Cisco Router 800 Series Software Configuration Guide

							 
8-45
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8      Advanced Router Configuration
Configuring ATM OAM F5 Continuity Check Support
  oam-pvc manage cc segment direction source
 !
 end
The following configuration example activates CC over the segment and causes 
the router to function as the sink.
interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction sink
 !
 end
The following configuration example activates CC over the segment and causes 
the router to function both as the source of CC cells and as the sink:
interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction both
 !
 end
The following configuration example deactivates segment CC:
interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
    no oam-pvc manage cc
!
end
Configuring CC Activation and Deactivation Request Frequency 
The following command sets the frequency at which CC activation and 
deactivation requests are sent to the router at the other end of the segment. 
oam retry cc activation-count number deactivation-count number retry-frequency seconds
The no form of this command removes these settings.
no oam retry cc activation-count number deactivation-count number retry-frequency seconds 
						

							 
Chapter 8      Advanced Router Configuration
Configuring ATM OAM F5 Continuity Check Support
8-46
Cisco 800 Series Software Configuration Guide
78-5372-06
Configuration Example
The following configuration example sets the CC activation and deactivation 
counts, as well as the retry frequency:
interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction source
  retry activation-count 10 deactivation-count 10 retry-frequency 3
 !
 end
Disabling CC Support on the VC
The following command disables CC support on the virtual circuit (VC) under 
which the command has been entered. A PVC on which CC support has been 
disabled will deny CC activation requests. 
oam-pvc manage cc deny
The no form of this command reenables CC support on the VC.
no oam-pvc manage cc deny
Configuration Example
The following configuration example denies segment CC:
interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
    oam-pvc manage cc deny
 !
 end 
						

							 
8-47
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8      Advanced Router Configuration
Configuring ATM OAM F5 Continuity Check Support
Configuring Continuity Checking Debugging
Use the following command to see the results of continuity checking. 
debug atm oam cc interface atm number 
The no form of this command disables continuity checking debugging.
no debug atm oam cc interface atm number 
Configuring Generation of End-to-End F5 OAM Loopback Cells
Follow the steps below to configure generation of an end-to-end F5 OAM 
loopback cell, beginning in global configuration mode.
The following example enables OAM management on an ATM PVC. The PVC is 
assigned the name router A and the VPI and VCI are assigned 0 and 32, 
respectively. OAM management is enabled with a frequency of 3 seconds 
between OAM cell transmissions. 
interface atm 2/0
pvc routerA 0/32
oam-pvc manage 3
oam retry 5 5 10
Command Task
Step 1interface atm 0 Enter configuration mode for the ATM 
interface.
Step 2pvc routerA vpi/vci Assign PVC to the name router A with the vpi 
and vci values.
Step 3oam-pvc manage 3Enable OAM management with a frequency 
of 3 seconds between OAM cell 
transmissions.
Step 4oam retry 5 5 10Configure the up count, down count, and retry 
frequency. 
						

							 
Chapter 8      Advanced Router Configuration
Configuring ATM OAM F5 Continuity Check Support
8-48
Cisco 800 Series Software Configuration Guide
78-5372-06
Example Output
The following example output of the debug atm oam cc command records 
activity beginning with the entering of the oam-pvc manage cc command, and 
ending with the entering of the no oam-pvc manage cc command. The ATM 0 
interface is specified, and the “both” segment direction is specified. The output 
shows an activation request sent and confirmed, a series of CC cells sent by the 
routers on each end of the segment, and a deactivation request and confirmation.
router#debug atm oam cc interface atm0
Generic ATM:
  ATM OAM CC cells debugging is on
router#
00:15:05: CC ACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM
Type:8 OAM Func:1 Direction:3 CTag:5
00:15:05: CC ACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell
Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:5
00:15:06: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1
00:15:07: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4
00:15:08: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:09: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:10: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:11: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:12: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:13: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:14: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:15: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:16: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:17: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:18: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:19: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:19: CC DEACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM
Type:8 OAM Func:1 Direction:3 CTag:6
00:15:19: CC DEACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell
Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:6
The following table describes significant fields.
Field Description
00:15:05 Time stamp.
CC ACTIVATE MSG 
(ATM0)Message type and interface.
0Source. 
						

