Configuration Guide
Page 5
... 4 Configuration Example 5 Configuring a Wireless LAN Connection 1 Configure the Root Radio Station 2 Configure Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
... 4 Configuration Example 5 Configuring a Wireless LAN Connection 1 Configure the Root Radio Station 2 Configure Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
Configuration Guide
Page 6
... P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces ... and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting ...
... P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces ... and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting ...
Configuration Guide
Page 11
... (NAT), firewalls, VPNs, and other features on your router. You can use the Cisco Router and Security Device Manager (SDM)-a web-based configuration tool that network administrators with minimal familiarity with Cisco routers use this guide, and the text and command conventions used throughout the guide. Cisco 876, Cisco 877, and Cisco 878 DSL Access Routers This preface describes the intended audience...
... (NAT), firewalls, VPNs, and other features on your router. You can use the Cisco Router and Security Device Manager (SDM)-a web-based configuration tool that network administrators with minimal familiarity with Cisco routers use this guide, and the text and command conventions used throughout the guide. Cisco 876, Cisco 877, and Cisco 878 DSL Access Routers This preface describes the intended audience...
Configuration Guide
Page 12
..., "Additional Configuration Options"-Provides a road map for Part 3. • Chapter 12, "Configuring Security Features"-Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring Dial Backup and Remote Management"-Provides instructions on how to configure your Cisco router for Part 2. • Chapter 3, "Configuring PPP over Ethernet with NAT"-Provides instructions...
..., "Additional Configuration Options"-Provides a road map for Part 3. • Chapter 12, "Configuring Security Features"-Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring Dial Backup and Remote Management"-Provides instructions on how to configure your Cisco router for Part 2. • Chapter 3, "Configuring PPP over Ethernet with NAT"-Provides instructions...
Configuration Guide
Page 17
... section includes a configuration example and verification steps, as available. For complete information on how to access global configuration mode, see the Cisco IOS Release 12.3 documentation set. Features not supported by Cisco Router Router Cisco 851 Interface Fast Ethernet LAN Fast Ethernet WAN Wireless LAN Port Label LAN (top), FE0-FE3 (bottom) WAN (top), FE4 (bottom...
... section includes a configuration example and verification steps, as available. For complete information on how to access global configuration mode, see the Cisco IOS Release 12.3 documentation set. Features not supported by Cisco Router Router Cisco 851 Interface Fast Ethernet LAN Fast Ethernet WAN Wireless LAN Port Label LAN (top), FE0-FE3 (bottom) WAN (top), FE4 (bottom...
Configuration Guide
Page 35
... examples to assist you can use features presented in the examples, or you can pattern your Cisco username and password. Each scenario is described with a network topology, a step-by configuring another key feature. The Cisco 851 and Cisco 871 router models can be used in the DSL...-based scenarios. Note To verify that a specific feature is used in the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can choose not to implement the...
... examples to assist you can use features presented in the examples, or you can pattern your Cisco username and password. Each scenario is described with a network topology, a step-by configuring another key feature. The Cisco 851 and Cisco 871 router models can be used in the DSL...-based scenarios. Note To verify that a specific feature is used in the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can choose not to implement the...
Configuration Guide
Page 38
...Perform the following steps to communicate through the network. Creates and associates a VPDN group with NAT PPPoE The PPPoE Client feature on the router provides PPPoE client support on an Ethernet interface, but each session must be used for details about entering this network ...PPPoE client does not attempt to reestablish the session. The source list defines how the packet travels through the router by the Cisco 850 or Cisco 870 series router.An established PPPoE client session can be terminated in the "Configuration Example" section on page 3-8. The PPPoE client...
...Perform the following steps to communicate through the network. Creates and associates a VPDN group with NAT PPPoE The PPPoE Client feature on the router provides PPPoE client support on an Ethernet interface, but each session must be used for details about entering this network ...PPPoE client does not attempt to reestablish the session. The source list defines how the packet travels through the router by the Cisco 850 or Cisco 870 series router.An established PPPoE client session can be terminated in the "Configuration Example" section on page 3-8. The PPPoE client...
