Configuration Guide
Page 2
..., Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, ...company. (0501R) Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide Copyright © 2005, Cisco Systems, Inc. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are service marks of Cisco Systems, Inc.; Changing...
..., Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, ...company. (0501R) Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide Copyright © 2005, Cisco Systems, Inc. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are service marks of Cisco Systems, Inc.; Changing...
Configuration Guide
Page 6
...H A P T E R 14 C H A P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 ...Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM ...
...H A P T E R 14 C H A P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 ...Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM ...
Configuration Guide
Page 7
... Reset the Password and Save Your Changes 12 Reset the Configuration Register Value 12 Managing Your Router with SDM 13 Reference Information Cisco IOS Software Basic Skills 1 Configuring the Router from a PC 1 Understanding Command Modes 2 Getting Help 4 Enable Secret Passwords and Enable Passwords 5 Entering Global Configuration Mode 5 Using Commands 6 Abbreviating Commands 6 Undoing Commands 6 Command...
... Reset the Password and Save Your Changes 12 Reset the Configuration Register Value 12 Managing Your Router with SDM 13 Reference Information Cisco IOS Software Basic Skills 1 Configuring the Router from a PC 1 Understanding Command Modes 2 Getting Help 4 Enable Secret Passwords and Enable Passwords 5 Entering Global Configuration Mode 5 Using Commands 6 Abbreviating Commands 6 Undoing Commands 6 Command...
Configuration Guide
Page 12
...Provides a road map for Part 3. • Chapter 12, "Configuring Security Features"-Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring ...Dial Backup and Remote Management"-Provides instructions on how to configure your Cisco router for Part 2. • Chapter 3, "Configuring PPP over Ethernet with NAT"-Provides instructions on how to configure PPPoE with Network Address Translation (NAT) on your Cisco router...
...Provides a road map for Part 3. • Chapter 12, "Configuring Security Features"-Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring ...Dial Backup and Remote Management"-Provides instructions on how to configure your Cisco router for Part 2. • Chapter 3, "Configuring PPP over Ethernet with NAT"-Provides instructions on how to configure PPPoE with Network Address Translation (NAT) on your Cisco router...
Configuration Guide
Page 17
...For more information on startup. It also describes the default configuration on the commands used in Appendix A, "Cisco IOS Basic Skills." CH A P T E R 1 Basic Router Configuration This chapter provides procedures for Configuration • Configuring Basic Parameters • Configuring Static Routes •... Table 1-1 lists the interfaces supported for each router and their associated port labels on how to access global configuration mode, see the Cisco IOS Release 12.3 documentation set. Note Individual router models may not support every feature described throughout this...
...For more information on startup. It also describes the default configuration on the commands used in Appendix A, "Cisco IOS Basic Skills." CH A P T E R 1 Basic Router Configuration This chapter provides procedures for Configuration • Configuring Basic Parameters • Configuring Static Routes •... Table 1-1 lists the interfaces supported for each router and their associated port labels on how to access global configuration mode, see the Cisco IOS Release 12.3 documentation set. Note Individual router models may not support every feature described throughout this...
Configuration Guide
Page 21
... global parameter commands, see the Cisco IOS Release 12.3 documentation set. If you are connecting to configure selected global parameters for your router: Step 1 Command configure terminal Example: Router> enable Router# configure terminal Router(config)# Step 2 hostname name Example: Router(config)# hostname Router Router(config)# Step 3 enable secret password Example: Router(config)# enable secret cr1ny5ho Router(config)# Step 4 no ip domain...
... global parameter commands, see the Cisco IOS Release 12.3 documentation set. If you are connecting to configure selected global parameters for your router: Step 1 Command configure terminal Example: Router> enable Router# configure terminal Router(config)# Step 2 hostname name Example: Router(config)# hostname Router Router(config)# Step 3 enable secret password Example: Router(config)# enable secret cr1ny5ho Router(config)# Step 4 no ip domain...
Configuration Guide
Page 24
... to virtual-template1, which acts as a placeholder for the loopback interface. This configuration example shows the loopback interface configured on the loopback commands, see the Cisco IOS Release 12.3 documentation set. Configuring Basic Parameters Chapter 1 Basic Router Configuration Configuring a Loopback Interface The loopback interface acts as a static IP address.
... to virtual-template1, which acts as a placeholder for the loopback interface. This configuration example shows the loopback interface configured on the loopback commands, see the Cisco IOS Release 12.3 documentation set. Configuring Basic Parameters Chapter 1 Basic Router Configuration Configuring a Loopback Interface The loopback interface acts as a static IP address.