							 
8-49
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8      Advanced Router Configuration
Configuring RADIUS Support
Configuring RADIUS Support
RADIUS is supported on the following Cisco routers:
Cisco 806 
Cisco 826 and 836
Cisco 827, 827H, 827-4V, 831, and 837
Cisco 828
RADIUS enables you to secure your network against unauthorized access. A 
RADIUS server must be configured in the service provider or corporate network 
in order for the router to use RADIUS client features. For instructions on 
configuring RADIUS, refer to the Cisco 806 Router Software Configuration 
Guide and to the Cisco IOS Security Configuration Guide.
Configuring Cisco Easy VPN Client
The Cisco Easy VPN Client feature is supported on the following Cisco routers:
Cisco 806
Cisco 826 and 836
Cisco 827, 827H, 827-4V, 831, and 837
Cisco 828 1Sink.
VC 1/40 Virtual circuit identifier.
Direction:3 Indication of the direction in which the cells are 
traveling. 1 indicates local router operates as a sink. 
2 indicates local router operates as a source. 3 
indicates both routers operate as source and sink. Field Description 
						

							 
Chapter 8      Advanced Router Configuration
Configuring Cisco Easy VPN Client
8-50
Cisco 800 Series Software Configuration Guide
78-5372-06
The Cisco Easy VPN client feature supports two modes of operation:
Client—Specifies that Network Address Translation/Port Address 
Translation (NAT/PAT) be done, so that the PCs and other hosts at the client 
end of the VPN tunnel form a private network that does not use any IP 
addresses in the destination server’s IP address space. 
Network Extension—Specifies that the PCs and other hosts at the client end 
of the VPN tunnel should be given IP addresses in the destination enterprise 
network’s IP address space, so that they form one logical network. 
Both modes of operation also optionally support split tunneling, which allows 
secure access to corporate resources through the VPN tunnel while also allowing 
Internet access through a connection to an ISP or other service (thereby 
eliminating the corporate network from the path for Web access). This 
configuration is enabled by a simple access list implemented on the IPSec server. 
NoteCisco 800 series routers are supported as IPSec clients of VPN 3000 
concentrators. Support for other IPSec servers will be available in a future 
release. Be sure to refer to the Cisco IOS release notes for the current release 
to determine if there are any other limitations on the use of Cisco Easy VPN 
Client.
The release note Cisco EZVPN Client for the Cisco uBR905/uBR925 Cable Access 
Routers provides instructions for configuring the DHCP server pool and the 
Easy VPN client profile required for implementing Easy VPN. The release note 
also provides configuration examples for the IPSec server and descriptions of 
commands for managing Easy VPN.
Configuration Example
This section provides a client mode configuration example for the Cisco 827 
router.
The following example configures a Cisco 827 router as an IPSec client, using the 
Cisco Easy VPN feature in the client mode of operation. This example shows the 
following components of the Cisco Easy VPN client configuration:
DHCP server pool—The ip dhcp pool command creates a pool of IP 
addresses to be assigned to the PCs connected to the router’s Ethernet 1 
interface. The pool assigns addresses in the class C private address space  
						

