Cisco Router 800 Series Software Configuration Guide
Have a look at the manual Cisco Router 800 Series Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4-53 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 4 Network Scenarios Configuring Dial Backup over the ISDN Interface ! Multiple routes because peer ip address are alternated among them when CPE gets connected ip route 0.0.0.0 0.0.0.0 64.161.31.254 50 ip route 0.0.0.0 0.0.0.0 66.125.91.254 50 ip route 0.0.0.0 0.0.0.0 64.174.91.254 50 ip route 0.0.0.0 0.0.0.0 63.203.35.136 80 ip route 0.0.0.0 0.0.0.0 63.203.35.137 80 ip route 0.0.0.0 0.0.0.0 63.203.35.138 80 ip route 0.0.0.0 0.0.0.0 63.203.35.139 80 ip route 0.0.0.0 0.0.0.0 63.203.35.140 80 ip route 0.0.0.0 0.0.0.0 63.203.35.141 80 ip route 0.0.0.0 0.0.0.0 Dialer1 150 no ip http server ip pim bidir-enable ! ! PC ip address behind CPE access-list 101 permit ip 192.168.0.0 0.0.255.255 any access-list 103 permit ip 192.168.0.0 0.0.255.255 any ! ! Watch multiple ip addresses because peers are alternated among them when CPE gets connected dialer watch-list 1 ip 64.161.31.254 255.255.255.255 dialer watch-list 1 ip 64.174.91.254 255.255.255.255 dialer watch-list 1 ip 64.125.91.254 255.255.255.255 ! ! Dial backup will kick in if primary link is not available 5 minutes after CPE starts up dialer watch-list 1 delay route-check initial 300 dialer-list 1 protocol ip permit ! ! To direct traffic to an interface only if the Dialer gets assigned with an ip address route-map main permit 10 match ip address 101 match interface Dialer1 ! route-map backup permit 10 match ip address 103 match interface Dialer3 ! ! line con 0 exec-timeout 0 0 ! ! Change console to aux function modem enable stopbits 1 line aux 0
Chapter 4 Network Scenarios Configuring Dial Backup over the ISDN Interface 4-54 Cisco 800 Series Software Configuration Guide 78-5372-06 exec-timeout 0 0 ! ! To enable and communicate with the external modem properly script dialer Dialout modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 exec-timeout 0 0 password cisco login ! scheduler max-task-time 5000 end Configuring Remote Management for the Cisco SOHO 91 Router Follow the steps below to configure remote management for the Cisco SOHO 91 router. Configuration Example The following example shows how to configure a Cisco SOHO 91 router to obtain the IP address for ATM interface via PPP/IPCP address negotiation and shows how to configure and support dial-in maintenance over the console port. Command Task Step 1interface Async1Enter configuration mode for the async interface. Step 2line con 0Enter configuration mode for the console interface. Step 3modem enableChange the console port to the auxiliary port. Step 4line aux 0Enter configuration mode for the auxiliary interface. Step 5flowcontrol hardwareEnable hardware signal flow control.
4-55 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 4 Network Scenarios Configuring Dial Backup over the ISDN Interface ! !Remote management account username dialin password cisco modemcap entry MY_USR_MODEM:MSC=&F1S0=1 ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside hold-queue 100 out ! interface Async1 no ip address encapsulation ppp dialer in-band autodetect encapsulation ppp async default routing async dynamic routing async mode dedicated pap authentication pap callin peer default ip address 192.168.2.2 ! ip nat inside source list 101 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 150 ! no ip http server ip pim bidir-enable ! ! access-list 101 permit ip 192.168.0.0 0.0.255.255 any dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 modem enable stopbits 1 line aux 0 exec-timeout 0 0 script dialer Dialout modem Dialin modem autoconfigure discovery transport input all stopbits 1 speed 38400 flowcontrol hardware line vty 0 4 login local !
Chapter 4 Network Scenarios Configuring the DHCP Server 4-56 Cisco 800 Series Software Configuration Guide 78-5372-06 scheduler max-task-time 5000 end Configuring the DHCP Server Dynamic Host Configuration Protocol (DHCP) is an industry-standard protocol for automatically assigning IP configurations to workstations. DHCP uses a client-server model for address allocation. As administrator, you can configure one or more DHCP servers to provide IP address assignment and other TCP/IP-oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client. The DHCP protocol is described in RFC 2131. When configuring a DHCP server, you must configure the server properties, policies, and associated DHCP options. NoteWhenever you change server properties, you must reload the server to load the configuration data from the Network Registrar database. To configure the DHCP server, you must accept Network Registrar’s defaults or supply the data explicitly: The IP address of the server’s interface (Ethernet card). This interface must have a static IP address that is not assigned dynamically by DHCP. The subnet mask, which identifies the network membership of the interface. The subnet mask defaults to the appropriate value, based on the network class of the interface address. In most cases, the subnet mask is 255.255.255.0. Network Registrar uses the interface named default to provide configurable default values for interfaces that the DHCP server discovers automatically. If you delete the default interface, the DHCP server uses hard-coded default values for port numbers and socket buffer sizes for the interfaces that it autodiscovers. If you enable discover-interfaces, the DHCP server uses the operating system platform support to enumerate all the active interfaces on the machine and (unless there is an interface configuration with the ignore feature enabled) attempts to listen on all of these. If you disable discover-interfaces, the DHCP server listens on the interface that you specify, as long as it does not have the ignore feature enabled.
