Cisco Router 800 Series Software Configuration Guide
Here you can view all the pages of manual Cisco Router 800 Series Software Configuration Guide. The Cisco manuals for Router are available online for free. You can easily download all the documents as PDF.
Page 371
7-61
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 7 Router Feature Configuration
Configuring IGMP Proxy and Sparse Mode
Step 7ip address {ip-address subnet-mask
negotiated}Specify an IP address and subnet mask for the
dialer interface, or indicate that the IP address
is to be negotiated.
Step 8ip pim {sparse | dense} -modeConfigure the dialer interface for PIM sparse
mode or PIM dense mode.
Step 9ip igmp mroute-proxy loopback 0When used with the ip igmp proxy-service...
Page 372
Chapter 7 Router Feature Configuration Configuring IGMP Proxy and Sparse Mode 7-62 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuration Example The following example shows the relevant IGMP proxy and sparse mode commands. The Ethernet 0, Ethernet 1, and loopback 0 interfaces have been configured for PIM sparse mode; the PIM RP address has been defined as 10.5.1.1. ip pim rp-address 10.5.1.1 5 access-list 5 permit 239.0.0.0 255.255.255.255 ! interface loopback 0 ip address...
Page 373
7-63 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling Multicast designated router (DR) is 10.2.1.2 (this system) IGMP querying router is 10.2.1.2 (this system) Multicast groups joined (number of users): 224.0.1.40 (1) Configuring IP Security and GRE Tunneling IP Security (IPSec) provides secure tunnels between two peers, such as two routers. You can define which packets are to be considered sensitive and sent...
Page 374
Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling 7-64 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuring an Access List Use the access-list command to create an access list that permits the GRE protocol and that specifies the starting and ending IP addresses of the GRE tunnel. Use the following syntax: access-list 101 permit gre host ip-address host ip-address In the preceding command line, the first host ip-address specifies the tunnel starting...
Page 375
7-65 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling Configuring a GRE Tunnel Interface Follow the steps below to configure the generic routing encapsulation (GRE) tunnel interface, starting in global configuration mode. Step 5crypto isakmp key name address ip-addressConfigure a pre-shared key and static IP address for each VPN client. Step 6crypto ipsec transform-set name esp-des esp-md5-hmacDefine a...
Page 376
Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling 7-66 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuring the Ethernet Interfaces Perform the following tasks to configure the Ethernet 0 and Ethernet 1 interfaces, starting in global configuration mode. Configuring Static Routes Complete the following steps to configure static routes, starting in global configuration mode. Step 5crypto map nameAssociate a configured crypto map to the tunnel 0...
Page 377
7-67 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling Configuring and Monitoring High-Speed Crypto Use the following command to enable high-speed crypto, starting with global configuration mode. crypto engine accelerator To disable high-speed crypto, use the following command: no crypto engine accelerator To monitor high-speed crypto, use the following command: show crypto engine accelerator statistic For...
Page 378
Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling 7-68 Cisco 800 Series Software Configuration Guide 78-5372-06 service timestamps log datetime msec no service password-encryption ! hostname 831-uut1 ! memory-size iomem 10 ! ip subnet-zero ! ip audit notify log ip audit po max-events 100 ! crypto isakmp policy 1 encr 3des authentication pre-share crypto isakmp key grel address 100.1.1.1 ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec...
Page 379
7-69 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring IP Security and GRE Tunneling ! access-list 151 permit gre host 100.1.1.2 host 100.1.1.1 ! line con 0 no modem enable stopbits 1 line aux 0 line vty 0 4 ! scheduler max-task-time 5000 The following example shows IPSec configuration on a Cisco 837 router. version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname...
Page 380
Chapter 7 Router Feature Configuration Configuring Multilink PPP Fragmentation and Interleaving 7-70 Cisco 800 Series Software Configuration Guide 78-5372-06 ip address 1.1.1.1 255.255.255.0 ip mtu 1440 tunnel source ATM0 tunnel destination 100.1.1.1 crypto map mymap ! interface Ethernet0 ip address 202.2.2.2 255.255.255.0 hold-queue 100 out ! interface ATM0 ip address 100.1.1.2 255.255.255.0 no atm ilmi-keepalive pvc 1/40 protocol ip 100.1.1.1 broadcast encapsulation aa15snap ! dsl operating-mode...