Configuration Guide
Page 26
... the interval value. Optionally, add seconds to time out. For complete information about the command line commands, see the Cisco IOS Release 12.3 documentation set. 1-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Sets the interval that the EXEC command interpreter waits until user input is 10...
... the interval value. Optionally, add seconds to time out. For complete information about the command line commands, see the Cisco IOS Release 12.3 documentation set. 1-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Sets the interval that the EXEC command interpreter waits until user input is 10...
Configuration Guide
Page 27
... configuration file generated when you use the show running-config command. ! For complete information on static routing, see the Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols. Configuring static routes on the router. line con 0 exec-timeout 10 0 password 4youreyesonly login transport input none (default) stopbits 1 (default) line vty 0 4 password secret login...
... configuration file generated when you use the show running-config command. ! For complete information on static routing, see the Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols. Configuring static routes on the router. line con 0 exec-timeout 10 0 password 4youreyesonly login transport input none (default) stopbits 1 (default) line vty 0 4 password secret login...
Configuration Guide
Page 29
... Dynamic Routes Configuring RIP Perform these steps to configure the RIP routing protocol on the router, beginning in global configuration mode: Step 1 Command router rip Example: Router> configure terminal Router(config)# router rip Router(config-router)# Task Enters router configuration mode, and enables RIP on RIP, see the Cisco IOS Release 12.3 documentation set. For more general information on the...
... Dynamic Routes Configuring RIP Perform these steps to configure the RIP routing protocol on the router, beginning in global configuration mode: Step 1 Command router rip Example: Router> configure terminal Router(config)# router rip Router(config-router)# Task Enters router configuration mode, and enables RIP on RIP, see the Cisco IOS Release 12.3 documentation set. For more general information on the...
Configuration Guide
Page 31
For more general information on EIGRP concepts, see the Cisco IOS Release 12.3 documentation set 10.0.0.0/24 is subnetted, 1 subnets C 10.108.1.0 is directly connected, Loopback0 D 3.0.0.0/8 [90/409600] via 2.2.2.1, 00:00:02, Ethernet0/0 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-15 RIP, M - OSPF external type 1, E2 - IS-IS...
For more general information on EIGRP concepts, see the Cisco IOS Release 12.3 documentation set 10.0.0.0/24 is subnetted, 1 subnets C 10.108.1.0 is directly connected, Loopback0 D 3.0.0.0/8 [90/409600] via 2.2.2.1, 00:00:02, Ethernet0/0 OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-15 RIP, M - OSPF external type 1, E2 - IS-IS...
Configuration Guide
Page 41
....2 255.255.255.255 dialer 0 Router(config)# Sets the IP route for the default gateway for the dialer 0 interface. For details about this command and additional parameters that can be set , see the Cisco IOS Security Command Reference. For details about this command... and additional parameters that can be set , see the Cisco IOS Dial Technologies Command Reference. Packets are then forwarded through the specified interface dialer...
....2 255.255.255.255 dialer 0 Router(config)# Sets the IP route for the default gateway for the dialer 0 interface. For details about this command and additional parameters that can be set , see the Cisco IOS Security Command Reference. For details about this command... and additional parameters that can be set , see the Cisco IOS Dial Technologies Command Reference. Packets are then forwarded through the specified interface dialer...
Configuration Guide
Page 42
...be set , as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enters configuration mode for the VLAN (on the {interface type ... well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. For details about this command and additional parameters that enter the router through the inside interface for possible address translation. Configure ...
...be set , as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enters configuration mode for the VLAN (on the {interface type ... well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. For details about this command and additional parameters that enter the router through the inside interface for possible address translation. Configure ...
Configuration Guide
Page 43
..., you want to use NAT with NAT Configure Network Address Translation Step 5 Command no shutdown Example: Router(config-if)# no shutdown Router(config-if)# Identifies the specified WAN interface as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Note If you must configure a loopback interface...
..., you want to use NAT with NAT Configure Network Address Translation Step 5 Command no shutdown Example: Router(config-if)# no shutdown Router(config-if)# Identifies the specified WAN interface as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services. Note If you must configure a loopback interface...
Configuration Guide
Page 44
...)" are generated automatically when you run the show running-config command. NAT is configured for the PPPoE scenario described in this chapter. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-8 OL-5332-01 Configuration Example Chapter 3 Configuring PPP over Ethernet with a subnet mask of the configuration file for inside...-group 1 request-dialin protocol pppoe ! The VLAN interface has an IP address of 192.168.1.1 with NAT For complete information on NAT concepts, see the Cisco IOS Release 12.3 documentation set.
...)" are generated automatically when you run the show running-config command. NAT is configured for the PPPoE scenario described in this chapter. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-8 OL-5332-01 Configuration Example Chapter 3 Configuring PPP over Ethernet with a subnet mask of the configuration file for inside...-group 1 request-dialin protocol pppoe ! The VLAN interface has an IP address of 192.168.1.1 with NAT For complete information on NAT concepts, see the Cisco IOS Release 12.3 documentation set.
