapsulation 8 3 PPP Encapsulation 8 3 Multilink PPP 8 4 Keepalive Timer 8 4 Frame Relay Encapsulation 8 5 LMI on Frame Relay Interfaces 8 6 How to Configure Serial Interfaces 8 6 Configuring a Synchronous Serial Interface 8 6 Specifying
11. Copyright c 1986 2012 by Cisco Systems Inc Compiled Thu 07 Jun 12 04 44 by prod_rel_team WDC is not configured This product contains cryptographic features and is subject to United States and local country laws governing import export transfer and use Delivery of Cisco cryptographic products does not imply third party authority to import export distribute or use encryption Importers exporters distributors and users are responsible for compliance with U S and local country laws By using this product you agree to comply with applicable laws and regulations If you are unable to comply with U S and local laws return this product immediately A summary of U S laws governing Cisco cryptographic products may be found at http www cisco com wwl export crypto tool stqrg html If you require further assistance please contact us by sending email to I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide gy AppendixC ROM Monitor HZ Disaster Recovery with TFTP Download export cisco com Installed image archive Cisco C819HGW 7 A A K9 revision 4 0 with 883788K 33715K bytes of memory Processor board ID FAC15455YYZ 4 FastEthernet interfaces 2 Gigabit Ethernet interfaces L Serial sync async interface 2 terminal lines L Virtual Private Network VPN Module L Cellular interface 1 cisco Embedded AP s DRAM configuration is 32 bits wide 255K bytes of non volatile co
12. Desktops laptop PCs switches Fast Ethernet LAN interface inside interface for NAT PPPoE client Cisco 819 ISRs Point at which NAT occurs Fast Ethernet WAN interface outside interface for NAT Cable modem or other server that is connected to the Internet uw OO ol BS Ww N PPPoE session between the client and a PPPoE server I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide gy Chapter 11 Configuring PPP over Ethernet with NAT WE PPPoE PPPoE The PPPoE Client feature on the router provides PPPoE client support on Ethernet interfaces A dialer interface must be used for cloning virtual access Multiple PPPoE client sessions can be configured on an Ethernet interface but each session must use a separate dialer interface and a separate dialer pool A PPPoE session is initiated on the client side by the Cisco 819 ISRs An established PPPoE client session can be terminated in one of two ways e By entering the clear vpdn tunnel pppoe command The PPPoE client session terminates and the PPPoE client immediately tries to re establish the session This also occurs if the session has a timeout e By entering the no pppoe client dial pool number command to clear the session The PPPoE client does not attempt to re establish the session NAT NAT represented as the dashed line at the edge of the Cisco router signifies two addressing domains and the insi
13. To see this configuration use the show running config command beginning in privileged EXEC mode router eigrp 109 network 192 145 1 0 network 10 10 12 115 Verifying Configuration To verify that you have properly configured IP EIGRP enter the show ip route command and look for EIGRP routes indicated by D You should see a verification output similar to the following Router show ip route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 i IS IS su IS IS summary L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets Cc 10 108 1 0 is directly connected Loopback0O D 3 0 0 0 8 90 409600 via 2 2 2 1 00 00 02 Ethernet0 0 I OL 23590 02 Cisco 819 Series Integrated Services Router Software Configuration Guide gy Chapter5 Basic Router Configuration Hs Configuring Dynamic Routes Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 CHAPTER Configuring Backup Data Lines and Remote Management This chapter describes configuring backup data lines and remote management in the following sec
14. active Fa2 active active active active Configuration Tasks Stp BrdgMode Transl Trans2 Type SAID MTU Parent RingNo BridgeNo enet 100001 1500 enet 100002 1500 fddi 101002 1500 tr 101003 1500 1005 0 fdnet 101004 1500 J trnet 101005 1500 T OL 23590 02 Cisco 819 Integrated Services Routers Software Configuration Guide E Chapter12 Configuring a LAN with DHCP and VLANs Hs Configuration Tasks Cisco 819 Integrated Services Routers Software Configuration Guide Lau OL 23590 02 aea AOD Configuring a VPN Using Easy VPN and an IPSec Tunnel This chapter provides an overview of the creation of Virtual Private Networks VPNs that can be configured on the Cisco 819 Integrated Services Routers ISRs Cisco routers and other broadband devices provide high performance connections to the Internet but many applications also require the security of VPN connections that perform a high level of authentication and that encrypt the data between two particular endpoints Two types of VPNs are supported site to site and remote access Site to site VPNs are used to connect branch offices to corporate offices for example Remote access VPNs are used by remote clients to log in to a corporate network The example in this chapter illustrates the configuration of a remote access VPN that uses the Cisco Easy VPN and an IPSec tunnel to configure and secure the connection between the remote client a
15. algorithms See Secure Connectivity Configuration Guide Library Cisco IOS Release 12 4T for details about the valid transforms and combinations crypto ipsec security association lifetime seconds seconds kilobytes kilobytes Example Router config crypto ipsec security association lifetime seconds 86400 Router config Specifies global lifetime values used when IPSec security associations are negotiated Configure the IPSec Crypto Method and Parameters A dynamic crypto map policy processes negotiation requests for new security associations from remote IPSec peers even if the router does not know all the crypto map parameters for example IP address To configure the IPSec crypto method perform these steps beginning in global configuration mode Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter9 Configuring Security Features Configuring VPN W SUMMARY STEPS 1 crypto dynamic map dynamic map name dynamic seq num 2 set transform set transform set name transform set name2 transform set name6 3 reverse route 4 exit 5 crypto map map name seq num ipsec isakmp dynamic dynamic map name discover profile profile name DETAILED STEPS Command or Action Purpose Step 1 crypto dynamic map dynamic map name Creates a dynamic crypto map entry and enters dynamic seq num crypto map configuration mode Example See Cisco IOS Sec
16. async mode interactive ppp chap hostname cisco wwan ccs ppp chap password 0 cisco ppp ipcp dns request ip route 0 0 0 0 0 0 0 0 CellularO access list 1 permit any dialer list 1 protocol ip list 1 line 3 exec timeout 0 0 script dialer gsm login modem InOut The following example shows how to configure a cdma cellular interface to be used as a primary WAN connection It is configured as the default route chat script cdma ATDT 777 TIMEOUT 60 CONNECT interface Cellular0O ip address negotiated encapsulation ppp dialer in band dialer string cdma dialer group 1 async mode interactive ppp chap password 0 cisco ip route 0 0 0 0 0 0 0 0 CellularO access list 1 permit any dialer list 1 protocol ip list 1 Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter5 Basic Router Configuration Configuring WAN Interfaces W line 3 exec timeout 0 0 script dialer cdma login modem InOut Tunnel over Cellular Interface Configuration The following example shows how to configure the static IP address when a tunnel interface is configured with the ip address unnumbered lt cellular interface gt command interface Tunnel2 ip unnumbered Cellular0 tunnel source Cellular0 tunnel destination 128 107 248 254 interface Cellular0O bandwidth receive 1400000 ip address 23 23 0 1 255 255 0 0 ip nat outside ip virtual reassembly encapsulat
17. c 1986 2012 by Cisco Systems Inc Compiled Thu 07 Jun 12 04 44 by prod_rel_team ROMMON Readonly Cisco 819 Integrated Services Routers Software Configuration Guide I OL 18906 02 g co AppendixC ROM Monitor Configuration Register System Bootstrap Version 15 2 2r T RELEASE SOFTWARE fc1 Technical Support http www cisco com techsupport Copyright c 2012 by cisco Systems Inc WLAN AP Boot loader bundled AP802 Boot Loader AP802 BOOT M Version 12 4 25e JA1 RELEASE SOFTWARE fc1 Technical Support http www cisco com techsupport Compiled Wed 30 May 12 03 46 by prod_rel_team router Jul 13 23 01 25 291 SCELLWAN 2 SIM_FATLURE Cellular0O SIM read failed for slot 0 Jul 13 23 01 25 391 CISCO800 2 MODEM_UP Cellular0O modem is now UP Jul 13 23 01 25 391 CISCO800 6 SIM_STATUS SIM in slot 0 is not present router router router router Jul 13 23 01 27 163 LINEPROTO 5 UPDOWN Line protocol on Interface Vlanl changed state to up router router router Jul 13 23 01 30 123 LINEPROTO 5 UPDOWN Line protocol on Interface Vlan114 changed state to up Jul 13 23 01 30 263 LINEPROTO 5 UPDOWN Line protocol on Interface Vlan193 changed state to up Jul 13 23 01 30 295 SLINEPROTO 5 UPDOWN Line protocol on Interface Vlan194 changed state to up Jul 13 23 01 30 543 LINEPROTO 5 UPDOWN Line protocol on Interface Vlan195 changed state to up router router ro
18. config if Enters configuration mode for the VLAN on which the Fast Ethernet LAN interfaces FE0 FE3 reside to be the inside interface for NAT ip nat inside outside Example Router config if ip nat inside Router config if Identifies the specified VLAN interface as the NAT inside interface For details about this command and additional parameters that can be set as well as information about enabling static translation see Cisco IOS IP Command Reference Volume 1 of 4 Addressing and Services no shutdown Example Router config if no shutdown Router config if Enables the configuration changes just made to the Ethernet interface exit Example Router config if exit Router config Exits configuration mode for the Fast Ethernet interface Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 11 Configuring PPP over Ethernet with NAT Configuration Example Hl Command Purpose Step 7 interface type number Enters configuration mode for the Fast Ethernet WAN interface FE4 to be the outside interface Example for NAT Router config interface fastethernet 4 Router config if Step 8 ip nat inside outside Identifies the specified WAN interface as the NAT outside interface Examp ls For details about this command and additional parameters that can be set as well as information about enabl
19. configuration file generated when you use the show running config command I line con 0 exec timeout 10 0 password 4youreyesonly login transport input none default stopbits 1 default line vty 0 4 password secret login I oL 23590 02 Cisco 819 Series Integrated Services Router Software Configuration Guide Chapter 5 HZ Configuring Global Parameters Configuring Global Parameters SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 Step 4 1 configure terminal 2 hostname name 3 enable secret password 4 no ip domain lookup Command To configure selected global parameters for your router perform these steps Purpose configure terminal Example Router gt enable Router configure terminal Router config Enters global configuration mode when using the console port If you are connecting to the router using a remote terminal use the following telnet router name or address Login login id Password x Router gt enable hostname name Example Router config hostname Router Router config Specifies the name for the router enable secret password Example Router config enable secret criny5ho Router config Specifies an encrypted password to prevent unauthorized access to the router no ip domain lookup Example Router config no ip domain lookup Router config Disables the router from translating u
20. for DDR capabilities To enable dialer watch on the backup interface and create a dialer list use the following commands in interface configuration mode SUMMARY STEPS 1 configure terminal 2 interface type number 3 dialer watch group group number 4 dialer watch list group number ip ip address address mask 5 dialer list lt dialer group gt protocol lt protocol name gt permit deny list lt access list number gt access group 6 ip access list lt access list number gt permit lt ip source address gt 7 interface cellular o 8 dialer string lt string gt Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 a 63 Chapter 6 HI Configuring Cellular Dial on Demand Routing Backup DETAILED STEPS Command or Action Purpose Step 1 configure terminal Example Router configure terminal Enters global configuration mode Step 2 interface type number Example Router config interface 0 Specifies the interface Step 3 dialer watch group group number Example Router config if dialer watch group 2 Enables dialer watch on the backup interface Step 4 dialer watch list group number ip ip address address mask Example Router config if dialer watch list 2 ip 10 4 0 254 255 255 0 0 Defines a list of all IP addresses to be watched Step 5 dialer list lt dialer group gt protocol lt protocol name gt permit deny list
21. interface type number Example Router config interface Loopback 0 Router config if Enters configuration mode for the loopback interface ip address ip address mask Example Router config if ip address 10 108 1 1 255 255 255 0 Router config if Sets the IP address and subnet mask for the loopback interface exit Example Router config if exit Router config Exits configuration mode for the loopback interface and returns to global configuration mode The loopback interface in this sample configuration is used to support Network Address Translation NAT on the virtual template interface This configuration example shows the loopback interface configured on the Fast Ethernet interface with an IP address of 200 200 100 1 24 which acts as a static IP address The loopback interface points back to virtual templatel which has a negotiated IP address interface loopback 0 ip address 200 200 100 1 255 255 255 0 ip nat outside interface Virtual Templatel ip unnumbered loopback0O directed broadcast ip nat outside I no ip Verifying Configuration static IP address To verify that you have properly configured the loopback interface enter the show interface loopback command You should see a verification output similar to the following example Router show interface loopback 0 Loopback0 is up line protocol is up Hardware is Loopback Internet address is 200 200 100
22. lt access list number gt access group Example Router config dialer list 2 protocol ip permit Creates a dialer list for traffic of interest and permits access to an entire protocol Step 6 ip access list lt access list number gt permit lt ip source address gt Example Router config access list 2 permit 10 4 0 0 Defines traffic of interest Do not use the access list permit all command to avoid sending traffic to the IP network This may result in call termination Step 7 interface cellular 0 Example Router config interface cellular 0 Specifies the cellular interface Step 8 dialer string lt string gt or dialer group lt dialer group number gt Example Router config if dialer string cdma cdma or Router config if dialer group 2 gsm CDMA only Specifies the dialer script defined using the chat script command GSM only Maps a dialer list to the dialer interface Cisco 819 Series Integrated Services Routers Software Configuration Guide Configuring Backup Data Lines and Remote Management OL 23590 02 Chapter6 Configuring Backup Data Lines and Remote Management Configuring Cellular Dial on Demand Routing Backup W Configuring DDR Backup Using Floating Static Route To configure a floating static default route on the secondary interface use the following commands beginning in the global configuration mode amp
23. mode client peer 192 168 100 1 interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static map interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside Configure a Site to Site GRE Tunnel To configure a GRE tunnel perform these steps beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 ip address ip address mask 3 tunnel source interface type number 4 tunnel destination default gateway ip address 5 crypto map map name 6 exit 7 ip access list standard extended access list name 8 permit protocol source source wildcard destination destination wildcard 9 exit Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 e Chapter9 Configuring Security Features Hs Configuring VPN DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Step7 Command or Action Purpose interface type number Example Router config interface tunnel 1 Router config if Creates a tunnel interface and enters interface configuration mode ip address ip address mask Example Router config if 10 62 1 193 255 255 255 252 Router config if Assigns an address to the tunnel tunnel source interface type number Example Router config if tunnel source fastethernet 0 Router config if Specifies the source endpoint of the router for the GRE tunnel tunnel dest
24. yellow blink followed by two greenblinks Off Green two green No SIM in slot 0 SIM present in slot 1 blinks and then pause Green Off Slow single SIM present in slot0 no SIM in slot 1 green blink and then pause Off Off No SIM present in either slots 3G One blink green and For 1xRTT EGPRS GPRS service then pause Two blink green and then pause For EVDO EVDO 1xRTT UMTS Three blink green and then pause For EVDO 1xRTT RevA HSPA HSUPA HSDPA Green solid For HSPA PLUS 1 Not applicable to Verizon and Sprint EVDO modems 2 There is only one LED to indicate the status two SIMs A one blink pattern represents the status of the SIM in slot 0 followed by a two blink pattern for the SIM in slot 1 Use the following show commands to check the LED status for your router e show platform led for all LEDs e show controller cellular 0 for 3G LEDs The following is a sample output from the show platform led command and shows the LED status router show platform led I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter 2 Wireless Device Overview LEDs LED STATUS LEDS SYSTEM WWAN RSSI GPS STATUS GREEN GREEN GREEN 2 BLINK OFF LEDS ACTIVITY SIM slot0O slot1 3G STATUS OFF GREEN YELLOW GREEN LAN PORTS H FEO FEL FE2 FE3 LI
25. 1 24 MTU 1514 bytes BW 8000000 Kbit reliability 255 255 txload 1 255 Encapsulation LOOPBACK loopback not set Last input never output never Last clearing of show interface Queueing strategy fifo DLY 5000 usec rxload 1 255 output hang never counters never E Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter5 Basic Router Configuration Configuring Static Routes W Output queue 0 0 0 drops input queue 0 75 0 drops 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 0 packets input 0 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 abort 0 packets output 0 bytes 0 underruns 0 output errors 0 collisions 0 interface resets 0 output buffer failures 0 output buffers swapped out Another way to verify the loopback interface is to ping it Router ping 200 200 100 1 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 200 200 100 1 timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 1 2 4 ms Configuring Static Routes Static routes provide fixed routing paths through the network They are manually configured on the router If the network topology changes the static route must be updated with a new route Static routes are private routes unless they are redistributed by a routing protocol Fol
26. 10 10 Configuring Fallback Bridging page 10 11 Managing the Switch page 10 12 Configuring VLANs VLANs on the FE Ports page 10 6 VLANs on the GE Port page 10 7 VLANs on the FE Ports This section provides information on how to configure VLANs The Cisco 819 ISRs support 2 VLANs and the Cisco 819 ISRs support 8 VLANs Perform these steps to configure VLANs beginning in configuration mode Command Purpose Step 1 interface fe port Selects the Fast Ethernet port to configure Step 2 shutdown Optional Shuts down the interface to prevent traffic flow until configuration is complete Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 10 Configuring the Ethernet Switches How to Configure Ethernet Switches W Command Purpose Step3 switchport Configures the Fast Ethernet port for Layer 2 switching Note You must enter the switchport command once without any keywords to configure the Fast Ethernet port as a Layer 2 port before you can enter additional switchport commands with keywords This command creats a Cisco default VLAN This configuration sets the default trunking administrative mode to switchport mode dynamic desirable and the trunk encapsulation to negotiate By default all VLANs created are included in the default trunk Step4 switchport access vlan vlan id Creates instances of additional VLANs Allowa
27. Dial Backup and Remote Management Through the Console Port Dial backup and remote management physical interface interface Asyncl no ip address encapsulation ppp dialer in band dialer pool member 3 async default routing async dynamic routing async mode dedicated ppp authentication pap callin interface ATMO mtu 1492 no ip address no atm ilmi keepalive pve 0 35 pppoe client dial pool number 1 Primary WAN link interface Dialerl ip address negotiated ip nat outside encapsulation ppp dialer pool 1 ppp authentication pap callin ppp pap sent username account password 7 pass ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request I Dialer backup logical interface interface Dialer3 ip address negotiated ip nat outside encapsulation ppp no ip route cache no ip mroute cache dialer pool 3 dialer idle timeout 60 dialer string 5555102 modem script Dialout dialer watch group 1 Remote management PC IP address peer default ip address 192 168 2 2 no cdp enable Need to use your own ISP account and password ppp pap sent username account password 7 pass ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request I IP NAT over Dialer interface using route map ip nat inside source route map main interface Dialer1 overload ip nat inside source route map secondary interface Dialer3 overload ip classless I When primary link is up again distance 5
28. Internet Over the Air IOTA process The IOTA process is initiated automatically when you use the cellular unit cdma activate manual mdn msid msl command The following is a sample output from this command router cellular 0 cdma activate manual 1234567890 1234567890 12345 NAM 0 will be configured and will become Active Modem will be activated with following Parameters MDN 1234567890 MSID 1234567890 SID 1234 NID 12 Checking Current Activation Status Modem activation status Not Activated Begin Activation Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter 5 Basic Router Configuration Configuring WAN Interfaces W Account activation Step 1 of 5 Account activation Step 2 of 5 Account activation Step 3 of 5 Account activation Step 4 of 5 Account activation Step 5 of 5 Secure Commit Result Succeed Done Configuring Resetting the modem The activation of the account is Complete Waiting for modem to be ready to start IOTA Beginning IOTA router Feb 6 23 29 08 459 IOTA Status Message Received Event IOTA Start Result SUCCESS Feb 6 23 29 08 459 Please wait till IOTA END message is received Feb 6 23 29 08 459 It can take up to 5 minutes Feb 6 23 29 27 951 OTA State SPL unlock Result Success Feb 6 23 29 32 319 OTA State Parameters committed to NVRAM Result Success Feb 6 23 29 40 999 Over the air provisioning complete Resul
29. Push Button A push button feature is available on the Cisco 819 ISR The reset button on the front panel of the router enables this feature Perform the following steps to use this feature Step 1 Unplug power Step2 Press the reset button on the front panel of the router Step3 Power up the sytem while holding down the reset button The system LED blinks four times indicating that the router has accepted the button push Using this button takes effect only during ROMMON initialization During a warm reboot pressing this button has no impact on performance Table 5 4 shows the high level functionality when the button is pushed during ROMMON initialization Cisco 819 Series Integrated Services Router Software Configuration Guide I OL 23590 02 E 523 Chapter5 Basic Router Configuration HI Configuring WAN Interfaces Table 5 4 Push Button Functionality during ROMMON Initialization ROMMON Behavior 10S Behavior e Boots using default baud rate If the configuration named cfg is available in nvram storage or flash storage IOS will perform a backup of the original configuration and will boot e Loads the default image if available on up using this configuration compact flash e Performs auto boot Note You can only have one configuration file Note If no default image is available the with cfg option Having more than one ROMMON will boot up with the first file will result in uncertain operational Cisco IOS ima
30. RSVP to ensure QoS if the following conditions describe your network e Small scale voice network implementation e Links slower than 2 Mbps e Links with high utilization e Need for the best possible voice quality Low Latency Queuing Low latency queuing LLQ provides a low latency strict priority transmit queue for real time traffic Strict priority queuing allows delay sensitive data to be dequeued and sent first before packets in other queues are dequeued giving delay sensitive data preferential treatment over other traffic Access Lists With basic standard and static extended access lists you can approximate session filtering by using the established keyword with the permit command The established keyword filters TCP packets based on whether the ACK or RST bits are set Set ACK or RST bits indicate that the packet is not the first in the session and the packet therefore belongs to an established session This filter criterion would be part of an access list applied permanently to an interface Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide oL 18906 02 g eo AppendixB Concepts WE Access Lists Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide B 10 OL 18906 02 APPENDIX ROM Monitor The ROM monitor firmware runs when the router is powered up or reset The firmware helps to
31. Routers Software Configuration Guide oL 23590 02 g es Chapter6 Configuring Backup Data Lines and Remote Management Configuring Cellular Dial on Demand Routing Backup no aaa new model crypto isakmp policy 1 encr 3des authentication pre share crypto isakmp key gsm address 128 107 241 234 crypto ipsec transform set gsm ah sha hmac esp 3des crypto map gsm1 10 ipsec isakmp set peer 128 107 241 234 set transform set gsm match address 103 no ip dhcp use vrf connected ip dhcp excluded address 10 4 0 254 ip dhcp pool gsmpool network 10 4 0 0 255 255 0 0 dns server 66 209 10 201 66 102 163 231 default router 10 4 0 254 I ip cef no ipv6 cef multilink bundle name authenticated chat script gsm atdt 98 1 TIMEOUT 30 CONNECT archive log config hidekeys I interface 0 no ip address ip virtual reassembly load interval 30 no ilmi keepalive interface 0 1 point to point backup interface Cellular0O ip nat outside ip virtual reassembly pve 0 35 pppoe client dial pool number 2 l interface FastEthernet0 I interface FastEthernet1 I interface FastEthernet2 interface FastEthernet3 E Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter6 Configuring Backup Data Lines and Remote Management Configuring Cellular Dial on Demand Routing Backup W interface Cellular0O ip address negotiated ip nat ou
32. SA exit Example Router config isakmp Router config exit Exits IKE policy configuration mode and enters global configuration mode Cisco 819 Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configuration Tasks W Configure Group Policy Information Perform these steps to configure the group policy beginning in global configuration mode SUMMARY STEPS 1 crypto isakmp client configuration group group name default 2 key name 3 dns primary server 4 domain name 5 exit 6 ip local pool default poolname low ip address high ip address DETAILED STEPS Command or Action Purpose Step 1 crypto isakmp client configuration group Creates an IKE policy group containing attributes group name default to be downloaded to the remote client Also enters the Internet Security Association Key Example and Management Protocol ISAKMP group policy configuration mode Router config crypto isakmp client configuration group rtr remote Router config isakmp group Step 2 key name Specifies the IKE pre shared key for the group policy Example Router config isakmp group key secret password Router config isakmp group Step 3 dns primary server Specifies the primary Domain Name System DNS server for the group Example P a Note You may also want to specify Windows Ronter GO
33. T the groups and count keywords were added to the show ip igmp snooping command and the output of the show ip igmp snooping command was modified to include global information about IGMP snooping groups Use the show ip igmp snooping command with the groups keyword to display the multicast table learned by IGMP snooping for all VLANs or the show ip igmp snooping command with the groups keyword vlan id keyword and vlan id argument to display the multicast table learned by IGMP snooping for a specific VLAN Use the show ip igmp snooping command with the groups and count keywords to display the number of multicast groups learned by IGMP snooping Configuring Per Port Storm Control For information on how to configure per port storm control see Configuring Per Port Storm Control Cisco 819 Series Integrated Services Routers Software Configuration Guide uu OL 23590 02 Chapter 10 Configuring the Ethernet Switches How to Configure Ethernet Switches W This section contains information on the following topics e Enabling per port storm control e Disabling per port storm control Configuring Fallback Bridging For information on how to configure fallback bridging see Configuring Fallback Bridging This section contains information on the following topics e Understanding the default fallback bridging configuration e Creating a bridge group e Preventing the forwarding of dynamically learned stations e Configuring the bridge table
34. VLAN beginning in global configuration mode SUMMARY STEPS 1 interface switch port id 2 switchport access vlan vlan id 3 end Cisco 819 Integrated Services Routers Software Configuration Guide P26 W OL 23590 02 Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks W DETAILED STEPS Command Purpose Step1 interface switch port id Specifies the switch port that you want to assign to the VLAN Example Router config interface FastEthernet 2 Router config if Step 2 switchport access vlan vian id Assigns a port to the VLAN Example Router config if switchport access vlan 2 Router config if Step3 end Exits interface mode and returns to privileged EXEC mode Example Router config if end Router Verify Your VLAN Configuration Use the following commands to view your VLAN configuration e show Entered from VLAN database mode Displays summary configuration information for all configured VLANs e show vlan switch Entered from privileged EXEC mode Displays detailed configuration information for all configured VLANs Cisco 819 Integrated Services Routers Software Configuration Guide oL 23590 02 EEN Chapter12 Configuring a LAN with DHCP and VLANs Hs Configuration Tasks Router vlan database Router vlan show VLAN ISL Id 1 Name default Media Type Ethernet VLAN 802 10 Id 100001 State Operational MTU 1500 Translational Bridged VLAN 1
35. a Cisco IOS software image from a remote TFTP server to the router flash memory Use the tftpdnld command only for disaster recovery because it erases all existing data in flash memory before downloading a new software image to the router I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide AppendixC ROM Monitor HZ Disaster Recovery with TFTP Download TFTP Download Command Variables This section describes the system variables that can be set in ROM monitor mode and that are used during the TFTP download process There are both required variables and optional variables amp Note The commands described in this section are case sensitive and must be entered exactly as shown Required Variables These variables must be set with these commands before you use the tftpdnld command Variable Command WAN GE setting FE_PORT 4 Switch port setting FE_PORT 0 3 IP address of the router IP_ADDRESS ip_ address Subnet mask of the router IP_SUBNET_MASK ip address IP address of the default gateway of the router DEFAULT_GATEWAY ip_address IP address of the TFTP server from which the fFTP_SERVER ip_address software will be downloaded Name of the file that will be downloaded to FTP_FILE filename the router Cisco 819 Integrated Services Routers Software Configuration Guide Pc g OL 18906 02 _ Appendix C ROM Monitor Optional Variables Disast
36. aging time e Filtering frames by a specific MAC address e Adjusting spanning tree parameters e Monitoring and maintaining the network Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 0 11 Chapter 10 Configuring the Ethernet Switches HZ How to Configure Ethernet Switches Managing the Switch For information on management of the switch see Managing the EtherSwitch HWIC This section contains information on the following topics Adding Trap Managers Configuring IP Information Enabling Switch Port Analyzer Managing the ARP Table Managing the MAC Address Tables Removing Dynamic Addresses Adding Secure Addresses Configuring Static Addresses Clearing all MAC Address Tables Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 NE Configuring PPP over Ethernet with NAT This chapter provides an overview of Point to Point Protocol over Ethernet PPPoE clients and Network Address Translation NAT that can be configured on the Cisco 819 Integrated Services Routers ISRs Multiple PCs can be connected to the LAN behind the router Before the traffic from these PCs is sent to the PPPoE session it can be encrypted filtered and so forth Figure 11 1 shows a typical deployment scenario with a PPPoE client and NAT configured on the Cisco router Figure 11 1 PPP over Ethernet with NAT 121753 Multiple networked devices
37. always interpreted as hexadecimal The new virtual configuration register value is written into NVRAM but does not take effect until you reset or reboot the router Changing the Configuration Register Using Prompts Entering the confreg command without an argument displays the contents of the virtual configuration register and a prompt to alter the contents by describing the meaning of each bit In either case the new virtual configuration register value is written into NVRAM but does not take effect until you reset or reboot the router The following display shows an example of entering the confreg command rommon 7 gt confreg Configuration Summary enabled are console baud 9600 boot the ROM Monitor do you wish to change the configuration y n n y enable diagnostic mode y n n y enable use net in IP bcast address y n n enable load rom after netboot fails y n nl enable use all zero broadcast y n n enable break abort has effect y n n enable ignore system config info y n n change console baud rate y n n y enter rate 0 9600 1 4800 2 1200 3 2400 0 0 change the boot characteristics y n n y enter to boot 0 ROM Monitor 1 the boot helper image 2 15 boot system 0 0 Configuration Summary enabled are diagnostic mode console baud 9600 boot the ROM Monitor do you wish to change the configuration y n n You must reset or power
38. are defined by describing the local addresses to be translated and the pool of addresses from which to allocate outside addresses Allocation occurs in numeric order and multiple pools of contiguous address blocks can be defined NAT eliminates the need to readdress all hosts that require external access saving time and money It also conserves addresses through application port level multiplexing With NAT internal hosts can share a single registered IP address for all external communications In this type of configuration relatively few external addresses are required to support many internal hosts thus conserving IP addresses Because the addressing scheme on the inside network may conflict with registered addresses already assigned within the Internet NAT can support a separate address pool for overlapping networks and translate as appropriate Easy IP Phase 1 E Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide The Easy IP Phase 1 feature combines Network Address Translation NAT and PPP Internet Protocol Control Protocol IPCP This feature enables a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server and to enable all remote hosts to access the Internet using this single registered IP address Because Easy IP Phase 1 uses existing port level multiplexed NAT functionality within Cisco IOS software IP addresses on
