Software Guide
Page 1
Cisco Secure Router 520 Series Software Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: Text Part Number: OL-14210-01
Cisco Secure Router 520 Series Software Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: Text Part Number: OL-14210-01
Software Guide
Page 3
...Obtaining Documentation and Submitting a Service Request xvii Getting Started Basic Router Configuration 1-1 Viewing the Default Configuration 1-2 Information Needed for Customizing the Default Parameters 1-2 Interface Port Labels 1-3 Configuring Basic Parameters 1-3 Configure Global... Access to the Router 1-8 Configuration Example 1-9 Configuring Static Routes 1-10 Configuration Example 1-10 Verifying Your Configuration 1-10 Configuring Dynamic Routes 1-11 Configuring RIP 1-11 Configuration Example 1-12 Verifying Your Configuration 1-12 Cisco Secure Router 520 Series Software Configuration ...
...Obtaining Documentation and Submitting a Service Request xvii Getting Started Basic Router Configuration 1-1 Viewing the Default Configuration 1-2 Information Needed for Customizing the Default Parameters 1-2 Interface Port Labels 1-3 Configuring Basic Parameters 1-3 Configure Global... Access to the Router 1-8 Configuration Example 1-9 Configuring Static Routes 1-10 Configuration Example 1-10 Verifying Your Configuration 1-10 Configuring Dynamic Routes 1-11 Configuring RIP 1-11 Configuration Example 1-12 Verifying Your Configuration 1-12 Cisco Secure Router 520 Series Software Configuration ...
Software Guide
Page 4
Contents 2 P A R T Configuring Your Router for Ethernet and DSL Access 2 C H A P T E R Sample Network Deployments 2-1 3 C H A P T E R Configuring PPP over Ethernet with NAT 3-1 Configure the Virtual Private Dialup Network Group Number 3-2 Configure the Fast ... Group Policy Information 6-4 Apply Mode Configuration to the Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520 Series Software Configuration Guide iv OL-14210-01
Contents 2 P A R T Configuring Your Router for Ethernet and DSL Access 2 C H A P T E R Sample Network Deployments 2-1 3 C H A P T E R Configuring PPP over Ethernet with NAT 3-1 Configure the Virtual Private Dialup Network Group Number 3-2 Configure the Fast ... Group Policy Information 6-4 Apply Mode Configuration to the Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520 Series Software Configuration Guide iv OL-14210-01
Software Guide
Page 5
... 9-1 Configure the Root Radio Station 9-2 Configure Bridging on VLANs 9-4 Configure Radio Station Subinterfaces 9-5 Configuration Example 9-6 Configuring Additional Features and Troubleshooting Additional Configuration Options 10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring AutoSecure 11-2 Configuring Access Lists 11-2 Access Groups 11-3 Cisco Secure Router 520 Series Software Configuration Guide v
... 9-1 Configure the Root Radio Station 9-2 Configure Bridging on VLANs 9-4 Configure Radio Station Subinterfaces 9-5 Configuration Example 9-6 Configuring Additional Features and Troubleshooting Additional Configuration Options 10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring AutoSecure 11-2 Configuring Access Lists 11-2 Access Groups 11-3 Cisco Secure Router 520 Series Software Configuration Guide v
Software Guide
Page 6
... Creating Access Groups 11-3 Configuring a CBAC Firewall 11-3 Configuring Cisco IOS Firewall IDS 11-4 Configuring VPNs 11-4 Troubleshooting 12-1 Getting Started 12-1 Before Contacting Cisco or Your Reseller 12-1 ADSL Troubleshooting 12-2 ATM Troubleshooting Commands ...Cisco IOS Software Basic Skills A-1 Configuring the Router from a PC A-1 Understanding Command Modes A-2 Getting Help A-4 Enable Secret Passwords and Enable Passwords A-4 Entering Global Configuration Mode A-5 Using Commands A-5 Abbreviating Commands A-6 Undoing Commands A-6 Command-Line Error Messages A-6 Cisco Secure Router 520...
