Configuration Guide
Page 6
... A P T E R 14 C H A P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation ...Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM ...
... A P T E R 14 C H A P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation ...Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM ...
Configuration Guide
Page 11
Cisco 876, Cisco 877, and Cisco 878 DSL Access Routers This preface describes the intended audience, the organization of this guide in configuring routers to configure features of experience. To obtain the SDM release notes and other features on your router. Preface This software ...You can use the Cisco Router and Security Device Manager (SDM)-a web-based configuration tool that network administrators with minimal familiarity with Cisco routers use this guide, and the text and command conventions used throughout the guide. Cisco 871 Ethernet Access Router - Note We strongly...
Cisco 876, Cisco 877, and Cisco 878 DSL Access Routers This preface describes the intended audience, the organization of this guide in configuring routers to configure features of experience. To obtain the SDM release notes and other features on your router. Preface This software ...You can use the Cisco Router and Security Device Manager (SDM)-a web-based configuration tool that network administrators with minimal familiarity with Cisco routers use this guide, and the text and command conventions used throughout the guide. Cisco 871 Ethernet Access Router - Note We strongly...
Configuration Guide
Page 12
... remote management. • Chapter 14, "Troubleshooting"-Provides information on identifying and solving problems with a secure IP tunnel and generic routing encapsulation (GRE). • Chapter 8, "Configuring a Simple Firewall"-Provides instructions on how to configure a basic firewall on your Cisco router. • Chapter 9, "Configuring a Wireless LAN Connection"-Provides instructions on how to configure a wireless LAN...
... remote management. • Chapter 14, "Troubleshooting"-Provides information on identifying and solving problems with a secure IP tunnel and generic routing encapsulation (GRE). • Chapter 8, "Configuring a Simple Firewall"-Provides instructions on how to configure a basic firewall on your Cisco router. • Chapter 9, "Configuring a Wireless LAN Connection"-Provides instructions on how to configure a wireless LAN...
Configuration Guide
Page 14
... related information on these routers: • Cisco 850 Series and Cisco 870 Series Access Routers Cabling and Setup Quick Start Guide • Cisco 850 Series and Cisco 870 Series Access Routers Hardware Installation Guide • Cisco Router and Security Device Manager (SDM) Quick Start Guide • Cisco Access Router Wireless Configuration Guide • Upgrading Memory in Cisco 800 Series Routers • Regulatory Compliance and...
... related information on these routers: • Cisco 850 Series and Cisco 870 Series Access Routers Cabling and Setup Quick Start Guide • Cisco 850 Series and Cisco 870 Series Access Routers Hardware Installation Guide • Cisco Router and Security Device Manager (SDM) Quick Start Guide • Cisco Access Router Wireless Configuration Guide • Upgrading Memory in Cisco 800 Series Routers • Regulatory Compliance and...
Configuration Guide
Page 19
...all transport output all line vty 0 4 login transport preferred all transport input all transport output all ! end OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-3 interface FastEthernet0 no ip address shutdown ! interface FastEthernet3 no ip address shutdown ! interface Dot11Radio0 no ip ... 2312 station-role root ! no ip http server no ip address duplex auto speed auto ! interface FastEthernet4 no ip http secure-server ! interface Vlan1 no ftp-server write-enable ! ip cef ip ips po max-events 100 no ip address ! Chapter 1 Basic...
...all transport output all line vty 0 4 login transport preferred all transport input all transport output all ! end OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 1-3 interface FastEthernet0 no ip address shutdown ! interface FastEthernet3 no ip address shutdown ! interface Dot11Radio0 no ip ... 2312 station-role root ! no ip http server no ip address duplex auto speed auto ! interface FastEthernet4 no ip http secure-server ! interface Vlan1 no ftp-server write-enable ! ip cef ip ips po max-events 100 no ip address ! Chapter 1 Basic...
Configuration Guide
Page 41
... authentication {protocol1 [protocol2...]} Example: Router(config-if)# ppp authentication chap Router(config-if)# dialer pool number Example: Router(config-if)# dialer pool 1 Router(config-if)# Purpose Sets the PPP authentication method to a specific destination subnetwork. For details about this command and additional parameters that can be set , see the Cisco IOS Security Command Reference. For details...
... authentication {protocol1 [protocol2...]} Example: Router(config-if)# ppp authentication chap Router(config-if)# dialer pool number Example: Router(config-if)# dialer pool 1 Router(config-if)# Purpose Sets the PPP authentication method to a specific destination subnetwork. For details about this command and additional parameters that can be set , see the Cisco IOS Security Command Reference. For details...