39. authenticate using an unencrypted pin router config controller gsm sim authenticate 0 1234 slot 0 The following example shows you how to set the maximum number of SIM switchover retries to 20 router config controller gsm sim max retry 20 The following example shows you how to set SIM slot 1 as the primary slot router config controller gsm sim primary slot 1 Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter5 Basic Router Configuration Configuring WAN Interfaces W The following example shows you how to configure the SIM card in slot 0 to use profile 10 router config controller gsm sim profile 10 slot 0 Perform the following commands to manually switch the SIM Command Syntax Description cellular GSM SIM cellular GSM SIM lock unlock Locks or unlocks the SIM gsm sim cellular lt unit gt gsm sim lock unlock lt pin gt Locks or unlocks the gsm SIM gsm sim unblock cellular lt unit gt gsm sim unblock lt puk gt lt newpin gt Unblocks the gsm SIM gsm sim change pin cellular lt unit gt gsm sim change pin lt oldpin gt Changes the PIN of the SIM lt newpin gt gsm sim activate slot cellular lt unit gt gsm sim activate slot lt slot_no gt Activates the GSM SIM The following command forces the modem to connect to SIMI Router cellular 0 gsm sim activate slot 1 Configuring Router for Image and Config Recovery Using
40. count is 15 Best route is one with lowest hop count By default every 30 seconds You can reconfigure this value and also use triggered extensions to RIP Enhanced Suited for large topologies IGRP with 16 or more hops to reach a destination Distance information Based on a successor which is a neighboring router that has a least cost path to a destination that is Hello packets sent every 5 seconds as well as incremental updates sent when the state of a destination changes guaranteed to not be part of a routing loop RIP RIP is an associated protocol for IP and is widely used for routing protocol traffic over the Internet RIP is a distance vector routing protocol which means that it uses distance hop count as its metric for route selection Hop count is the number of routers that a packet must traverse to reach its destination For example if a particular route has a hop count of 2 then a packet must traverse two routers to reach its destination By default RIP routing updates are broadcast every 30 seconds You can reconfigure the interval at which the routing updates are broadcast You can also configure triggered extensions to RIP so that routing updates are sent only when the routing database is updated For more information on triggered extensions to RIP see the Cisco JOS Release 12 3 documentation set Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Sof
41. cycle for new config to take effect I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide Bi AppendixC ROM Monitor Hs Console Download Console Download amp You can use console download which is a ROM monitor function to download either a software image or a configuration file over the router console port After download the file is either saved to the mini flash memory module or to main memory for execution image files only Use console download when you do not have access to a TFTP server Note amp If you want to download a software image or a configuration file to the router over the console port you must use the ROM monitor dnld command Note If you are using a PC to download a Cisco IOS image over the router console port at 115 200 bps ensure that the PC serial port is using a 16550 universal asynchronous transmitter receiver UART If the PC serial port is not using a 16550 UART we recommend using a speed of 38 400 bps or less when downloading a Cisco IOS image over the console port Command Description Step 1 Step 2 The following are the syntax and descriptions for the xmodem console download command xmodem cyrx destination_file_name c Optional Performs the download using 16 bit cyclic redundancy check CRC 16 error checking to validate packets Default is 8 bit CRC y Optional Sets the router to perform the download using Y modem proto
42. emulation software to change settings for the router that is connected to the PC Configure the software to the following standard VT 100 emulation settings so that your PC can communicate with your router e 9600 baud e 8 data bits e No parity e 1 stop bit e No flow control These settings should match the default settings of your router To change the router baud data bits parity or stop bits settings you must reconfigure parameters in the ROM monitor For more information see the ROM Monitor section on page C 1 To change the router flow control setting use the flowcontrol command in global configuration mode For information on how to enter global configuration mode so that you can configure your router see the Entering Global Configuration Mode section on page A 5 Understanding Command Modes This section describes the Cisco IOS command mode structure Each command mode supports specific Cisco IOS commands For example you can use the interface type number command only from global configuration mode The following Cisco IOS command modes are hierarchical When you begin a router session you are in user EXEC mode e User EXEC e Privileged EXEC e Global configuration Table A 2 lists the command modes that are used in this guide describes how to access each mode shows the prompt for each mode and explains how to exit to a mode or enter another mode Because each mode configures different router elements y
43. encapsulation encapsulation type 5 ppp authentication protocoll protocol2 6 dialer pool number 7 dialer group group number 8 exit 9 dialer list dialer group protocol protocol name permit deny list access list number access group 10 ip route prefix mask interface type interface number DETAILED STEPS Command Purpose Step 1 interface dialer dialer rotary group number Creates a dialer interface numbered 0 to 255 and enters interface configuration mode Example Router config interface dialer 0 Router config if Step 2 ip address negotiated Specifies that the IP address for the interface is obtained through PPP IPCP IP Control Protocol Example address negotiation Router config if ip address negotiated Router config if Step 3 ip mtu bytes Sets the size of the IP maximum transmission unit MTU The default minimum is 128 bytes The Example maximum for Ethernet is 1492 bytes Router config if ip mtu 1492 Router config if Step 4 encapsulation encapsulation type Sets the encapsulation type to PPP for the data packets being transmitted and received Example Router config if encapsulation ppp Router config if Step 5 ppp authentication protocoll Sets the PPP authentication method to Challenge protocol2 Handshake Authentication Protocol CHAP Example For details about this command and additional es parameters that can be set see Cisco IOS Security Router config if ppp authentic
44. ip address 192 168 12 2 255725572550 Router config if Sets the IP address and subnet mask for the specified Gigabit Ethernet interface no shutdown Example Router config if no shutdown Router config if Enables the Ethernet interface changing its state from administratively down to administratively up exit Example Router config if exit Router config Exits configuration mode for the Gigabit Ethernet interface and returns to global configuration mode Configuring the Cellular Wireless WAN Interface The Cisco 819 ISRs provide a Third Generation 3G wireless interface for use over Global System for Mobile Communications GSM and code division multiple access CDMA networks The interface is a 34 millimetre embedded mini express card Its primary application is WAN connectivity as a backup data link for critical data applications However the 3G wireless interface can also function as the router s primary WAN connection To configure the 3G cellular wireless interface follow these guidelines and procedures e Prerequisites for Configuring the 3G Wireless Interface page 5 11 e Restrictions for Configuring the Cellular Wireless Interface page 5 11 e Data Account Provisioning page 5 12 e Configuring a Cellular Interface page 5 16 e Configuring DDR page 5 17 e Examples for Configuring Cellular Wireless Interfaces page 5 20 e Configuring Dual SIM for Cellular Networks p
45. ip nat statistics Total active translations 0 0 static 0 dynamic 0 extended Outside interfaces FastEthernet4 Inside interfaces Vlan1 Hits 0 Misses 0 CEF Translated packets 0 CEF Punted packets 0 Expired translations 0 Dynamic mappings Inside Source Id 1 access list 1 interface Dialer0 refcount 0 Queued Packets 0 Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 STEIN Chapter 11 Configuring PPP over Ethernet with NAT Hs Configuration Example Cisco 819 Series Integrated Services Routers Software Configuration Guide ua OL 23590 02 DHCP aeawenn Mae Configuring a LAN with DHCP and VLANs The Cisco 819 Integrated Services Routers ISRs support clients on both physical LANs and virtual LANs VLANs The routers can use the Dynamic Host Configuration Protocol DHCP to enable automatic assignment of IP configurations for nodes on these networks Figure 12 1 shows a typical deployment scenario with two physical LANs connected by the router and two VLANs Figure 12 1 Physical and Virtual LANs with DHCP Configured on the Cisco Router 92339 1 Fast Ethernet LAN with multiple networked devices 2 Router and DHCP server Cisco 819 ISR connected to the Internet 3 VLAN 1 4 VLAN 2 DHCP which is described in RFC 2131 uses a client server model for address allocation As an administrator you can confi
46. is 49 LOGIN Login Host Protocol 53 DOMAIN Domain name server 67 BOOTPS Bootstrap Protocol Server 68 BOOTPC Bootstrap Protocol Client 69 TFTP Trivial File Transfer Protocol 75 Any private dial out service I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide jg Appendix D Common Port Assignments Table D 1 Currently Assigned TCP and UDP Port Numbers continued Port Keyword Description 77 Any private RJE service 79 FINGER Finger 95 SUPDUP SUPDUP Protocol 101 HOST NAME Network interface card NIC hostname server 102 ISO TSAP ISO Transport Service Access Point TSAP 103 X400 X400 104 X400 SND X400 SND 111 SUNRPC Sun Microsystems Remote Procedure Call 113 AUTH Authentication service 117 UUCP PATH UNIX to UNIX Copy Protocol UUCP Path Service 119 NNTP Usenet Network News Transfer Protocol 123 NTP Network Time Protocol 126 SNMP Simple Network Management Protocol 137 NETBIOS NS NetBIOS name service 138 NETBIOS DGM NetBIOS datagram service 139 NETBIOS SSN NetBIOS session service 161 SNMP Simple Network Management Protocol 162 SNMP TRAP Simple Network Management Protocol traps 512 rexec UNIX remote execution control 513 TCP rlogin TCP UNIX remote login UDP TENO UDP UNIX broadcast name service 514 TCP rsh TCP UNIX remote shell UDP syslog UDP system log 515 Print
47. not initiate the backup link I OL 18906 02 Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide AppendixB Concepts E NAT NAT Network Address Translation NAT provides a mechanism for a privately addressed network to access registered networks such as the Internet without requiring a registered subnet address This mechanism eliminates the need for host renumbering and allows the same IP address range to be used in multiple intranets NAT is configured on the router at the border of an inside network a network that uses nonregistered IP addresses and an outside network a network that uses a globally unique IP address in this case the Internet NAT translates the inside local addresses the nonregistered IP addresses assigned to hosts on the inside network into globally unique IP addresses before sending packets to the outside network With NAT the inside network continues to use its existing private or obsolete addresses These addresses are converted into legal addresses before packets are forwarded onto the outside network The translation function is compatible with standard routing the feature is required only on the router connecting the inside network to the outside domain Translations can be static or dynamic A static address translation establishes a one to one mapping between the inside network and the outside domain Dynamic address translations
48. profile oe number gt TIMEOUT lt timeout value gt CONNECT Configures this line for GSM For CDMA chat script lt script name gt ATDT 777 lt profile number gt TIMEOUT lt timeout value gt CONNECT Configures this line for CDMA Example Router config chat script gsm ATDT 98 2 TIMEOUT 60 CONNECT f j Defines the Attention Dial Tone ATDT commands when the dialer is initiated Step 14 interface cellular 0 Specifies the cellular interface Example Router config interface cellular 0 Step 15 dialer string string Specifies the dialer script defined using the chat script command Example Router config dialer string gsm Cisco 819 Series Integrated Services Router Software Configuration Guide oL 23590 02 a 5 19 Chapter 5 Basic Router Configuration Configuring WAN Interfaces Examples for Configuring Cellular Wireless Interfaces This section provides the following configuration examples e Basic Cellular Interface Configuration page 5 20 e Tunnel over Cellular Interface Configuration page 5 21 e Configuration for 8705 modem page 5 21 Basic Cellular Interface Configuration The following example shows how to configure a gsm cellular interface to be used as a primary WAN connection It is configured as the default route chat script gsm ATDT 98 2 TIMEOUT 60 I interface Cellular0 ip address negotiated encapsulation ppp dialer in band dialer string gsm dialer group 1
49. pushed during the bootup during bootup Off After powering up when FPGA is being downloaded in ROMMON ACT Green Network activity on FE Switch ports GE WAN port 3G cellular interface and serial interfaces Off No network activity WWAN Green Module is powered on and connected but not transmitting or receiving Green slow blinking Module is powered on and searching for connection Green fast blinking Module is transmitting or receiving Off Module is not powered GPS Green solid Standalone GPS Green slow blinking GPS is acquiring Yellow solid Assisted GPS Yellow slow blinking Assisted GPS is acquiring Off GPS is not configured Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 _ Chapter 2 Wireless Device Overview LEDs W Table 2 1 3G LED Descriptions continued LED Color Description RSSI Green solid Signal gt 60 Very strong signal Green four blinks and Signal lt 60 to 74 then a long pause Strong signal Green two blinks and Signal lt 75 to 89 then a long pause Fair signal Green one blink and Signal lt 90 to 109 then a long pause Marginal signal Off Signal lt 110 Unusable signal SIM 2 Green Yellow one SIM in slot 0 active SIM in slot 1 is not green blink followed by two yellow blinks Yellow Green one SIM in slot 1 active SIM in slot 0 is not
50. serial interfaces using Frame Relay encapsulation For each encapsulation type a certain number of keepalives ignored by a peer triggers the serial interface to transition to the down state For HDLC encapsulation three ignored keepalives causes the interface to be brought down For PPP encapsulation five ignored keepalives causes the interface to be brought down ECHOREQ packets are sent out only when LCP negotiation is complete for example when LCP is open Use the keepalive command in interface configuration mode to set the frequency at which LCP sends ECHOREQ packets to its peer To restore the system to the default keepalive interval of 10 seconds use the keepalive command with the no keyword To disable keepalives use the keepalive disable command For both PPP and Cisco HDLC a keepalive of 0 disables keepalives and is reported in the show running config command output as keepalive disable When LCP is running on the peer and receives an ECHOREQ packet it responds with an ECHOREP packet regardless of whether keepalives are enabled on the peer Keepalives are independent between the two peers One peer end can have keepalives enabled the other end can have them disabled Even if keepalives are disabled locally LCP still responds with ECHOREP packets to the ECHOREQ packets it receives Similarly LCP also works if the period of keepalives at each end is different Frame Relay Encapsulation When Frame Relay encapsulation is ena
51. the Cisco 819 ISR Restrictions for Configuring the Cellular Wireless Interface The following restrictions apply to configuring the Cisco 3G wireless interface A data connection can be originated only by the 3G wireless interface Remote dial in is not supported Because of the shared nature of wireless communications the experienced throughput varies depending on the number of active users or the amount of congestion in a given network Cellular networks have higher latency than wired networks Latency rates depend on the technology and carrier Latency may be higher when there is network congestion VoIP is currently not supported Any restrictions that are part of the terms of service from your carrier also apply to the Cisco 3G wireless interface Inserting a different type of modem from what was previously removed requires configuration changes and you must reload the system I OL 23590 02 Cisco 819 Series Integrated Services Router Software Configuration Guide gy Chapter5 Basic Router Configuration HI Configuring WAN Interfaces Data Account Provisioning amp Note To provision your modem you must have an active wireless account with a service provider A SIM card must be installed in a GSM 3G wireless card To provision your data account follow these procedures e Verifying Signal Strength and Service Availability page 5 12 e Configuring a GSM Modem Data Profile page 5 13 e CDMA Modem Activati
52. the interface is in synchronous mode interface serial 2 physical layer sync ip address 10 0 0 2 255 0 0 0 no keepalive ignore dcd nrzi encoding no shutdown Half Duplex Timers Example The following example shows how to set the cts delay timer to 1234 ms and the transmit delay timer to 50 ms interface serial 2 half duplex timer cts delay 1234 half duplex timer transmit delay 50 Cisco 819 Series Integrated Services Routers Software Configuration Guide x OL 23590 02 CHAPTER Configuring Security Features This chapter provides an overview of authentication authorization and accounting AAA which is the primary Cisco framework for implementing selected security features that can be configured on the Cisco 819 Integrated Services Routers ISRs This chapter contains the following sections e Authentication Authorization and Accounting page 9 1 e Configuring AutoSecure page 9 2 e Configuring Access Lists page 9 2 e Configuring Cisco IOS Firewall page 9 3 e Configuring Cisco IOS IPS page 9 4 e URL Filtering page 9 4 e Configuring VPN page 9 4 Authentication Authorization and Accounting AAA network security services provide the primary framework through which you set up access control on your router Authentication provides the method of identifying users including login and password dialog challenge and response messaging support and depending on the security protocol you choose encryption Au
53. the remote LAN are invisible to the Internet The Easy IP Phase 1 feature combines NAT and PPP IPCP With NAT the router translates the nonregistered IP addresses used by the LAN devices into the globally unique IP address used by the dialer interface The ability of multiple LAN devices to use the same globally unique IP address is known as overloading NAT is configured on the router at the border of an inside network a network that uses nonregistered IP addresses and an outside network a network that uses a globally unique IP address in this case the Internet With PPP IPCP Cisco routers automatically negotiate a globally unique registered IP address for the dialer interface from the ISP router OL 18906 02 _ Appendix B Concepts Easy IP Phase 2 W Easy IP Phase 2 QoS The Easy IP Phase 2 feature combines Dynamic Host Configuration Protocol DHCP server and relay DHCP is a client server protocol that enables devices on an IP network the DHCP clients to request configuration information from a DHCP server DHCP allocates network addresses from a central pool on an as needed basis DHCP is useful for assigning IP addresses to hosts that are temporarily connected to the network or for sharing a limited pool of IP addresses among a group of hosts that do not need permanent IP addresses DHCP frees you from having to assign an IP address to each client manually DHCP configures the router to forward User
54. use Cisco IOS software can save you time when you are configuring your router This appendix contains the following sections which provide basic information Configuring the Router from a PC page A 1 Understanding Command Modes page A 2 Getting Help page A 4 Enable Secret Passwords and Enable Passwords page A 5 Entering Global Configuration Mode page A 5 Using Commands page A 6 Saving Configuration Changes page A 7 Summary page A 7 Where to Go Next page A 7 If you are already familiar with Cisco IOS software go to the following chapter Basic Router Configuration page 5 1 Configuring the Router from a PC You can configure your router from a PC that is connected through the console port by using terminal emulation software The PC uses this software to send commands to your router Table A 1 lists some common types of terminal emulation software that you can use depending on the operating system that you are running I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide jg Appendix A Cisco 10S Software Basic Skills Understanding Command Modes Table A 1 Types of Terminal Emulation Software PC Operating System Terminal Emulation Software Windows 95 Windows 98 Windows 2000 HyperTerm included with Windows software Windows NT Windows XP ProComm Plus Windows 3 1 Terminal included with Windows software Macintosh ProComm VersaTerm You can use the terminal
55. via 2 2 2 1 00 00 02 Ethernet0 0 Configuring Enhanced Interior Gateway Routing Protocol To configure Enhanced Interior Gateway Routing Protocol EIGRP perform these steps beginning in global configuration mode SUMMARY STEPS 1 router eigrp as number 2 network ip address 3 end Cisco 819 Series Integrated Services Router Software Configuration Guide 5 30 U OL 23590 02 Chapter 5 Basic Router Configuration DETAILED STEPS Example Step 1 Step 2 Step 3 Configuring Dynamic Routes W Command Purpose router eigrp as number Enters router configuration mode and enables EIGRP on the router The autonomous system Example number identifies the route to other EIGRP routers Router config router eigrp 109 and is used to tag the EIGRP information Router config network ip address Specifies a list of networks on which EIGRP is to be applied using the IP address of the network of Example directly connected networks Router config network 192 145 1 0 Router config network 10 10 12 115 Router config end Exits router configuration mode and enters privileged EXEC mode Example Router config router end Router For general information on EIGRP concept see the Enhanced IGRP section on page B 3 The following configuration example shows the EIGRP routing protocol enabled in IP networks 192 145 1 0 and 10 10 12 115 The EIGRP autonomous system number is 109
56. with the signaling used optionally IP Precedence enables service classes to be established using existing network queuing mechanisms such as class based weighted fair queueing CBWFQ with no changes to existing applications or complicated network requirements PPP Fragmentation and interleaving With multiclass multilink PPP interleaving large packets can be multilink encapsulated and fragmented into smaller packets to satisfy the delay requirements of real time voice traffic small real time packets which are not multilink encapsulated are transmitted between fragments of the large packets The interleaving feature also provides a special transmit queue for the smaller delay sensitive packets enabling them to be transmitted earlier than other flows Interleaving provides the delay bounds for delay sensitive voice packets on a slow link that is used for other best effort traffic In general multilink PPP with interleaving is used in conjunction with CBWFQ and RSVP or IP Precedence to ensure voice packet delivery Use multilink PPP with interleaving and CBWFQ to define how data is managed use Resource Reservation Protocol RSVP or IP Precedence to give priority to voice packets CBWFO In general class based weighted fair queuing CBWFQ is used in conjunction with multilink PPP and interleaving and RSVP or IP Precedence to ensure voice packet delivery CB WFQ is used with multilink PPP to define how data is managed RSVP or IP Precedenc
57. your privileged EXEC exit or end command or router globally mode press Ctrl Z From this mode you can access the e To enter interface following modes configuration mode e Interface configuration enter the interface command e Router configuration e Line configuration Interface Enter the interface Router e To exit to global Use this mode to configure configuration command with a config if configuration mode parameters for the router Ethernet specific interface such enter the exit command jand serial interfaces or A o atm 0 e To exit to privileged subinterfaces eee EXEC mode enter the configuration mode end command or press Ctrl Z e To enter subinterface configuration mode specify a subinterface by using the interface command Cisco 819 Integrated Services Routers Software Configuration Guide oL 18906 02 EN Appendix A Cisco 10S Software Basic Skills W Getting Help Table A 2 Command Modes Summary continued Mode Access Method Prompt Mode Exit and Entrance About This Mode Router Enter one of the router Router e To exit to global Use this mode to configure an IP configuration commandsfollowedby comfig configuration mode routing protocol the appropriate aa enter the exit command ee aS example e To exit to privileged router Ep rom EXEC mode enter the global configuration d end command or press poa Ctrl Z Line Enter the line Router e To exit to global Use this mode to configure configurati
58. 0 will override 80 if dial backup has not timed out Use multiple routes because peer IP addresses are alternated among them when the CPE is connected ip route 0 0 0 0 0 0 0 0 64 161 31 254 50 ip route 0 0 0 0 0 0 0 0 66 125 91 254 50 ip route 0 0 0 0 0 0 0 0 64 174 91 254 50 ip route 0 0 0 0 0 0 0 0 63 203 35 136 80 E Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter6 Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port W ip route 0 0 0 0 0 0 0 0 63 203 35 137 80 ip route 0 0 0 0 0 0 0 0 63 203 35 138 80 ip route 0 0 0 0 0 0 0 0 63 203 35 139 80 ip route 0 0 0 0 0 0 0 0 63 203 35 140 80 ip route 0 0 0 0 0 0 0 0 63 203 35 141 80 ip route 0 0 0 0 0 0 0 0 Dialer1 150 no ip http server ip pim bidir enable PC IP address behind CPE access list 101 permit ip 192 168 0 0 0 0 255 255 any access list 103 permit ip 192 168 0 0 0 0 255 255 any Watch multiple IP addresses because peers are alternated among them when the CPE is connected dialer watch list 1 ip 64 161 31 254 255 255 255 255 dialer watch list 1 ip 64 174 91 254 255 255 255 255 dialer watch list 1 ip 64 125 91 254 255 255 255 255 Dial backup will kick in if primary link is not available 5 minutes after CPE starts up dialer watch list 1 delay route check initial 300 dialer list 1 protocol ip permit I Direc
59. 002 Translational Bridged VLAN 1003 VLAN ISL Id 2 Name VLANO002 Media Type Ethernet VLAN 802 10 Id 100002 State Operational MTU 1500 VLAN ISL Id 3 Name red vlan Media Type Ethernet VLAN 802 10 Id 100003 State Operational MTU 1500 VLAN ISL Id 1002 Name fddi default Media Type FDDI VLAN 802 10 Id 101002 State Operational MTU 1500 Bridge Type SRB Translational Bridged VLAN 1 Translational Bridged VLAN 1003 VLAN ISL Id 1003 Name token ring default Media Type Token Ring VLAN 802 10 Id 101003 State Operational MTU 1500 Bridge Type SRB Ring Number 0 Bridge Number 1 Parent VLAN 1005 Maximum ARE Hop Count 7 Maximum STE Hop Count 7 Backup CRF Mode Disabled Translational Bridged VLAN 1 Translational Bridged VLAN 1002 VLAN ISL Id 1004 Name fddinet default Media Type FDDI Net VLAN 802 10 Id 101004 State Operational MTU 1500 Bridge Type SRB Bridge Number 1 STP Type IBM VLAN ISL Id 1005 Name trnet default Cisco 819 Integrated Services Routers Software Configuration Guide P28 W OL 23590 02 Chapter 12 Configuring a LAN with DHCP and VLANs Rout Media Type Token Ring Net VLAN 802 10 Id 101005 State Operational MTU 1500 Bridge Type SRB Bridge Number 1 STP Type IBM er show vlan switch Name default VLANO0002 fddi default token ring default fddinet default trnet default Status active
60. 1 General Description 1 1 SKU Information 1 3 New Features 1 3 3G Features 1 3 WLAN Features 1 4 4G LTE Features 1 4 Platform Features 1 4 Security Features 1 4 cuapter 2 Wireless Device Overview 2 1 ScanSafe 2 1 TFTP support with Ethernet WAN interface 2 2 LEDs 2 2 CHAPTER 3 Wireless Local Area Network 3 1 WLAN Features 3 1 Dual Radio 3 1 Images Supported 3 2 CleanAir Technology 3 2 Dynamic Frequency Selection 3 2 LEDs 32 3 3 CHAPTER 4 4G LTE Wireless WAN 4 1 CHAPTER 5 Basic Router Configuration 5 1 Interface Ports 5 2 Default Configuration 5 2 Information Needed for Configuration 5 3 Configuring Command Line Access 5 5 Example 5 7 Configuring Global Parameters 5 8 Cisco 819 Series Integrated Services Routers Software Configuration Guide I OL 23590 02 E Contents Configuring WAN Interfaces 5 9 Configuring a Gigabit Ethernet WAN Interface 5 9 Configuring the Cellular Wireless WAN Interface 5 10 Prerequisites for Configuring the 3G Wireless Interface 5 11 Restrictions for Configuring the Cellular Wireless Interface 5 11 Data Account Provisioning 5 12 Configuring a Cellular Interface 5 16 Configuring DDR 5 17 Examples for Configuring Cellular Wireless Interfaces 5 20 Configuring Dual SIM for Cellular Networks 5 22 Configuring Router for Image and Config Recovery Using Push Button 5 23 Output When Button Is Not Pushed Example 5 24 Output When Button Is Pushed Example 5 24 Push Button in WLAN AP 5 25
61. 1 ISRs Any command syntax that specifies an interface number supports the Cisco 891 ISRs slot port syntax Cisco 819 Series Integrated Services Routers Software Configuration Guide 8 8 OL 23590 02 Chapter8 Configuring the Serial Interface How to Configure Serial Interfaces W Configuring Compression of HDLC Data You can configure point to point software compression on serial interfaces that use HDLC encapsulation Compression reduces the size of a HDLC frame via lossless data compression The compression algorithm used is a Stacker LZS algorithm Compression is performed in software and might significantly affect system performance We recommend that you disable compression if CPU load exceeds 65 percent To display the CPU load use the show process cpu EXEC command If the majority of your traffic is already compressed files you should not use compression To configure compression over HDLC use the following commands in interface configuration mode SUMMARY STEPS 1 encapsulation hdlc 2 compress stac DETAILED STEPS Command or Action Purpose Step1 encapsulation hdlc Enables encapsulation of a single protocol on the serial line Example Router config if encapsulation hdlc Step2 compress stac Enables compression Example Router config if compress stac Using the NRZI Line Coding Format SUMMARY STEPS The nonreturn to zero NRZ and nonreturn to zero inverted NRZI formats are sup
62. 3 of IGMP snooping IGMPv3 provides support for source filtering which enables a multicast receiver host to signal to a router which groups the receiver host wants to receive multicast traffic from and from which sources this traffic is expected Enabling the IGMPv3 feature with IGMP snooping on Cisco ISRs provides Basic IGMPv3 Snooping Support BISS BISS provides constrained flooding of multicast traffic in the presence of IGMPv3 hosts This support constrains traffic to approximately the same set of ports as IGMPv2 snooping does with IGMPv2 hosts The constrained flooding only considers the destination multicast address For information on the concept of storm control see Storm Control Fallback Bridging For information on the concept of fallback bridging see Fallback Bridging Overview of SNMP MIBs Simple Management Network Protocol SNMP development and use is centered around the Management Information Base MIB An SNMP MIB is an abstract data base and it is a conceptual specification for information that a management application may read and modify in a certain form This does not imply that the information is kept in the managed system in that same form The SNMP agent translates between the internal data structures and formats of the managed system and the external data structures and formats defined for the MIB The SNMP MIB is conceptually a tree structure with conceptual tables Cisco Layer 2 Switching Interface MIB is discus
63. AP When the push button on the front panel is pressed WLAN AP will perform both image and configuration recovery To perform image recovery WLAN will go into the boot loader so that the user can download the image from the bootloader prompt To perform configuration recovery WLAN AP will overwrite the contents of flash config txt with the contents of flash cpconfig ap802 cfg file if available in flash drive Otherwise flash config txt will be deleted Configuring the Fast Ethernet LAN Interfaces The Fast Ethernet LAN interfaces on your router are automatically configured as part of the default VLAN and are not configured with individual addresses Access is provided through the VLAN You may assign the interfaces to other VLANs if you want For more information about creating VLANs see the Configuring the Ethernet Switches section on page 10 1 Configuring a Loopback Interface The loopback interface acts as a placeholder for the static IP address and provides default routing information Perform these steps to configure a loopback interface beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 ip address ip address mask 3 exit Cisco 819 Series Integrated Services Router Software Configuration Guide oL 23590 02 E 525 Chapter5 Basic Router Configuration HZ Configuring a Loopback Interface DETAILED STEPS Example Step 1 Step 2 Step 3 Command Purpose
64. Data Link Control SDLC e SMDS e Cisco Serial Tunnel STUN e Cisco Bisync Serial Tunnel BSTUN e X 25 based encapsulations To define the encapsulation method use the following command in interface configuration mode Command Purpose Router config if encapsulation hdle frame relay Configures synchronous serial encapsulation ppp sdlc primary sdlc secondary smds stun x25 bstun Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 a 87 Chapter8 Configuring the Serial Interface HZ How to Configure Serial Interfaces amp Note You cannot use the physical layer async command for frame relay encapsulation Encapsulation methods are set according to the type of protocol or application you configure in the Cisco IOS software e PPP is described in Configuring Media Independent PPP and Multilink PPP e The remaining encapsulation methods are defined in their respective books and chapters describing the protocols or applications Serial encapsulation methods are also discussed in the Cisco IOS Interface and Hardware Component Command Reference under the encapsulation command By default synchronous interfaces operate in full duplex mode To configure an SDLC interface for half duplex mode use the following command in interface configuration mode Command Purpose Router config if half duplex Configures an SDLC interface for half duplex mode Bin
65. Datagram Protocol UDP broadcasts including IP address requests from DHCP clients DHCP allows for increased automation and fewer network administration problems by e Eliminating the need for the manual configuration of individual computers printers and shared file systems e Preventing the simultaneous use of the same IP address by two clients e Allowing configuration from a central site This section describes quality of service QoS parameters including the following e IP Precedence page B 8 e PPP Fragmentation and Interleaving page B 8 e CBWFQ page B 8 e RSVP page B 8 e Low Latency Queuing page B 9 QoS refers to the capability of a network to provide better service to selected network traffic over various technologies including ATM Ethernet and IEEE 802 1 networks and IP routed networks that may use any or all of these underlying technologies Primary goals of QoS include dedicated bandwidth controlled jitter and latency required by some real time and interactive traffic and improved loss characteristics QoS technologies provide the elemental building blocks for future business applications in campus WAN and service provider networks QoS must be configured throughout your network not just on your router running VoIP to improve voice network performance Not all QoS techniques are appropriate for all network routers Edge routers and backbone routers in your network do not necessarily perform the same operations th