... Creating Access Groups 11-3 Configuring a CBAC Firewall 11-3 Configuring Cisco IOS Firewall IDS 11-4 Configuring VPNs 11-4 Troubleshooting 12-1 Getting Started 12-1 Before Contacting Cisco or Your Reseller 12-1 ADSL Troubleshooting 12-2 ATM Troubleshooting Commands ...Cisco IOS Software Basic Skills A-1 Configuring the Router from a PC A-1 Understanding Command Modes A-2 Getting Help A-4 Enable Secret Passwords and Enable Passwords A-4 Entering Global Configuration Mode A-5 Using Commands A-5 Abbreviating Commands A-6 Undoing Commands A-6 Command-Line Error Messages A-6 Cisco Secure Router 520...
Software Guide
Page 7
... Queuing B-8 Access Lists B-9 ROM Monitor C-1 Entering the ROM Monitor C-1 ROM Monitor Commands C-2 Command Descriptions C-3 Disaster Recovery with TFTP Download C-3 TFTP Download Command Variables C-4 Required Variables C-4 Cisco Secure Router 520 Series Software Configuration Guide vii
... Queuing B-8 Access Lists B-9 ROM Monitor C-1 Entering the ROM Monitor C-1 ROM Monitor Commands C-2 Command Descriptions C-3 Disaster Recovery with TFTP Download C-3 TFTP Download Command Variables C-4 Required Variables C-4 Cisco Secure Router 520 Series Software Configuration Guide vii
Software Guide
Page 8
Contents D A P P E N D I X INDEX Optional Variables C-4 Using the TFTP Download Command C-5 Configuration Register C-5 Changing the Configuration Register Manually C-6 Changing the Configuration Register Using Prompts C-6 Console Download C-7 Command Description C-7 Error Reporting C-8 Debug Commands C-8 Exiting the ROM Monitor C-9 Common Port Assignments D-1 Cisco Secure Router 520 Series Software Configuration Guide viii OL-14210-01
Contents D A P P E N D I X INDEX Optional Variables C-4 Using the TFTP Download Command C-5 Configuration Register C-5 Changing the Configuration Register Manually C-6 Changing the Configuration Register Using Prompts C-6 Console Download C-7 Command Description C-7 Error Reporting C-8 Debug Commands C-8 Exiting the ROM Monitor C-9 Common Port Assignments D-1 Cisco Secure Router 520 Series Software Configuration Guide viii OL-14210-01
Software Guide
Page 9
... network administrators whose backgrounds vary from having little or no experience in configuring routers to install and connect the wireless and nonwireless Cisco Secure Router 520 Series routers. Audience This guide is intended for Cisco Secure Router 520 Series document that have additional information. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide ix It contains the following sections: • Objective,... This guide provides an overview and explains how to having a high level of this guide, and describes related documents that was shipped with your router.
... network administrators whose backgrounds vary from having little or no experience in configuring routers to install and connect the wireless and nonwireless Cisco Secure Router 520 Series routers. Audience This guide is intended for Cisco Secure Router 520 Series document that have additional information. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide ix It contains the following sections: • Objective,... This guide provides an overview and explains how to having a high level of this guide, and describes related documents that was shipped with your router.
Software Guide
Page 10
...you begin to configure a virtual private network (VPN) with multiple VLANs and to configure basic router features and interfaces. Cisco Secure Router 520 Series Software Configuration Guide x OL-14210-01 Chapter 8, "Configuring a Simple Firewall" Provides instructions ..." Provides a road map for Part 3. Part 1: Getting Started Chapter 1, "Basic Router Configuration" Describes how to have it . Appendix B, "Concepts" Provides general concept explanations of Cisco IOS security features, including firewall and VPN configuration. Chapter 5, "Configuring a LAN with DHCP and...
...you begin to configure a virtual private network (VPN) with multiple VLANs and to configure basic router features and interfaces. Cisco Secure Router 520 Series Software Configuration Guide x OL-14210-01 Chapter 8, "Configuring a Simple Firewall" Provides instructions ..." Provides a road map for Part 3. Part 1: Getting Started Chapter 1, "Basic Router Configuration" Describes how to have it . Appendix B, "Concepts" Provides general concept explanations of Cisco IOS security features, including firewall and VPN configuration. Chapter 5, "Configuring a LAN with DHCP and...
