Cisco Router 800 Series Software Configuration Guide
Have a look at the manual Cisco Router 800 Series Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
7-31 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring DHCP For more information on the features not used in this configuration, refer to the Cisco IOS DHCP Server feature module. For more general information on DHCP servers, refer to Chapter 1, “Concepts.” Configuration Example The following configuration shows a DHCP server configuration for the IP address 20.1.1.2. ! ip dhcp pool CLIENT network 20.20.20.0 255.255.255.0 domain-name cisco.com default-router 20.20.20.20 netbios-name-server 1.1.1.1 dns-server 1.1.1.2 lease 0 1 ! Verifying Your Configuration To verify that you have properly configured the DHCP server, enter the show dhcp server command and look for the assigned server IP. You should see a verification output like the example shown below. router# sh dhcp server show ip dhcp binding show ip dhcp conflict show ip dhcp server statics Configuring the DHCP Relay This section describes how to configure the router to forward User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients. Step 7lease days hours minutesSpecify the duration of the lease. Step 8exitExit DHCP configuration mode. Command Task
Chapter 7 Router Feature Configuration Configuring DHCP 7-32 Cisco 800 Series Software Configuration Guide 78-5372-06 Follow the steps below to configure the DHCP relay, beginning in global configuration mode. For complete information on the DHCP relay commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on DHCP relays, refer to Chapter 1, “Concepts.” Configuration Example The following configuration contains commands relevant to DHCP relay only. You do not need to enter the commands marked “default.” These commands appear automatically in the configuration file that is generated when you use the show running-config command. ! int Ethernet0 ip address 192.168.100.1 255.255.255.0 ip helper-address 200.200.200.1 ! Command Task Step 1interface Ethernet 0Enter configuration mode for the Ethernet interface. Step 2ip helper-address addressForward default UDP broadcasts including IP configuration requests to the DHCP server. Step 3no shutdownEnable the Ethernet interface and the configuration changes. Step 4exitExit configuration mode for the Ethernet interface.
7-33
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 7 Router Feature Configuration
Configuring TACACS+
Verifying Your Configuration
To verify that you have properly configured the DHCP relay, enter the
show dhcp server command. You should see verification output like the example
shown below.
router#sh dhcp server
DHCP server:2.2.2.2
Leases: 0
Offers: 0 Requests:0 Acks:0 Naks:0
Declines:0 Releases:0 Bad: 0
Configuring TACACS+
The Cisco 806, 827, 831, 836, 837, 827H, and 827-4V routers and the
Cisco SOHO 71, 91, 96, and 97 routers support the Terminal Access Controller
Access Control System Plus (TACACS+) protocol through Telnet. TACACS+ is
a Cisco proprietary authentication protocol that provides remote access
authentication and related network security services, such as event logging. User
passwords are administered in a central database rather than in individual routers.
TACACS+ also provides support for separate modular authentication,
authorization, and accounting (AAA) facilities that are configured at individual
routers.
To configure your router to support TACACS+, perform the following tasks:
Command Task
Step 1aaa new-modelEnter the global configuration command to
enable AAA. AAA must be configured to use
TA C A C S + .
Step 2tacacs-server hostSpecify the IP address of one or more
TACACS+ daemons.
Step 3tacacs-server keySpecify an encryption key that will be used to
encrypt all exchanges between the network
access server and the TACACS+ daemon.
This same key must also be configured on the
TACACS+ daemon.