66. E HE FHE HE HE FHE HE HE FHE HE HE HE FE HE HE HE HE HE HE HE H Ha E HE HE HE HE HE HE HE FE HE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE FE HE HE FE HE HE HE HE FE HE FE FE HE HE FE HE FE FE HE HE FE HE FE HE HE FE HE HE FE HE FHE HE HE HE HE HE FE HE HE E HE HE HE HE FHE HE HE HH HE HE HE HE HE HE HE H Ht HE HE HE HE HE HE HE HE FE HE HE HE HE HE HE HE HE HE HE E HE HE FE HE HE FE HE HE HE HE HE HE HE FE HE HE FE HE FE FE HE FE FE HE HE FE HE HE FE HE FE HE HE FE HE HE HE HE a HE HE HE HE E HE HE HE HE FHE HE HE HE HE HE HE HE HE HE HE H EHE HE HE HE HE HE HE HE HE E HE HE E HE HE E HE HE E HE FE HE HE E E E E E E E E EEEE AERE EREEREER OK No sreloc section Smart Init is enabled smart init is sizing iomem TYPE MEMORY_REQ Onboard devices amp buffer pools 0x020ECECO TOTAL 0x020ECECO Rounded IOMEM up to 32Mb Using 3 percent iomem 32Mb 896Mb Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 cisco Systems Inc 170 West Tasman Drive San Jose California 95134 1706 Cisco IOS Software C800 Software C800 UNIVERSALK9 M Version 15 2 3 16 M0 1 MAINTENANCE INTERIM SOFTWARE Technical Support http www cisco com techsupport
67. EC mode Example Router config router end Router For general information on RIP see the RIP section on page B 2 Cisco 819 Series Integrated Services Router Software Configuration Guide I oL 23590 02 E 5 29 Chapter5 Basic Router Configuration Hs Configuring Dynamic Routes Example The following configuration example shows RIP version 2 enabled in IP network 10 0 0 0 and 192 168 1 0 To see this configuration use the show running config command from privileged EXEC mode Router show running config router rip version 2 network 10 0 0 0 network 192 168 1 0 no auto summary Verifying Configuration To verify that you have properly configured RIP enter the show ip route command and look for RIP routes signified by R You should see a verification output like the following example Router show ip route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 i IS IS su IS IS summary L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets 10 108 1 0 is directly connected Loopback0o R 3 0 0 0 8 120 1
68. Hs Configuring VPN DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Step7 Command or Action Purpose crypto isakmp policy priority Example Router config crypto isakmp policy 1 Router config isakmp Creates an IKE policy that is used during IKE negotiation The priority is a number from 1 to 10000 with 1 being the highest Also enters the Internet Security Association Key and Management Protocol ISAKMP policy configuration mode encryption des 3des aes aes 256 aes 192 Example Router config isakmp encryption 3des Router config isakmp Specifies the encryption algorithm used in the IKE policy The example specifies 168 bit data encryption standard DES hash md5 sha Example Router config isakmp hash md5 Router config isakmp Specifies the hash algorithm used in the IKE policy The example specifies the Message Digest 5 MDS algorithm The default is Secure Hash standard SHA 1 authentication rsa sig rsa encr pre share Example Router config isakmp authentication pre share Router config isakmp Specifies the authentication method used in the IKE policy The example specifies a pre shared key group 1 2 5 Example Router config isakmp group 2 Router config isakmp Specifies the Diffie Hellman group to be used in an IKE policy lifetime seconds Example Router co
69. IMPLIED INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and or its affiliates in the U S and other countries To view a list of Cisco trademarks go to this URL www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1110R Any Internet Protocol IP addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers Any examples command display output network topology diagrams and other figures included in the document are shown for illustrative purposes only Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental Cisco 819 Series Integrated Services Routers Software Configuration Guide 2013 Cisco Systems Inc All rights reserved CONTENTS cHapTeER 1 Product Overview 1
70. Interface FastEthernet2 changed state to up Jul 13 23 01 01 375 LINK 3 UPDOWN Interface FastEthernet3 changed state to up Jul 13 23 01 02 091 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 changed state to up Jul 13 23 01 02 527 changed state to up Jul 13 23 01 02 527 changed state to up Jul 13 23 01 02 527 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet3 changed state to up Jul 13 23 01 07 811 SSECONDCORE 5 BOOTSTAGE ROMMON on 2nd core UP Jul 13 23 01 07 915 SSECONDCORE 5 BOOTSTAGE AP BOOTLOADER on 2nd core UP Jul 13 23 01 09 687 CISCO800 6 SIM_STATUS SIM in slot 1 is not present router gt oe LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernetl1 oe LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet2 router gt router gt router gt en router router router router Jul 13 23 01 17 063 CISCO800 2 MODEM_DOWN Cellular0O modem is now DOWN sh router sh pla router sh platform ver router sh platform versions Platform Revisions Versions FPGA 1 02 Val 0x12 Env Rev 4 5 Val 0x405 Rework Rev 00 00 00 00 00 00 CPU Name P1021SEC CPU Ver Fa banal Val SVR 0x80EC0311 Core Rev ty YBa Val PVR 0x80212051 CCB CLOCK 269 MHz IOS Cisco IOS Software C800 Software C800 UNIVERSALK9 M Version 15 2 3 16 M0 1 MAINTENANCE INTERIM SOFTWARE Technical Support http www cisco com techsupport Copyright
71. LTE and have embedded Sierra Wireless multimode modem Cisco 819 ISR is used to refer to Cisco 819G Cisco 819HG Cisco 819H Cisco 819HWD Cisco 819HGW Cisco 819HG 4G and Cisco 819G 4G ISRs unless specifically called out otherwise I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide gy Chapter1 Product Overview HI General Description Figure 1 1 shows the Cisco 819HG ISR Figure 1 1 Cisco 819HG Integrated Services Router Figure 1 2 shows the Cisco 819HGW ISR Figure 1 2 Cisco 819HGW Integrated Services Router Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter1 Product Overview SKU Information SKU Information For the complete list of SKUs available in Cisco 819 ISRs see SKU Information New Features This section lists the software platform and security features supported by the Cisco 819 ISRs amp 3G Features page 1 3 WLAN Features page 1 4 4G LTE Features page 1 4 Platform Features page 1 4 Security Features page 1 4 Note The WAAS Express feature is not supported This feature will be supported for 3G and 4G interfaces with later IOS releases 3G Features Modem control and management Asynchronous transport AT command set Wireless Host Interface Protocol WHIP Control and Status CNS for out of band modem control and status Diagnostic Monitor DM logging Ac
72. NE lgm Lee ED gree ons eee Internet Naming Service WINS servers Router config isakmp group M for the group by using the wins command Step 4 domain name Specifies group domain membership Example Router config isakmp group domain company com Router config isakmp group Cisco 819 Integrated Services Routers Software Configuration Guide oL 23590 02 EEN Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Hs Configuration Tasks Step5 Step 6 Command or Action Purpose exit Example Router config isakmp group exit Router config Exits IKE group policy configuration mode and enters global configuration mode ip local pool default poolname low ip address high ip address Example Router config ip local pool dynpool 30 30 30 20 30 30 30 30 Router config Specifies a local address pool for the group For details about this command and additional parameters that can be set see Cisco IOS Dial Technologies Command Reference Apply Mode Configuration to the Crypto Map SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Perform these steps to apply mode configuration to the crypto map beginning in global configuration mode 1 crypto map map name isakmp authorization list list name 2 crypto map fag client configuration address initiate respond Command or Action Purpose crypto map map name isakmp authorization li
73. NK ENABLE LED OFF OFF OFF OFF SPEED LED Unknown Unknown Unknown Unknown PORT GE WANO LINK ENABLE LED OFF SPEED LED Unknown The following is a sample output from the show controllers cellular command showing the 3G LED status router show controllers cellular 0 Interface Cellular0O 3G Modem QuadBand HSPA R7 HSPA UMTS QuadBand EDGE GPRS Global and GPS Cellular modem configuration GSM Carrier Type Cellular GSM Global SKU PRI Value 9900198 Modem is recognized as valid manufacture id 0x00001199 product id 0x000068A3 Sierra Wireless Mini Card MC8705 HSPA R7 modem Cellular Dual SIM details SIM 0 is present SIM 0 is active SIM Modem Management Statistics Modem resets 2 Last known modem state application mode Packets sent 2508 Packets received 44621 Packets pending 0 DIP MDM link status retry count 0 pdp context 0 DIP MDM link up pending 0 pdp context 0 IDB Cellular0O DIP profile id 255 RSSI LED 3 blink Green lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt Service LED 3 blink Green lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt SIM LED Slot0O Green Slot1 Off lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt lt
74. Policy Information 9 9 Apply Mode Configuration to the Crypto Map Enable Policy Lookup 9 11 Configure IPSec Transforms and Protocols 9 12 Configure the IPSec Crypto Method and Parameters Apply the Crypto Map to the Physical Interface Where to Go Next 9 14 Create a Cisco Easy VPN Remote Configuration 9 15 Configuration Example 9 16 Configure a Site to Site GRE Tunnel 9 17 Configuration Example 9 19 Configuring the Ethernet Switches 10 1 Switch Port Numbering and Naming 10 1 Restrictions for the FE Switch 10 1 Information About Ethernet Switches 10 2 VLANs and VLAN Trunk Protocol 10 2 Layer 2 Ethernet Switching 10 2 802 1x Authentication 10 2 Spanning Tree Protocol 10 2 Cisco Discovery Protocol 10 2 Switched Port Analyzer 10 3 IGMP Snooping 10 3 Storm Control 10 3 Fallback Bridging 10 3 Overview of SNMP MIBs 10 3 BRIDGE MIB for Layer 2 Ethernet Switching 10 4 Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 MAC Address Notification 10 5 How to Configure Ethernet Switches 10 6 Configuring VLANs 10 6 VLANs on the FE Ports 10 6 VLANs on the GE Port 10 7 Configuring Layer 2 Interfaces 10 7 Configuring 802 1x Authentication 10 8 Configuring Spanning Tree Protocol 10 8 Configuring MAC Table Manipulation 10 9 Configuring Cisco Discovery Protocol 10 9 Configuring the Switched Port Analyzer 10 10 Configuring IP Multicast Layer 3 Switching 10 10 Configuring IGMP Snooping 10 10 Conf
75. ROM Monitor Disaster Recovery with TFTP Download W Jul 13 23 00 57 303 SYS 6 LOGGINGHOST_STARTSTOP Logging to host 100 100 100 100 port 520 started CLI initiated Jul 13 23 00 58 059 SLINK 3 UPDOWN Interface FastEthernet0 changed state to up Jul 13 23 00 58 079 SLINK 3 UPDOWN Interface FastEthernetl changed state to up Jul 13 23 00 58 099 SLINK 3 UPDOWN Interface FastEthernet2 changed state to up Jul 13 Jul 13 23 00 58 123 LINK 3 UPDOWN Interface Wlan GigabitEthernet0 changed state to up 23 00 58 111 LINK 3 UPDOWN Interface FastEthernet3 changed state to up Jul 13 23 00 59 059 changed state to down Jul 13 23 00 59 079 LIN changed state to down Jul 13 23 00 59 123 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet2 changed state to down Jul 13 23 00 59 123 LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet3 changed state to down Jul 13 23 00 59 123 LINEPROTO 5 UPDOWN Line protocol on Interface wlan GigabitEthernet0 changed state to up LINEPROTO 5 UPDOWN Line protocol on Interface FastEthernet0 7 PROTO 5 UPDOWN Line protocol on Interface FastEthernet1 2 Jul 13 23 00 59 883 DTP 5 TRUNKPORTON Port Fa3 has become dotlq trunk Jul 13 23 01 01 091 SLINK 3 UPDOWN Interface FastEthernet0 changed state to up Jul 13 23 01 01 231 LINK 3 UPDOWN Interface FastEthernet1 changed state to up Jul 13 23 01 01 259 LINK 3 UPDOWN
76. TFEEFEE OXEEEELFEE Oxffffffff OXELELEFEE Oxffffffff LR DSISR IMMR R3 R7 R11 R15 R19 R23 R27 R31 0x80113694 Oxffffffff OXEFEEEEET 0x00000000 0x80570000 0x00000000 Oxffffffff OXEFEEEEEFE OXEFEFETEF Oxffffffff Oxffffffff e sysret Displays return information from the last booted system image This information includes the reason for terminating the image a stack dump of up to eight frames and if an exception is involved the address where the exception occurred for example rommon 8 gt sysret System Return Info on user break count 19 A reas pc 0x801111b0 Stack Trace FP 0x80005ea8 FP 0x80005eb4 FP 0x80005f74 error address PC 0x801111b0 PC 0x80113694 PC 0x8010eb44 0x801111b0 I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide Bi AppendixC ROM Monitor HI Exiting the ROM Monitor FP 0x80005f9c PC 0x80008118 FP 0x80005fac PC 0x80008064 FP 0x80005fc4 PC Oxfff 03d70 FP 0x80005ffc PC 0x00000000 FP 0x00000000 PC 0x00000000 e meminfo Displays size in bytes starting address available range of main memory the starting point and size of packet memory and size of NVRAM for example rommon 9 gt meminfo Main memory size 40 MB Available main memory starts at 0x10000 size 40896KB IO packet memory size 5 percent of main memory NVRAM size 32KB Exiting the ROM Monitor You must set the configuration re
77. To obtain or change software licenses e See Software Activation on Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 Cisco 819 Series Integrated Services Router Software Configuration Guide a OL 23590 02 Chapter5 Basic Router Configuration Configuring Command Line Access W Configuring Command Line Access To configure parameters to control access to the router perform the following steps beginning in global configuration mode SUMMARY STEPS 1 line aux console tty vty Jine number password password login exec timeout minutes seconds line aux console tty vty Jine number password password login o Nn os FSF Y DN end Cisco 819 Series Integrated Services Router Software Configuration Guide oL 23590 02 g 5s Chapter 5 HI Configuring Command Line Access DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Command Purpose line aux console tty vty line number Example Router config line console 0 Router config line Enters line configuration mode and specifies the type of line This example specifies a console terminal for access password password Example Router config password 5dr4Hepw3 Router config line Specifies a unique password for the console terminal line login Example Router config line login Router config line Enables password checking at termi
78. VPN tunnel is established with the second available peer When the primary peer comes up again the tunnel is re established with the primary peer Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 g ois Chapter9 Configuring Security Features Hs Configuring VPN Step 4 Step5 Step 6 Step7 Step 8 Step 9 Command or Action Purpose mode client network extension network extension plus Example Router config crypto ezvpn mode client Router config crypto ezvpn Specifies the VPN mode of operation exit Example Router config crypto ezvpn exit Router config Returns to global configuration mode crypto isakmp keepalive seconds Example Router config crypto ezvpn crypto isakmp keepalive 10 Router config Enables dead peer detection messages Time between messages is given in seconds with a range of 10 to 3600 interface type number Example Router config interface fastethernet 4 Router config if Enters the interface configuration mode for the interface to which you want the Cisco Easy VPN remote configuration applied For routers with an ATM WAN interface this command would be interface atm 0 Note crypto ipsec client ezvpn name outside inside Example Router config if crypto ipsec client ezvpn ezvpnclient outside Router config if Assigns the Cisco Easy VPN r
79. a Synchronous Serial Interface 8 7 Specifying Synchronous Serial Encapsulation 8 7 Configuring PPP 8 8 Configuring Half Duplex and Bisync for Synchronous Serial Port Adapters on Cisco 819 ISRs 8 8 Configuring Compression of HDLC Data 8 9 Using the NRZI Line Coding Format 8 9 Enabling the Internal Clock 8 10 Inverting the Transmit Clock Signal 8 10 Setting Transmit Delay 8 11 Configuring DTR Signal Pulsing 8 11 Ignoring DCD and Monitoring DSR as Line Up Down Indicator 8 11 Specifying the Serial Network Interface Module Timing 8 12 Configuring Low Speed Serial Interfaces 8 14 Understanding Half Duplex DTE and DCE State Machines 8 14 Changing Between Synchronous and Asynchronous Modes 8 18 Configuration Examples 8 19 Interface Enablement Configuration Examples 8 19 Low Speed Serial Interface Examples 8 20 Synchronous or Asynchronous Mode Examples 8 20 Half Duplex Timers Example 8 20 CHAPTER 9 Configuring Security Features 9 1 Authentication Authorization and Accounting 9 1 Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 E E Contents cHAPTER 10 Configuring AutoSecure 9 2 Configuring Access Lists 9 2 Access Groups 9 3 Configuring Cisco IOS Firewall 9 3 Configuring Cisco IOS IPS 9 4 URL Filtering 9 4 Configuring VPN 9 4 Remote Access VPN 9 5 Site to Site VPN 9 6 Configuration Examples 9 7 Configure a VPN over an IPSec Tunnel 9 7 Configure the IKE Policy 9 7 Configure Group
80. access list 103 permit icmp any any access list 103 deny ip any any Prevents Internet initiated traffic inbound acl 105 matches addresses for the IPsec tunnel to or from the corporate network access list 105 permit ip 10 1 1 0 0 0 0 255 192 168 0 0 0 0 255 255 no cdp run Cisco 819 Series Integrated Services Routers Software Configuration Guide x OL 23590 02 CHAPTER 1 Configuring the Ethernet Switches This chapter gives an overview of configuration tasks for the 4 port Fast Ethernet FE switch and for the Gigabit Ethernet GE switch that services the embedded wireless access point on the Cisco 819 Integrated Services Routers ISRs The FE switches are 10 100Base T Layer 2 Fast Ethernet switches Traffic between different VLANs on a switch is routed through the router platform with the switched virtual interface SVT The GE switch is a 1000Base T Layer 2 Gigabit Ethernet switch with an internal interface between the router and its embedded wireless access point Any switch port may be configured as a trunking port to connect to other Cisco Ethernet switches This chapter contains the following sections e Switch Port Numbering and Naming page 10 1 e Restrictions for the FE Switch page 10 1 e Information About Ethernet Switches page 10 2 e Overview of SNMP MIBs page 10 3 e How to Configure Ethernet Switches page 10 6 Switch Port Numbering and Naming The ports on the FE switch are numbered FEO through FE3 Th
81. ace or subinterface changes so does the administrative state of any child PVC configured under that parent interface or subinterface To configure Frame Relay encapsulation on serial interfaces use the encapsulation Frame Relay VC bundle command oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide E Chapter8 Configuring the Serial Interface HZ How to Configure Serial Interfaces amp Frame Relay interfaces support two types of encapsulated frames e Cisco default e IETF Use the encap command in PVC configuration mode to configure Cisco or IETF encapsulation on a PVC If the encapsulation type is not configured explicitly for a PVC then that PVC inherits the encapsulation type from the main serial interface Note Cisco encapsulation is required on serial main interfaces that are configured for MPLS IETF encapsulation is not supported for MPLS Before you configure Frame Relay encapsulation on an interface you must verify that all prior Layer 3 configuration is removed from that interface For example you must ensure that there is no IP address configured directly under the main interface otherwise any Frame Relay configuration done under the main interface will not be viable LMI on Frame Relay Interfaces The Local Management Interface LMI protocol monitors the addition deletion and status of PVCs LMI also verifies the integrity of the link that forms a Fram
82. address traffic deals with port security Port security can be either static or dynamic Static port security allows the user to specify which devices are allowed access through a given switch port The specification is done manually by placing allowed device MAC addresses in the MAC address table Static port security is also known as MAC address filtering Dynamic port security is similar However instead of specifying the MAC address of the devices the user specifies the maximum number of devices that will be allowed on the port If the maximum number specified is more than the number of MAC addresses specified manually the switch will learn the MAC address automatically up to the maximum specified If the maximum number specified is less than the number of MAC addresess already specified statically an error message will be produced The following command is used to specify static or dynamic port security Command Purpose Router config mac address table secure lt mac address gt enables static port security Use lt mac address gt maximum maximum addresses of the keyword maximum enables dynamic port fastethernet interface id vlan lt vlan id gt i security Configuring Cisco Discovery Protocol For information on how to configure Cisco Discovery Protocol CDP see Configuring Cisco Discovery Protocol This section contains information on the following topics e Enabling CDP e Enabling CDP on an interface e Mo
83. age 5 22 Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter 5 Basic Router Configuration Configuring WAN Interfaces Wi Prerequisites for Configuring the 3G Wireless Interface The following are prerequisites to configuring the 3G wireless interface You must have wireless service from a carrier and you must have network coverage where your router will be physically placed For a complete list of supported carriers see the data sheet at www cisco com go m2m You must subscribe to a service plan with a wireless service provider and obtain a SIM card GSM modem only from the service provider You must check your LEDs for signal strength as described in Table 2 1 You should be familiar with the Cisco IOS software See Cisco IOS documentation beginning with Cisco IOS Release 12 4 15 XZ or later for Cisco 3G Wireless support To configure your GSM data profile you need the following information from your service provider Username Password Access point name APN To configure your CDMA CDMA only data profile for manual activation you need the following information from your service provider Master Subsidy Lock MSL number Mobile Directory number MDN Mobile Station Identifier MSID Electronic Serial Number ESN Check the LED located on the front panel of the router for signal strength and other indications Table 2 1 describes the 3G LEDs for
84. alue Figure 6 Half Duplex DCE Receive State Machine When the timer expires the DCE state machine asserts CTS and transitions to the receive state It stays in the receive state until there is a frame to receive If the beginning of a giant frame is received it transitions to the in giant state and keeps discarding all the fragments of the giant frame and transitions back to the receive state Transitions back to the ready state occur when RTS is deasserted by the DTE The response of the DCE to the deassertion of RTS is to deassert CTS and go back to the ready state Placing a Low Speed Serial Interface in Constant Carrier Mode To return a low speed serial interface to constant carrier mode from controlled carrier mode use the following command in interface configuration mode SUMMARY STEPS 1 no half duplex controlled carrier DETAILED STEPS Command or Action Purpose Step1 no half duplex controlled carrier Places a low speed serial interface in constant carrier mode Example Router config if no half duplex controlled carrier Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 m Chapter8 Configuring the Serial Interface HZ How to Configure Serial Interfaces Tuning Half Duplex Timers To optimize the performance of half duplex timers use the following command in interface configuration mode Command Purpose Router config if half duplex timer cts
85. and for providing backup to the primary WAN line Figure 6 1 Dial Backup and Remote Management Through the Auxiliary Port gt O 6 A i m 4 y m 2 82269 1 Cisco 819 router A Main WAN link primary connection to Internet service provider 2 Modem B Dial backup serves as a failover link for Cisco 819 routers when primary line goes down 3 PC c Remote management serves as dial in access to allow changes or updates to Cisco IOS configurations Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 g 69 Chapter6 Configuring Backup Data Lines and Remote Management Hs Configuring Dial Backup and Remote Management Through the Console Port To configure dial backup and remote management for these routers perform these steps beginning in global configuration mode SUMMARY STEPS 1 ip name server server address 2 ip dhcp pool name 3 exit 4 chat script script name expect send 5 interface type number 6 exit 7 interface type number 8 dialer watch group group number 9 exit 10 ip nat inside source list access list number interface type number pool name overload 11 ip route prefix mask ip address interface type interface number ip address 12 access list access list number deny permit source source wildcard 13 dialerwatch list group number ip ip address address mask delay route check initial sec
86. ap to the Physical Interface page 13 10 e Create an Easy VPN Remote Configuration page 13 10 An example showing the results of these configuration tasks is provided in the Configuration Example section on page 13 12 Note amp The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT DCHP and VLANs If you have not performed these configurations tasks see Basic Router Configuration section on page 5 1 Note The examples shown in this chapter refer only to the endpoint configuration on the Cisco 819 router Any VPN connection requires both endpoints be configured properly to function See the software configuration documentation as needed to configure VPN for other router models Configure the IKE Policy Perform these steps to configure the Internet Key Exchange IKE policy beginning in global configuration mode SUMMARY STEPS 1 crypto isakmp policy priority 2 encryption des 3des aes aes 192 aes 256 3 hash md5 sha 4 authentication rsa sig rsa encr pre share 5 group 11215 Cisco 819 Integrated Services Routers Software Configuration Guide O1 23590 02 Chapter13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Hs Configuration Tasks DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Step7 6 lifetime seconds 7 exit Command or Action Purpose cr
87. ar 0 profile Shows information about the modem data profiles created Example Router show cellular 0 profile Step7 show cellular 0 security Shows the security information for the modem such as SIM and modem lock status Example Router show cellular 0 security Step8 show cellular 0 sms Displays the cellular sms information Example Router show cellular 0 sms Step 9 show cellular 0 all Shows consolidated information about the modem Example Router show cellular 0 all such as the profiles that were created the radio signal strength the network security and so on Configuring a GSM Modem Data Profile To configure or create a new modem data profile enter the following command in privileged EXEC mode SUMMARY STEPS 1 cellular 0 gsm profile create lt profile number gt lt apn gt lt authentication gt lt username gt lt password gt ipv4 DETAILED STEPS Command or Action Purpose Step1 cellular 0 gsm profile create lt profile number gt lt apn gt Creates anew modem data profile See Table 5 2 for lt authentication gt lt username gt lt password gt ipv4 details about the command parameters Example Router gsm profile create 2 lt apn name gt chap username password ipv4 Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 SEE Chapter5 Basic Router Configuration Hs Configuring WAN Interfaces Table 5 2 lists the modem data profile parameters
88. ary synchronous communication Bisync is a half duplex protocol Each block of transmission is acknowledged explicitly To avoid the problem associated with simultaneous transmission there is an implicit role of primary and secondary stations The primary sends the last block again if there is no response from the secondary within the period of block receive timeout To configure the serial interface for full duplex mode use the following command in interface configuration mode Command Purpose Router config if full duplex Specifies that the interface can run Bisync using switched RTS signals Configuring PPP To configure PPP refer to the Configuring Media Independent PPP and Multilink PPP Configuring Half Duplex and Bisync for Synchronous Serial Port Adapters on Cisco 819 ISRs Configuring Bisync The synchronous serial port adapters on Cisco 819 ISRs support half duplex and Bisync Bisync is a character oriented data link layer protocol for half duplex applications In half duplex mode data is sent one direction at a time Direction is controlled by handshaking the Request to Send RST and Clear to Send CTS control lines These are described in the Configuring Bisync section on page 8 8 To configure the Bisync feature on the synchronous serial port adapters on Cisco 819 ISRs refer to the Block Serial Tunneling BSTUN Overview All commands listed in this section apply to the synchronous serial port adapters on Cisco 89
89. at script Dialout ABORT defined script is used to place a call over a modem ERROR ABORT BUSY AT OK ATDT 5555102 connected to the PSTN T TIMEOUT 45 CONNECT c Router config Step 5 interface type number Creates and enters configuration mode for the asynchronous interface Example i P Configure the asynchronous interface For sample ee eee ARYDE L commands that you can use in asynchronous Router config if interface configuration mode see the Example section on page 6 13 Step 6 exit Enters global configuration mode Example Router config if exit Router config Step 7 interface type number Creates and enters configuration mode for the dialer interface Example Router config interface Dialer 3 Router config if Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 lt n Chapter6 Configuring Backup Data Lines and Remote Management Hs Configuring Dial Backup and Remote Management Through the Console Port Command Purpose Step 8 dialer watch group group number Specifies the group number for the watch list Example Router config if dialer watch group 1 Router config if Step 9 exit Exits the interface configuration mode Example Router config if exit Router config Step10 ip nat inside source list Enables dynamic translation of addresses on the access list number interface type number inside interface
90. at the following OLD CISCO CHASSIS MIB URL CISCO WAN 3G MIB http tools cisco com ITDIT MIBS servlet index BRIDGE MIB for Layer 2 Ethernet Switching The Layer 2 Ethernet Switching Interface BRIDGE MIB is supported in the Cisco 819 platforms The BRIDGE MIB enables the user to know the Media Access Control MAC addresses and spanning tree information of the Ethernet switch modules The user can query the MIB agent using the SNMP protocol and get the details of Ethernet switch modules such as MAC addresses of each interfaces and spanning protocol information The Bridge MIB uses the following approaches to get the L2 layers BRIDGE MIB information e Community string based approach e Context based approach In the community string based approach one community string is created for each VLAN Based on the query the respective VLAN MIB is displayed To get the BRIDGE MIB details use the snmp server community public RW command in the configuration mode Router config snmp server community public RW Cisco 819 Series Integrated Services Routers Software Configuration Guide Ez OL 23590 02 Chapter 10 Configuring the Ethernet Switches Overview of SNMP MIBs W Use the following syntax to query the SNMP BRIDGE MIB details snmpwalk v2c lt ip address of the ISR gt public 1 3 6 1 2 1 17 snmpwalk v2c lt ip address of the ISR gt public 2 1 3 6 1 2 1 17 snmpwalk v2c lt ip address of the ISR gt pub
91. ata which means that all TCP IP data flows through IP when it is sent and received regardless of its final destination I OL 18906 02 Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide jg AppendixB Concepts HI Routing Protocol Options IP is a connectionless protocol which means that IP does not exchange control information called a handshake to establish an end to end connection before transmitting data In contrast a connection oriented protocol exchanges control information with the remote computer to verify that it is ready to receive data before sending it When the handshaking is successful the computers have established a connection IP relies on protocols in other layers to establish the connection if connection oriented services are required Internet Packet Exchange IPX exchanges routing information using Routing Information Protocol RIP a dynamic distance vector routing protocol RIP is described in more detail in the following sections Routing Protocol Options Routing protocols include the following e Routing Information Protocol RIP e Enhanced Interior Gateway Routing Protocol Enhanced IGRP RIP and Enhanced IGRP differ in several ways as shown in Table B 1 Table B 1 RIP and Enhanced IGRP Comparison Protocol Ideal Topology Metric Routing Updates RIP Suited for topologies with 15 or fewer hops Hop count Maximum hop
92. atic bindings Manual bindings Expired bindings Malformed messages Secure arp entries T O O Sao ee Message Received BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM O O O gt AE O Message Sent BOOTREPLY 0 DHCPOFFER 0 DHCPACK 0 DHCPNAK 0 Router Configure VLANs Perform these steps to configure VLANs on your router beginning in global configuration mode SUMMARY STEPS 1 vlan 2 ISL VLAN ID 3 exit Cisco 819 Integrated Services Routers Software Configuration Guide oL 23590 02 EEN Chapter12 Configuring a LAN with DHCP and VLANs Hs Configuration Tasks DETAILED STEPS Command Purpose Step1 vlan Enters VLAN configuration mode Example Router config t Router config vlan database WORD ISL VLAN IDs 1 4094 accounting VLAN accounting configuration ifdescr VLAN subinterface ifDescr Router config vlan 2 Step2 ISL VLAN ID Adds VLANs with identifiers ranging from 1 to 4094 Example For details about this command and additional Router config vlan 2 parameters that can be set see Cisco IOS Switching Router config vlan Services Command Reference Step3 exit Updates the VLAN database propagates it throughout the administrative domain and returns to global Example configuration mode Router config vlan exit Router config Assign a Switch Port to a VLAN Perform these steps to assign a switch port to a
93. ation chap i Router config if Command Reference Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 EN Chapter 11 Configuring PPP over Ethernet with NAT Hs Configuration Tasks Step 6 Step7 Step 8 Step 9 Step 10 Command Purpose dialer pool number Example Router config if dialer pool 1 Router config if Specifies the dialer pool to use to connect to a specific destination subnetwork dialer group group number Example Router config if dialer group 1 Router config if Assigns the dialer interface to a dialer group 1 to 10 Tip Using a dialer group controls access to your router exit Example Router config if exit Router config Exits the dialer 0 interface configuration dialer list dialer group protocol protocol name permit deny list access list number access group Example Router config dialer list 1 protocol ip permit Router config Creates a dialer list and associates a dial group with it Packets are then forwarded through the specified interface dialer group For details about this command and additional parameters that can be set see Cisco IOS Dial Technologies Command Reference ip route prefix mask interface type interface number Example Router config ip route 10 10 25 2 255 255 255 255 dialer 0 Router config Sets the IP route for the default gatewa
94. ble values of vlan_id are 2 to 4094 except for reserved values of 1002 to 1005 Step5 no shutdown Activates the interface Step6 end Exits configuration mode For additional information see Layer 2 LAN Ports VLANs on the GE Port Because the GE port is an internal interface that services only the router s embedded access point it cannot be configured only with the command switchport access vlan X where X is other than 1 It may however be configured in trunk mode This may be done by performing the following steps beginning in configuration mode Comand Purpose Step 1 interface Wlan GigabitEthernet0O Selects the Gigabit Ethernet port to configure Step 2 switchport mode trunk Places the port in trunk mode Step 3 switchport access vlan vian_id Optional Once the port is in trunk mode it may be assigned a VLAN number other than 1 Configuring Layer 2 Interfaces For information on how to configure Layer 2 interfaces see Configuring Layer 2 Interfaces I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter 10 Configuring the Ethernet Switches HZ How to Configure Ethernet Switches This section contains information on the following topics e Configuring a range of interfaces e Defining a range macro e Configuring Layer 2 optional interface features Configuring 802 1x Authentication For information on how to configur