Configuration Guide
Page 49
...). The maximum for cloning virtual access. It is also used for ATM is 4470 bytes. Step 2 ip address negotiated Example: Router(config-if)# ip address negotiated Router(config-if)# Specifies that can be set, see the Cisco IOS Security Command Reference. The default minimum is 128 bytes. Step 5 Step 6 ppp authentication {protocol1 [protocol2...]} Example...
...). The maximum for cloning virtual access. It is also used for ATM is 4470 bytes. Step 2 ip address negotiated Example: Router(config-if)# ip address negotiated Router(config-if)# Specifies that can be set, see the Cisco IOS Security Command Reference. The default minimum is 128 bytes. Step 5 Step 6 ppp authentication {protocol1 [protocol2...]} Example...
Configuration Guide
Page 63
...Cisco IOS Switching Services Command Reference. Example: Router# config t Router(config)#vlan ? Chapter 5 Configuring a LAN with identifiers ranging from 1- 4094. WORD ISL VLAN IDs 1-4094 accounting VLAN accounting configuration ifdescr VLAN subinterface ifDescr Step 2 Router(config)#vlan ISL VLAN ID Example: Router(config)#vlan 2 Router...0 Expired bindings 0 Malformed messages 0 Secure arp entries 0 Message BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Received 0 0 0 0 0 0 Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK Router# Sent 0 0 0 0 Configure ...
...Cisco IOS Switching Services Command Reference. Example: Router# config t Router(config)#vlan ? Chapter 5 Configuring a LAN with identifiers ranging from 1- 4094. WORD ISL VLAN IDs 1-4094 accounting VLAN accounting configuration ifdescr VLAN subinterface ifDescr Step 2 Router(config)#vlan ISL VLAN ID Example: Router(config)#vlan 2 Router...0 Expired bindings 0 Malformed messages 0 Secure arp entries 0 Message BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Received 0 0 0 0 0 0 Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK Router# Sent 0 0 0 0 Configure ...
Configuration Guide
Page 67
... the corporate network. Figure 6-1 shows a typical deployment scenario. The example in this chapter does not apply to configure and secure the connection between two particular endpoints. Cisco 850 series routers do not support Cisco Easy VPN. Note The material in to -site and remote access. Remote access VPNs are supported-site-to a corporate network...
... the corporate network. Figure 6-1 shows a typical deployment scenario. The example in this chapter does not apply to configure and secure the connection between two particular endpoints. Cisco 850 series routers do not support Cisco Easy VPN. Note The material in to -site and remote access. Remote access VPNs are supported-site-to a corporate network...
Configuration Guide
Page 70
...)# Specifies the authentication method used in the IKE policy. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01 Step 7 exit Example: Router(config-isakmp)# exit Router(config)# Exits IKE policy configuration mode, and enters global configuration mode. The priority is Secure Hash standard (SHA-1). The example specifies the Message Digest...
...)# Specifies the authentication method used in the IKE policy. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01 Step 7 exit Example: Router(config-isakmp)# exit Router(config)# Exits IKE policy configuration mode, and enters global configuration mode. The priority is Secure Hash standard (SHA-1). The example specifies the Message Digest...
Configuration Guide
Page 71
... Internet Naming Service (WINS) servers for the group policy. Example: Router(config-isakmp-group)# domain company.com Router(config-isakmp-group)# Step 5 exit Example: Router(config-isakmp-group)# exit Router(config)# Exits IKE group policy configuration mode, and enters global configuration ... Router(config-isakmp-group)# Purpose Creates an IKE policy group containing attributes to be set, see the Cisco IOS Dial Technologies Command Reference. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-5 Also enters the Internet Security...
... Internet Naming Service (WINS) servers for the group policy. Example: Router(config-isakmp-group)# domain company.com Router(config-isakmp-group)# Step 5 exit Example: Router(config-isakmp-group)# exit Router(config)# Exits IKE group policy configuration mode, and enters global configuration ... Router(config-isakmp-group)# Purpose Creates an IKE policy group containing attributes to be set, see the Cisco IOS Dial Technologies Command Reference. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-5 Also enters the Internet Security...
Configuration Guide
Page 72
... map and enables key lookup (IKE queries) for this. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-6 OL-5332-01 For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Example: Router(config)# crypto map dynmap client configuration address respond Router(config)# Enable Policy Lookup Perform these steps to apply...
... map and enables key lookup (IKE queries) for this. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-6 OL-5332-01 For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Example: Router(config)# crypto map dynmap client configuration address respond Router(config)# Enable Policy Lookup Perform these steps to apply...