Software Guide
Page 11
... do something that could result in equipment damage or loss of the ROM Monitor (ROMMON) utility. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi
... do something that could result in equipment damage or loss of the ROM Monitor (ROMMON) utility. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi
Software Guide
Page 16
.../SR_520_HI guide.html • Regulatory Compliance and Safety Information for Cisco Secure Router 520 Series document. • Cisco Regulatory Compliance and Safety Information Roadmap The following Cisco Secure Router 520 Series product documentation is available on Cisco.com. In addition to the Cisco Secure Router 520 Series Software Configuration Guide (this document), the Cisco Secure Router 520 Series documentation set of printed documentation. The following documentation is shipped...
.../SR_520_HI guide.html • Regulatory Compliance and Safety Information for Cisco Secure Router 520 Series document. • Cisco Regulatory Compliance and Safety Information Roadmap The following Cisco Secure Router 520 Series product documentation is available on Cisco.com. In addition to the Cisco Secure Router 520 Series Software Configuration Guide (this document), the Cisco Secure Router 520 Series documentation set of printed documentation. The following documentation is shipped...
Software Guide
Page 17
... all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. OL-14210-01 Cisco Secure Router 520 Series Software Configuration...
... all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. OL-14210-01 Cisco Secure Router 520 Series Software Configuration...
Software Guide
Page 21
... tables, see the Cisco IOS Release 12.3 documentation set. The Cisco Secure Router 520 Series routers also provide dynamic routing and advanced quality of the SBCS portfolio, the Cisco Secure Router 520 Series routers deliver a common user experience through integration with Cisco IOS Firewall, Intrusion Prevention Solution (IPS), and URL filtering. Features not supported by a particular router are designed for small businesses with up to...
... tables, see the Cisco IOS Release 12.3 documentation set. The Cisco Secure Router 520 Series routers also provide dynamic routing and advanced quality of the SBCS portfolio, the Cisco Secure Router 520 Series routers deliver a common user experience through integration with Cisco IOS Firewall, Intrusion Prevention Solution (IPS), and URL filtering. Features not supported by a particular router are designed for small businesses with up to...
Software Guide
Page 22
...provide you plan to connect over an ADSL line: Cisco Secure Router 520 Series Software Configuration Guide 1-2 OL-14210-01 Viewing the Default Configuration Chapter 1 Basic Router Configuration Viewing the Default Configuration When the router first boots up a connection to a corporate network,... service provider. To view the default configuration, follow these steps: Step 1 Use the default username cisco and the default password cisco to access the router - PPP authentication type: Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) -...
...provide you plan to connect over an ADSL line: Cisco Secure Router 520 Series Software Configuration Guide 1-2 OL-14210-01 Viewing the Default Configuration Chapter 1 Basic Router Configuration Viewing the Default Configuration When the router first boots up a connection to a corporate network,... service provider. To view the default configuration, follow these steps: Step 1 Use the default username cisco and the default password cisco to access the router - PPP authentication type: Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) -...
Software Guide
Page 23
..." section. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-3 Ensure that task. Table 1-1 Supported Interfaces and Associated Port Labels by Router Router Cisco Secure Router 520 Ethernet-to-Ethernet routers Cisco Secure Router 520 ADSL-over-POTS routers Cisco Secure Router 520 ADSL-over-ISDN routers Interface Fast Ethernet LAN Fast ...Access to show the network configuration following completion of that the ADSL signaling type is DMT (also called ANSI T1.413) or DMT Issue 2. Once you have collected the appropriate information, you can perform a full configuration ...
..." section. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-3 Ensure that task. Table 1-1 Supported Interfaces and Associated Port Labels by Router Router Cisco Secure Router 520 Ethernet-to-Ethernet routers Cisco Secure Router 520 ADSL-over-POTS routers Cisco Secure Router 520 ADSL-over-ISDN routers Interface Fast Ethernet LAN Fast ...Access to show the network configuration following completion of that the ADSL signaling type is DMT (also called ANSI T1.413) or DMT Issue 2. Once you have collected the appropriate information, you can perform a full configuration ...
Software Guide
Page 24
... Ethernet LAN interfaces on the global parameter commands, see Chapter 5, "Configuring a LAN with individual addresses. Configure WAN Interfaces The Cisco Secure Router 520 Ethernet-to-Ethernet routers have one Fast Ethernet interface for WAN connection. Cisco Secure Router 520 Series Software Configuration Guide 1-4 OL-14210-01 Specifies an encrypted password to prevent unauthorized access to other VLANs if desired.