95. bled on a serial interface the interface configuration is hierarchical and comprises the following elements e The serial main interface comprises the physical interface and port If you are not using the serial interface to support Cisco HDLC and PPP encapsulated connections then you must configure subinterfaces with permanent virtual circuits PVCs under the serial main interface Frame Relay connections are supported on PVCs only e Serial subinterfaces are configured under the serial main interface A serial subinterface does not actively carry traffic until you configure a PVC under the serial subinterface Layer 3 configuration typically takes place on the subinterface e When the encapsulation on a serial interface is changed from HDLC to any other encapsulation type the configured serial subinterfaces on the main interface inherit the newly changed encapsulation and they do not get deleted e Point to point PVCs are configured under a serial subinterface You cannot configure a PVC directly under a main interface A single point to point PVC is allowed per subinterface PVCs use a predefined circuit path and fail if the path is interrupted PVCs remain active until the circuit is removed from either configuration Connections on the serial PVC support Frame Relay encapsulation only Note The administrative state of a parent interface drives the state of the subinterface and its PVC When the administrative state of a parent interf
96. c sent between remote sites However the public interface still allows the rest of the traffic to pass and provides connectivity to the Internet Perform these steps to apply a crypto map to an interface beginning in global configuration mode 1 interface type number 2 crypto map map name 3 exit Command or Action Purpose interface type number Example Router config interface fastethernet 4 Router config if Enters the interface configuration mode for the interface to which you want the crypto map applied crypto map map name Example Router config if crypto map static map Router config if Applies the crypto map to the interface See Cisco IOS Security Command Reference for more details about this command exit Example Router config crypto map exit Router config Returns to global configuration mode Create an Easy VPN Remote Configuration SUMMARY STEPS The router acting as the IPSec remote router must create an Easy VPN remote configuration and assign it to the outgoing interface Perform these steps to create the remote configuration beginning in global configuration mode 1 crypto ipsec client ezvpn name 2 group group name key group key 3 peer ipaddress hostname Cisco 819 Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 13 Configuring a VPN Using Easy VPN and an IPSec T
97. col The default is Xmodem protocol The protocols differ as follows e Xmodem supports a 128 block transfer size Ymodem supports a 1024 block transfer size e Ymodem uses CRC 16 error checking to validate each packet Depending on the device that the software is being downloaded from this function might not be supported by Xmodem r Optional Image is loaded into DRAM for execution The default is to load the image into flash memory x Optional Image is loaded into DRAM without being executed destination_ Name of the system image file or the system configuration file For the router to file_name recognize it the name of the configuration file must be router_confg Follow these steps to run Xmodem Move the image file to the local drive where Xmodem will execute Enter the xmodem command Cisco 819 Integrated Services Routers Software Configuration Guide Ca OL 18906 02 _ Appendix C ROM Monitor Error Reporting Debug Commands Because the ROM monitor console download uses the console to perform the data transfer when an error occurs during a data transfer error messages are only displayed on the console once the data transfer is terminated If you have changed the baud rate from the default rate the error message is followed by a message telling you to restore the terminal to the baud rate specified in the configuration register Debug Commands Most ROM monitor debugging commands a
98. count provisioning Modem firmware upgrade SIM locking and unlocking MEP unlocking OMA DM activation Dual SIM card slots Link persistence SMS Services Global Positioning System GPS Services 3G MIB Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 Chapter1 Product Overview Hi New Features WLAN Features e Dual Radio e CleanAir Technology e Dynamic Frequency Selection 4G LTE Features e IPv4 bearer e MIPv4 NEMOv4 RFC 3025 e IPv4 subnet behind LTE UE interface e Evolved High Rate Packet Data EHRPD which allows seamless handoff between 4G LTE and 3G services C819 H G 4G V K9 only e Seamless hand off between LTE and EHRPD network C819 H G 4G V K9 only e Support for UMTS service as a fallback option from LTE service C819 H G 4G A K9 and C819 H G 4G G K9 only e Seamless handoff between LTE and UMTS service C819 H G 4G A K9 and C819 H G 4G G K9 only e Remote access to Qualcomm diagnostic monitor port e OTA DM including wireless configuration FOTA C819 HG 4G V K9 only e Mini USB type 2 connector for modem provisioning Platform Features For the complete list of Cisco 819 ISR platform features see Platform Features for Cisco 819 ISRs Security Features The Cisco 819 ISRs provide the following security features e Intrusion Prevention System IPS e Dynamic Multipoint VPN DMVPN e IPsec e Quality of service QoS e Firewall e URL filtering
99. crypto map Step 2 set transform set transform set name Specifies which transform sets can be used with transform set name2 transform set name6 the crypto map entry Example Router config crypto map set transform set vpnl Router config crypto map Step 3 reverse route Creates source proxy information for the crypto map entry Example j P See Cisco IOS Security Command Reference for Router config crypto map reverse route details Router config crypto map Step 4 exit Returns to global configuration mode Example Router config crypto map exit Router config Step 5 crypto map map name seq num ipsec isakmp Creates a crypto map profile dynamic dynamic map name discover profile profile name Example Router config crypto map static map 1 ipsec isakmp dynamic dynmap Router config Cisco 819 Integrated Services Routers Software Configuration Guide oL 23590 02 EEN Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Hs Configuration Tasks Apply the Crypto Map to the Physical Interface SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 The crypto maps must be applied to each interface through which IP Security IPSec traffic flows Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security associations database With the default configurations the router provides secure connectivity by encrypting the traffi
100. d Services Routers Software Configuration Guide a OL 23590 02 Chapter9 Configuring Security Features Configuring Cisco IOS Firewall W To create refine and manage access lists see Security Configuration Guide Access Control Lists Cisco IOS Release 12 4T Access Groups An access group is a sequence of access list definitions bound together with a common name or number An access group is enabled for an interface during interface configuration Use the following guidelines when creating access groups e The order of access list definitions is significant A packet is compared against the first access list in the sequence If there is no match that is if neither a permit nor a deny occurs the packet is compared with the next access list and so on e All parameters must match the access list before the packet is permitted or denied e There is an implicit deny all at the end of all sequences For information on configuring and managing access groups see Securing the Data Plane Configuration Guide Library Cisco IOS Release 12 4 Configuring Cisco IOS Firewall The Cisco IOS Firewall lets you configure a stateful firewall where packets are inspected internally and the state of network connections is monitored Stateful firewall is superior to static access lists because access lists can only permit or deny traffic based on individual packets not based on streams of packets Also because Cisco IOS Firewall inspects th
101. de source address The source list defines how the packet travels through the network Configuration Tasks Perform the following tasks to configure this network scenario e Configure the Virtual Private Dialup Network Group Number page 11 2 e Configure the Fast Ethernet WAN Interfaces page 11 3 e Configure the Dialer Interface page 11 4 e Configure Network Address Translation page 11 6 An example showing the results of these configuration tasks is shown in the Configuration Example section on page 11 9 Configure the Virtual Private Dialup Network Group Number Configuring a virtual private dialup network VPDN enables multiple clients to communicate through the router by way of a single IP address Complete the following steps to configure a VPDN starting from the global configuration mode SUMMARY STEPS 1 vpdn enable vpdn group name request dialin protocol 12tp pppoe exit 9 a F wN exit Cisco 819 Series Integrated Services Routers Software Configuration Guide Pit g OL 23590 02 Chapter 11 Configuring PPP over Ethernet with NAT DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Command or Action Configuration Tasks W Purpose vpdn enable Example Router config vpdn enable Router config Enables VPDN on the router vpdn group name Example Router config vpdn group 1 Router config vpdn Creates and associates a VPDN group
102. delay value Tunes half duplex timers cts drop timeout value dcd drop delay value dcd txstart delay value rts drop delay value rts timeout value transmit delay value The timer tuning commands permit you to adjust the timing of the half duplex state machines to suit the particular needs of their half duplex installation Note that the half duplex timer command and its options replaces the following two timer tuning commands that are available only on high speed serial interfaces e sdic cts delay e sdlc rts timeout Changing Between Synchronous and Asynchronous Modes To specify the mode of a low speed serial interface as either synchronous or asynchronous use the following command in interface configuration mode SUMMARY STEPS 1 physical layer sync async DETAILED STEPS Command or Action Purpose Step1 physical layer sync async Specifies the mode of a low speed interface as either synchronous or asynchronous Example Router config if physical layer sync This command applies only to low speed serial interfaces available on Cisco 2520 through Cisco 2523 routers S Note When you make a transition from asynchronous mode to synchronous mode in serial interfaces the interface state becomes down by default You should then use the no shutdown option to bring the interface up In synchronous mode low speed serial interfaces support all interface configuration commands available fo
103. deploy market leading web security quickly and can easily protect branch office users from web based threats such as viruses while saving bandwidth money and resources For more information see Cisco ISR Web Security with Cisco ScanSafe Solution Guide I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide jg Chapter2 Wireless Device Overview Hi TFP support with Ethernet WAN interface TFTP support with Ethernet WAN interface Trivial File Transfer Protocol TFTP is a file transfer protocol notable for its simplicity It is generally used for automated transfer of configuration or boot files between machines in a local environment amp The Cisco 819H ISR supports TFTP with Ethernet WAN interface that supports data transfer rate of 10 Mbps For more information see the Using the TFTP Download Command section on page C 5 Note amp This feature is supported in all Cisco 819 ISRs that have ROMMON version 15 2 2r T and above Note LEDs TFTP download using switch port is supported in Cisco 819HGW SKUs only The LED is located on the front panel of the router Table 2 1 describes the 3G LED for the Cisco 819 ISR Table 2 1 3G LED Descriptions LED Color Description SYS Yellow FPGA download is complete Green blinking ROMMON is operational Green solid IOS is operational Green four blinks Reset button has been
104. dle timeout 30 Step5 dialer string string Specifies the number or string to dial Use the name of the chat script here Example Router config if dialer string gsm Step6 dialer group number Specifies the number of the dialer access group to which a specific interface belongs Example Router config if dialer group 1 Step7 jexit Enters the global configuration mode Example Router config if exit Step8 dialer list dialer group protocol protocol name Creates a dialer list for traffic of interest and permits permit deny list access list number access to an entire protocol access group Example Router config dialer list 1 protocol ip list 1 Step 9 ip access list lt access list number gt permit lt ip Defines traffic of interest source address gt Example Router config ip access list 1 permit any Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter 5 Basic Router Configuration Configuring WAN Interfaces Command or Action Purpose Step10 1line 3 Specifies the line configuration mode It is always 3 Example Router config line line 3 Step11 script dialer lt regexp gt Specifies a default modem chat script Example Router config line script dialer gsm Step12 exit Exits line configuration mode Example Router config line exit Step 13 For GSM chat script lt script name gt ATDT 99 lt
105. e SUMMARY STEPS 1 configure terminal 2 interface cellular 0 3 dialer in band 4 dialer idle timeout seconds 5 dialer string string 6 dialer group number 7 exit 8 dialer list dialer group protocol protocol name permit deny list access list number access group 9 ip access list lt access list number gt permit lt ip source address gt 10 line 3 11 script dialer lt regexp gt 12 exit 13 chat script lt script name gt ATDT 99 lt profile number gt TIMEOUT lt timeout value gt CONNECT or chat script lt script name gt ATDT 777 lt profile number gt TIMEOUT lt timeout value gt CONNECT 14 interface cellular 0 15 dialer string lt string gt Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 m Chapter5 Basic Router Configuration HZ Configuring WAN Interfaces DETAILED STEPS Command or Action Purpose Step1 configure terminal Enters global configuration mode Example Router configure terminal Step2 interface cellular 0 Specifies the cellular interface Example Router config interface cellular 0 Step3 dialer in band Enables DDR and configures the specified serial interface for in band dialing Example Router config if dialer in band Step4 dialer idle timeout seconds Specifies the duration of idle time in seconds after which a line is disconnected Example Router config if dialer i
106. e How to Configure Serial Interfaces W e Configuring Half Duplex and Bisync for Synchronous Serial Port Adapters on Cisco 819 ISRs page 8 8 Optional e Configuring Compression of HDLC Data page 8 9 Optional e Using the NRZI Line Coding Format page 8 9 Optional e Enabling the Internal Clock page 8 10 Optional e Inverting the Transmit Clock Signal page 8 10 Optional e Setting Transmit Delay page 8 11 Optional e Configuring DTR Signal Pulsing page 8 11 Optional e Ignoring DCD and Monitoring DSR as Line Up Down Indicator page 8 11 Optional e Specifying the Serial Network Interface Module Timing page 8 12 Optional See the Configuration Examples section on page 8 19 for examples of configuration tasks described in this chapter Specifying a Synchronous Serial Interface To specify a synchronous serial interface and enter interface configuration mode use one of the following commands in global configuration mode Command Purpose Router config interface serial 0 Enters interface configuration mode Specifying Synchronous Serial Encapsulation By default synchronous serial lines use the High Level Data Link Control HDLC serial encapsulation method which provides the synchronous framing and error detection functions of HDLC without windowing or retransmission The synchronous serial interfaces support the following serial encapsulation methods e HDLC e Frame Relay e PPP e Synchronous
107. e information see Cisco IOS Firewall SIP Enhancements ALG and AIC I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter9 Configuring Security Features Configuring Cisco IOS IPS Configuring Cisco IOS IPS Cisco IOS Intrusion Prevention System IPS technology is available on Cisco 819 ISRs and enhances perimeter firewall protection by taking appropriate action on packets and flows that violate the security policy or represent malicious network activity Cisco IOS IPS identifies attacks using signatures to detect patterns of misuse in network traffic Cisco IOS IPS acts as an in line intrusion detection sensor watching packets and sessions as they flow through the router scanning each to match known IPS signatures When Cisco IOS IPS detects suspicious activity it responds before network security can be compromised it logs the event and depending on configuration it does one of the following e Sends an alarm e Drops suspicious packets e Resets the connection e Denies traffic from the source IP address of the attacker for a specified amount of time e Denies traffic on the connection for which the signature was seen for a specified amount of time For additional information about configuring Cisco IOS IPS see Securing the Data Plane Configuration Guide Library Cisco IOS Release 12 4 URL Filtering Cisco 819 ISRs provide category based URL filtering The user prov
108. e 802 1x port based authentication see Configuring IEEE 802 1x Port Based Authentication This section contains information on the following topics e Understanding the default 802 1x configuration e Enabling 802 1x Authentication e Configuring the switch to RADIUS server comunication e Enabling periodic reauthentication e Changing the quiet period e Changing the switch to client retransmission time e Setting the switch to client frame retransmission number e Enabling multiple hosts e Resetting the 802 1x configuration to default values e Displaying 802 1x statistics and status Configuring Spanning Tree Protocol For information on how to configure Spanning Tree Protocol see Configuring Spanning Tree This section contains information on the following topics e Enabling spanning tree e Configuring spanning tree port priority e Configuring spanning tree port cost e Configuring the bridge priority of a VLAN e Configuring the Hello Time e Configuring the forward delay time for a VLAN e Configuring the maximum aging time fora VLAN e Disabling spanning tree Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 10 Configuring the Ethernet Switches How to Configure Ethernet Switches W Configuring MAC Table Manipulation For information on how to configure MAC table manipulation see Configuring MAC Table Manipulation Port Security The topic of enabling known MAC
109. e QoS tasks they perform might differ as well To configure your IP network for real time voice traffic you need to consider the functions of both edge and backbone routers in your network QoS software enables complex networks to control and predictably service a variety of networked applications and traffic types Almost any network can take advantage of QoS for optimum efficiency whether it is a small corporate network an Internet service provider or an enterprise network I OL 18906 02 Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide AppendixB Concepts E dos IP Precedence You can partition traffic in up to six classes of service using IP Precedence two others classes are reserved for internal network use The queuing technologies throughout the network can then use this signal to expedite handling Features such as policy based routing and committed access rate CAR can be used to set precedence based on extended access list classification This allows considerable flexibility for precedence assignment including assignment by application or user by destination and source subnet and so on Typically this functionality is deployed as close to the edge of the network or administrative domain as possible so that each subsequent network element can provide service based on the determined policy IP Precedence can also be set in the host or network client
110. e Relay UNI interface By default cisco LMI is enabled on all PVCs If the LMI type is cisco the default LMI type the maximum number of PVCs that can be supported under a single interface is related to the MTU size of the main interface Use the following formula to calculate the maximum number of PVCs supported on a card or SPA MTU 13 8 maximum number of PVCs Note The default setting of the mtu command for a serial interface is 1504 bytes Therefore the default numbers of PVCs supported on a serial interface configured with cisco LMI is 186 How to Configure Serial Interfaces This section contains the following tasks e Configuring a Synchronous Serial Interface page 8 6 e Configuring Low Speed Serial Interfaces page 8 14 Configuring a Synchronous Serial Interface Synchronous serial interfaces are supported on various serial network interface cards or systems This interface supports full duplex operation at T1 1 544 Mbps and E1 2 048 Mbps speeds To configure a synchronous serial interface perform the tasks in the following sections Each task in the list is identified as either required or optional e Specifying a Synchronous Serial Interface page 8 7 Required e Specifying Synchronous Serial Encapsulation page 8 7 Optional e Configuring PPP page 8 8 Optional Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter8 Configuring the Serial Interfac
111. e is used to give priority to voice packets There are two levels of queuing ATM queues and Cisco IOS queues CBWFQ is applied to Cisco IOS queues A first in first out FIFO Cisco IOS queue is automatically created when a PVC is created If you use CBWFQ to create classes and attach them to a PVC a queue is created for each class CBWEQ ensures that queues have sufficient bandwidth and that traffic gets predictable service Low volume traffic streams are preferred high volume traffic streams share the remaining capacity obtaining equal or proportional bandwidth RSVP RSVP enables routers to reserve enough bandwidth on an interface to ensure reliability and quality performance RSVP allows end systems to request a particular QoS from the network Real time voice traffic requires network consistency Without consistent QoS real time traffic can experience jitter Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide B 8 OL 18906 02 AppendixB Concepts Access Lists W insufficient bandwidth delay variations or information loss RSVP works in conjunction with current queuing mechanisms It is up to the interface queuing mechanism such as CBWFQ to implement the reservation RSVP works well on PPP HDLC and similar serial line interfaces It does not work well on multi access LANs RSVP can be equated to a dynamic access list for packet flows You should configure
112. e network administrator must generate and share the following information for the WAN interfaces of the routers PPP authentication type CHAP or PAP PPP client name to access the router PPP password to access the router Cisco 819 Series Integrated Services Router Software Configuration Guide oL 23590 02 a 53 Chapter5 Basic Router Configuration W information Needed for Configuration e If you are setting up IP routing Generate the addressing scheme for your IP network e If you are setting up the serial interface Mode of operation sync async bisync Clock rate depending on the mode IP address depending on the mode e If you are setting up 3G You must have service availability on the Cisco 819 ISR from a carrier and you must have network coverage where your router will be physically placed For a complete list of supported carriers see the data sheet at Cisco 3G Wireless Connectivity Solutions You must subscribe to a service plan with a wireless service provider and obtain a SIM card You must install the SIM card before configuring the 3G Cisco 819 ISR For instructions on how to install the SIM card see Cisco 800 Series RoutersConfiguring Cisco EHWIC and 880G for 3 7G HSPA 3 5G HSPA e You must install the required antennas before you configure the 3G for Cisco 819 ISR See the following URLs for instructions on how to install the antennas 3G ANTM1919D See Cisco Mu
113. e packets decisions to permit or deny traffic can be made by examining application layer data which static access lists cannot examine To configure a Cisco IOS Firewall specify which protocols to examine by using the following command in interface configuration mode ip inspect name inspection name protocol timeout seconds When inspection detects that the specified protocol is passing through the firewall a dynamic access list is created to allow the passage of return traffic The timeout parameter specifies the length of time the dynamic access list remains active without return traffic passing through the router When the timeout value is reached the dynamic access list is removed and subsequent packets possibly valid ones are not permitted Use the same inspection name in multiple statements to group them into one set of rules This set of rules can be activated elsewhere in the configuration by using the ip inspect inspection name in out command when you configure an interface at the firewall For additional information about configuring a Cisco IOS Firewall see Securing the Data Plane Configuration Guide Library Cisco IOS Release 12 4 The Cisco IOS Firewall may also be configured to provide voice security in Session Initiated Protocol SIP applications SIP inspection provides basic inspect functionality SIP packet inspection and detection of pin hole openings as well as protocol conformance and application security For mor
114. e port on the GE switch is named and numbered Wlan GigabitEthernet0 Restrictions for the FE Switch The following restrictions apply to the FE switch e The ports of an FE switch must NOT be connected to any Fast Ethernet onboard port of the router e Inline power is not supported on Cisco 819 ISRs e VTP pruning is not supported e The FE switch can support up to 200 secure MAC addresses Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 ECN Chapter 10 Configuring the Ethernet Switches HZ Information About Ethernet Switches Information About Ethernet Switches To configure Ethernet switches you should understand the following concept e VLANs and VLAN Trunk Protocol page 10 2 e Layer 2 Ethernet Switching page 10 2 e 802 1x Authentication page 10 2 e Spanning Tree Protocol page 10 2 e Cisco Discovery Protocol page 10 2 e Switched Port Analyzer page 10 3 e IGMP Snooping page 10 3 e Storm Control page 10 3 e Fallback Bridging page 10 3 VLANs and VLAN Trunk Protocol For information on the concept of VLANs and VLAN Trunk Protocol VTP see VLANs Layer 2 Ethernet Switching For information on the concept of Layer 2 Ethernet Switching see Layer 2 Ethernet Switching 802 1x Authentication For information on the concept of 802 1x Authentication see 802 1x Authentication Spanning Tree Protocol For information on the concept of Spanning Tree Protocol see Using the S
115. econdary failover slot Note For instructions on how to configure the Dual SIM feature for 4G LTE cellular networks see the Cisco 4G LTE Software Installation Guide You can configure the Dual SIM feature using the following commands Command Syntax Description gsm failovertimer gsm failovertimer lt 1 7 gt Sets the failover timer in minutes gsm sim authenticate gsm sim authenticate lt 0 7 gt lt pin gt slot lt 0 1 gt Verifies the SIM CHV1 code gsm sim max retry gsm sim max retry lt 0 65535 gt Specifies the maximum number of failover retries The default value is 10 gsm sim primary slot gsm sim primary slot lt 0 1 gt Modifies the primary slot assignment gsm sim profile gsm sim profile lt 1 16 gt slot lt 0 1 gt Configures the SIM profile Note the following e For auto switch and failover to work configure the SIM profile for slots 0 and 1 using the gsm sim profile command e For auto switch and failover to work configure the chat script without a specific profile number e Ifno SIM profile is configured profile 1 is used by default e Ifno GSM failover timer is configured the default failover timeout is 2 minutes e Ifno GSM SIM primary slot is configured the default primary SIM is slot 0 The following example shows you how to set the SIM switchover timeout period to 3 minutes router config controller gsm failovertimer 3 The following example shows you how to
116. ecurity Features Hs Configuring VPN Configure IPSec Transforms and Protocols SUMMARY STEPS DETAILED STEPS Step 1 Step 2 Step 3 A transform set represents a certain combination of security protocols and algorithms During IKE negotiation the peers agree to use a particular transform set for protecting data flow During IKE negotiations the peers search in multiple transform sets for a transform that is the same at both peers When a transform set that contains such a transform is found it is selected and applied to the protected traffic as a part of both peers configurations To specify the IPSec transform set and protocols perform these steps beginning in global configuration mode 1 crypto ipsec profile profile name 2 crypto ipsec transform set transform set name transform transform2 transform3 transform4 3 crypto ipsec security association lifetime seconds seconds kilobytes kilobytes Command or Action Purpose crypto ipsec profile profile name Example Router config crypto ipsec profile prol Router config Configures IPSec profile to apply protection on the tunnel for encryption crypto ipsec transform set transform set name transformi transform2 transform3 transform4 Example Router config crypto ipsec transform set vpnl esp 3des esp sha hmac Router config Defines a transform set an acceptable combination of IPSec security protocols and
117. eference for Example f details Router config crypto ipsec security association lifetime seconds 86400 Router config Note With manually established security associations there is no negotiation with the peer and both sides must specify the same transform set Configure the IPSec Crypto Method and Parameters A dynamic crypto map policy processes negotiation requests for new security associations from remote IPSec peers even if the router does not know all the crypto map parameters for example IP address Perform these steps to configure the IPSec crypto method beginning in global configuration mode Cisco 819 Integrated Services Routers Software Configuration Guide Mis E OL 23590 02 Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configuration Tasks W SUMMARY STEPS 1 crypto dynamic map dynamic map name dynamic seq num 2 set transform set transform set name transform set name2 transform set name6 3 reverse route 4 exit 5 crypto map map name seq num ipsec isakmp dynamic dynamic map name discover profile profile name DETAILED STEPS Command or Action Purpose Step 1 crypto dynamic map dynamic map name Creates a dynamic crypto map entry and enters dynamic seq num crypto map configuration mode Example See Cisco IOS Security Command Reference for i more details about this command Router config crypto dynamic map dynmap 1 Router config
118. eless Device Configuration and Configuring Radio Settings Images Supported For the images supported in the AP802 Dual radio see Minimum software version needed to support AP802 CleanAir Technology The CleanAir is a new wireless technology that intelligently avoids Radio Frequency RF to protect 802 11n performance For more information see Cisco CleanAir Technology This feature is supported in all SKUs Dynamic Frequency Selection The Dynamic Frequency Selection DFS is the process of detecting radar signals that must be protected against 802 1 1a interference and upon detection switching the 802 11a operating frequency to one that is not interfering with the radar systems Transmit Power Control TPC is used to adapt the transmission power based on regulatory requirements and range information Note LEDs The DFS functionality is disabled for FCC SKUs pending FCC certification For more information see Dynamic Frequency Selection and IEEE 802 11h Transmit Power Control The WLAN LED is located at the front panel of the router Table 3 1 describes the WLAN LED for the Cisco 819HGW and Cisco 819HWD ISRs Cisco 819 Series Integrated Services Routers Software Configuration Guide E OL 23590 02 _ Chapter 3 Wireless Local Area Network Table 3 1 WLAN LED WLAN LED Descriptions Color WLAN Features W Description Boot loader status sequence Blinking Green Board initialization in pro
119. emote configuration to the WAN interface causing the router to automatically create the NAT or port address translation PAT and access list configuration needed for the VPN connection exit Example Router config crypto ezvpn exit Router config Returns to global configuration mode Configuration Example The following configuration example shows a portion of the configuration file for the VPN and IPSec tunnel described in this chapter aaa new model aaa authentication login rtr remote local aaa authorization network rtr remote local aaa session id common username Cisco password 0 Cisco Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter9 Configuring Security Features Configuring VPN W I crypto isakmp policy 1 encryption 3des authentication pre share group 2 lifetime 480 crypto isakmp client configuration group rtr remote key secret password dns 10 50 10 1 10 60 10 1 domain company com pool dynpool crypto ipsec transform set vpnl esp 3des esp sha hmac I crypto ipsec security association lifetime seconds 86400 crypto dynamic map dynmap 1 set transform set vpnl reverse route I crypto map static map 1 ipsec isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr remote crypto map dynmap client configuration address respond crypto ipsec client ezvpn ezvpnclient connect auto group 2 key secret password
120. er Recovery with TFTP Download W These variables can be set with these commands before using the tftpdnld command Variable Command Configures how the router displays file download progress O No progress is displayed 1 Exclamation points are displayed to indicate file download progress This is the default setting 2 Detailed progress is displayed during the file download process for example e Initializing interface e Interface link state up e ARPing for 1 4 0 1 e ARP reply for 1 4 0 1 received MAC address 00 00 0c 07 ac 01 TFTP_VERBOSE setting Number of times the router attempts ARP and TFTP download The default is 7 TFTP_RETRY_COUNT retry_times Length of time in seconds before the download process times out The default is 2400 seconds 40 minutes TFTP_TIMEOUT time Whether or not the router performs a checksum test on the downloaded image 1 Checksum test is performed O No checksum test is performed TFTP_CHECKSUM set ting Using the TFTP Download Command To download a file through TFTP perform these steps in ROM monitor mode Step 1 Step 2 Use the appropriate commands to enter all the required variables and any optional variables described in preceding sections Enter the tftpdnld command as follows rommon 1 gt tftpdnld r amp Note The r variable is optional Entering this variable downloads and boots the new software bu
121. er UNIX line printer remote spooling 520 RIP Routing Information Protocol 525 Timed Time server Cisco 819 Integrated Services Routers Software Configuration Guide OL 18906 02