4-57 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 4 Network Scenarios Configuring the DHCP Server Use the dhcp-interface commands to add, remove, and list the IP addresses of your server’s hardware cards. Interfaces are named with the IP address and net mask for the physical device. If you have two interface cards for the server host, use two dhcp-interface create commands to register them both. Use the net mask suffix 16 or 24 as part of the address. nrcmd> dhcp-interface 192.168.1.12/24 create nrcmd> dhcp-interface 10.1.2.3/24 create Use the dhcp-interface set ignore=true command if you want Network Registrar to use only one interface, you have to set all the other ones to be ignored. nrcmd> dhcp-interface 10.1.2.3/24 set ignore=true Configuring the Ethernet Interface Follow the steps below to configure the Ethernet interface, beginning in global configuration mode. For complete information on the Ethernet commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on Ethernet concepts, see Chapter 1, “Concepts.” Command Task Step 1interface ethernet 0Enter configuration mode for the Ethernet interface. Step 2ip address ip-address maskSet the IP address and subnet mask for the Ethernet interface. Step 3no shutdownEnable the Ethernet interface to change the state from administratively down to up. Step 4exitExit configuration mode for the Ethernet interface.
Chapter 4 Network Scenarios Configuring the DHCP Server 4-58 Cisco 800 Series Software Configuration Guide 78-5372-06 Dynamic Addressing Received via IPCP Use the ip address negotiated interface command to enable a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server (via PPP/IPCP). Use the same command to enable all remote hosts to use this single registered IP address to access the global Internet. The following example shows an IPCP configuration. ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer1 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username ! USER SPECIFIC password ! USER SPECIFIC ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request ! Configuring the Central Cisco 3620 The following example configures peer and dial backup on the Cisco 3620 router. ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime enable secret password ! hostname c3620 ! boot system flash slot0:c3620-jk2o3s-mz.121-5.3.T
4-59 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 4 Network Scenarios Configuring the DHCP Server logging rate-limit console 10 except errors ! username ISP password ISP ip subnet-zero ip name-server !ISP ip name-server !ISP ip name-server !ISP ! no ip finger ! ip audit notify log ip audit po max-events 100 ip audit smtp spam 25111 no ip dhcp-client network-discovery vpdn enable no vpdn logging ! vpdn-group 1 accept-dialin protocol pppoe virtual-template 2 ! ! ! chat-script Dialout ABORT ERROR ABORT BUSY AT OK ATDT 5555101\T TIMEOUT 45 CONNECT \c ! modemcap entry MY_USR_MODEM:MSC=&F1S0=1 ! call rsvp-sync ! ! interface Loopback1 ip address 21.0.0.2 255.255.255.0 ! interface Loopback2 ip address 22.0.0.2 255.255.255.0 ! interface Ethernet0/0 no ip address half-duplex no cdp enable ! interface Ethernet0/1 no ip address no ip route-cache no ip mroute-cache half-duplex
Chapter 4 Network Scenarios Configuring the DHCP Server 4-60 Cisco 800 Series Software Configuration Guide 78-5372-06 no cdp enable ! interface ATM1/0 no ip address no atm ilmi-keepalive ! interface ATM1/0.1 point-to-point pvc 1/40 encapsulation aal5mux ppp Virtual-Template1 ! ! interface ATM1/0.2 point-to-point pvc 1/41 encapsulation aal5snap protocol pppoe ! ! interface Virtual-Template1 ip unnumbered Loopback1 peer default ip address pool test ! interface Virtual-Template2 ip unnumbered Loopback2 ip mtu 1492 ! interface Async65 no ip address encapsulation ppp dialer in-band dialer pool-member 1 autodetect encapsulation ppp async default routing async dynamic routing async mode dedicated ! interface Dialer0 ip unnumbered Async65 encapsulation ppp dialer pool 1 dialer remote-name c837 dialer string 5555101 modem-script Dialout dialer-group 1 autodetect encapsulation ppp no cdp enable ! ip local pool test 21.0.0.10 21.0.0.200 ip kerberos source-interface any ip classless
4-61 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 4 Network Scenarios Configuring the DHCP Server no ip http server ! dialer-list 1 protocol ip permit no cdp run ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 transport input none line aux 0 exec-timeout 0 0 no activation-character script dialer Dialout no vacant-message modem InOut modem autoconfigure type MY_USR_MODEM transport input all transport output telnet escape-character NONE autohangup stopbits 1 speed 38400 flowcontrol hardware line vty 0 4 exec-timeout 0 0 login ! end Configuring the Central RADIUS Server Remote Authentication Dial-In User Service (RADIUS) enables you to secure your network against unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for a Cisco 800 series router to use RADIUS client features. To configure RADIUS on your Cisco 800 series router, you must perform the following tasks:
Chapter 4 Network Scenarios Configuring the DHCP Server 4-62 Cisco 800 Series Software Configuration Guide 78-5372-06 Use the aaa new-model global configuration command to enable authentication, authorization, and accounting (AAA). AAA must be configured if you plan to use RADIUS. Use the aaa authentication global configuration command to define the method lists for RADIUS authentication. Use line and interface commands to enable the defined method lists to be used. For instructions on configuring a RADIUS client, refer to the Cisco IOS Security Configuration Guide. RFC 1483 Encapsulation with NAT This scenario shows a remote user connecting to the Internet through an ATM connection with RFC 1483 encapsulation and NAT. You may want to use this scenario if RFC 1483 connections can be used for the network because there is slightly less overhead with RFC 1483 encapsulation than with PPP. Figure 4-12 and Ta b l e 4 - 1 4 show the network topology for this scenario. Figure 4-12 RFC 1483 Encapsulation with NAT Cisco 827/827-4V 192.168.1.1/24DSLAMATM 0 200.200.100.254 Cisco 6400 Cisco 6400 74579 41 2 3