Configuration Guide
Page 5
... 4 Configuration Example 5 Configuring a Wireless LAN Connection 1 Configure the Root Radio Station 2 Configure Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
... 4 Configuration Example 5 Configuring a Wireless LAN Connection 1 Configure the Root Radio Station 2 Configure Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
Configuration Guide
Page 6
Contents 11 C H A P T E R 12 C H A P T E R 13 C H A P T E R 14 C H A P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces 2 Floating Static...
Contents 11 C H A P T E R 12 C H A P T E R 13 C H A P T E R 14 C H A P T E R Additional Configuration Options 1 Configuring Security Features 1 Authentication, Authorization, and Accounting 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces 2 Floating Static...
Configuration Guide
Page 11
...Configuration Guide 11 Cisco 871 Ethernet Access Router - You can use the Cisco Router and Security Device Manager (SDM)-a web-based configuration tool that allows you want to configure additional advanced software features by using the... command-line interface (CLI). • You want to configure the software using only the CLI. To obtain the SDM release notes and other features on your router. Cisco 876, Cisco 877, and Cisco 878...
...Configuration Guide 11 Cisco 871 Ethernet Access Router - You can use the Cisco Router and Security Device Manager (SDM)-a web-based configuration tool that allows you want to configure additional advanced software features by using the... command-line interface (CLI). • You want to configure the software using only the CLI. To obtain the SDM release notes and other features on your router. Cisco 876, Cisco 877, and Cisco 878...
Configuration Guide
Page 12
... of the ROM Monitor (ROMMON) utility. Part 4: Reference Information • Appendix A, "Cisco IOS Software Basic Skills"-Explains what you begin to configure it. • Appendix B, "Concepts"-Provides general concept explanations of features. • Appendix C, "ROM Monitor"-Describes the use of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring Dial Backup...
... of the ROM Monitor (ROMMON) utility. Part 4: Reference Information • Appendix A, "Cisco IOS Software Basic Skills"-Explains what you begin to configure it. • Appendix B, "Concepts"-Provides general concept explanations of features. • Appendix C, "ROM Monitor"-Describes the use of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring Dial Backup...
Configuration Guide
Page 17
... possible. CH A P T E R 1 Basic Router Configuration This chapter provides procedures for configuring the basic parameters of your Cisco router, including global parameter settings, routing protocols, interfaces, and command-line access. Features not supported by Cisco Router Router Cisco 851 Interface Fast Ethernet LAN Fast Ethernet WAN Wireless LAN Port Label LAN (top), FE0-FE3 (bottom...
... possible. CH A P T E R 1 Basic Router Configuration This chapter provides procedures for configuring the basic parameters of your Cisco router, including global parameter settings, routing protocols, interfaces, and command-line access. Features not supported by Cisco Router Router Cisco 851 Interface Fast Ethernet LAN Fast Ethernet WAN Wireless LAN Port Label LAN (top), FE0-FE3 (bottom...
Configuration Guide
Page 35
..." OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-1 The Cisco 851 and Cisco 871 router models can be used in the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can use features presented in the examples..., or you in the DSL-based scenarios. Note To verify that better suit your Cisco username and password. Each successive scenario builds...
..." OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-1 The Cisco 851 and Cisco 871 router models can be used in the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can use features presented in the examples..., or you in the DSL-based scenarios. Note To verify that better suit your Cisco username and password. Each successive scenario builds...
Configuration Guide
Page 38
...on page 3-8. Creates and associates a VPDN group with NAT PPPoE The PPPoE Client feature on the router provides PPPoE client support on page 1-5 for cloning virtual access. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-2 OL-5332-01 The PPPoE client ..."Configure Global Parameters" section on Ethernet interfaces. The source list defines how the packet travels through the router by the Cisco 850 or Cisco 870 series router.An established PPPoE client session can be used for details about entering this network scenario: • Configure...
...on page 3-8. Creates and associates a VPDN group with NAT PPPoE The PPPoE Client feature on the router provides PPPoE client support on page 1-5 for cloning virtual access. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 3-2 OL-5332-01 The PPPoE client ..."Configure Global Parameters" section on Ethernet interfaces. The source list defines how the packet travels through the router by the Cisco 850 or Cisco 870 series router.An established PPPoE client session can be used for details about entering this network scenario: • Configure...