122. erial Interface Examples section on page 8 20 Understanding Half Duplex DTE and DCE State Machines The following sections describe the communication between half duplex DTE transmit and receive state machines and half duplex DCE transmit and receive state machines Half Duplex DTE State Machines As shown in Figure 3 the half duplex DTE transmit state machine for low speed interfaces remains in the ready state when it is quiescent When a frame is available for transmission the state machine enters the transmit delay state and waits for a time period which is defined by the half duplex timer transmit delay command The default is 0 milliseconds Transmission delays are used for debugging half duplex links and assisting lower speed receivers that cannot process back to back frames Figure 3 Half Duplex DTE Transmit State Machine After idling for a defined number of milliseconds ms the state machine asserts a request to send RTS signal and changes to the wait clear to send CTS state for the DCE to assert CTS A timeout timer with a value set by the half duplex timer rts timeout command starts The default is 3 ms If the timeout timer expires before CTS is asserted the state machine returns to the ready state and deasserts RTS If CTS is asserted before the timer expires the state machine enters the transmit state and sends the frames Cisco 819 Series Integrated Services Routers Software Configuration Guide Peis OL 23590 02
123. es Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter8 Configuring the Serial Interface Information About Configuring Serial Interfaces Hi Information About Configuring Serial Interfaces To configure serial interfaces you must understand the following concept e Cisco HDLC Encapsulation page 8 3 e PPP Encapsulation page 8 3 e Keepalive Timer page 8 4 e Frame Relay Encapsulation page 8 5 Cisco HDLC Encapsulation amp Cisco High Level Data Link Controller HDLC is the Cisco proprietary protocol for sending data over synchronous serial links using HDLC Cisco HDLC also provides a simple control protocol called Serial Line Address Resolution Protocol SLARP to maintain serial link keepalives Cisco HDLC is the default for data encapsulation at Layer 2 data link of the Open System Interconnection OSI stack for efficient packet delineation and error control Note Cisco HDLC is the default encapsulation type for the serial interfaces When the encapsulation on a serial interface is changed from HDLC to any other encapsulation type the configured serial subinterfaces on the main interface inherit the newly changed encapsulation and they do not get deleted Cisco HDLC uses keepalives to monitor the link state as described in the Keepalive Timer section on page 8 4 PPP Encapsulation amp PPP is a standard protocol used to send data over synchronous serial links PPP al
124. es at the central site Resources at the client site are unavailable to the central site Network extension mode allows users at the central site to access network resources on the client site After the IPSec server has been configured a VPN connection can be created with minimal configuration on an IPSec client such as a supported Cisco 819 ISR When the IPSec client initiates the VPN tunnel connection the IPSec server pushes the IPSec policies to the IPSec client and creates the corresponding VPN tunnel connection Cisco 819 Integrated Services Routers Software Configuration Guide Pi E OL 23590 02 Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel amp Configuration Tasks W Note The Cisco Easy VPN client feature supports configuration of only one destination peer If your application requires the creation of multiple VPN tunnels you must manually configure the IPSec VPN and Network Address Translation Peer Address Translation NAT PAT parameters on both the client and the server Configuration Tasks amp Perform the following tasks to configure your router for this network scenario e Configure the IKE Policy page 13 3 e Configure Group Policy Information page 13 5 e Apply Mode Configuration to the Crypto Map page 13 6 e Enable Policy Lookup page 13 7 e Configure IPSec Transforms and Protocols page 13 8 e Configure the IPSec Crypto Method and Parameters page 13 8 e Apply the Crypto M
125. etfootdn CISCO Cisco 819 Series Integrated Services Routers Software Configuration Guide Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 Text Part Number OL 23590 02 September 2 2013 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS INFORMATION AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California Berkeley UCB as part of UCB s public domain version of the UNIX operating system All rights reserved Copyright 1981 Regents of the University of California NOTWITHSTANDING ANY OTHER WARRANTY HEREIN ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS CISCO AND THE ABOVE NAMED SUPPLIERS DISCLAIM ALL WARRANTIES EXPRESSED OR
126. g t interface Saal Renee Note For routers with an ATM WAN interface Router config if A P i j this command would be interface atm 0 Cisco 819 Integrated Services Routers Software Configuration Guide EEL HEN Chapter13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Hs Configuration Example Command or Action Purpose Step7 crypto ipsec client ezvpn name outside inside Example Router config if crypto ipsec client ezvpn ezvpnclient outside Router config if Assigns the Cisco Easy VPN remote configuration to the WAN interface causing the router to automatically create the NAT or port address translation PAT and access list configuration needed for the VPN connection Step 8 exit Example Router config crypto ezvpn exit Router config Returns to global configuration mode Verifying Your Easy VPN Configuration The following example verifies your easy vpn connection Router show crypto ipsec client ezvpn Tunnel name ezvpnclient Inside interface list vlan 1 Outside interface fastethernet 4 Current State IPSEC_ACTIVE Last Event SOCKET_UP Address 8 0 0 5 Mask 255 255 255 255 Default Domain cisco com Configuration Example The following configuration example shows a portion of the configuration file for the VPN and IPSec tunnel described in this chapter aaa new model aaa authentication login rtr remote local aaa authorization network rtr rem
127. g multiple physical links into one logical link The implementation of MLPPP combines multiple PPP serial interfaces into one multilink interface MLPPP performs the fragmenting reassembling and sequencing of datagrams across multiple PPP links MLPPP provides the same features that are supported on PPP Serial interfaces with the exception of QoS It also provides the following additional features e Fragment sizes of 128 256 and 512 bytes e Long sequence numbers 24 bit e Lost fragment detection timeout period of 80 ms e Minimum active links configuration option e LCP echo request reply support over multilink interface e Full Tl and El framed and unframed links Keepalive Timer Cisco keepalives are useful for monitoring the link state Periodic keepalives are sent to and received from the peer at a frequency determined by the value of the keepalive timer If an acceptable keepalive response is not received from the peer the link makes the transition to the down state As soon as an acceptable keepalive response is obtained from the peer or if keepalives are disabled the link makes the transition to the up state Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 _ Chapter 8 Configuring the Serial Interface amp Information About Configuring Serial Interfaces W Note The keepalive command applies to serial interfaces using HDLC or PPP encapsulation It does not apply to
128. g of the authentication attempts I OL 18906 02 Cisco 860 Series Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide AppendixB Concepts Mi TACACS CHAP amp CHAP uses a three way handshake to verify passwords To understand how CHAP works imagine a network topology in which a remote office Cisco router is connected to a corporate office Cisco router After the PPP link is established the corporate office router sends a challenge message to the remote office router The remote office router responds with a variable value The corporate office router checks the response against its own calculation of the value If the values match the corporate office router accepts the authentication The authentication process can be repeated anytime after the link is established CHAP has the following characteristics e The authentication process uses a variable challenge value rather than a password e CHAP protects against playback attack through the use of the variable challenge value which is unique and unpredictable Repeated challenges limit the time of exposure to any single attack e The corporate office router controls the frequency and timing of the authentication attempts Note TACACS Ethernet We recommend using CHAP because it is the more secure of the two protocols Cisco 819 routers support the Terminal Access Controller Access Control System Plus TACACS
129. ge on flash behavior Examples of names for default images c800 universalk9 mz SPA default c 800 universalk9_npe mz 151T default image default Note You can only have one configuration file with cfg option Having more than one file will result in uncertain operational behavior Use the show platform command to display the current bootup mode for the router The following sections show sample outputs when the button is not pushed and when the button is pushed Output When Button Is Not Pushed Example router show platform boot record Platform Config Boot Record Configuration Register at boot time 0x0 Reset Button Status at Boot Time Not Pressed Startup config Backup Status at Boot No Status Startup config backup file location No Backup Golden config file at location No Recovery Detected Config Recovery Status No Status Output When Button Is Pushed Example router show platform boot record Platform Config Boot Record Configuration Register at boot time 0x0 Reset Button Status at Boot Time Pressed Startup config Backup Status at Boot Ok Startup config backup file location flash startup backup 19000716 225840 UTC Golden config file at location flash golden cfg Config Recovery Status Ok Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter5 Basic Router Configuration Configuring a Loopback Interface W Push Button in WLAN
130. gister to a value from 0x2 to OxF for the router to boot a Cisco IOS image from flash memory upon startup or reloading The following example shows how to reset the configuration register and cause the router to boot a Cisco IOS image stored in flash memory rommon 1 gt confreg 0x2101 You must reset or power cycle for the new configuration to take effect rommon 2 gt boot The router will boot the Cisco IOS image in flash memory The configuration register will change to 0x2101 the next time the router is reset or power cycled Cisco 819 Integrated Services Routers Software Configuration Guide Pca R OL 18906 02 APPENDIX D Common Port Assignments Table D 1 lists currently assigned Transmission Control Protocol TCP port numbers To the extent possible the User Datagram Protocol UDP uses the same numbers Table D 1 Currently Assigned TCP and UDP Port Numbers Port Keyword Description 0 Reserved 1 4 Unassigned 5 RJE Remote job entry 7 ECHO Echo 9 DISCARD Discard 11 USERS Active users 13 DAYTIME Daytime 15 NETSTAT Who is up or NETSTAT 17 QUOTE Quote of the day 19 CHARGEN Character generator 20 FTP DATA File Transfer Protocol data 21 FTP File Transfer Protocol 23 TELNET Terminal connection 25 SMTP Simple Mail Transport Protocol 37 TIME Time 39 RLP Resource Location Protocol 42 NAMESERVER Hostname server 43 NICNAME Who
131. global configuration mode Configuration Example The following configuration example shows a portion of the configuration file for the DCHP configuration described in this chapter ip dhcp excluded address 192 168 9 0 ip dhcp pool dpooll import all network 10 10 0 0 255 255 255 0 default router 10 10 10 10 dns server 192 168 35 2 domain name cisco com ip domain name smallbiz com ip name server 192 168 11 12 Verify Your DHCP Configuration Use the following commands to view your DHCP configuration e show ip dhcp import Displays the optional parameters imported into the DHCP server database e show ip dhcp pool Displays information about the DHCP address pools e show ip dhcp server statistics Displays the DHCP server statistics such as the number of address pools bindings and so forth Router show ip dhcp import Address Pool Name dpooll Router show ip dhcp pool Pool dpooll Utilization mark high low 100 O Subnet size first next oat Q Total addresses 254 Cisco 819 Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks W Leased addresses 10 Pending event none 1 subnet is currently in the pool Current index IP address range Leased addresses 10 10 0 1 10 10 0 1 10 10 0 254 0 Router show ip dhcp server statistics Memory usage 15419 Address pools 1 Database agents Autom
132. gress Initializing FLASH file system Initializing Ethernet Ethernet is OK Starting Cisco IOS Initialization successful Association status Green Normal operating condition with no wireless client associated Blue Normal operating condition with at least one wireless client associated Operating status Blinking Blue Software upgrade in progress Rapidly cycling through Blue Green Red and White Access point location command invoked Blinking Red Ethernet link not operational Boot loader errors Blinking Red and Blue FLASH file system failure Blinking Red and Off Environment variable failure Bad MAC address Ethernet failure during image recovery Boot environment failure No Cisco image file Boot failure Cisco IOS errors Red Software failure Try to disconnect and reconnect the unit power oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter3 Wireless Local Area Network E WLAN Features Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 4G LTE Wireless WAN The Cisco 819HG 4G and Cisco 819G 4G LTE ISRs support 4G LTE and 3G cellular networks For instructions on how to configure the 4G LTE features on your Cisco 819 ISR see the Cisco 4G LTE Software Installation Guide Cisco 819 Series In
133. gure your Cisco 800 series router to act as a DHCP server providing IP address assignment and other TCP IP oriented configuration information to your workstations DHCP frees you from having to manually assign an IP address to each client I OL 23590 02 Cisco 819 Integrated Services Routers Software Configuration Guide g Chapter12 Configuring a LAN with DHCP and VLANs E VLANs When you configure a DHCP server you must configure the server properties policies and DHCP options Note VLANs Whenever you change server properties you must reload the server with the configuration data from the Network Registrar database The Cisco 819 routers support four Fast Ethernet ports on which you can configure VLANs VLANs enable networks to be segmented and formed into logical groups of users regardless of the user s physical location or LAN connection Configuration Tasks amp Perform the following tasks to configure this network scenario e Configure DHCP page 12 2 e Configure VLANs page 12 5 Note The procedures in this chapter assume you have already configured basic router features as well as PPPoE or PPPoA with NAT If you have not performed these configurations tasks see the Basic Router Configuration section on page 5 1 and Configuring a VPN Using Easy VPN and an IPSec Tunnel section on page 13 1 as appropriate for your router Configure DHCP SUMMARY STEPS Perform these steps t
134. heck filesystem consistency fsck lt filesystem gt monitor builtin command help monitor command history main memory information Create dir s mkdir lt dirnames gt Concatenate type file s cat lt filenames gt Rename a file rename lt old_name gt lt new_name gt repeat a monitor command system reset Remove a directory display the monitor variables produce a stack trace write monitor environment to NVRAM print out info from last system return tftp image download unset an alias unset a monitor variable x ymodem image download Cisco 819 Integrated Services Routers Software Configuration Guide operating system from the console See the boot command in the Command OL 18906 02 _ Appendix C ROM Monitor Command Descriptions W Commands are case sensitive You can halt any command by pressing the Break key on a terminal If you are using a PC most terminal emulation programs halt a command when you press the Ctrl and the Break keys at the same time If you are using another type of terminal emulator or terminal emulation software see the documentation for that product for information on how to send a Break command Command Descriptions Table C 1 describes the most commonly used ROM monitor commands Table C 1 Commonly Used ROM Monitor Commands Command Description help or Displays a summary of all available ROM monitor commands Displays information about command syntax for exam
135. hentication login default Specifies AAA authentication of selected users at list name method 1 method2 login and specifies the method used Example This example uses a local authentication database f You could also use a RADIUS server for this For Router config aaa authentication login 3 K j ee ooe ee details see Securing User Services Configuration Router config Guide Library Cisco IOS Release 12 4T and Cisco IOS Security Command Reference Step 3 aaa authorization network exec Specifies AAA authorization of all aera abe eee are network related service requests including PPP configuration efault ist name sfc method 1 aetheda ct and specifies the method of authorization This example uses a local authorization database Example You could also use a RADIUS server for this For Router config aaa authorization network details see Securing User Services Configuration rtr remote local Guide Library Cisco IOS Release 12 4T and Cisco Router config IOS Security Command Reference Step 4 username name no password password Establishes a username based authentication password password encryption type system encrypted password This example implements a username of Cisco Example with an encrypted password of Cisco Router config username Cisco password 0 Cisco Router config Cisco 819 Series Integrated Services Routers Software Configuration Guide 0L 23590 02 lt Chapter9 Configuring S
136. here is a system reload or power outage This example shows how to use this command to save your changes Router copy running config startup config Destination filename startup config Press Return to accept the default destination filename startup config or enter your desired destination filename and press Return It might take a minute or two to save the configuration to NVRAM After the configuration has been saved the following message appears Building configuration Router Now that you have reviewed some Cisco IOS software basics you can begin to configure your router Remember e You can use the question mark and arrow keys to help you enter commands e Each command mode restricts you to a set of commands If you are having difficulty entering a command check the prompt and then enter the question mark for a list of available commands You might be in the wrong command mode or using the wrong syntax e To disable a feature enter the keyword no before the command for example no ip routing e Save your configuration changes to NVRAM so that they are not lost if there is a system reload or power outage Where to Go Next To configure your router go to the Basic Router Configuration section on page 5 1 I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide Appendix A Cisco 10S Software Basic Skills E Where to Go Next Cisco 819 Integrated Services Rou
137. iate respond Command or Action Purpose crypto map map name isakmp authorization list list name Example Router config crypto map dynmap isakmp authorization list rtr remote Router config Applies mode configuration to the crypto map and enables key lookup IKE queries for the group policy from an authentication authorization and accounting AAA server crypto map tag client configuration address initiate respond Example Router config crypto map dynmap client configuration address respond Router config Configures the router to reply to mode configuration requests from remote clients Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 9 Configuring Security Features Configuring VPN W Enable Policy Lookup To enable policy lookup through AAA perform these steps beginning in global configuration mode SUMMARY STEPS 1 aaa new model 2 aaa authentication login default list name method method2 3 aaa authorization network exec commands level reverse access configuration default list name method method2 4 username name no password password password password encryption type encrypted password DETAILED STEPS Command or Action Purpose Step 1 aaa new model Enables the AAA access control model Example Router config aaa new model Router config Step 2 aaa aut
138. ient site to access resources at the central site Resources at the client site are unavailable to the central site Network extension mode allows users at the central site where the VPN 3000 series concentrator is located to access network resources on the client site I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter9 Configuring Security Features Hs Configuring VPN After the IPSec server has been configured a VPN connection can be created with minimal configuration on an IPSec client such as a supported Cisco 819 ISR When the IPSec client initiates the VPN tunnel connection the IPSec server pushes the IPSec policies to the IPSec client and creates the corresponding VPN tunnel connection Note The Cisco Easy VPN client feature supports configuration of only one destination peer If your application requires the creation of multiple VPN tunnels you must manually configure the IPSec VPN and Network Address Translation Peer Address Translation NAT PAT parameters on both the client and the server Cisco 819 ISRs can be also configured to act as Cisco Easy VPN servers letting authorized Cisco Easy VPN clients establish dynamic VPN tunnels to the connected network For information on the configuration of Cisco Easy VPN servers see the Easy VPN Server feature document Site to Site VPN The configuration of a site to site VPN uses IPSec and the generic routing encapsulatio
139. iguring Per Port Storm Control 10 10 Configuring Fallback Bridging 10 11 Managing the Switch 10 12 cuapter 11 Configuring PPP over Ethernet with NAT 11 1 PPPoE 11 2 NAT 11 2 Configuration Tasks 11 2 Configure the Virtual Private Dialup Network Group Number Configure the Fast Ethernet WAN Interfaces 11 3 Configure the Dialer Interface 11 4 Configure Network Address Translation 11 6 Configuration Example 11 9 Verifying Your Configuration 11 11 cHAptTeR 12 Configuring a LAN with DHCP and VLANs 12 1 DHCP 12 1 VLANs 12 2 Configuration Tasks 12 2 Configure DHCP 12 2 Configuration Example 12 4 Verify Your DHCP Configuration 12 4 Configure VLANs 12 5 Assign a Switch Port toa VLAN 12 6 Verify Your VLAN Configuration 12 7 Contents W Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 g5 E Contents cHapTerR 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel 13 1 Cisco Easy VPN 13 2 Configuration Tasks 13 3 Configure the IKE Policy 13 3 Configure Group Policy Information 13 5 Apply Mode Configuration to the Crypto Map Enable Policy Lookup 13 7 Configure IPSec Transforms and Protocols 13 6 13 8 Configure the IPSec Crypto Method and Parameters 13 8 Apply the Crypto Map to the Physical Interface 13 10 Create an Easy VPN Remote Configuration Verifying Your Easy VPN Configuration Configuration Example 13 12 appendix A Cisco IOS Software Basic Skills A 1 Configu
140. imary Domain Name System DNS server for the group Example P 4 You may also want to specify Windows Internet Router config isakmp group dns 10 50 10 1 Naming Service WINS servers for the group by Router config isakmp group 7 using the wins command Step 4 domain name Specifies group domain membership Example Router config isakmp group domain company com Router config isakmp group Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 g oo Chapter9 Configuring Security Features Hs Configuring VPN Step5 Step 6 Command or Action Purpose exit Example Router config isakmp group exit Router config Exits IKE group policy configuration mode and enters global configuration mode ip local pool default pool name low ip address high ip address Example Router config ip local pool dynpool 30 30 30 20 30 30 30 30 Router config Specifies a local address pool for the group For details about this command and additional parameters that can be set see Cisco IOS Dial Technologies Command Reference Apply Mode Configuration to the Crypto Map SUMMARY STEPS DETAILED STEPS Step 1 Step 2 To apply mode configuration to the crypto map perform these steps beginning in global configuration mode 1 crypto map map name isakmp authorization list list name 2 crypto map fag client configuration address init
141. ination default gateway ip address Example Router config if tunnel destination 192 168 101 1 Router config if Specifies the destination endpoint of the router for the GRE tunnel crypto map map name Example Router config if crypto map static map Router config if Assigns a crypto map to the tunnel Note Dynamic routing or static routes to the tunnel interface must be configured to establish connectivity between the sites exit Example Router config if exit Router config Exits interface configuration mode and returns to global configuration mode ip access list standard extended access list name Example Router config ip access list extended vpnstaticl Router config acl Enters ACL configuration mode for the named ACL that is used by the crypto map Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 9 Configuring Security Features Step 8 Step 9 Configuring VPN W Command or Action Purpose permit protocol source source wildcard Specifies that only GRE traffic is permitted on the destination destination wildcard outbound interface Example Router config acl permit gre host 192 168 100 1 host 192 168 101 1 Router config acl exit Returns to global configuration mode Example Router config acl exit Router config Configuration Example The follow
142. ing configuration example shows a portion of the configuration file for a VPN using a GRE tunnel scenario described in the preceding sections aaa new model aaa authentication login rtr remote local aaa authorization network rtr remote local aaa session id common username cisco password 0 cisco interface tunnel 1 ip address 10 62 1 193 255 255 255 252 tunnel source fastethernet 0 tunnel destination interface 192 168 101 1 ip route 20 20 20 0 255 255 255 0 tunnel 1 crypto isakmp policy 1 encryption 3des authentication pre share group 2 crypto isakmp client configuration group rtr remote key secret password dns 10 50 10 1 10 60 10 1 domain company com pool dynpool crypto ipsec transform set vpnl esp 3des esp sha hmac crypto ipsec security association lifetime seconds 86400 crypto dynamic map dynmap 1 set transform set vpnl reverse route crypto map static map 1 ipsec isakmp dynamic dynmap Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 Chapter9 Configuring Security Features Hs Configuring VPN crypto map dynmap isakmp authorization list rtr remote crypto map dynmap client configuration address respond 1 Defines the key association and authentication for IPsec tunnel crypto isakmp policy 1 hash md5 authentication pre share crypto isakmp key cisco123 address 200 1 1 1 Defines encryption and transform set for the IPsec tunnel cry
143. ing static translation see Cisco IOS IP Command Reference Volume 1 of 4 Addressing and Services Router config if ip nat outside Router config if Step 9 no shutdown Enables the configuration changes just made to the Ethernet interface Example Router config if no shutdown Router config if Step10 exit Exits configuration mode for the Fast Ethernet interface Example Router config if exit Router config Step 11 access list access list number deny Defines a standard access list indicating which permit source source wildcard addresses need translation Example Note All other addresses are implicitly denied Router config access list 1 permit 192 168 1 0 255 255 255 0 amp Note If you want to use NAT with a virtual template interface you must configure a loopback interface See the Basic Router Configuration section on page 5 1 for information on configuring a loopback interface For complete information on the NAT commands see the Cisco IOS Release 12 3 documentation set For more general information on NAT concept see the Cisco IOS Software Basic Skills section on page A 1 Configuration Example The following configuration example shows a portion of the configuration file for the PPPoE scenario described in this chapter The VLAN interface has an IP address of 192 168 1 1 with a subnet mask of 255 255 255 0 NAT is configured for inside and outside
144. initialize the processor hardware and boot the operating system software You can use the ROM monitor to perform certain configuration tasks such as recovering a lost password or downloading software over the console port If there is no Cisco IOS software image loaded on the router the ROM monitor runs the router This appendix contains the following sections e Entering the ROM Monitor page C 1 e ROM Monitor Commands page C 2 e Command Descriptions page C 3 e Disaster Recovery with TFTP Download page C 3 e Configuration Register page C 10 e Console Download page C 12 e Debug Commands page C 13 e Exiting the ROM Monitor page C 14 Entering the ROM Monitor To use the ROM monitor you must be using a terminal or PC that is connected to the router over the console port Perform these steps to configure the router to boot up in ROM monitor mode the next time it is rebooted Command Purpose Step 1 enable Enters privileged EXEC mode Enter your password if prompted Step2 configure terminal Enters global configuration mode Step3 config reg 0x0 Resets the configuration register Cisco 819 Integrated Services Routers Software Configuration Guide I OL 18906 02 g ci AppendixC ROM Monitor E ROM Monitor Commands Command Purpose Step 4 exit Exits global configuration mode Step 5 reload Reboots the router with the new configuration register value The router remains in ROM monitor and doe
145. ion ppp no ip mroute cache dialer in band dialer idle timeout 0 dialer string dial lt carrier gt dialer group 1 async mode interactive no ppp icp fast start ppp chap hostname lt hostname gt rit gsm only ppp chap password 0 lt password gt ppp ipcp dns request traffic of interest through the tunnel cellular interface ip route 10 10 0 0 255 255 0 0 Tunnel2 Configuration for 8705 modem The following shows how to configure an HSPA modem chat script hspa AT SCACT 1 1 TIMEOUT 60 OK interface Cellular0O ip address negotiated encapsulation slip dialer in band dialer pool member 1 dialer group 1 async mode interactive interface Dialerl ip address negotiated ip nat outside ip virtual reassembly in encapsulation slip dialer pool 1 dialer string hspa dialer group 1 ip nat inside source list 1 interface Dialerl overload ip route 0 0 0 0 0 0 0 0 Dialer1 access list 1 permit any dialer list 1 protocol ip permit Cisco 819 Series Integrated Services Router Software Configuration Guide oL 23590 02 EN Chapter5 Basic Router Configuration Hs Configuring WAN Interfaces line 3 script dialer hspa modem InOut no exec transport input all Configuring Dual SIM for Cellular Networks The Dual SIM feature implements auto switch and failover between two cellular networks on a Cisco 819 ISR This feature is enabled by default with SIM slot 0 being the primary slot and slot 1 being the s
146. isions URL filtering on the ISR by selecting categories of websites to be permitted or blocked An external server maintained by a third party will be used to check for URLs in each category Permit and deny policies are maintained on the ISR The service is subscription based and the URLs in each category are maintained by the third party vendor For additional information about configuring URL filtering see Subscription based Cisco IOS Content Filtering Configuring VPN A virtual private network VPN connection provides a secure connection between two networks over a public network such as the Internet Cisco 819 ISRs support two types of VPNs site to site and remote access Site to site VPNs are used to connect branch offices to corporate offices for example Remote access VPNs are used by remote clients to log in to a corporate network Two examples are given in this section remote access VPN and site to site VPN e Remote Access VPN page 9 5 e Site to Site VPN page 9 6 e Configuration Examples page 9 7 e Configure a VPN over an IPSec Tunnel page 9 7 e Create a Cisco Easy VPN Remote Configuration page 9 15 e Configure a Site to Site GRE Tunnel page 9 17 Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 9 Configuring Security Features Configuring VPN W Remote Access VPN The configuration of a remote access VPN uses Cisco Easy VPN and an IP Security IPSec
147. ist 1 dialer list 2 protocol ip permit I Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 a 67 Chapter6 Configuring Backup Data Lines and Remote Management Hs Configuring Dial Backup and Remote Management Through the Console Port route map track primary if permit 10 match ip address 102 set interface Dialer2 route map nat2cell permit 10 match ip address 101 match interface Cellular0O control plane line con 0 no modem enable line aux 0 line 3 exec timeout 0 0 script dialer gsm login modem InOut no exec line vty 0 4 login scheduler max task time 5000 webvpn cef end Configuring Dial Backup and Remote Management Through the Console Port When customer premises equipment such as a Cisco 819 ISR is connected to an ISP an IP address is dynamically assigned to the router or the IP address may be assigned by the router peer through the centrally managed function The dial backup feature can be added to provide a failover route in case the primary line fails The Cisco 819 ISRs can use the auxiliary port for dial backup and remote management Cisco 819 Series Integrated Services Routers Software Configuration Guide lt OL 23590 02 Chapter6 Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port W Figure 6 1 shows the network configuration used for remote management access
148. itting the TxC signal transmit echoed clock line also known as TXCE or SCTE clock can experience high error rates when operating at the higher transmission speeds For example if the interface on the PA 8T and PA 4T synchronous serial port adapters is reporting a high number of error packets a phase shift might be the problem Inverting the clock signal can correct this shift To invert the clock signal use the following commands in interface configuration mode SUMMARY STEPS 1 invert txclock 2 invert rxclock Cisco 819 Series Integrated Services Routers Software Configuration Guide Cu OL 23590 02 Chapter8 Configuring the Serial Interface How to Configure Serial Interfaces W DETAILED STEPS Command or Action Purpose Step1 jinvert txclock Inverts the clock signal on an interface Example Router config if invert txclock Step2 invert rxclock Inverts the phase of the RX clock on the UIO serial Example Router config if invert rxclock interface which does not use the T1 E1 interface Setting Transmit Delay Command It is possible to send back to back data packets over serial interfaces faster than some hosts can receive them You can specify a minimum dead time after transmitting a packet to remove this condition This setting is available for serial interfaces on the MCI and SCI interface cards and for the HSSI or MIP Use one of the following commands as appropriate for your sys
149. k to the ready state and waits for the next frame to arrive Figure 4 Half Duplex DTE Receive State Machine An error counter is incremented upon receipt of the giant frames To view the error counter use the show interfaces command for the serial interface in question Half Duplex DCE State Machines As shown in Figure 5 for a low speed serial interface in DCE mode the half duplex DCE transmit state machine idles in the ready state when it is quiescent When a frame is available for transmission on the serial interface such as when the output queues are no longer empty the state machine starts a timer based on the value of the half duplex timer transmit delay command in milliseconds and transitions to the transmit delay state Similar to the DTE transmit state machine the transmit delay state gives you the option of setting a delay between the transmission of frames for example this feature lets you compensate for a slow receiver that loses data when multiple frames are received in quick succession The default transmit delay value is 0 ms use the half duplex timer transmit delay interface configuration command to specify a delay value not equal to 0 I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter8 Configuring the Serial Interface HI How to Configure Serial Interfaces Figure 5 Half Duplex DCE Transmit State Machine After the transmit delay state the next state depe