Chapter 7 Router Feature Configuration Configuring an Extended Access List 7-34 Cisco 800 Series Software Configuration Guide 78-5372-06 You may need to perform other configuration steps to enable accounting for TACACS+ connections. For instructions on configuring TACACS+, refer to the Security Configuration Guide. Configuring an Extended Access List Follow the steps below to include one or more extended access lists in your router configuration, beginning in global configuration mode. Step 4aaa authenticationDefine the method lists that use TACACS+ for authentication. Step 5lineApply the defined method lists to various interfaces. Command Task Command Task Step 1access-list 100 permit tcp any ip ip address-mask establishedPermit any host on the network to access any Internet server. Step 2access-list 100 deny ip ip adddress-mask anyDeny any Internet host from spoofing any host on the network. Step 3access-list 100 permit tcp host ip address-maskPermit Internet DNS server to send TCP replies to any host on the network. Step 4access-list 100 permit udp host ip address-maskPermit Internet DNS server to send UDP replies to any host on the network. Step 5access-list 100 permit tcp any host ip addressPermit SMTP mail server to access any Internet server. Step 6access-list 100 permit tcp any host ip addressPermit web server to access any Internet server. Step 7access-list 100 permit tcp any host ip addressPermit FTP server to access any Internet server. Step 8access-list 100 deny tcp any ip address-maskRestrict any Internet host from making a Telnet connection to any host on the network.
7-35 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring an Extended Access List For more complete information on the extended access list commands, refer to the Cisco IOS Release 12.0 documentation set. For information on TCP and UDP port assignments, see Appendix C, “Common Port Assignments.” Configuration Example This configuration shows an access list being applied to IP address 192.168.1.0. You do not need to enter the commands marked “default.” These commands appear automatically in the configuration file generated when you use the show running-config command. ! access-list 101 permit tcp any host 192.168.1.0 0.0.0.255 ! Step 9interface atm 0Enter configuration mode for the ATM interface. Step 10dsl equipment-type co/cpeConfigure the DSL equipment type, if applicable. Step 11dsl linerate number/autoSpecify the G.SHDSL line rate, if applicable. The range of valid numbers is between 72 and 2312. Step 12dsl operating-mode gshdsl symmetric annex annexSet the G.SHDSL operating mode, if applicable, and select the G.991.2 annex. Step 13ip access-group 100 inActivate access list 100. Step 14no shutdownEnable the interface and configuration changes made to the interface. Step 15exitExit configuration mode for the ATM interface. Command Task
Chapter 7 Router Feature Configuration Configuring Quality of Service Parameters 7-36 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuring Quality of Service Parameters This section describes how to configure quality of service (QoS) parameters. The following are requirements for voice QoS: Priority queuing for voice traffic Fragmenting large data packets and interleaving voice packets You can configure QoS in a single- or multiple-PVC environment. In a single-PVC environment, the traffic relies on IOS to provide priority queuing, using class-based weighted fair queuing (CBWFQ) to prioritize voice traffic and using MTU size reduction to perform Layer 3 fragmentation of data packets. In a multiple-PVC environment, the traffic relies on the ATM interface to provide priority queuing for voice and fragmentation and interleaving. NoteQoS parameters are supported only on routers with voice features. For complete information on the QoS commands, refer to the Cisco IOS documentation set. For general information on QoS concepts, see Chapter 1, “Concepts.” Configuring a Single-PVC Environment In the single-PVC environment, the traffic relies on IOS to provide priority queuing (using CBWFQ). The tasks to configure a single-PVC environment are as follows: Configuring IP Precedence 5 for voice packets Configuring an access list and voice class Configuring a policy map and specify priority queuing for voice class Associating the policy map to the ATM PVC and decreasing the MTU of the ATM interface
7-37
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 7 Router Feature Configuration
Configuring Quality of Service Parameters
Configuring IP Precedence
IP Precedence gives voice packets a higher priority than other IP data traffic. The
ip precedence command is used by the router to differentiate voice traffic from
data traffic. Therefore, you need to ensure that the data IP packets do not have the
same IP precedence as that of the voice packets.
Follow the steps below to configure real-time voice traffic precedence over other
IP network traffic, beginning in global configuration mode.
NoteIn IP Precedence, the numbers 1 through 5 identify classes for IP flows; the
numbers 6 through 7 are used for network and backbone routing and updates. It is
recommended that IP Precedence 5 is used for voice packets.