Configuration Guide
Page 49
... mode. Step 2 ip address negotiated Example: Router(config-if)# ip address negotiated Router(config-if)# Specifies that can be set, see the Cisco IOS Security Command Reference. Step 5 Step 6 ppp authentication {protocol1 [protocol2...]} Example: Router(config-if)# ppp authentication chap Router(config-if)# dialer pool number Example: Router(config-if)# dialer pool 1 Router(config-if)# Sets the PPP authentication...
... mode. Step 2 ip address negotiated Example: Router(config-if)# ip address negotiated Router(config-if)# Specifies that can be set, see the Cisco IOS Security Command Reference. Step 5 Step 6 ppp authentication {protocol1 [protocol2...]} Example: Router(config-if)# ppp authentication chap Router(config-if)# dialer pool number Example: Router(config-if)# dialer pool 1 Router(config-if)# Sets the PPP authentication...
Configuration Guide
Page 50
...For details about this command and additional parameters that can be set , see the Cisco IOS Dial Technologies Command Reference. For details about this command and additional parameters that can be set , see the Cisco IOS IP Command Reference, Volume 1 of 4: Routing Protocols. Step 10 ip route ...prefix mask {interface-type interface-number} Example: Router(config)# ip route 10.10.25.2 0.255.255.255 dialer 0 Router(config)# Sets the IP route for the ...
...For details about this command and additional parameters that can be set , see the Cisco IOS Dial Technologies Command Reference. For details about this command and additional parameters that can be set , see the Cisco IOS IP Command Reference, Volume 1 of 4: Routing Protocols. Step 10 ip route ...prefix mask {interface-type interface-number} Example: Router(config)# ip route 10.10.25.2 0.255.255.255 dialer 0 Router(config)# Sets the IP route for the ...
Configuration Guide
Page 51
...For details about this command and additional parameters that can be set , see the Cisco IOS Wide-Area Networking Command Reference. Note This interface was initially configured during basic router configuration. Creates an ATM PVC for the PVC and points back to configure the ... VCI arguments cannot be set , see the Cisco IOS Wide-Area Networking Command Reference. Chapter 4 Configuring PPP over ATM with which the router communicates. Step 4 dialer pool-member number Example: Router(config-if-atm-vc)# dialer pool-member 1 Router(config-if-atm-vc)# Specifies the ATM interface...
...For details about this command and additional parameters that can be set , see the Cisco IOS Wide-Area Networking Command Reference. Note This interface was initially configured during basic router configuration. Creates an ATM PVC for the PVC and points back to configure the ... VCI arguments cannot be set , see the Cisco IOS Wide-Area Networking Command Reference. Chapter 4 Configuring PPP over ATM with which the router communicates. Step 4 dialer pool-member number Example: Router(config-if-atm-vc)# dialer pool-member 1 Router(config-if-atm-vc)# Specifies the ATM interface...
Configuration Guide
Page 53
... DSL connection is operating in global configuration mode. Router(config-controller)# line-mode 4-wire Router(config-controller)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-7 Step 1 Command controller dsl port Example: Router(config)# controller dsl 0 Router(config-controller)# Purpose Enters the configuration mode for details...interface atm command from the ATM interface configuration mode) • dsl lom integer • dsl enable-training-log See the Cisco IOS Wide-Area Networking Command Reference for the DSL controller.
... DSL connection is operating in global configuration mode. Router(config-controller)# line-mode 4-wire Router(config-controller)# OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4-7 Step 1 Command controller dsl port Example: Router(config)# controller dsl 0 Router(config-controller)# Purpose Enters the configuration mode for details...interface atm command from the ATM interface configuration mode) • dsl lom integer • dsl enable-training-log See the Cisco IOS Wide-Area Networking Command Reference for the DSL controller.
Configuration Guide
Page 55
...address translations. Enters configuration mode for the VLAN (on the inside source list acl1 pool pool1 interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enables dynamic translation of the addresses specified in the NAT pool pool1. Perform these steps to one of ... addresses allocated by the access list 1 to be translated to be set, as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of the addresses specified in the dialer interface 0. The first example shows the addresses permitted by the dialer...
...address translations. Enters configuration mode for the VLAN (on the inside source list acl1 pool pool1 interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enables dynamic translation of the addresses specified in the NAT pool pool1. Perform these steps to one of ... addresses allocated by the access list 1 to be translated to be set, as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of the addresses specified in the dialer interface 0. The first example shows the addresses permitted by the dialer...