150. k9 mz SPA 152 3 16 M0 1 RASHINFO flash crashinfo_20120406 133436 UTC _2_RTS 22 51 49 UTC Fri Jul 13 2012 RET_2_RCALTS 1342219899 rommon 2 gt rommon 2 gt rommon 2 gt tftpdnld r IP_ADDRESS IP_SUBNET_MASK DEFAULT_GATEWAY TFTP_SI TFT ERVER P_FILE TFTP_MACADDR TFTP_DESTINATION ERBOSE TFTP_VI TFTP_CH E E TFTP_RETRY_COUNT TFTP_TIMEOUT CKSUM PORT 209 165 200 225 255 255 255 224 209 165 200 225 209 165 200 225 c800 universalk9 mz SPA 152 3 16 M0 1 00 22 bd ec 23 f4 flash Progress 18 7200 Yes 4 Cisco 819 Integrated Services Routers Software Configuration Guide OL 18906 02 _ Appendix C ROM Monitor Disaster Recovery with TFTP Download W Receiving c800 universalk9 mz SPA 152 3 16 M0 1 from 209 165 200 225 5 ee ee File reception completed IOS Image Load Test Digitally Signed Production Software Validating checksum loading image c800 universalk9 mz SPA 152 3 16 M0 1 program load complete entry point 0x4000000 size 0x307eeb0 Self decompressing the image Hat HE HE HE HE HE HE HE HE HE EE HE HE EE HE HE HE HE HE HE HE HE HE HE FE HE HE FE HE FE FE HE FHE FE HE HE EH HH FE HE FHE HE HE HE HE a a HE HE Ha HH HE Ht E HE HE HE HE HE HE HE FE HE HE HE HE HE HE HE HE HE HE HE FE HE HE FE HE HE FE HE HE HE HE FE HE HE FE HE FE FE HE FE HE HE E HE HE HE FE HE FE FE HE FE HE HE HE HE HE HE Ha HE HE H
151. le shows how to configure the access server so that it will use the default address pool on all interfaces except interface 7 on which it will use an address pool called lass ip address pool local ip local pool lass 172 30 0 1 async interface interface 7 peer default ip address lass I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter8 Configuring the Serial Interface Hs Configuration Examples Low Speed Serial Interface Examples The section includes the following configuration examples for low speed serial interfaces e Synchronous or Asynchronous Mode Examples page 8 20 e Half Duplex Timers Example page 8 20 Synchronous or Asynchronous Mode Examples The following example shows how to change a low speed serial interface from synchronous to asynchronous mode interface serial 2 physical layer async The following examples show how to change a low speed serial interface from asynchronous mode back to its default synchronous mode interface serial 2 physical layer sync or interface serial 2 no physical layer The following example shows some typical asynchronous interface configuration commands interface serial 2 physical layer async ip address 10 0 0 2 255 0 0 0 async default ip address 10 0 0 1 async mode dedicated async default routing The following example shows some typical synchronous serial interface configuration commands available when
152. lic 3 1 3 6 1 2 1 17 amp Note When you create a VLAN x the logical entity public x is added If you query with the public community the L3 MIB is displayed When you query with public x the L2 MIB for VLAN x is displayed In the context based approach the SNMP context mapping commands are used to display the values for L2 interfaces Each VLAN is mapped to a context When the user queries with a context the MIB displays the data for that specific VLAN which is mapped to the context In this approach each VLAN is manually mapped to a context To get the BRIDGE MIB details use the following commands in the configuration mode Router config Routersnmp server group public v2c context bridge group Router config snmp server community public RW Router config snmp server community private RW Router config snmp server context bridge group Router config snmp mib community map public context bridge group Use the following syntax to query the SNMP BRIDGE MIB details snmpwalk v2c lt ip address of the ISR gt public 1 1 3 6 1 2 1 17 L2 MIB snmpwalk v2c lt ip address of the ISR gt private 1 3 6 1 2 1 17 L3 MIB XS Note When you query with the public community the L2 MIB is displayed Use the private group for L3 MIB For more details to configure and retrieve the BRIDGE MIB details see The BRIDGE MIB MAC Address Notification MAC address notification enables you to track user
153. low these steps to configure static routes beginning in global configuration mode SUMMARY STEPS 1 ip route prefix mask ip address interface type interface number ip address 2 end DETAILED STEPS Command Purpose Step 1 ip route prefix mask ip address Specifies the static route for the IP packets interface type interface number ip address For details about this command and about additional parameters that can be set see Cisco Example IOS IP Routing Protocol Independent Command Router config ip route 192 168 1 0 Reference 255 255 0 0 10 10 10 2 Router config Step 2 end Exits router configuration mode and enters privileged EXEC mode Example Router config end Router For general information on static routing see the Floating Static Routes section on page B S Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 E 527 Chapter5 Basic Router Configuration Hs Configuring Dynamic Routes Example In the following configuration example the static route sends out all IP packets with a destination IP address of 192 168 1 0 and a subnet mask of 255 255 255 0 on the Fast Ethernet interface to another device with an IP address of 10 10 10 2 Specifically the packets are sent to the configured PVC You do not need to enter the command marked default This command appears automatically in the configuration file generated when you use the show runni
154. ltiband Swivel Mount Dipole Antenna 3G ANTM1919D 3G ANTM1916 CM See Cisco Multiband Omnidirectional Ceiling Mount Antenna 3G ANTM1916 CM 3G AE015 R Antenna Extension See Cisco Single Port Antenna Stand for Multiband TNC Male Terminated Portable Antenna Cisco 3G AE015 R 3G AE010 R Antenna Extension See Cisco Single Port Antenna Stand for Multiband TNC Male Terminated Portable Antenna Cisco 3G AEO15 R This document applies to both 3G AE015 R and 3G AE010 R The only difference between these two products is the length of the cable 3G ANTM OUT OM See Cisco 3G Omnidirectional Outdoor Antenna 3G ANTM OUT OM 3G ANTM OUT LP See Cisco Multiband Omnidirectional Panel Mount Antenna 3G ANTM OUT LP 3G ACC OUT LA See Cisco 3G Lightning Arrestor 3G ACC OUT LA 4G ANTM OM CM See Cisco 4G Indoor Ceiling Mount Omnidirectional Antenna 4G ANTM OM CM e You must check your LEDs for signal reception as described in Table 2 1 e You should be familiar with the Cisco IOS software See the Cisco IOS documentation beginning with Release 12 4 15 T or later for Cisco 3G support e To configure your 3G data profile you will need the username password and access point name APN from your service provider After you have collected the appropriate information you can perform a full configuration on your router beginning with the tasks in the Configuring Command Line Access section on page 5 5
155. mples shown in this chapter apply only to the endpoint configuration on the Cisco 819 ISRs Any VPN connection requires both endpoints to be configured properly to function See the software configuration documentation as needed to configure VPN for other router models VPN configuration information must be configured on both endpoints You must specify parameters such as internal IP addresses internal subnet masks DHCP server addresses and Network Address Translation NAT Configure a VPN over an IPSec Tunnel Perform the following tasks to configure a VPN over an IPSec tunnel Configure the IKE Policy page 9 7 Configure Group Policy Information page 9 9 Apply Mode Configuration to the Crypto Map page 9 10 Enable Policy Lookup page 9 11 Configure IPSec Transforms and Protocols page 9 12 Configure the IPSec Crypto Method and Parameters page 9 12 Apply the Crypto Map to the Physical Interface page 9 14 Where to Go Next page 9 14 Configure the IKE Policy To configure the Internet Key Exchange IKE policy perform these steps beginning in global configuration mode SUMMARY STEPS 1 crypto isakmp policy priority 2 encryption des 3des aes aes 192 aes 256 3 hash md5 sha 4 authentication rsa sig rsa encr pre share 5 group 11215 6 lifetime seconds 7 exit Cisco 819 Series Integrated Services Routers Software Configuration Guide 0L 23590 02 a 37 Chapter9 Configuring Security Features
156. n GRE protocol to secure the connection between the branch office and the corporate network Figure 9 2 shows a typical deployment scenario Figure 9 2 Site to Site VPN Using an IPSec Tunnel and GRE 121783 Branch office containing multiple LANs and VLANs Fast Ethernet LAN interface With address 192 165 0 0 16 also the inside interface for NAT VPN client Cisco 819 ISR Fast Ethernet With address 200 1 1 1 also the outside interface for NAT LAN interface Connects to the Internet with outside interface address of 210 110 101 1 VPN client Another router which controls access to the corporate network LAN interface Connects to the corporate network with inside interface address of 10 1 1 1 Corporate office network IPSec tunnel with GRE oOo co N ol or S UO N For more information about IPSec and GRE configuration see Secure Connectivity Configuration Guide Library Cisco IOS Release 12 4T Cisco 819 Series Integrated Services Routers Software Configuration Guide lt OL 23590 02 Chapter9 Configuring Security Features Configuring VPN W Configuration Examples Each example configures a VPN over an IPSec tunnel using the procedure given in the Configure a VPN over an IPSec Tunnel section on page 9 7 Then the specific procedure for a remote access configuration is given followed by the specific procedure for a site to site configuration The exa
157. nal session login exec timeout minutes seconds Example Router config line exec timeout 5 30 Router config line Sets the interval that the EXEC command interpreter waits until user input is detected The default is 10 minutes Optionally add seconds to the interval value This example shows a timeout of 5 minutes and 30 seconds Entering a timeout of 0 0 specifies never to time out line aux console tty vty line number Example Router config line line vty 0 4 Router config line Specifies a virtual terminal for remote console access password password Example Router config line password aldf2ad1 Router config line Specifies a unique password for the virtual terminal line Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Basic Router Configuration Chapter 5 Basic Router Configuration Example Step7 Step 8 Configuring Command Line Access W Command Purpose login Enables password checking at the virtual terminal session login Example Router config line login Router config line end Example Router config line end Router Exits line configuration mode and returns to privileged EXEC mode The following configuration shows the command line access commands You do not need to input the commands marked default These commands appear automatically in the
158. nd the corporate network Figure 13 1 shows a typical deployment scenario I OL 23590 02 Cisco 819 Integrated Services Routers Software Configuration Guide g Chapter13 Configuring a VPN Using Easy VPN and an IPSec Tunnel W Cisco Easy VPN Figure 13 1 Remote Access VPN Using IPSec Tunnel il Ge m 121782 z Remote networked users VPN client Cisco 819 ISRs Router Providing the corporate office network access VPN server Easy VPN server Corporate office with a network address of 10 1 1 1 Oo ao S UOI N IPSec tunnel Cisco Easy VPN The Cisco Easy VPN client feature eliminates much of the tedious configuration work by implementing the Cisco Unity Client protocol This protocol allows most VPN parameters such as internal IP addresses internal subnet masks DHCP server addresses WINS server addresses and split tunneling flags to be defined at a VPN server that is acting as an IPSec server An Easy VPN server enabled device can terminate VPN tunnels initiated by mobile and remote workers who are running Cisco Easy VPN Remote software on PCs Easy VPN server enabled devices allow remote routers to act as Easy VPN Remote nodes The Cisco Easy VPN client feature can be configured in one of two modes client mode or network extension mode Client mode is the default configuration and allows only devices at the client site to access resourc
159. nds for example no ip routing Command Line Error Messages Table A 3 lists some error messages that you might encounter while using the CLI to configure your router Table A 3 Error Message Common CLI Error Messages How to Get Help Ambiguous command show con You did not enter enough characters for your router to recognize the command Re enter the command followed by a question mark with no space between the command and the question mark The possible keywords that you can enter with the command are displayed Incomplete command You did not enter all the keywords or values required by this command Re enter the command followed by a question mark with no space between the command and the question mark The possible keywords that you can enter with the command are displayed Invalid input detected at marker You entered the command incorrectly The error occurred where the caret mark appears Enter a question mark to display all the commands that are available in this particular command mode Cisco 819 Integrated Services Routers Software Configuration Guide OL 18906 02 Appendix A Cisco 10S Software Basic Skills Saving Configuration Changes W Saving Configuration Changes Summary You must enter the copy running config startup config command to save your configuration changes to NVRAM so that they are not lost if t
160. nds are used to set operating parameters you should password protect these commands to prevent unauthorized use You can use two commands to do this e enable secret password A very secure encrypted password e enable password A less secure unencrypted local password Both the enable and enable secret passwords control access to various privilege levels 0 to 15 The enable password is intended for local use and is thus unencrypted The enable secret password is intended for network use that is in environments where the password crosses the network or is stored on a TFTP server You must enter an enable secret or enable password with a privilege level of 1 to gain access to privileged EXEC mode commands For maximum security the passwords should be different If you enter the same password for both during the setup process your router accepts the passwords but warns you that they should be different An enable secret password can contain from 1 to 25 uppercase and lowercase alphanumeric characters An enable password can contain any number of uppercase and lowercase alphanumeric characters In both cases a number cannot be the first character Spaces are also valid password characters for example two words is a valid password Leading spaces are ignored trailing spaces are recognized Entering Global Configuration Mode Step 1 Step 2 Step 3 To make any configuration changes to your router you must be in global configurati
161. nds on whether the interface is in constant carrier mode the default or controlled carrier mode If the interface is in constant carrier mode it passes through the following states 1 The state machine passes to the transmit state when the transmit delay timer expires The state machine stays in the transmit state until there are no more frames to transmit When there are no more frames to transmit the state machine passes to the wait transmit finish state where it waits for the transmit FIFO to empty Once the FIFO empties the DCE passes back to the ready state and waits for the next frame to appear in the output queue If the interface is in controlled carrier mode the interface performs a handshake using the data carrier detect DCD signal In this mode DCD is deasserted when the interface is idle and has nothing to transmit The transmit state machine transitions through the states as follows 1 After the transmit delay timer expires the DCE asserts DCD and transitions to the DCD txstart delay state to ensure a time delay between the assertion of DCD and the start of transmission A timer is started based on the value specified using the dcd txstart delay command This timer has a default value of 100 ms use the half duplex timer dcd txstart delay interface configuration command to specify a delay value When this delay timer expires the state machine transitions to the transmit state and transmits frames until there a
162. nfamiliar words typos into IP addresses Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Basic Router Configuration Chapter5 Basic Router Configuration Configuring WAN Interfaces W Configuring WAN Interfaces Configure the WAN interface for your router using one of the following as appropriate Configuring a Gigabit Ethernet WAN Interface page 5 9 Configuring the Cellular Wireless WAN Interface page 5 10 Configuring Dual SIM for Cellular Networks page 5 22 Configuring Router for Image and Config Recovery Using Push Button page 5 23 Configuring Router for Image and Config Recovery Using Push Button page 5 23 Configuring a Gigabit Ethernet WAN Interface SUMMARY STEPS To configure the Ethernet interface on a Cisco 819 ISR perform these steps beginning in global configuration mode gt N interface type number ip address ip address mask no shutdown exit OL 23590 02 Cisco 819 Series Integrated Services Router Software Configuration Guide Chapter5 Basic Router Configuration Hs Configuring WAN Interfaces DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Command Purpose interface type number Example Router config interface gigabitethernet 0 Router config if Enters the configuration mode for a Gigabit Ethernet WAN interface on the router ip address ip address mask Example Router config if
163. nfig isakmp lifetime 480 Router config isakmp Specifies the lifetime from 60 to 86400 seconds for an IKE security association SA exit Example Router config isakmp exit Router config Exits IKE policy configuration mode and enters global configuration mode Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 9 Configuring Security Features Configure Group Policy Information Configuring VPN W To configure the group policy perform these steps beginning in global configuration mode SUMMARY STEPS 1 crypto isakmp client configuration group group name default 2 key name 3 dns primary server 4 domain name 5 exit 6 ip local pool default poolname low ip address high ip address DETAILED STEPS Command or Action Purpose Step 1 crypto isakmp client configuration group Creates an IKE policy group containing attributes group name default to be downloaded to the remote client Also enters the Internet Security Association Key Example and Management Protocol ISAKMP group policy configuration mode Router config crypto isakmp client configuration group rtr remote Router config isakmp group Step 2 key name Specifies the IKE pre shared key for the group policy Example Router config isakmp group key secret password Router config isakmp group Step 3 dns primary server Specifies the pr
164. nfiguration memory 961128K bytes of ATA System CompactFlash Read Write Press RETURN to get started Jan 2 00 00 02 391 IOS_LICENSE_IMAGE_APPLICATION 6 LICENSE_LEVEL Module name Next reboot level advipservices and License advipservices Jul 13 23 00 20 435 VPN_HW 6 INFO_LOC Crypto engine onboard 0 State changed to Initialized Jul 13 23 00 20 515 VPN_HW 6 INFO_LOC Crypto engine onboard 0 State changed to Enabled Jul 13 23 00 24 431 c3600_scp_set_dstaddr2_idb 184 add 0 name is Wlan GigabitEthernet0 Jul 13 23 00 41 395 SLINEPROTO 5 UPDOWN Line protocol on Interface wlan ap0 changed state to up Jul 13 23 00 41 395 LINK 3 UPDOWN Interface GigabitEthernet0 changed state to up Jul 13 23 00 41 399 LINK 3 UPDOWN Interface Serial0 changed state to down Jul 13 23 00 42 187 LINEPROTO 5 UPDOWN Line protocol on Interface Vlanl changed state to down Jul 13 23 00 42 395 changed state to up Jul 13 23 00 42 399 SLINEPROTO 5 UPDOWN Line protocol on Interface Serial0 changed state to down Jul 13 23 00 55 915 SYS 5 CONFIG_I Configured from memory by console Jul 13 23 00 56 159 FW 6 INIT Firewall inspection startup completed beginning operation c800 Il oe LINEPROTO 5 UPDOWN Line protocol on Interface GigabitEthernet0 Jul 13 23 00 56 255 SLINEPROTO 5 UPDOWN Line protocol on Interface Vlan114 changed sta
165. ng config command ip classless default ip route 192 168 1 0 255 255 255 0 10 10 10 2 Verifying Configuration To verify that you have properly configured static routing enter the show ip route command and look for static routes signified by the S You should see a verification output similar to the following Router show ip route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 i IS IS su IS IS summary L1 IS IS level 1 L2 IS IS level 2 ia IS IS inter area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets ie 10 108 1 0 is directly connected Loopback0 S 0 0 0 0 0 is directly connected FastEthernet0 Configuring Dynamic Routes In dynamic routing the network protocol adjusts the path automatically based on network traffic or topology Changes in dynamic routes are shared with other routers in the network The Cisco routers can use IP routing protocols such as Routing Information Protocol RIP or Enhanced Interior Gateway Routing Protocol EIGRP to learn routes dynamically You can configure either of these routing protocols on your router e Configuring Routing Information P
166. nitoring and maintaining CDP oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter 10 Configuring the Ethernet Switches HZ How to Configure Ethernet Switches Configuring the Switched Port Analyzer For information on how to configure a switched port analyzer SPAN session see Configuring the Switched Port Analyzer SPAN This section contains information on the following topics e Configuring the SPAN sources e Configuring SPAN destinations e Verifying the SPAN session e Removing sources or destinations from a SPAN session Configuring IP Multicast Layer 3 Switching For information on how to configure IP multicast Layer 3 switching see Configuring IP Multicast Layer 3 Switching This section contains information on the following topics e Enabling IP multicast routing globally e Enabling IP protocol independent multicast PIM on Layer 3 interfaces e Verifying IP multicast Layer 3 hardware switching summary e Verifying the IP multicast routing table Configuring IGMP Snooping For information on how to configure IGMP snooping see Configuring IGMP Snooping This section contains information on the following topics e Enabling or disabling IGMP snooping e Enabling IGMP immediate leave processing e Statically configuring an interface to join a group e Configuring a multicast router port IGMP Version 3 In support of the IGMPv3 feature in Cisco IOS Release 12 4 15
167. o configure your router for DHCP operation beginning in global configuration mode 1 ip domain name name 2 ip name server server address1 server address2 server address6 3 ip dhcp excluded address ow address high address 4 ip dhcp pool name 5 network network number mask prefix length 6 import all 7 default router address address2 address8 8 dns server address address2 address8 9 domain name domain 10 exit Cisco 819 Integrated Services Routers Software Configuration Guide P22 E OL 23590 02 Chapter 12 Configuring a LAN with DHCP and VLANs Configuration Tasks W DETAILED STEPS Command Purpose Step1 ip domain name name Identifies the default domain that the router uses to complete unqualified hostnames names without a Example dotted decimal domain name Router config ip domain name smallbiz com Router config Step2 ip name server server address1 Specifies the address of one or more Domain Name eRe Pee T CRSA Re Ver addr Rae System DNS servers to use for name and address resolution Example Router config ip name server 192 168 11 12 Router config Step3 ip dhcp excluded address low address Specifies IP addresses that the DHCP server should high address not assign to DHCP clients In this example we are excluding the router address Example Router config ip dhcp excluded address 192 168 9 0 Step4 ip dhcp pool name Crea
168. ogy page 3 2 e Dynamic Frequency Selection page 3 2 e LEDs page 3 2 This release supports Cisco 802 Access Points AP802 The AP802 is an integrated access point on the Next Generation of Cisco 819HGW Cisco 819HWD ISRs The access point is a wireless LAN transceiver that acts as the connection point between wireless and wired networks or as the center point of a standalone wireless network In large installations the roaming functionality provided by multiple access points enables wireless users to move freely throughout the facility while maintaining uninterrupted access to the network I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide gy Chapter3 Wireless Local Area Network WE WLAN Features AP802 Dual Radio contains two different types of wireless radio that can support connections on both 2 4 GHz used by 802 11b 802 11g and 802 11n and 5 GHz used by 802 11a and 802 11n With the dual radio dual band IEEE 802 1 1n access point the Cisco 819HGW and Cisco 819HWD ISRs offer a secure integrated access point in a single device The ISRs support both autonomous and unified modes and are backward compatible with 802 1 1a b g The routers support IEEE 802 11n draft 2 0 and use multiple input multiple output MIMO technology that provides increased throughput reliability and predictability For complete information on how to configure wireless device and radio settings see Basic Wir
169. on command with the HEr configuration mode parameters for the terminal line ine desired line number and optional line type for example line 0 from global configuration mode Getting Help You can use the question mark and arrow keys to help you enter commands enter the exit command To exit to privileged EXEC mode enter the end command or press Ctrl Z For a list of available commands for a prticular command mode enter a question mark Router gt access enable Create a temporary access list entry access profile Apply user profile to interface clear Reset functions To complete a command enter a few known characters followed by a question mark with no space Router gt sh s show set show slip systat For a list of command variables enter the command followed by a space and a question mark Router gt show clock dialer exception Display the system clock Dialer parameters and statistics exception information To redisplay a command that you previously entered press the Up Arrow key You can continue to press the Up Arrow key for more commands Cisco 819 Integrated Services Routers Software Configuration Guide OL 18906 02 Appendix A Cisco 10S Software Basic Skills Enable Secret Passwords and Enable Passwords W Enable Secret Passwords and Enable Passwords By default the router ships without password protection Because many privileged EXEC comma
170. on and Provisioning page 5 14 Verifying Signal Strength and Service Availability To verify the signal strength and service availability on your modem use the following commands in privileged EXEC mode SUMMARY STEPS 1 show cellular 0 network 2 show cellular 0 hardware 3 show cellular 0 connection 4 show cellular 0 gps 5 show cellular 0 radio 6 show cellular 0 profile 7 show cellular 0 security 8 show cellular 0 sms 9 show cellular 0 all DETAILED STEPS Command or Action Purpose Step1 show cellular 0 network Displays information about the carrier network cell site and available service Example Router show cellular 0 network Step2 show cellular 0 hardware Displays the cellular modem hardware information Example Router show cellular 0 hardware Step3 show cellular 0 connection Displays the current active connection state and data statistics Example Router show cellular 0 connection Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter 5 Basic Router Configuration Configuring WAN Interfaces Command or Action Purpose Step4 show cellular 0 gps Displays the cellular gps information Example Router show cellular 0 gps Step5 show cellular 0 radio Shows the radio signal strength Note The RSSI should be better than 90 dBm for Example steady and reliable connection Router show cellular 0 radio Step6 show cellul
171. on mode This section describes how to enter global configuration mode while using a terminal or PC that is connected to your router console port To enter global configuration mode follow these steps After your router boots up enter the enable or enable secret command Router gt enable If you have configured your router with an enable password enter it when you are prompted The enable password does not appear on the screen when you enter it This example shows how to enter privileged EXEC mode Password enable_password Router Privileged EXEC mode is indicated by the pound sign in the prompt You can now make changes to your router configuration Enter the configure terminal command to enter global configuration mode Router configure terminal Router config You can now make changes to your router configuration I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide Appendix A Cisco 10S Software Basic Skills W Using Commands Using Commands This section provides some tips about entering Cisco IOS commands at the command line interface CLD Abbreviating Commands You only have to enter enough characters for the router to recognize the command as unique This example shows how to enter the show version command Router sh v Undoing Commands If you want to disable a feature or undo a command that you entered you can enter the keyword no before most comma
172. onds 14 line aux console tty vty Jine number ending line number 15 modem enable 16 exit 17 line aux console tty vty Jine number ending line number 18 flowcontrol none software lock in out hardware in out Cisco 819 Series Integrated Services Routers Software Configuration Guide Cu OL 23590 02 Chapter 6 Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port W DETAILED STEPS Command Purpose Step 1 ip name server server address Enters your ISP DNS IP address Tip You may add multiple server addresses if Example available Router config ip name server 192 168 28 12 Router config Step 2 ip dhcp pool name Creates a DHCP address pool on the router and enters DHCP pool configuration mode The name Example argument can be a string or an integer Router contig tip dicp popi d e Configure the DHCP address pool For Router config dhcp sample commands that you can use in DHCP pool configuration mode see the Example section on page 6 13 Step 3 exit Exits config dhcp mode and enters global configuration mode Example Router config dhcp exit Router config Step 4 chat script script name expect send Configures a chat script used in dial on demand routing DDR to give commands for dialing a Example modem and for logging in to remote systems The Router config ch
173. onfiguration on your router For a complete description of the AutoSecure feature see the AutoSecure feature document Configuring Access Lists Access lists permit or deny network traffic over an interface based on source IP address destination IP address or protocol Access lists are configured as standard or extended A standard access list either permits or denies passage of packets from a designated source An extended access list allows designation of both the destination and the source and it allows designation of individual protocols to be permitted or denied passage For more complete information on creating access lists see Security Configuration Guide Access Control Lists Cisco IOS Release 12 4T An access list is a series of commands with a common tag to bind them together The tag is either a number or a name Table 9 1 lists the commands used to configure access lists Table 9 1 Access List Configuration Commands ACL Type Configuration Commands Numbered Standard access list 1 99 permit deny source addr source mask Extended access list 100 199 permit deny protocol source addr source mask destination addr destination mask Named Standard ip access list standard name deny source source wildcard any Extended ip access list extended name permit deny protocol source addr source mask any destination addr destination mask any Cisco 819 Series Integrate
174. onfigure IPSec Transforms and Protocols SUMMARY STEPS DETAILED STEPS Step 1 Step 2 amp A transform set represents a certain combination of security protocols and algorithms During IKE negotiation the peers agree to use a particular transform set for protecting data flow During IKE negotiations the peers search in multiple transform sets for a transform that is the same at both peers When such a transform set is found it is selected and applied to the protected traffic as a part of both peers configurations Perform these steps to specify the IPSec transform set and protocols beginning in global configuration mode 1 crypto ipsec transform set transform set name transform transform2 transform3 transform4 2 crypto ipsec security association lifetime seconds seconds kilobytes kilobytes Command or Action Purpose crypto ipsec transform set Defines a transform set an acceptable transform set name transformi transform combination of IPSec security protocols and transform3 transform4 r algorithms Example See Cisco IOS Security Command Reference for Routericontig i ciypto dees transtorm set details about the valid transforms and vpn1 esp 3des esp sha hmac combinations Router config crypto ipsec security association lifetime Specifies global lifetime values used when IPSec seconds seconds kilobytes kilobytes security associations are negotiated See Cisco IOS Security Command R
175. onitor c 14 appennoix D Common Port Assignments D 1 Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 7 E Contents Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 CHAPTER 1 Product Overview This chapter provides an overview of the features available for the Cisco 819 Integrated Services Routers ISRs and contains the following sections e General Description page 1 1 e SKU Information page 1 3 e New Features page 1 3 General Description Note The Cisco 819 ISRs provide Internet VPN data and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users These routers are capable of bridging and multiprotocol routing between LAN and WAN ports and provide advanced features such as antivirus protection The Cisco 819 ISRs are fixed configuration data routers that provide four 10 100 Fast Ethernet FE 1 Gigabit Ethernet GE and WAN connections over Serial and Cellular 3G interface The Cisco 819HGW and Cisco 819HWD ISRs support WiFi radios AP802H AGN A Wireless Local Area Network WLAN implements a flexible data communication system frequently augmenting rather than replacing a wired LAN within a building or campus WLANs use radio frequency to transmit and receive data over the air minimizing the need for wired connections The Cisco 819HG 4G and Cisco 819G 4G support multimode 4G
176. ote local aaa session id common username Cisco password 0 Cisco I crypto isakmp policy 1 encryption 3des authentication pre share group 2 lifetime 480 crypto isakmp client configuration group rtr remote key secret password dns 10 50 10 1 10 60 10 1 domain company com pool dynpool Cisco 819 Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configuration Example W crypto ipsec transform set vpnl esp 3des esp sha hmac crypto ipsec security association lifetime seconds 86400 crypto dynamic map dynmap 1 set transform set vpnl reverse route crypto map static map 1 ipsec isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr remote crypto map dynmap client configuration address respond crypto ipsec client ezvpn ezvpnclient connect auto group 2 key secret password mode client peer 192 168 100 1 interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static map interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside Cisco 819 Integrated Services Routers Software Configuration Guide oL 23590 02 HEH Chapter13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Hs Configuration Example Cisco 819 Integrated Services Routers Software Configuration Guide ka OL 23590 02 APPENDIX A Cisco IOS Software Basic Skills Understanding how to
177. ou might need to enter and exit modes frequently You can see a list of available commands for a particular mode by entering a question mark at the prompt For a description of each command including syntax see the Cisco IOS Release 12 3 documentation set Cisco 819 Integrated Services Routers Software Configuration Guide lt a OL 18906 02 Appendix A Cisco 10S Software Basic Skills Understanding Command Modes W Table A 2 Command Modes Summary Mode Access Method Prompt Mode Exit and Entrance About This Mode User EXEC Begin a session with Router gt To exit a router session enter Use this mode to your router the logout command e Change terminal settings e Perform basic tests e Display system information Privileged Enter the enable Router e To exit to user EXEC Use this mode to EXEC command from user mode enter the disable lt Cont onfigure your router EXEC mode command operating parameters ee enter global e Perform the verification steps configuration mode shown in this guide enter the configure command To prevent unauthorized changes to your router configuration protect access to this mode by using a password as described in the Enable Secret Passwords and Enable Passwords procedure on page A 5 Global Enter the configure Router e To exit to privileged Use this mode to configure configuration command from config EXEC mode enter the parameters that apply to