Configuration Guide
Page 73
... negotiation, the peers agree to use a RADIUS server for this. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure IPSec ... encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(config)# Establishes a username-based authentication system. This example implements a username of Cisco with an encrypted password of authorization. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-7 ...
... negotiation, the peers agree to use a RADIUS server for this. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure IPSec ... encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(config)# Establishes a username-based authentication system. This example implements a username of Cisco with an encrypted password of authorization. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-7 ...
Configuration Guide
Page 74
... detail about the valid transforms and combinations. Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01 Example: Router(config)# crypto ipsec security-association lifetime seconds 86400 Router(config)# See the Cisco IOS Security Command Reference for detail about this command. Step...
... detail about the valid transforms and combinations. Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01 Example: Router(config)# crypto ipsec security-association lifetime seconds 86400 Router(config)# See the Cisco IOS Security Command Reference for detail about this command. Step...
Configuration Guide
Page 75
...)# Purpose Creates source proxy information for details. See the Cisco IOS Security Command Reference for the crypto map entry. With the default configurations, the router provides secure connectivity by encrypting the traffic sent between remote sites. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-9 Applying the crypto map to the...
...)# Purpose Creates source proxy information for details. See the Cisco IOS Security Command Reference for the crypto map entry. With the default configurations, the router provides secure connectivity by encrypting the traffic sent between remote sites. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-9 Applying the crypto map to the...
Configuration Guide
Page 76
... available for more detail about this command. Perform these steps to the interface. See the Cisco IOS Security Command Reference for hostname resolution. Specifies the VPN mode of operation. 6-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Specifies the peer IP address or hostname for the VPN...
... available for more detail about this command. Perform these steps to the interface. See the Cisco IOS Security Command Reference for hostname resolution. Specifies the VPN mode of operation. 6-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Specifies the peer IP address or hostname for the VPN...
Configuration Guide
Page 78
... dynmap 1 set transform-set vpn1 esp-3des esp-sha-hmac ! crypto ipsec security-association lifetime seconds 86400 ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 username Cisco password 0 Cisco ! crypto map static-map 1 ipsec-isakmp dynamic dynmap crypto map dynmap...
... dynmap 1 set transform-set vpn1 esp-3des esp-sha-hmac ! crypto ipsec security-association lifetime seconds 86400 ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 username Cisco password 0 Cisco ! crypto map static-map 1 ipsec-isakmp dynamic dynmap crypto map dynmap...
Configuration Guide
Page 79
... the inside interface address of 10.1.1.1 8 Corporate office network 9 IPSec tunnel with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1 The example in to secure the connection between two particular endpoints. Figure 7-1 shows a typical deployment scenario. Cisco routers and other broadband devices provide high-performance connections to the corporate network, with...
... the inside interface address of 10.1.1.1 8 Corporate office network 9 IPSec tunnel with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1 The example in to secure the connection between two particular endpoints. Figure 7-1 shows a typical deployment scenario. Cisco routers and other broadband devices provide high-performance connections to the corporate network, with...
Configuration Guide
Page 80
... encrypted if no further access control lists (ACLs) are typically used , the Cisco router and the router that controls access to a private network, such as appropriate for your Cisco router and on your router. VPNs VPN configuration information must specify parameters, such as PPPoE or PPPoA with GRE..., the access list for example, on your Cisco router and at the remote user, or on another router. Note When IP Security (IPSec) is used to establish a VPN between the Cisco router and a remote device that controls access to the corporate network can support...
... encrypted if no further access control lists (ACLs) are typically used , the Cisco router and the router that controls access to a private network, such as appropriate for your Cisco router and on your router. VPNs VPN configuration information must specify parameters, such as PPPoE or PPPoA with GRE..., the access list for example, on your Cisco router and at the remote user, or on another router. Note When IP Security (IPSec) is used to establish a VPN between the Cisco router and a remote device that controls access to the corporate network can support...
Configuration Guide
Page 153
Chapter 14 Troubleshooting Managing Your Router with SDM Managing Your Router with SDM The Cisco SDM tool is a free software configuration utility, supporting the Cisco 850 and Cisco 870 series access routers. It includes a web-based GUI that offers the following features: • Simplified setup • Advanced configuration • Router security • Router monitoring OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-13
Chapter 14 Troubleshooting Managing Your Router with SDM Managing Your Router with SDM The Cisco SDM tool is a free software configuration utility, supporting the Cisco 850 and Cisco 870 series access routers. It includes a web-based GUI that offers the following features: • Simplified setup • Advanced configuration • Router security • Router monitoring OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 14-13