... Ethernet LAN interfaces on the global parameter commands, see Chapter 5, "Configuring a LAN with individual addresses. Configure WAN Interfaces The Cisco Secure Router 520 Ethernet-to-Ethernet routers have one Fast Ethernet interface for WAN connection. Cisco Secure Router 520 Series Software Configuration Guide 1-4 OL-14210-01 Specifies an encrypted password to prevent unauthorized access to other VLANs if desired.
Software Guide
Page 25
...)# Purpose Enters the configuration mode for the specified Fast Ethernet interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-5 Enables the Ethernet interface, changing its state from administratively down to the Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers. Configure the ATM WAN Interface This procedure applies only to administratively up. Sets...
...)# Purpose Enters the configuration mode for the specified Fast Ethernet interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-5 Enables the Ethernet interface, changing its state from administratively down to the Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers. Configure the ATM WAN Interface This procedure applies only to administratively up. Sets...
Software Guide
Page 26
...-if)# Sets the IP address and subnet mask for an ATM interface. Cisco Secure Router 520 Series Software Configuration Guide 1-6 OL-14210-01 Step 3 no shutdown Router(config-if)# Step 4 exit Example: Router(config-if)# exit Router(config)# Exits configuration mode for the static IP address and provides default routing information. For more information about configuring a wireless...
...-if)# Sets the IP address and subnet mask for an ATM interface. Cisco Secure Router 520 Series Software Configuration Guide 1-6 OL-14210-01 Step 3 no shutdown Router(config-if)# Step 4 exit Example: Router(config-if)# exit Router(config)# Exits configuration mode for the static IP address and provides default routing information. For more information about configuring a wireless...
Software Guide
Page 27
... 1/255 Encapsulation LOOPBACK, loopback not set Last input never, output never, output hang never OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-7 interface loopback 0 ip address 200.200.100.1 255.255.255.0 (static IP address) ip nat outside... Command interface type number Step 2 Example: Router(config)# interface Loopback 0 Router(config-if)# ip address ip-address mask Example: Router(config-if)# ip address 10.108.1.1 255.255.255.0 Router(config-if)# Step 3 exit Example: Router(config-if)# exit Router(config)# Purpose Enters configuration mode for the loopback...
... 1/255 Encapsulation LOOPBACK, loopback not set Last input never, output never, output hang never OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-7 interface loopback 0 ip address 200.200.100.1 255.255.255.0 (static IP address) ip nat outside... Command interface type number Step 2 Example: Router(config)# interface Loopback 0 Router(config-if)# ip address ip-address mask Example: Router(config-if)# ip address 10.108.1.1 255.255.255.0 Router(config-if)# Step 3 exit Example: Router(config-if)# exit Router(config)# Purpose Enters configuration mode for the loopback...
Software Guide
Page 28
...seconds: !!!!! Sending 5, 100-byte ICMP Echos to 200.200.100.1, timeout is to ping it: Router# ping 200.200.100.1 Type escape sequence to abort. Cisco Secure Router 520 Series Software Configuration Guide 1-8 OL-14210-01 Success rate is detected. Specifies a unique password for access...Entering a timeout of "show interface" counters never Queuing strategy: fifo Output queue 0/0, 0 drops; Configuring Basic Parameters Chapter 1 Basic Router Configuration Last clearing of 0 0 specifies never to time out. The default is 10 minutes. Enables password checking at terminal session login....
...seconds: !!!!! Sending 5, 100-byte ICMP Echos to 200.200.100.1, timeout is to ping it: Router# ping 200.200.100.1 Type escape sequence to abort. Cisco Secure Router 520 Series Software Configuration Guide 1-8 OL-14210-01 Success rate is detected. Specifies a unique password for access...Entering a timeout of "show interface" counters never Queuing strategy: fifo Output queue 0/0, 0 drops; Configuring Basic Parameters Chapter 1 Basic Router Configuration Last clearing of 0 0 specifies never to time out. The default is 10 minutes. Enables password checking at terminal session login....