178. outers Software Configuration Guide jg Chapter 7 Environmental and Power Management W Cisco EnergyWise Support Sensor Sensor Sensor Sensor System Ambient Sensor 3G Modem Sensor BwWDdN PP amp 36 34 40 38 35 33 Normal Normal Normal Normal Normal Normal Environmental information last updated 00 00 26 ago 60 0 60 0 60 0 60 0 60 0 85 0 Note Ifthe modem temperature goes up to 85 degrees for non hardened or 90 degrees for hardened version a warning message appears The router automatically shuts down if the temperature goes higher than 108 degrees Cisco EnergyWise Support The Cisco 819 ISRs have hardware and software features for reducing power consumption The hardware features include high efficiency AC power supplies and electrical components with built in power saving features such as RAM select and clock gating For more information see Cisco 819 Integrated Services Router Hardware Installation Guide The software features include Cisco Energy Wise a power efficiency management feature that powers down unused modules and disable unused clocks to the modules and peripherals on the router The Cisco 819 ISRs must be running Cisco IOS Release 15 0 1 M or later to support Energy Wise Detailed configuration procedures are included in Cisco EnergyWise Configuration Guide Energy Wise Phase I and Cisco EnergyWise Configuration Guide EnergyWise Phase 2 Cisco 819 Series Integra
179. panning Tree Protocol with the Cisco EtherSwitch Network Module Cisco Discovery Protocol Cisco Discovery Protocol CDP runs over Layer 2 the data link layer on all Cisco routers bridges access servers and switches CDP allows network management applications to discover Cisco devices that are neighbors of already known devices in particular neighbors running lower layer transparent protocols With CDP network management applications can learn the device type and the SNMP agent address of neighboring devices This feature enables applications to send SNMP queries to neighboring devices Cisco 819 Series Integrated Services Routers Software Configuration Guide P02 g OL 23590 02 Chapter 10 Configuring the Ethernet Switches Overview of SNMP MIBs W CDP runs on all LAN and WAN media that support Subnetwork Access Protocol SNAP Each CDP configured device sends periodic messages to a multicast address Each device advertises at least one address at which it can receive SNMP messages The advertisements also contain the time to live or hold time information which indicates the length of time a receiving device should hold CDP information before discarding it Switched Port Analyzer For information on the concept of Switched Port Analyzer see Switched Port Analyzer IGMP Snooping Storm Control For information on the concept of IGMP Snooping see IGMP Snooping IGMP Version 3 The Cisco 819 ISRs support Version
180. ple rommon 16 gt dis usage dis addr length The output for this command is slightly different for the xmodem download command rommon 11 gt xmodem xmodem illegal option usage xmodem cyrxu lt destination filename gt c CRC 16 y ymodem batch protocol r copy image to dram for launch x do not launch on download completion u upgrade ROMMON System will reboot after upgrade reset or i Resets and initializes the router similar to a power up dir device Lists the files on the named device for example flash memory files rommon 4 gt dir flash Directory of flash 2 rwx 10283208 lt date gt c880 advsecurityk9 mz 9064448 bytes available 10289152 bytes used boot commands For more information about the ROM monitor boot commands see Cisco JOS Configuration Fundamentals and Network Management Guide b Boots the first image in flash memory b flash filename Attempts to boot the image directly from the first partition of flash memory If you do not enter a filename this command will boot this first image in flash memory Disaster Recovery with TFTP Download The standard way to load new software on your router is to use the copy tftp flash privileged EXEC command from the Cisco IOS software command line interface CLI However if the router is unable to boot Cisco IOS software you can load new software while in ROM monitor mode This section describes how to load
181. ported on the Cisco 819 serial ports NRZ and NRZI are line coding formats that are required for serial connections in some environments NRZ encoding is most common NRZI encoding is used primarily with EIA TIA 232 connections in IBM environments The default configuration for all serial interfaces is NRZ format The default is no nrzi encoding To enable NRZI format use one of the following commands in interface configuration mode 1 nrzi encoding oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide m Chapter8 Configuring the Serial Interface HZ How to Configure Serial Interfaces DETAILED STEPS Command or Action Purpose Step 1 nrzi encoding Example Router config if nrzi encoding or Router config if nrzi encoding mark Enables NRZI encoding format Enables NRZI encoding format for router Enabling the Internal Clock When a DTE does not return a transmit clock use the following interface configuration command on the router to enable the internally generated clock on a serial interface SUMMARY STEPS 1 transmit clock internal DETAILED STEPS Command or Action Purpose Step 1 transmit clock internal Example Router config if transmit clock internal Enables the internally generated clock on a serial interface Inverting the Transmit Clock Signal Systems that use long cables or cables that are not transm
182. pto ipsec transform set setl esp 3des esp md5 hmac Associates all crypto values and peering address for the IPsec tunnel crypto map to_corporate 1 ipsec isakmp set peer 200 1 1 1 set transform set setl match address 105 I VLAN 1 is the internal home network interface vlan 1 ip address 10 1 1 1 255 255 255 0 ip nat inside ip inspect firewall in Inspection examines outbound traffic crypto map static map no cdp enable FE4 is the outside or Internet exposed interface interface fastethernet 4 ip address 210 110 101 211 255 255 255 0 acl 103 permits IPsec traffic from the corp router as well as denies Internet initiated traffic inbound ip access group 103 in ip nat outside no cdp enable crypto map to_corporate Applies the IPsec tunnel to the outside interface Utilize NAT overload in order to make best use of the single address provided by the ISP ip nat inside source list 102 interface Ethernet1l overload ip classless ip route 0 0 0 0 0 0 0 0 210 110 101 1 no ip http server acl 102 associated addresses used for NAT access list 102 permit ip 10 1 1 0 0 0 0 255 any acl 103 defines traffic allowed from the peer for the IPsec tunnel access list 103 permit udp host 200 1 1 1 any eq isakmp access list 103 permit udp host 200 1 1 1 eq isakmp any access list 103 permit esp host 200 1 1 1 any Allow ICMP for debugging but should be disabled because of security implications
183. r config if Step 2 pppoe client dial pool number number Configures the PPPoE client and specifies the dialer interface to use for cloning Example Router config if pppoe client dial pool number 1 Router config if Step 3 no shutdown Enables the Fast Ethernet interface and the configuration changes just made to it Example Router config if no shutdown Router config if Step 4 exit Exits configuration mode for the Fast Ethernet interface and returns to global configuration Example mode Configure the Router config if exit Router config Dialer Interface The dialer interface indicates how to handle traffic from the clients including for example default routing information the encapsulation protocol and the dialer pool to use The dialer interface is also used for cloning virtual access Multiple PPPoE client sessions can be configured on a Fast Ethernet interface but each session must use a separate dialer interface and a separate dialer pool Complete the following steps to configure a dialer interface for one of the Fast Ethernet LAN interfaces on the router starting in global configuration mode Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 11 Configuring PPP over Ethernet with NAT Configuration Tasks W SUMMARY STEPS 1 interface dialer dialer rotary group number 2 ip address negotiated 3 ip mtu bytes 4
184. r acting as the Cisco Easy VPN client must create a Cisco Easy VPN remote configuration and assign it to the outgoing interface To create the remote configuration perform these steps beginning in global configuration mode SUMMARY STEPS crypto ipsec client ezvpn name group group name key group key peer ip address hostname mode client network extension network extension plus exit crypto isakmp keepalive seconds interface type number crypto ipsec client ezvpn name outside inside sen OIRA WY PD exit DETAILED STEPS Command or Action Purpose Step 1 crypto ipsec client ezvpn name Creates a Cisco Easy VPN remote configuration and enters Cisco Easy VPN remote configuration Example mode Router config crypto ipsec client ezvpn ezvpnclient Router config crypto ezvpn Step 2 group group name key group key Specifies the IPSec group and IPSec key value for the VPN connection Example Router config crypto ezvpn group ezvpnclient key secret password Router config crypto ezvpn Step 3 peer ip address hostname Specifies the peer IP address or hostname for the VPN connection Example Note A hostname can be specified only when the router has a DNS server available for hostname resolution Router config crypto ezvpn peer 192 168 100 1 Router config crypto ezvpn Note Use this command to configure multiple peers for use as backup If one peer goes down the Easy
185. r high speed serial interfaces except the following two commands e sdic cts delay e sdlc rts timeout Cisco 819 Series Integrated Services Routers Software Configuration Guide 8 18 OL 23590 02 Chapter8 Configuring the Serial Interface Configuration Examples W When placed in asynchronous mode low speed serial interfaces support all commands available for standard asynchronous interfaces The default is synchronous mode Note When you use this command it does not appear in the output of the show running config and show startup config commands because the command is a physical layer command To return to the default mode synchronous of a low speed serial interface on a Cisco 2520 through Cisco 2523 router use the following command in interface configuration mode SUMMARY STEPS 1 no physical layer DETAILED STEPS Command or Action Purpose Step1 no physical layer Returns the interface to its default mode which is synchronous Example Router config if no physical layer Configuration Examples Interface Enablement Configuration Examples The following example illustrates how to begin interface configuration on a serial interface It assigns PPP encapsulation to serial interface 0 interface serial 0 encapsulation ppp The same example on the router assigning PPP encapsulation to port 0 in slot 1 requires the following commands interface serial 1 0 encapsulation ppp The following examp
186. rd This Example Router config if ppp chap password 0 cisco must match the password given by the carrier Cisco 819 Series Integrated Services Router Software Configuration Guide OL 23590 02 Chapter5 Basic Router Configuration Configuring WAN Interfaces W Command or Action Purpose Step6 asynchronous mode interactive Returns a line from dedicated asynchronous network Example Router config if asynchronous mode interactive mode to interactive mode enabling the slip and ppp commands in privileged EXEC mode Step7 ip address negotiated Specifies that the IP address for a particular Example Router config if ip address negotiated interface is obtained via PPP and IPCP address negotiation amp Note When the cellular interface requires a static IP address the address may be configured as ip address negotiated Through IP Control Protocol IPCP the network ensures that the correct static IP address is allocated to the device If a tunnel interface is configured with the ip address unnumbered lt cellular interface gt command the actual static IP address must be configured under the cellular interface in place of ip address negotiated For a sample cellular interface configuration see the Basic Cellular Interface Configuration section on page 5 20 Configuring DDR Perform these steps to configure dial on demand routing DDR for the cellular interfac
187. re functional only when Cisco IOS software has crashed or is halted If you enter a debugging command and Cisco IOS crash information is not available the following error message is displayed xxx kernel context state is invalid can not proceed The following are ROM monitor debugging commands e stack or k Produces a stack trace for example rommon 6 gt stack Stack trace PC 0x801111b0 FP 0x80005ea8 PC 0x801111b0 Frame Frame Frame Frame Frame Frame 00 DLs 02 03 04 05 FP 0x80005eb4 PC 0x80113694 FP 0x80005f 74 PC 0x8010eb44 FP 0x80005f9c PC 0x80008118 FP 0x80005fac PC 0x80008064 FP 0x80005fc4 PC Oxf 03d70 e context Displays processor context for example rommon 7 gt context CPU context of the most PC CTR DEC RO R4 R8 R12 R16 R20 R24 R28 0x801111b0 0x801065e4 Oxf FEELLEL 0x00000000 0x8 Fab0d76 0x00000000 0x00000080 Oxf Oxf Oxf Oxf FEELLEL FEELLEL FEELLEL FEELLEL MSR XER TBU R1 R5 R9 R13 R17 R21 R25 R29 recent excep 0x00009032 0xa0006d36 Oxffffffff 0x80005ea8 0x80657d00 0x80570000 Oxfffff ffFt Oxffffffff Oxffffffff Oxffffffff OxfffffffFt tion e frame Displays an individual stack frame CR DAR TBL R2 R6 R10 R14 R18 R22 R26 R30 0x53000035 OxfffffLfLE OxfffffLfLE Oxffffffff 0x80570000 0x0000954c OXE
188. re no more frames to transmit After the DCE transmits the last frame it transitions to the wait transmit finish state where it waits for transmit FIFO to empty and the last frame to transmit to the wire Then DCE starts a delay timer by specifying the value using the ded drop delay command This timer has the default value of 100 ms use the half duplex timer dcd drop delay interface configuration command to specify a delay value mi Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter8 Configuring the Serial Interface How to Configure Serial Interfaces W 4 The DCE transitions to the wait DCD drop delay state This state causes a time delay between the transmission of the last frame and the deassertion of DCD in the controlled carrier mode for DCE transmits 5 When the timer expires the DCE deasserts DCD and transitions back to the ready state and stays there until there is a frame to transmit on that interface As shown in Figure 6 the half duplex DCE receive state machine idles in the ready state when it is quiescent It transitions out of this state when the DTE asserts RTS In response the DCE starts a timer based on the value specified using the cts delay command This timer delays the assertion of CTS because some DTE interfaces expect this delay The default value of this timer is 0 ms use the half duplex timer cts delay interface configuration command to specify a delay v
189. re outside the set temperature thresholds the monitor displays an error message Different temperature ranges are set for different SKUs of the router Cisco 819G non hardened 0 to 60 degrees celcius Cisco 819HG hardened 25 to 75 degrees celcius e SNMP Traps syslog messages are created when the temperature is outside the specified range e Server call home feature The server callhome feature is already enabled to call Cisco TAC in the event of very high or low temperatures In addition to the corner sensors the System Ambient and 3G sensors also log the temperature every 30 seconds onto bootflash memory Any time the temperature is above the high threshold or lower than the low threshold the temperature information will be saved in non volatile memory region and is also displayed as part of this output Use the show environment command to check the temperature of the router You can also use this command to display the power usage and the power consumption of the unit at the end The following is a sample output for the show environment command router show environment SYSTEM WATTAGE Board Power consumption is 4 851 W Power Supply Loss 1 149 W Total System Power consumption is 6 000 W REAL TIME CLOCK BATTERY STATUS Battery OK checked at power up TEMPERATURE STATUS Sensor Current High Low Name Temperature Status Threshold Cisco 819 Series Integrated Services R
190. ring a Cellular Interface To configure the cellular interface enter the following commands beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal interface cellular 0 encapsulation ppp ppp chap hostname hostname ppp chap password 0 password asynchronous mode interactive Ssh Sr oe ew ON ip address negotiated amp Note The PPP Challenge Handshake Authentication Protocol CHAP authentication parameters that you use in this procedure must be the same as the username and password provided by your carrier and configured only under the GSM profile CDMA does not require a username or password DETAILED STEPS Command or Action Purpose Step1 configure terminal Enters global configuration mode from the terminal Example Router configure terminal Step2 interface cellular 0 Specifies the cellular interface Example Router config interface cellular 0 Step3 encapsulation ppp Specifies PPP encapsulation for an interface configured for dedicated asynchronous mode or dial on demand routing DDR Example Router config if encapsulation ppp Step4 ppp chap hostname hostname Defines an interface specific Challenge Handshake Authentication Protocol CHAP hostname This must match the username given by the carrier Example Applies to GSM onl Router config if ppp chap hostname cisco wwan ccs ppiles to omy Step5 ppp chap password 0 password Defines an interface specific CHAP passwo
191. ring the Router from aPC A 1 Understanding Command Modes A 2 Getting Help A 4 Enable Secret Passwords and Enable Passwords Entering Global Configuration Mode A 5 Using Commands A 6 Abbreviating Commands A 6 Undoing Commands A 6 Command Line Error Messages A 6 Saving Configuration Changes A 7 Summary A 7 Where to Go Next A 7 APPENDIX B Concepts B 1 Network Protocols B 1 IP B 1 Routing Protocol Options B 2 RIP B 2 Enhanced IGRP B 3 PPP Authentication Protocols B 3 PAP B 3 CHAP B 4 13 10 13 12 A 5 E Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Contents W TACACS B 4 Ethernet B 4 Dial Backup B 5 Backup Interface B 5 Floating Static Routes B 5 Dialer Watch B 5 NAT B 6 Easy IP Phase 1 B 6 Easy IP Phase 2 B 7 QoS B 7 IP Precedence B 8 PPP Fragmentation and Interleaving B 8 CBWFQ B 8 RSVP B 8 Low Latency Queuing B 9 Access Lists B 9 aprennoix ROMMonitor c 1 Entering the ROM Monitor 1 ROM Monitor Commands 2 Command Descriptions C 3 Disaster Recovery with TFTP Download c 3 TFTP Download Command Variables C 4 Required Variables 4 Optional Variables C 5 Using the TFTP Download Command 5 Examples C 6 Configuration Register C 10 Changing the Configuration Register Manually C 11 Changing the Configuration Register Using Prompts 11 Console Download C 12 Command Description C 12 Error Reporting C 13 Debug Commands C 13 Exiting the ROM M
192. rotocol page 5 29 e Configuring Enhanced Interior Gateway Routing Protocol page 5 30 Cisco 819 Series Integrated Services Router Software Configuration Guide a OL 23590 02 Chapter5 Basic Router Configuration Configuring Dynamic Routes W Configuring Routing Information Protocol To configure the RIP routing protocol on the router perform these steps beginning in global configuration mode SUMMARY STEPS 1 router rip 2 version 1 2 3 network ip address 4 no auto summary 5 end DETAILED STEPS Command Task Step 1 router rip Enters router configuration mode and enables RIP on the router Example Router gt configure terminal Router config router rip Router config router Step2 version 1 2 Specifies use of RIP version 1 or 2 Example Router config router version 2 Router config router Step3 network ip address Specifies a list of networks on which RIP is to be applied using the address of the network of each Example directly connected network Router config router network 192 168 1 1 Router config router network 10 10 7 1 Router config router Step 4 no auto summary Disables automatic summarization of subnet routes into network level routes This allows subprefix Example routing information to pass across classfull Router config router no auto summary network boundaries Router config router Step 5 end Exits router configuration mode and enters privileged EX
193. rs at dlist namey methodi LMebhogs 2 login and specifies the method used Example This example uses a local authentication database You could also use a RADIUS server for this For Router config aaa authentication login 3 i r r renote local details see Securing User Services Configuration Router config Guide Library Cisco IOS Release 12 4T and Cisco IOS Security Command Reference Step 3 aaa authorization network exec Specifies AAA authorization of all ian mie Tace i network related service requests including PPP configuration efault ist name eja i g imethodi method 1 and specifies the method of authorization This example uses a local authorization database Example You could also use a RADIUS server for this For Router config aaa authorization network details see Securing User Services Configuration rtr remote local Guide Library Cisco IOS Release 12 4T and Cisco Router config IOS Security Command Reference Step4 username name nopassword password Establishes a username based authentication password password encryption type system encrypted password This example implements a username of Cisco Example with an encrypted password of Cisco Router config username Cisco password 0 Cisco Router config Cisco 819 Integrated Services Routers Software Configuration Guide OL 23590 02 EEN Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Hs Configuration Tasks C
194. s Cisco 880 Series and Cisco 890 Series Integrated Services Routers Software Configuration Guide OL 18906 02 _ Appendix B Dial Backup W Dial Backup Dial backup provides protection against WAN downtime by allowing a user to configure a backup modem line connection The following can be used to bring up the dial backup feature in Cisco IOS software e Backup Interface page B 5 e Floating Static Routes page B 5 e Dialer Watch page B 5 Backup Interface A backup interface is an interface that stays idle until certain circumstances occur such as WAN downtime at which point it is activated The backup interface can be a physical interface such as a Basic Rate Interface BRI or an assigned backup dialer interface to be used in a dialer pool While the primary line is up the backup interface is placed in standby mode In standby mode the backup interface is effectively shut down until it is enabled Any route associated with the backup interface does not appear in the routing table Because the backup interface command is dependent on the router s identifying that an interface is physically down it is commonly used to back up ISDN BRI connections asynchronous lines and leased lines The interfaces to such connections go down when the primary line fails and the backup interface quickly identifies such failures Floating Static Routes Dialer Watch Floating static routes are static routes that have an administrative di
195. s start stop and bit oriented synchronous encapsulation network protocol multiplexing link configuration link quality testing error detection and option negotiation for such capabilities as network layer address negotiation and data compression negotiation PPP supports these functions by providing an extensible Link Control Protocol LCP and a family of Network Control Protocols NCPs to negotiate optional configuration parameters and facilities The current implementation of PPP supports two security authentication protocols to authenticate a PPP session e Password Authentication Protocol PAP e Challenge Handshake Authentication Protocol CHAP PPP with PAP or CHAP authentication is often used to inform the central site which remote routers are connected to it PAP uses a two way handshake to verify the passwords between routers To understand how PAP works imagine a network topology in which a remote office Cisco router is connected to a corporate office Cisco router After the PPP link is established the remote office router repeatedly sends a configured username and password until the corporate office router accepts the authentication PAP has the following characteristics e The password portion of the authentication is sent across the link in clear text not scrambled or encrypted e PAP provides no protection from playback or repeated trial and error attacks e The remote office router controls the frequency and timin
196. s and Remote Management Configuring Cellular Dial on Demand Routing Backup W Configuring Cellular Dial on Demand Routing Backup To monitor the primary connection and initiate the backup connection over the cellular interface when needed the router can use one of the following methods e Backup Interface The backup interface that stays in standby mode until the primary interface line protocol is detected as down and then is brought up See the Configuring Backup Interfaces section on page 6 1 e Dialer Watch Dialer watch is a backup feature that integrates dial backup with routing capabilities See the Configuring DDR Backup Using Dialer Watch section on page 6 3 e Floating Static Route The route through the backup interface has an administrative distance that is greater than the administrative distance of the primary connection route and therefore would not be in the routing table until the primary interface goes down When the primary interaface goes down the floating static route is used See the Configuring DDR Backup Using Floating Static Route section on page 6 5 amp Note You cannot configure a backup interface for the cellular interface and any other asynchronous serial interface Configuring DDR Backup Using Dialer Watch To initiate dialer watch you must configure the interface to perform dial on demand routing DDR and backup Use traditional DDR configuration commands such as dialer maps
197. s are ideally suited to transport legacy traffic across a TCP IP network facilitating network convergence Legacy protocols supported by Cisco IOSR Software include e Synchronous Data Link Control SDLC Protocol e Binary Synchronous Communications Protocol Bisync e X 25 Protocol Figure 8 2 Network Convergence The Cisco 819 ISRs use Cisco Smart Serial connectors The supported cables are noted in Table 8 1 Table 8 1 Smart Serial Cabling for Cisco 819 ISRs Product Number Cable Type Length Connector Type CAB SS V35MT V 35 DTE 10 ft 3m Male CAB SS V35FC 10 ft 3m Female V 35 DCE 10 ft 3m Female CAB SS 232MT EIA TIA 232 DTE 10 ft 3m Male CAB SS 232FC EIA TIA 232 DTE 10 ft 3m Female CAB SS 449MT EIA TIA 449 DTE 10 ft 3m Male CAB SS 449FC EIA TIA 449 DTE 10 ft 3m Female CAB SS X21MT X 21 DTE 10 ft 3m Male CAB SS X21FC X 21 DTE 10 ft 3m Female CAB SS 530MT EIA TIA 530 DTE 10 ft 3m Male CAB SS 530AMT EIA TIA 232 DTE 10 ft 3m Male Configuring Serial Interfaces When the router receives an indication that the primary interface is down the backup interface becomes enabled After the primary connection has been restored for a specified period the backup interface is disabled Even if the backup interface comes out of standby mode the router does not enable the backup interface unless the router receives the traffic specified for that backup interface Cisco 819 Seri
198. s not boot the Cisco IOS software As long as the configuration value is 0x0 you must manually boot the Descriptions section on page C 3 After the router reboots it is in ROM monitor mode The number in the prompt increments with each new line Timesaver Break system interrupt is always enabled for 60 seconds after the router reboots regardless of whether it is set to on or off in the configuration register During this 60 second window you can break to the ROM monitor prompt by pressing the Break key ROM Monitor Commands Enter or help at the ROM monitor prompt to display a list of available commands and options as follows rommon 1 gt alias boot break confreg cont context cookie copy delete dir dis dnid format frame fsck help history meminfo mkdir more rename repeat reset rmdir set stack sync sysret tftpdnld unalias unset xmodem set and display aliases command boot up an external process set show clear the breakpoint configuration register utility continue executing a downloaded image display the context of a loaded image display contents of cookie PROM in hex Copy a file copy b lt buffer_size gt lt src_file gt lt dst_file gt Delete file s delete lt filenames gt List files in directories dir lt directory gt display instruction stream serial download a program module Format a filesystem format lt filessystem gt print out a selected stack frame C
199. s on a network by storing the MAC address activity on the switch Whenever the switch learns or removes a MAC address an SNMP notification can be generated and sent to the NMS If you have many users coming and going from the network you can set a trap interval time to bundle the notification traps and reduce network traffic The MAC notification history table stores the MAC address activity for each hardware port for which the trap is enabled MAC address notifications are generated for dynamic and secure MAC addresses events are not generated for self addresses multicast addresses or other static addresses For more details to configure MAC address notification see Configuring MAC Address Notification Traps I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter 10 Configuring the Ethernet Switches HZ How to Configure Ethernet Switches How to Configure Ethernet Switches See the following sections for configuration tasks for Ethernet switches Configuring VLANs page 10 6 Configuring Layer 2 Interfaces page 10 7 Configuring 802 1x Authentication page 10 8 Configuring Spanning Tree Protocol page 10 8 Configuring MAC Table Manipulation page 10 9 Configuring Cisco Discovery Protocol page 10 9 Configuring the Switched Port Analyzer page 10 10 Configuring IP Multicast Layer 3 Switching page 10 10 Configuring IGMP Snooping page 10 10 Configuring Per Port Storm Control page
200. sage to the remote device The remote device encrypts the challenge value with a shared secret and returns the encrypted value and its name to the local router in a response message The local router attempts to match the remote device s name with an associated secret stored in the local username or remote security server database it uses the stored secret to encrypt the original challenge and verify that the encrypted values match e Microsoft Challenge Handshake Authentication Protocol MS CHAP MS CHAP is the Microsoft version of CHAP Like the standard version of CHAP MS CHAP is used for PPP authentication in this case authentication occurs between a personal computer using Microsoft Windows NT or Microsoft Windows 95 and a Cisco router or access server acting as a network access server e Password Authentication Protocol PAP PAP authentication requires the remote device to send a name and a password which are checked against a matching entry in the local username database or in the remote security server database Use the ppp authentication command in interface configuration mode to enable CHAP MS CHAP and PAP on a serial interface amp Note Enabling or disabling PPP authentication does not effect the local router s willingness to authenticate itself to the remote device Multilink PPP Multilink Point to Point Protocol MLPPP is supported on the Cisco 819 ISR serial interface MLPPP provides a method for combinin
201. sed in more detail in the next section Relative to this tree structure the term MIB is used in two senses In one sense it is actually a MIB branch usually containing information for a single aspect of technology such as a transmission medium or a routing protocol A MIB used in this I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter 10 Configuring the Ethernet Switches WE Overview of SNMP MIBs sense is more accurately called a MIB module and is usually defined in a single document In the other sense a MIB is a collection of such branches Such a collection might comprise for example all the MIB modules implemented by a given agent or the entire collection of MIB modules defined for SNMP A MIB is a tree where the leaves are individual items of data called objects An object may be for example a counter or a protocol status MIB objects are also sometimes called variables For a list of MIBs supported on Cisco 819 4G LTE routers see the SNMP MIBs section of Configuring Cisco 4G LTE Wireless WAN EHWIC MIBs were modified in IOS release 15 2 4 M1 to support Cisco 819HGW and Cisco 819HWD SKUs Table 10 1 lists the MIBs for Cisco 819 ISRs Table 10 1 MIBs for Cisco 819 ISRs MIBs MIBs Link CISCO PRODUCTS MIB To locate and download MIBs for selected CISCO ENTITY VENDORTYPE OID MIB platforms Cisco IOS releases and feature sets use Cisco MIB Locator found
202. so provides a Link Control Protocol LCP for negotiating properties of the link LCP uses echo requests and responses to monitor the continuing availability of the link Note When an interface is configured with PPP encapsulation a link is declared down and full LCP negotiation is re initiated after five echo request ECHOREQ packets are sent without receiving an echo response ECHOREP PPP provides the following Network Control Protocols NCPs for negotiating properties of data protocols that will run on the link e IP Control Protocol IPCP to negotiate IP properties e Multiprotocol Label Switching control processor MPLSCP to negotiate MPLS properties e Cisco Discovery Protocol control processor CDPCP to negotiate CDP properties e IPv6CP to negotiate IP Version 6 IPv6 properties e Open Systems Interconnection control processor OSICP to negotiate OSI properties I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter8 Configuring the Serial Interface W Information About Configuring Serial Interfaces PPP uses keepalives to monitor the link state as described in the Keepalive Timer section on page 8 4 PPP supports the following authentication protocols which require a remote device to prove its identity before allowing data traffic to flow over a connection e Challenge Handshake Authentication Protocol CHAP CHAP authentication sends a challenge mes
203. st list name Example Router config crypto map dynmap isakmp authorization list rtr remote Router config Applies mode configuration to the crypto map and enables key lookup IKE queries for the group policy from an authentication authorization and accounting AAA server crypto map tag client configuration address initiate respond Example Router config crypto map dynmap client configuration address respond Router config Configures the router to reply to mode configuration requests from remote clients Cisco 819 Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel Enable Policy Lookup Configuration Tasks W Perform these steps to enable policy lookup through AAA beginning in global configuration mode SUMMARY STEPS 1 aaa new model 2 aaa authentication login default list name method method2 3 aaa authorization network exec commands level reverse access configuration default list name method method2 4 username name nopassword password password password encryption type encrypted password DETAILED STEPS Command or Action Purpose Step 1 aaa new model Enables the AAA access control model Example Router config aaa new model Router config Step 2 aaa authentication login default Specifies AAA authentication of selected use
204. stance greater than the administrative distance of dynamic routes Administrative distances can be configured on a static route so that the static route is less desirable than a dynamic route In this manner the static route is not used when the dynamic route is available However if the dynamic route is lost the static route can take over and the traffic can be sent through this alternative route If this alternative route uses a dial on demand routing DDR interface then that interface can be used as a backup feature Dialer watch is a backup feature that integrates dial backup with routing capabilities Dialer watch provides reliable connectivity without having to define traffic of interest to trigger outgoing calls at the central router Hence dialer watch can be considered regular DDR with no requirement for traffic of interest By configuring a set of watched routes that define the primary interface you can monitor and track the status of the primary interface as watched routes are added and deleted When a watched route is deleted dialer watch checks for at least one valid route for any of the IP addresses or networks being watched If there is no valid route the primary line is considered down and unusable If there is a valid route for at least one of the watched IP networks defined and the route is pointing to an interface other than the backup interface configured for dialer watch the primary link is considered up and dialer watch does