Configuration Guide
Page 48
PPPoA The PPPoA Client feature on the router provides PPPoA client support on the client side by the Cisco 850 or Cisco 870 series router. NAT NAT (represented as the dashed line at the edge of these configuration tasks is initiated on ATM interfaces. ... Tasks Perform the following protocols on the WAN connection: • Asymmetric digital subscriber line (ADSL) over plain old telephone service (POTS) using the Cisco 878 router The Fast Ethernet interface carries the data packet through the network. A dialer interface must be configured on an ATM interface, but each session must...
PPPoA The PPPoA Client feature on the router provides PPPoA client support on the client side by the Cisco 850 or Cisco 870 series router. NAT NAT (represented as the dashed line at the edge of these configuration tasks is initiated on ATM interfaces. ... Tasks Perform the following protocols on the WAN connection: • Asymmetric digital subscriber line (ADSL) over plain old telephone service (POTS) using the Cisco 878 router The Fast Ethernet interface carries the data packet through the network. A dialer interface must be configured on an ATM interface, but each session must...
Configuration Guide
Page 60
...If you have not performed these steps to use for DHCP operation, beginning in this chapter assume you have already configured basic router features as well as PPPoE or PPPoA with NAT" as appropriate for your router for name and address resolution. Step 2 ip name... you must configure the server properties, policies, and DHCP options. Router(config)# ip name-server 192.168.11.12 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-2 OL-5332-01 Configure DHCP Perform these configurations tasks, see Chapter 1, "Basic Router Configuration...
...If you have not performed these steps to use for DHCP operation, beginning in this chapter assume you have already configured basic router features as well as PPPoE or PPPoA with NAT" as appropriate for your router for name and address resolution. Step 2 ip name... you must configure the server properties, policies, and DHCP options. Router(config)# ip name-server 192.168.11.12 Router(config)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5-2 OL-5332-01 Configure DHCP Perform these configurations tasks, see Chapter 1, "Basic Router Configuration...
Configuration Guide
Page 68
... been configured, a VPN connection can be created with a network address of 10.1.1.1 6 IPSec tunnel Cisco Easy VPN The Cisco Easy VPN client feature eliminates much of two modes-client mode or network extension mode. The Cisco Easy VPN client feature can be configured in one of the tedious configuration work by mobile and remote workers...
... been configured, a VPN connection can be created with a network address of 10.1.1.1 6 IPSec tunnel Cisco Easy VPN The Cisco Easy VPN client feature eliminates much of two modes-client mode or network extension mode. The Cisco Easy VPN client feature can be configured in one of the tedious configuration work by mobile and remote workers...
Configuration Guide
Page 69
...both the client and the server. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-3 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of multiple VPN tunnels, you have already ...configured basic router features as well as PPPoE or PPPoA with DHCP and VLANs" as needed to function. If ...
...both the client and the server. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-3 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of multiple VPN tunnels, you have already ...configured basic router features as well as PPPoE or PPPoA with DHCP and VLANs" as needed to function. If ...
Configuration Guide
Page 80
... configured on both endpoints; Configure a VPN Perform the following tasks to configure this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with DHCP and VLANs," as appropriate for encrypting traffic does not list the desired end network and ... the following tasks to configure a VPN over the tunnel, and to the Physical Interface Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-2 OL-5332-01 Note When IP Security (IPSec) is provided in the outbound direction. All packets forwarded to the GRE tunnel are...
... configured on both endpoints; Configure a VPN Perform the following tasks to configure this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with DHCP and VLANs," as appropriate for encrypting traffic does not list the desired end network and ... the following tasks to configure a VPN over the tunnel, and to the Physical Interface Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-2 OL-5332-01 Note When IP Security (IPSec) is provided in the outbound direction. All packets forwarded to the GRE tunnel are...
Configuration Guide
Page 92
...interface (the inside interface for NAT) 3 PPPoE or PPPoA client and firewall implementation-Cisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4 Point at which NAT occurs 5 Protected network 6 ...Cisco 851 or Cisco 871 and protects the Fast Ethernet LAN on FE0 by filtering and inspecting all traffic entering the router on page 8-5. You may have already configured basic router features...safe traffic and is not filtered. If you have also configured DHCP, VLANs, and secure tunnels. Note that you have not performed these configuration tasks is applied to Interfaces A ...
...interface (the inside interface for NAT) 3 PPPoE or PPPoA client and firewall implementation-Cisco 851/871 or Cisco 857/876/877/878 series access router, respectively 4 Point at which NAT occurs 5 Protected network 6 ...Cisco 851 or Cisco 871 and protects the Fast Ethernet LAN on FE0 by filtering and inspecting all traffic entering the router on page 8-5. You may have already configured basic router features...safe traffic and is not filtered. If you have also configured DHCP, VLANs, and secure tunnels. Note that you have not performed these configuration tasks is applied to Interfaces A ...