Configuring an Access List and Voice Class
Follow the steps below to create a policy map and to associate a priority queue
with the voice class, beginning in global configuration mode. Command Task
Step 1dial-peer voice number voipEnter the dial peer configuration mode to
configure a VoIP dial peer.
Step 2destination-pattern numberSet a destination pattern.
Step 3session target {ipv4:destination-address} Specify a destination IP address for the dial
peer.
Step 4ip precedence numberSelect a precedence level for the voice traffic
associated with that dial peer.
Step 5exitExit configuration mode for the dial peer
interface.
Command Task
Step 1access-list 101 permit ip any any precedence
5Configure an access list to match voice
packets.
Chapter 7 Router Feature Configuration Configuring Quality of Service Parameters 7-38 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuring a Policy Map and Specifing Voice Queuing Follow the steps below to configure a policy map and to specify voice queuing, beginning in global configuration mode. Configuring a Policy Map and Specifying Priority Queuing for Voice Class Follow the steps below to associate the policy map to the ATM PVC and decrease the MTU of the ATM interface so that large data packets are fragmented, beginning in global configuration mode. Step 2class-map voiceConfigure a voice class. Step 3match access-group 101Associate the voice class with the access list. Command Task Command Task Step 1policy map nameConfigure a policy map.1 1. Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth. Step 2class voiceSpecify the class for queuing. Step 3priority numberSpecify the priority for queuing. Command Task Step 1policy map nameConfigure a policy map.1 1. Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth. Step 2class voiceSpecify the class for queuing. Step 3priority bandwidthSpecify the priority for queuing. Step 4exitExit configuration mode for the policy map.
7-39 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 7 Router Feature Configuration Configuring Quality of Service Parameters Associating the Policy Map to the ATM PVC and Decreasing the ATM Interface MTU Use the following table to associate the policy map to the ATM PVC and decrease the MTU, beginning in global configuration mode. It is recommended that 300 is used for the MTU size because it is larger than the size of the voice packets generated by the different codecs. NoteThe default service class for configuring the ATM interface is unspecified bit rate (ubr). In order to attach the policy map to the ATM PVC, you must use a service class of vbr-nrt or vbr-rt. Command Task Step 1interface ATM 0Enter configuration mode for the ATM interface. Step 2ip address ip-address maskSet the IP address and subnet mask for the ATM interface. Step 3pvc vpi/vciCreate an ATM PVC for each end node with which the router communicates. Step 4encapsulation protocolSpecify the encapsulation type for the PVC. Encapsulations can be specified as AAL5SNAP or AAL5MUX PPP. Step 5service policy out nameAssociate the service policy name. Step 6vbr-rt pcr scr bs Specify the service class. Step 7exitExit configuration mode for the ATM PVC. Step 8mtu numberSpecify the MTU for the ATM interface. Step 9no shutdownEnable the ATM interface. Step 10exitExit configuration mode for the ATM interface.
Chapter 7 Router Feature Configuration Configuring a Single-PVC Environment Using RFC 1483 Encapsulation 7-40 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuration Example The following example shows a voice QoS configuration in a single-PVC environment using AAL5SNAP encapsulation. ! dial-peer voice 105 voip destination-pattern 3.. session target ipv4:10.1.2.3 ip precedence 5 access-list 101 permit ip any any precedence critical class-map voice match access-group 101 policy-map mypolicy class voice priority 480 int atm0 mtu 300 pvc 8/35 encapsulation aal5snap service-policy out mypolicy vbr-rt 640 640 10 ! Configuring a Single-PVC Environment Using RFC 1483 Encapsulation This section describes configuring of a single-PVC environment using RFC 1483. In a single-PVC environment using RFC 1483 encapsulation, the traffic relies on Cisco IOS to provide priority queuing using low latency queuing (LLQ). The following tasks are needed to configure a single-PVC environment: Differentiating Between Data and Voice Packets Configuring an Access List and Voice Class Configuring a Policy Map and Specifying Voice Queuing