205. t Success Feb 6 23 29 41 679 IOTA Status Message Received Event IOTA End Result SUCCESS The IOTA start and end must have success as the resulting output If you receive an error message you can run IOTA independently by using the cellular cdma activate iota command Your carrier may require periodic refreshes of the data profile Use the following command to refresh the data profile cellular cdma activate iota Activating with Over the Air Service Provisioning To provision and activate your modem using Over the Air Service Provisioning OTASP use the following command beginning in EXEC mode router cellular 0 cdma activate otasp phone_number Note You need to obtain the phone number for use with this command from your carrier The standard OTASP calling number is 22899 The following is a sample output from this command router cellular 0 cdma activate otasp 22899 Beginning OTASP activation OTASP number is 22899 819H OTA State SPL unlock Result Success router OTA State PRL downloaded Result Success OTA State Profile downloaded Result Success OTA State MDN downloaded Result Success OTA State Parameters committed to NVRAM Result Success Over the air provisioning complete Result Success I OL 23590 02 Cisco 819 Series Integrated Services Router Software Configuration Guide Chapter5 Basic Router Configuration HI Configuring WAN Interfaces Configu
206. t does not save the software to flash memory You can then use the image that is in flash memory the next time you enter the reload command I OL 18906 02 Cisco 819 Integrated Services Routers Software Configuration Guide AppendixC ROM Monitor HZ Disaster Recovery with TFTP Download You will see an output similar to the following IP_ADDRESS 10 3 6 7 IP_SUBNET_MASK iw EFAULT_GATEWAY 255 255 0 0 10 3 0 1 TFTP_SERVER 192 168 254 254 TFTP_FILE c880 advsecurityk9 mz Do you wish to continue y n n Step3 If you are sure that you want to continue enter y in response to the question in the output Do you wish to continue y n n y The router begins to download the new file If you mistakenly entered yes you can enter Ctrl C or Break to stop the transfer before the flash memory is erased Examples The following shows the example configuration for TFTP support with WAN interface rommon 1 gt rommon 1 gt rommon 1 gt set PS1 rommon gt RTC_STAT 0 GE_SPEED_MODE LICENS a BOOT_LI 4 EVI WARM_REBOOT FA TFTP_SE r A ELOAD_TYPI WQDwrAAHOH iral pz O a SI 0 iS E RANDOM_NUM 683383170 R E EL advipservices all c800 RVER 209 165 200 225 P_SUBNET_MASK 255 255 255 224 EFAULT_GATEWAY 209 165 200 225 P_ADDRESS 209 165 200 226 FTP_FILE c800 universal
207. t traffic to an interface only if the dialer is assigned an IP address route map main permit 10 match ip address 101 match interface Dialer1 route map secondary permit 10 match ip address 103 match interface Dialer3 Change console to aux function line con 0 exec timedout 0 0 modem enable stopbits 1 line aux 0 exec timeout 0 0 To enable and communicate with the external modem properly script dialer Dialout modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 exec timeout 0 0 password cisco login scheduler max task time 5000 end Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 g eis Chapter6 Configuring Backup Data Lines and Remote Management Hs Configuring Dial Backup and Remote Management Through the Console Port Cisco 819 Series Integrated Services Routers Software Configuration Guide Peis OL 23590 02 CHAPTER Environmental and Power Management The Cisco 819 integrated services routers are equipped with sensors in the router body for monitoring the environment temperature and logging the temperature every 30 seconds There are four sensors located on the four corners of the router chassis There is an additonal System Ambient sensor and a 3G sensor The corner sensors display the following message e Error message on the console When the temperature ranges a
208. te to down Jul 13 23 00 56 255 SLINEPROTO 5 UPDOWN Line protocol on Interface Vlan192 changed state to down Jul 13 23 00 56 255 SLINEPROTO 5 UPDOWN Line protocol on Interface Vlan193 changed state to down Jul 13 23 00 56 255 SLINEPROTO 5 UPDOWN Line protocol on Interface Vlan194 changed state to down Jul 13 23 00 56 255 SLINEPROTO 5 UPDOWN Line protocol on Interface Vlan195 changed tate to down n Jul 13 23 00 57 011 SYS 5 RESTART System restarted Cisco IOS Software C800 Software C800 UNIVERSALK9 M Version 15 2 3 16 M0 1 MAINTENANCE INTERIM SOFTWARE Technical Support http www cisco com techsupport Copyright c 1986 2012 by Cisco Systems Inc Compiled Thu 07 Jun 12 04 44 by prod_rel_team Jul 13 23 00 57 095 SNMP 5 COLDSTART SNMP agent on host router is undergoing a cold start Jul 13 23 00 57 103 SYS 6 BOOTTIME Time taken to reboot after reload 558 seconds Jul 13 23 00 57 167 SSSH 5 ENABLED SSH 1 99 has been enabled Jul 13 23 00 57 175 LINK 5 CHANGED Interface Serial0 changed state to administratively down Jul 13 23 00 57 203 SCRYPTO 6 ISAKMP_ON_OFF ISAKMP is OFF Jul 13 23 00 57 203 CRYPTO 6 GDOI_ON_OFF GDOI is OFF Jul 13 23 00 57 303 SYS 6 LOGGINGHOST_STARTSTOP Logging to host 195 168 100 234 port 514 started CLI initiated Cisco 819 Integrated Services Routers Software Configuration Guide Pcs E OL 18906 02 AppendixC
209. ted Services Router Software Configuration Guide gy Chapter5 Basic Router Configuration HI Interface Ports Interface Ports Table 5 1 lists the interfaces that are supported for each router and their associated port labels on the equipment Table 5 1 Supported Interfaces and Associated Port Labels by Cisco Router Router Interface Port Label Cisco 819 Router 4 port Fast Ethernet LAN LAN FEO FE3 Gigabit Ethernet WAN GE WAN 0 Serial Serial Mini USB for 3G port 3G RSVD Provisioning Console Aux port CON AUX amp Note There are two labels for the associated antennas with the labels Main and DIV GPS Default Configuration When you first boot up your Cisco router some basic configuration has already been performed All of the LAN and WAN interfaces have been created console and vty ports are configured and the inside interface for Network Address Translation NAT has been assigned Use the show running config command to view the initial configuration as shown in the following example for a Cisco 819 ISR Router show running Building configuration Current configuration 977 bytes I version 15 1 service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Router boot start marker boot end marker no aaa new model ip source route ip cef no ipv6 cef license udi pid CISC0819G G K9 sn FHK1429768Q controller Cell
210. ted Services Routers Software Configuration Guide OL 23590 02 CHAPTER Configuring the Serial Interface This chapter describes configuring serial interface management in the following sections e Legacy Protocol Transport page 8 2 e Configuring Serial Interfaces page 8 2 e Information About Configuring Serial Interfaces page 8 3 e How to Configure Serial Interfaces page 8 6 e Configuration Examples page 8 19 The Cisco 819 Integrated Services Router ISR supports synchronous by default and asynchronous serial interface protocols Configuring the serial interface in the Cisco 819 ISR allows you to enable applications such as WAN access legacy protocol transport console server and dial access server It also allows remote network management external dial modem access low density WAN aggregation legacy protocol transport and high port density support Serial interfaces enables the following features e WAN access and aggregation e Legacy protocol transport e Dial access server Serial interfaces can be used to provide WAN access for remote sites With support for serial speeds up to 8 Mbps it is ideal for low and medium density WAN aggregation Figure 8 1 WAN Concentration I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide jg Chapter8 Configuring the Serial Interface HI Legacy Protocol Transport Legacy Protocol Transport Serial and synchronous asynchronous port
211. tegrated Services Routers Software Configuration Guide oL 23590 02 EN Chapter4 4G LTE Wireless WAN Cisco 819 Series Integrated Services Routers Software Configuration Guide P42 E OL 23590 02 amp CHAPTER Basic Router Configuration This chapter provides procedures for configuring the basic parameters of your Cisco router including global parameter settings routing protocols interfaces and command line access It also describes the default configuration on startup e Interface Ports page 5 2 e Default Configuration page 5 2 e Information Needed for Configuration page 5 3 e Configuring Command Line Access page 5 5 e Configuring Global Parameters page 5 8 e Configuring WAN Interfaces page 5 9 e Configuring a Loopback Interface page 5 25 e Configuring Static Routes page 5 27 e Configuring Dynamic Routes page 5 28 Note Note Individual router models may not support every feature described in this guide Features that are not supported by a particular router are indicated whenever possible For instructions on how to configure the 4G LTE features on your Cisco 819 ISR see the Cisco 4G LTE Software Installation Guide This chapter includes configuration examples and verification steps as available For complete information on how to access global configuration mode see the Entering Global Configuration Mode section on page A 5 I OL 23590 02 Cisco 819 Series Integra
212. tem in interface configuration mode Purpose Router config if transmitter delay Sets the transmit delay on the MCI and SCI synchronous serial interfaces microseconds Router config if transmitter delay Sets the transmit delay on the HSSI or MIP hdlc flags Configuring DTR Signal Pulsing Command You can configure pulsing Data Terminal Ready DTR signals on all serial interfaces When the serial line protocol goes down for example because of loss of synchronization the interface hardware is reset and the DTR signal is held inactive for at least the specified interval This function is useful for handling encrypting or other similar devices that use the toggling of the DTR signal to reset synchronization To configure DTR signal pulsing use the following command in interface configuration mode Purpose Router config if pulse time seconds Configures DTR signal pulsing Ignoring DCD and Monitoring DSR as Line Up Down Indicator By default when the serial interface is operating in DTE mode it monitors the Data Carrier Detect DCD signal as the line up down indicator By default the attached DCE device sends the DCD signal When the DTE interface detects the DCD signal it changes the state of the interface to up In some configurations such as an SDLC multidrop environment the DCE device sends the Data Set Ready DSR signal instead of the DCD signal which prevents the interface from coming
213. ters Software Configuration Guide PAs E OL 18906 02 APPENDIX B Concepts This appendix contains conceptual information that may be useful to Internet service providers or network administrators when they configure Cisco routers The following topics are included in this appendix e Network Protocols page B 1 e Routing Protocol Options page B 2 e PPP Authentication Protocols page B 3 e TACACS page B 4 e Ethernet page B 4 e Dial Backup page B 5 e NAT page B 6 e Easy IP Phase 1 page B 6 e Easy IP Phase 2 page B 7 e QoS page B 7 e Access Lists page B 9 Network Protocols IP Network protocols enable the network to pass data from its source to a specific destination over LAN or WAN links Routing address tables are included in the network protocols to provide the best path for moving the data through the network The best known Transmission Control Protocol Internet Protocol TCP IP at the internetwork layer is IP which provides the basic packet delivery service for all TCP IP networks In addition to the physical node addresses the IP protocol implements a system of logical host addresses called IP addresses The IP addresses are used by the internetwork and higher layers to identify devices and to perform internetwork routing The Address Resolution Protocol ARP enables IP to identify the physical address that matches a given IP address IP is used by all protocols in the layers above and below it to deliver d
214. tes a DHCP address pool on the router and enters DHCP pool configuration mode The name Example argument can be a string or an integer Router config ip dhcp pool dpooll Router config dhcp Step5 network network number mask Defines subnet number IP address for the DHCP prefix length address pool optionally including the mask Example Router config dhcp network 10 10 0 0 255 255 255 0 Router config dhcp Step6 import all Imports DHCP option parameters into the DHCP portion of the router database Example Router config dhcp import all Router config dhcp Step7 default router address address2 address8 Specifies up to eight default routers for a DHCP client Example Router config dhcp default router 10 10 10 10 Router config dhcp Cisco 819 Integrated Services Routers Software Configuration Guide I oL 23590 02 EEN Chapter12 Configuring a LAN with DHCP and VLANs Configuration Tasks Step 8 Step 9 Step 10 Command Purpose dns server address address2 address8 Example Router config dhcp dns server 192 168 35 2 Router config dhcp Specifies up to eight DNS servers available to a DHCP client domain name domain Example Router config dhcp domain name cisco com Router config dhcp Specifies the domain name for a DHCP client exit Example Router config dhcp exit Router config Exits DHCP configuration mode and enters
215. thorization provides the method for remote access control including one time authorization or authorization for each service per user account list and profile user group support and support of IP Internetwork Packet Exchange IPX AppleTalk Remote Access ARA and Telnet Accounting provides the method for collecting and sending security server information used for billing auditing and reporting such as user identities start and stop times executed commands such as PPP number of packets and number of bytes AAA uses protocols such as RADIUS TACACS or Kerberos to administer its security functions If your router is acting as a network access server AAA is the means through which you establish communication between your network access server and your RADIUS TACACS or Kerberos security server Cisco 819 Series Integrated Services Routers Software Configuration Guide jg Chapter9 Configuring Security Features HI Configuring AutoSecure For information about configuring AAA services and supported security protocols see Securing User Services Configuration Guide Library Cisco IOS Release 12 4T Configuring AutoSecure The AutoSecure feature disables common IP services that can be exploited for network attacks and enables IP services and features that can aid in the defense of a network when under attack These IP services are all disabled and enabled simultaneously with a single command greatly simplifying security c
216. tions e Configuring Backup Interfaces page 6 1 e Configuring Cellular Dial on Demand Routing Backup page 6 3 e Configuring Dial Backup and Remote Management Through the Console Port page 6 8 The Cisco 819 Integrated Services Router ISR supports backup data connectivity with a backup data line that enables them to mitigate WAN downtime Cisco 819 ISRs also support remote management functions through the auxiliary port on any Cisco 819 series ISRs Note On the Cisco 819 ISRs the console port and the auxiliary port are on the same physical RJ 45 port Therefore the two ports cannot be activated simultaneously You must use the command line interface CLI to enable the desired function Configuring Backup Interfaces When the router receives an indication that the primary interface is down the backup interface becomes enabled After the primary connection has been restored for a specified period the backup interface is disabled Even if the backup interface comes out of standby mode the router does not enable the backup interface unless the router receives the traffic specified for that backup interface Table 6 1 shows the backup interfaces available for each Cisco 819 ISR along with their port designations Basic configurations for these interfaces are given in the Configuring WAN Interfaces section on page 5 9 Table 6 1 Model Number and Data Line Backup Capabilities Router Model Number 3G 819 Yes
217. tside ip virtual reassembly encapsulation ppp no ip mroute cache dialer in band dialer idle timeout 0 dialer string gsm dialer group 1 async mode interactive no ppp lcp fast start ppp chap hostname chunahayev wwan ccs ppp chap password 0 B7uhestacr ppp ipcp dns request crypto map gsm1 interface Vlanl description used as default gateway address for DHCP clients ip address 10 4 0 254 255 255 0 0 ip nat inside ip virtual reassembly interface Dialer2 ip address negotiated ip mtu 1492 ip nat outside ip virtual reassembly encapsulation ppp load interval 30 dialer pool 2 dialer group 2 ppp authentication chap callin ppp chap password 0 cisco ppp ipcp dns request crypto map gsm1 I ip local policy route map track primary if ip forward protocol nd ip route 0 0 0 0 0 0 0 0 Dialer2 track 234 ip route 0 0 0 0 0 0 0 0 Cellular0 254 no ip http server no ip http secure server ip nat inside source route map nat2cell interface Cellular0 overload ip sla 1 icmp echo 209 131 36 158 source interface Dialer2 timeout 1000 frequency 2 ip sla schedule 1 life forever start time now access list 1 permit any access list 2 permit 10 4 0 0 0 0 255 255 access list 3 permit any access list 101 permit ip 10 4 0 0 0 0 255 255 any access list 102 permit icmp any host 209 131 36 158 access list 103 permit ip host 166 136 225 89 128 107 0 0 0 0 255 255 access list 103 permit ip host 75 40 113 246 128 107 0 0 0 0 255 255 dialer list 1 protocol ip l
218. tunnel to configure and secure the connection between the remote client and the corporate network Figure 9 1 shows a typical deployment scenario Figure 9 1 Remote Access VPN Using IPSec Tunnel a 121782 Remote networked users VPN client Cisco 819 access router Router Providing the corporate office network access A OU N VPN server Easy VPN server for example a Cisco VPN 3000 concentrator with outside interface address 210 110 101 1 Corporate office with a network address of 10 1 1 1 a IPSec tunnel The Cisco Easy VPN client feature eliminates much of the tedious configuration work by implementing the Cisco Unity Client protocol This protocol allows most VPN parameters such as internal IP addresses internal subnet masks DHCP server addresses Windows Internet Naming Service WINS server addresses and split tunneling flags to be defined at a VPN server such as a Cisco VPN 3000 concentrator that is acting as an IPSec server A Cisco Easy VPN server enabled device can terminate VPN tunnels initiated by mobile and remote workers who are running Cisco Easy VPN Remote software on PCs Cisco Easy VPN server enabled devices allow remote routers to act as Cisco Easy VPN Remote nodes The Cisco Easy VPN client feature can be configured in one of two modes client mode or network extension mode Client mode is the default configuration and allows only devices at the cl
219. tware Configuration Guide B 2 OL 18906 02 _ Appendix B Concepts PPP Authentication Protocols Ml Enhanced IGRP Enhanced IGRP is an advanced Cisco proprietary distance vector and link state routing protocol which means it uses a metric more sophisticated than distance hop count for route selection Enhanced IGRP uses a metric based on a successor which is a neighboring router that has a least cost path to a destination that is guaranteed not to be part of a routing loop If a successor for a particular destination does not exist but neighbors advertise the destination the router must recompute a route Each router that is running Enhanced IGRP sends hello packets every 5 seconds to inform neighboring routers that it is functioning If a particular router does not send a hello packet within a prescribed period Enhanced IGRP assumes that the state of a destination has changed and sends an incremental update Because Enhanced IGRP supports IP you can use one routing protocol for multiprotocol network environments minimizing the size of the routing tables and the amount of routing information PPP Authentication Protocols PAP The Point to Point Protocol PPP encapsulates network layer protocol information over point to point links PPP originated as an encapsulation protocol for transporting IP traffic over point to point links PPP also established a standard for the assignment and management of IP addresses asynchronou
220. ular 0 interface Cellular0 no ip address encapsulation ppp interface Ethernet wan0 no ip address shutdown duplex auto Cisco 819 Series Integrated Services Router Software Configuration Guide lt OL 23590 02 Chapter5 Basic Router Configuration Information Needed for Configuration W speed auto interface FastEthernet0 interface FastEthernet1 interface FastEthernet2 interface FastEthernet3 interface Serial0 no ip address shutdown no fair queue clock rate 2000000 I interface Vlan1 no ip address I ip forward protocol nd no ip http server no ip http secure server logging esm config control plane line con 0 no modem enable line aux 0 line 3 no exec line 7 stopbits 1 speed 115200 line vty 0 4 login transport input all scheduler allocate 20000 1000 end Information Needed for Configuration You need to gather some or all of the following information depending on your planned network scenario before configuring your network e If you are setting up an Internet connection gather the following information PPP client name that is assigned as your login name PPP authentication type Challenge Handshake Authentication Protocol CHAP or Password Authentication Protocol PAP PPP password to access your Internet service provider ISP account DNS server IP address and default gateways e If you are setting up a connection to a corporate network you and th
221. unnel Configuration Tasks W 4 mode client network extension network extension plus 5 exit 6 interface type number 7 crypto ipsec client ezvpn name outside inside 8 exit DETAILED STEPS Command or Action Purpose Step 1 crypto ipsec client ezvpn name Creates a Cisco Easy VPN remote configuration and enters Cisco Easy VPN remote configuration Example mode Router config crypto ipsec client ezvpn ezvpnclient Router config crypto ezvpn Step 2 group group name key group key Specifies the IPSec group and IPSec key value for the VPN connection Example Router config crypto ezvpn group ezvpnclient key secret password Router config crypto ezvpn Step 3 peer ipaddress hostname Specifies the peer IP address or hostname for the VPN connection Example a P Note A hostname can be specified only when Router conf rg cryptozezvpri t peer the router has a DNS server available for 192 168 100 1 h luti Router config crypto ezvpn ostname resolution Step 4 mode client network extension network Specifies the VPN mode of operation extension plus Example Router config crypto ezvpn mode client Router config crypto ezvpn Step 5 exit Returns to global configuration mode Example Router config crypto ezvpn exit Router config Step 6 interface type number Enters the interface configuration mode for the interface to which you want the Cisco Easy VPN Example remote configuration applied Router confi
222. up To tell the interface to monitor the DSR signal instead of the DCD signal as the line up down indicator use the following command in interface configuration mode I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide i Chapter8 Configuring the Serial Interface HZ How to Configure Serial Interfaces SUMMARY STEPS 1 ignore dcd DETAILED STEPS Command or Action Purpose Step1 ignore dcd Configures the serial interface to monitor the DSR signal as the line up down indicator Example Router config if ignore dcd A Caution Unless you know for certain that you really need this feature be very careful using this command It will hide the real status of the interface The interface could actually be down and you will not know just by looking at show displays Specifying the Serial Network Interface Module Timing On Cisco 819 ISRs you can specify the serial Network Interface Module timing signal configuration When the board is operating as a DCE and the DTE provides terminal timing SCTE or TT you can configure the DCE to use SCTE from the DTE When running the line at high speeds and long distances this strategy prevents phase shifting of the data with respect to the clock To configure the DCE to use SCTE from the DTE use the following command in interface configuration mode SUMMARY STEPS 1 dce terminal timing enable DETAILED STEPS Command or Action P
223. urce source wildcard Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 EN Chapter 11 Configuring PPP over Ethernet with NAT Hs Configuration Tasks DETAILED STEPS Step 1 Step 2 Step 3 Step 4 Step5 Step 6 Command Purpose ip nat pool name start ip end ip netmask netmask prefix length prefix length Example Router config ip nat pool pooll 192 168 1 0 192 168 2 0 netmask 255 255 252 0 Router config Creates pool of global IP addresses for NAT ip nat inside source list access list number interface type number pool name overload Example Router config ip nat inside source list 1 interface dialer 0 overload or Example Router config ip nat inside source list acll pool pooll Enables dynamic translation of addresses on the inside interface The first example shows the addresses permitted by the access list to be translated to one of the addresses specified in the dialer interface 0 The second example shows the addresses permitted by access list acl to be translated to one of the addresses specified in the NAT pool pooll For details about this command and additional parameters that can be set as well as information about enabling static translation see Cisco IOS IP Command Reference Volume 1 of 4 Addressing and Services interface type number Example Router config interface vlan 1 Router
224. urity Command Reference for i more details about this command Router config crypto dynamic map dynmap 1 Router config crypto map Step 2 set transform set transform set name Specifies which transform sets can be used with transform set name2 transform set name6 the crypto map entry Example Router config crypto map set transform set vpnl Router config crypto map Step 3 reverse route Creates source proxy information for the crypto map entry Example j P See Cisco IOS Security Command Reference for Router config crypto map reverse route details Router config crypto map i Step 4 exit Returns to global configuration mode Example Router config crypto map exit Router config Step 5 crypto map map name seq num ipsec isakmp Creates a crypto map profile dynamic dynamic map name discover profile profile name Example Router config crypto map static map 1 ipsec isakmp dynamic dynmap Router config Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 g o Chapter9 Configuring Security Features Hs Configuring VPN Apply the Crypto Map to the Physical Interface The crypto maps must be applied to each interface through which IPSec traffic flows Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security associations database With the default configurations the router provides secure connectivit
225. urpose Step1 dce terminal timing enable Configures the DCE to use SCTE from the DTE Example Router config if dce terminal timing enable When the board is operating as a DTE you can invert the TXC clock signal it gets from the DCE that the DTE uses to transmit data Invert the clock signal if the DCE cannot receive SCTE from the DTE the data is running at high speeds and the transmission line is long Again this prevents phase shifting of the data with respect to the clock To configure the interface so that the router inverts the TXC clock signal use the following command in interface configuration mode Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter8 Configuring the Serial Interface How to Configure Serial Interfaces W SUMMARY STEPS 1 dte invert txc DETAILED STEPS Command or Action Purpose Step1 dte invert txc Specifies timing configuration to invert TXC clock signal Example Router config if dte invert txc Cisco 819 Series Integrated Services Routers Software Configuration Guide I oL 23590 02 SEE Chapter8 Configuring the Serial Interface HI How to Configure Serial Interfaces Configuring Low Speed Serial Interfaces This section describes how to configure low speed serial interfaces and contains the following sections e Nan ein setweer ro 5 4 ASyncecnr lous Modes For configuration examples see the Low Speed S
226. uter router router sh inv NAME C819HGW 7 A A K9 DESCR C819HGW 7 A A K9 chassis Hw Serial FAC15455YYZ Hw Revision 4 0 PID C819HGW 7 A A K9 VID VOL SN FAC15455YYZ NAME C819HGW Mother board on Slot 0 DESCR C819HGW Mother board PID C819HGW 7 A A K9 VID V01 SN FOC15455YYZ NAME Modem 0 on Cellular0O DESCR Sierra Wireless Mini Card MC8705 HSPA R7 modem PID MC8705 VID 1 0 SN 357115040057411 router router router router Configuration Register The virtual configuration register is in nonvolatile NVRAM and has the same functionality as other Cisco routers You can view or modify the virtual configuration register from either the ROM monitor or the operating system software Within the ROM monitor you can change the configuration register by entering the register value in hexadecimal format or by allowing the ROM monitor to prompt you for the setting of each bit Cisco 819 Integrated Services Routers Software Configuration Guide Scio i OL 18906 02 _ Appendix C ROM Monitor Configuration Register W Changing the Configuration Register Manually To change the virtual configuration register from the ROM monitor manually enter the confreg command followed by the new value of the register in hexadecimal format as shown in the following example rommon 1 gt confreg 0x2101 You must reset or power cycle for new config to take effect rommon 2 gt The value is
227. with a customer or VPDN profile request dialin Example Router config vpdn request dialin Router config vpdn req in Creates a request dialin VPDN subgroup indicating the dialing direction and initiates the tunnel protocol 12tp pppoe Example Router config vpdn req in protocol pppoe Router config vpdn req in Specifies the type of sessions the VPDN subgroup can establish exit Example Router config vpdn req in exit Router config vpdn Exits request dialin VPDN group configuration exit Example Router config vpdn exit Router config Exits VPDN configuration returning to global configuration mode Configure the Fast Ethernet WAN Interfaces In this scenario the PPPoE client your Cisco router communicates over a 10 100 Mbps Ethernet interface on both the inside and the outside Perform these steps to configure the Fast Ethernet WAN interfaces starting in global configuration mode I oL 23590 02 Cisco 819 Series Integrated Services Routers Software Configuration Guide Chapter 11 Configuring PPP over Ethernet with NAT Hs Configuration Tasks SUMMARY STEPS 1 interface type number 2 pppoe client dial pool number number 3 no shutdown 4 exit Command Purpose Step 1 interface type number Enters interface configuration mode for a Fast Ethernet WAN interface Example Router config interface fastethernet 4 Route
228. xiliary port function Example Router config line modem enable Router config line Step16 exit Exits the configure interface mode Example Router config line exit Router config Step17 line aux console tty vty Enters configuration mode for the auxiliary line number ending line number interface Example Router config line aux 0 Router config Step18 flowcontrol none software lock in Enables hardware signal flow control out hardware in out Example Router config flowcontrol hardware Router config Example The following configuration example specifies an IP address for the interface through PPP and IPCP address negotiation and dial backup over the console port ip name server 192 168 28 12 ip dhcp excluded address 192 168 1 1 ip dhcp pool 1 import all network 192 168 1 0 255 255 255 0 default router 192 168 1 1 Need to use your own correct ISP phone number modemcap entry MY USER_MODEM MSC amp F1S0 1 chat script Dialout ABORT ERROR ABORT BUSY AT OK ATDT 5555102 T TIMEOUT 45 CONNECT c l I 1 interface vlan 1 ip address 192 168 1 1 255 255 255 0 ip nat inside ip tcp adjust mss 1452 hold queue 100 out Cisco 819 Series Integrated Services Routers Software Configuration Guide oL 23590 02 nE Chapter 6 Configuring Backup Data Lines and Remote Management Configuring
229. y by encrypting the traffic sent between remote sites However the public interface still allows the rest of the traffic to pass and provides connectivity to the Internet To apply a crypto map to an interface perform these steps beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 crypto map map name 3 exit DETAILED STEPS Command or Action Purpose Step 1 interface type number Enters the interface configuration mode for the interface to which you want the crypto map Example applied Router config interface fastethernet 4 Router config if Step 2 crypto map map name Applies the crypto map to the interface See Cisco IOS Security Command Reference for Example more details about this command Router config if crypto map static map Router config if Step 3 exit Returns to global configuration mode Example Router config crypto map exit Router config Where to Go Next If you are creating a Cisco Easy VPN remote configuration go to the Create a Cisco Easy VPN Remote Configuration section on page 9 15 If you are creating a site to site VPN using IPSec tunnels and GRE go to the Configure a Site to Site GRE Tunnel section on page 9 17 Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter9 Configuring Security Features Configuring VPN W Create a Cisco Easy VPN Remote Configuration The route
230. y for the dialer 0 interface For details about this command and additional parameters that can be set see Cisco IOS IP Command Reference Volume 2 of 3 Routing Protocols Release 12 2 and Cisco IOS IP Command Reference Volume 2 of 4 Routing Protocols Release 12 3 Configure Network Address Translation Network Address Translation NAT translates packets from addresses that match a standard access list using global addresses allocated by the dialer interface Packets that enter the router through the inside interface packets sourced from the router or both are checked against the access list for possible address translation You can configure NAT for either static or dynamic address translations Perform these steps to configure the outside Fast Ethernet WAN interface with dynamic NAT beginning in global configuration mode Cisco 819 Series Integrated Services Routers Software Configuration Guide OL 23590 02 Chapter 11 Configuring PPP over Ethernet with NAT Configuration Tasks W SUMMARY STEPS ip nat pool name start ip end ip netmask netmask prefix length prefix length ip nat inside source list access list number interface type number pool name overload interface type number ip nat inside outside no shutdown exit interface type number ip nat inside outside o o N II FPF WY N no shutdown gt exit access list access list number deny permit so
231. ypto isakmp policy priority Example Router config crypto Router config isakmp isakmp policy 1 Creates an IKE policy that is used during IKE negotiation The priority is a number from 1 to 10000 with 1 being the highest Also enters the Internet Security Association Key and Management Protocol ISAKMP policy configuration mode encryption des 3des aes 256 Example Router config isakmp Router config isakmp aes aes 192 encryption 3des Specifies the encryption algorithm used in the IKE policy The example specifies 168 bit data encryption standard DES hash md5 sha Example Router config isakmp hash md5 Router config isakmp Specifies the hash algorithm used in the IKE policy The example specifies the Message Digest 5 MDS algorithm The default is Secure Hash standard SHA 1 authentication rsa sig rsa encr pre share Specifies the authentication method used in the IKE policy Example The example specifies a pre shared key Router config isakmp authentication pre share Router config isakmp group 1 2 5 Specifies the Diffie Hellman group to be used in an IKE policy Example Router config isakmp group 2 Router config isakmp lifetime seconds Example Router config isakmp Router config isakmp lifetime 480 Specifies the lifetime 60 to 86400 seconds for an IKE security association
Download Pdf Manuals
Related Search