Configuration Guide
Page 97
...VLAN 1 4 VLAN 2 In the configuration example that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless LAN ... the routers using the CLI. Each remote user has his own VLAN. CH A P T E R 9 Configuring a Wireless LAN Connection The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless LAN solution that follows, a remote user is accessing the...
...VLAN 1 4 VLAN 2 In the configuration example that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless LAN ... the routers using the CLI. Each remote user has his own VLAN. CH A P T E R 9 Configuring a Wireless LAN Connection The Cisco 850 and Cisco 870 series routers support a secure, affordable, and easy-to-use wireless LAN solution that follows, a remote user is accessing the...
Configuration Guide
Page 98
...these steps to configure this chapter assume that you have already configured basic router features as well as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol-Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access... Configure Radio Station Subinterfaces A configuration example showing the results of the broadcast encryption key used for more details. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-2 OL-5332-01 Note This command is provided in seconds, between...
...these steps to configure this chapter assume that you have already configured basic router features as well as Light Extensible Authentication Protocol [LEAP], Extensible Authentication Protocol-Transport Layer Security [EAP-TLS], or Protected Extensible Authentication Protocol [PEAP]) can use the access... Configure Radio Station Subinterfaces A configuration example showing the results of the broadcast encryption key used for more details. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 9-2 OL-5332-01 Note This command is provided in seconds, between...
Configuration Guide
Page 111
PART 3 Configuring Additional Features and Troubleshooting
PART 3 Configuring Additional Features and Troubleshooting
Configuration Guide
Page 113
...access this part include: • Chapter 12, "Configuring Security Features" • Chapter 13, "Configuring Dial Backup and Remote Management" • Chapter 14, "Troubleshooting" The descriptions contained in this tool at www.cisco.com > Technical Support & Documentation > Tools & Resources ... and troubleshooting tips for additional details. See the appropriate Cisco IOS configuration guides and command references for the Cisco 850 series routers (Cisco 851 and Cisco 857) and Cisco 870 series routers (Cisco 871, Cisco 876, Cisco 877, and Cisco 878). 11 C H A P T E R Additional ...
...access this part include: • Chapter 12, "Configuring Security Features" • Chapter 13, "Configuring Dial Backup and Remote Management" • Chapter 14, "Troubleshooting" The descriptions contained in this tool at www.cisco.com > Technical Support & Documentation > Tools & Resources ... and troubleshooting tips for additional details. See the appropriate Cisco IOS configuration guides and command references for the Cisco 850 series routers (Cisco 851 and Cisco 857) and Cisco 870 series routers (Cisco 871, Cisco 876, Cisco 877, and Cisco 878). 11 C H A P T E R Additional ...
Configuration Guide
Page 115
..., encryption. Note Individual router models may not support every feature described throughout this guide. 12 C H A P T E R Configuring Security Features This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for implementing selected security features that can be configured on your RADIUS, TACACS+, or Kerberos security server. This chapter contains the following sections: •...
..., encryption. Note Individual router models may not support every feature described throughout this guide. 12 C H A P T E R Configuring Security Features This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for implementing selected security features that can be configured on your RADIUS, TACACS+, or Kerberos security server. This chapter contains the following sections: •...
Configuration Guide
Page 116
... source. These IP services are configured as standard or extended. An access list is either permits or denies passage of the AutoSecure feature, see the following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring...
... source. These IP services are configured as standard or extended. An access list is either permits or denies passage of the AutoSecure feature, see the following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring...
Configuration Guide
Page 117
.... Configuring a CBAC Firewall Context-Based Access Control (CBAC) lets you configure an interface at the end of the Cisco IOS Release 12.3 Security Configuration Guide. For additional information about configuring a CBAC firewall, see the "Access Control Lists: Overview and Guidelines" ...group is removed, and subsequent packets (possibly valid ones) are inspected internally and the state of packets. Chapter 12 Configuring Security Features Configuring a CBAC Firewall Access Groups A sequence of time the dynamic access list remains active without return traffic passing through ...
.... Configuring a CBAC Firewall Context-Based Access Control (CBAC) lets you configure an interface at the end of the Cisco IOS Release 12.3 Security Configuration Guide. For additional information about configuring a CBAC firewall, see the "Access Control Lists: Overview and Guidelines" ...group is removed, and subsequent packets (possibly valid ones) are inspected internally and the state of packets. Chapter 12 Configuring Security Features Configuring a CBAC Firewall Access Groups A sequence of time the dynamic access list remains active without return traffic passing through ...