Configuration Guide
Page 48
PPPoA The PPPoA Client feature on the router provides PPPoA client support on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool. A PPPoA session is encapsulated and ... on the WAN connection: • Asymmetric digital subscriber line (ADSL) over plain old telephone service (POTS) using the Cisco 857 or Cisco 877 router • ADSL over integrated services digital network (ISDN) using the Cisco 876 router • Single-pair high-speed digital subscriber line (G.SHDSL) using the following tasks to the ISP. The dialer interface...
PPPoA The PPPoA Client feature on the router provides PPPoA client support on an ATM interface, but each session must use a separate dialer interface and a separate dialer pool. A PPPoA session is encapsulated and ... on the WAN connection: • Asymmetric digital subscriber line (ADSL) over plain old telephone service (POTS) using the Cisco 857 or Cisco 877 router • ADSL over integrated services digital network (ISDN) using the Cisco 876 router • Single-pair high-speed digital subscriber line (G.SHDSL) using the following tasks to the ISP. The dialer interface...
Configuration Guide
Page 60
...: Step 1 Command ip domain name name Example: Router(config)# ip domain name smallbiz.com Router(config)# Purpose Identifies the default domain that the router uses to configure your router. VLANs The Cisco 870 series access routers support four Fast Ethernet ports on which you have ...not performed these steps to complete unqualified hostnames (names without a dotted-decimal domain name). If you have already configured basic router features as...
...: Step 1 Command ip domain name name Example: Router(config)# ip domain name smallbiz.com Router(config)# Purpose Identifies the default domain that the router uses to configure your router. VLANs The Cisco 870 series access routers support four Fast Ethernet ports on which you have ...not performed these steps to complete unqualified hostnames (names without a dotted-decimal domain name). If you have already configured basic router features as...
Configuration Guide
Page 68
...that is located) to act as a supported Cisco 870 series access router. for example, a Cisco VPN 3000 concentrator with outside interface address 210.110.101.1 5 Corporate office with minimal configuration on the client site. The Cisco Easy VPN client feature can be configured in one of the tedious configuration...and allows only devices at the client site to be created with a network address of 10.1.1.1 6 IPSec tunnel Cisco Easy VPN The Cisco Easy VPN client feature eliminates much of two modes-client mode or network extension mode. An Easy VPN server-enabled device can be ...
...that is located) to act as a supported Cisco 870 series access router. for example, a Cisco VPN 3000 concentrator with outside interface address 210.110.101.1 5 Corporate office with minimal configuration on the client site. The Cisco Easy VPN client feature can be configured in one of the tedious configuration...and allows only devices at the client site to be created with a network address of 10.1.1.1 6 IPSec tunnel Cisco Easy VPN The Cisco Easy VPN client feature eliminates much of two modes-client mode or network extension mode. An Easy VPN server-enabled device can be ...
Configuration Guide
Page 69
... the Physical Interface • Create an Easy VPN Remote Configuration An example showing the results of these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," Chapter 4, "Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a... LAN with NAT, DCHP and VLANs. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of multiple VPN tunnels, you must manually configure the IPSec VPN and Network Address Translation/Peer Address Translation (NAT...
... the Physical Interface • Create an Easy VPN Remote Configuration An example showing the results of these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," Chapter 4, "Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a... LAN with NAT, DCHP and VLANs. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of multiple VPN tunnels, you must manually configure the IPSec VPN and Network Address Translation/Peer Address Translation (NAT...
Configuration Guide
Page 80
... IP routing protocols to exchange routing updates over the tunnel, and to establish a VPN between the Cisco router and a remote device that you have already configured basic router features as well as PPPoE or PPPoA with DHCP and VLANs," as internal IP addresses, internal subnet masks..., DHCP server addresses, and Network Address Translation (NAT). Note When IP Security (IPSec) is provided in the "Configuration Example" section on another router. Note ...
... IP routing protocols to exchange routing updates over the tunnel, and to establish a VPN between the Cisco router and a remote device that you have already configured basic router features as well as PPPoE or PPPoA with DHCP and VLANs," as internal IP addresses, internal subnet masks..., DHCP server addresses, and Network Address Translation (NAT). Note When IP Security (IPSec) is provided in the "Configuration Example" section on another router. Note ...
Configuration Guide
Page 92
... configuration example that you have also configured DHCP, VLANs, and secure tunnels. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-2 OL-5332-01 If you have already configured basic router features as well as appropriate for NAT) In the configuration example that...switches 2 Fast Ethernet LAN interface (the inside interface for NAT) 3 PPPoE or PPPoA client and firewall implementation-Cisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4 Point at which NAT occurs 5 Protected network 6 Unprotected network 7 Fast Ethernet or ATM WAN...
... configuration example that you have also configured DHCP, VLANs, and secure tunnels. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 8-2 OL-5332-01 If you have already configured basic router features as well as appropriate for NAT) In the configuration example that...switches 2 Fast Ethernet LAN interface (the inside interface for NAT) 3 PPPoE or PPPoA client and firewall implementation-Cisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4 Point at which NAT occurs 5 Protected network 6 Unprotected network 7 Fast Ethernet or ATM WAN...
Configuration Guide
Page 97
... 1 Wireless LAN (with the enterprise-class features required by networking professionals. You can configure and monitor the routers using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). CH A P T E R 9 Configuring a Wireless LAN Connection The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless...
... 1 Wireless LAN (with the enterprise-class features required by networking professionals. You can configure and monitor the routers using the command-line interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). CH A P T E R 9 Configuring a Wireless LAN Connection The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless...
Configuration Guide
Page 98
... Station Perform these configuration tasks is not supported on page 9-7. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-2 OL-5332-01 You may have already configured basic router features as well as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol-Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can...
... Station Perform these configuration tasks is not supported on page 9-7. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-2 OL-5332-01 You may have already configured basic router features as well as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol-Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can...
Configuration Guide
Page 111
PART 3 Configuring Additional Features and Troubleshooting
PART 3 Configuring Additional Features and Troubleshooting
Configuration Guide
Page 113
... configuration guides and command references for the Cisco 850 series routers (Cisco 851 and Cisco 857) and Cisco 870 series routers (Cisco 871, Cisco 876, Cisco 877, and Cisco 878). Note To verify that a specific feature is compatible with your router, you can access this part include: • Chapter 12, "Configuring Security Features" • Chapter 13, "Configuring Dial Backup and Remote Management" • Chapter 14...
... configuration guides and command references for the Cisco 850 series routers (Cisco 851 and Cisco 857) and Cisco 870 series routers (Cisco 871, Cisco 876, Cisco 877, and Cisco 878). Note To verify that a specific feature is compatible with your router, you can access this part include: • Chapter 12, "Configuring Security Features" • Chapter 13, "Configuring Dial Backup and Remote Management" • Chapter 14...
Configuration Guide
Page 115
... Kerberos to administer its security functions. Note Individual router models may not support every feature described throughout this guide. AAA uses protocols such as PPP), number of packets, and number of bytes. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12-1 Features not supported by a particular router are indicated whenever possible...
... Kerberos to administer its security functions. Note Individual router models may not support every feature described throughout this guide. AAA uses protocols such as PPP), number of packets, and number of bytes. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12-1 Features not supported by a particular router are indicated whenever possible...
Configuration Guide
Page 116
... the AutoSecure feature, see the following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring AutoSecure The AutoSecure feature disables common...} protocol {source-addr[source-mask] | any}{destination-addr [destination-mask] | any} 12-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Table 12-1 lists the commands used to be exploited for network ...
... the AutoSecure feature, see the following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring AutoSecure The AutoSecure feature disables common...} protocol {source-addr[source-mask] | any}{destination-addr [destination-mask] | any} 12-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Table 12-1 lists the commands used to be exploited for network ...
Configuration Guide
Page 117
... deny traffic based on creating access lists, see the "Configuring Context-Based Access Control" section of the Cisco IOS Release 12.3 Security Configuration Guide. Configuring a CBAC Firewall Context-Based Access Control (CBAC) lets you configure an interface at...01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12-3 For additional information about configuring a CBAC firewall, see the "Access Control Lists: Overview and Guidelines" section of the Cisco IOS Release 12.3 Security Configuration Guide. Chapter 12 Configuring Security Features Configuring...
... deny traffic based on creating access lists, see the "Configuring Context-Based Access Control" section of the Cisco IOS Release 12.3 Security Configuration Guide. Configuring a CBAC Firewall Context-Based Access Control (CBAC) lets you configure an interface at...01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 12-3 For additional information about configuring a CBAC firewall, see the "Access Control Lists: Overview and Guidelines" section of the Cisco IOS Release 12.3 Security Configuration Guide. Chapter 12 Configuring Security Features Configuring...