							 
8-51
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8      Advanced Router Configuration
Configuring Cisco Easy VPN Client
(192.168.100.0) and configures each PC so that its default route is 
192.168.100.1, which is the IP address assigned to the router’s Ethernet 
interface. 
EzVPN client configuration—The first crypto ipsec client ezvpn hw-client 
command (global configuration mode) creates an EzVPN client configuration 
named hw-client. This configuration specifies a group name of 
hw-client-groupname and a shared key value of hw-client-password, and it 
sets the peer destination to the IP address 188.185.0.5 (which is the address 
assigned to the interface connected to the Internet on the destination peer 
router). The EzVPN configuration is configured for the default operations 
mode client. 
NoteIf DNS is also configured on the router, the peer option also 
supports a host name instead of an IP address. 
The second crypto ipsec client ezvpn hw-client command (ATM 0 interface 
configuration mode) assigns the EzVPN client configuration to the ATM 0 
interface, so that all traffic received and transmitted on that interface is sent 
through the VPN tunnel. 
The following is an example output of the show running-config command:
Current configuration :1040 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c827-18
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool CLIENT
 import all
 network 192.168.100.0 255.255.255.0
 default-router 192.168.100.1 
						

							 
Chapter 8      Advanced Router Configuration
Configuring Dial-on-Demand Routing for PPPoE Client
8-52
Cisco 800 Series Software Configuration Guide
78-5372-06 !
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto ipsec client ezvpn hw-client
 group hw-client-groupname key hw-client-password
 mode client
 peer 188.185.0.5
!
interface Ethernet0
 ip address 192.168.100.1 255.255.255.0
 hold-queue 100 out
!
interface ATM0
 ip address 192.168.101.18 255.255.255.0
 no atm ilmi-keepalive
  protocol ip 192.168.101.19 broadcast
  encapsulation aal5snap
 !
 dsl operating-mode auto
 crypto ipsec client ezvpn hw-client
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0
ip route 50.0.0.0 255.0.0.0 40.0.0.19
ip http server
ip pim bidir-enable
!
line con 0
 stopbits 1
line vty 0 4
 login
!
Configuring Dial-on-Demand Routing for PPPoE 
Client
Dial-on-demand routing (DDR) for PPPoE client is supported on the following 
Cisco routers:
Cisco 806 
Cisco 826 and 836
Cisco 827, 827H, 827-4V, 831, and 837 
						

							 
8-53
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8      Advanced Router Configuration
Configuring Dial-on-Demand Routing for PPPoE Client
Cisco SOHO 77, SOHO 77H, SOHO 78, SOHO 91, SOHO 96, and SOHO 97
Cisco 828 
DDR for the PPPoE client provides flexibility for subscribers whose ISP charges 
are based on the amount of time that they are connected to the network 
(non-flat-rate services). With the DDR for PPPoE client feature, you can 
designate a type of traffic as traffic of interest. You can then configure the router 
so that it will bring up the PPPoE connection when any traffic of interest arrives 
from the LAN interface and so that it will bring down the connection when the 
dialer idle timer expires. 
DDR is configured in Ethernet 1 configuration mode, using the pppoe-client 
dial-pool-number command with the dial-on demand keyword. The syntax is 
shown below.
pppoe-client dial-pool-number number [dial-on-demand]
Configuring DDR for a PPPoE Client
Follow the steps below to configure DDR for a PPPoE client, beginning in global 
configuration mode:
Step 1Enable VPDN.
a.In global configuration mode, enter the vpdn enable command.
b.Enter no vpdn logging command to disable vpdn logging.
Step 2Configure a virtual private dial-up network (VPDN) group.
a.Enter the global configuration mode vpdn-group number command, to enter 
vpdn group configuration mode.
b.Enter request-dialin to specify the dial-in dialing mode.
Step 3Configure the Ethernet 1 interface.
a.Enter interface Ethernet 1 to enter Ethernet 1 interface configuration mode.
b.Enter pppoe enable to enable PPPoE for this interface.
c.Activate DDR and create a dial pool by entering pppoe-client 
dial-pool-number number dial-on-demand. The number value must match 
the vpdn group number. 
						

							 
Chapter 8      Advanced Router Configuration
Configuring Dial-on-Demand Routing for PPPoE Client
8-54
Cisco 800 Series Software Configuration Guide
78-5372-06
Step 4Configure the dialer interface.
a.Enter interface dialer 1 to enter dialer interface configuration mode.
b.Enter ip address negotiated to indicate that the ip address will be negotiated 
with the DHCP server.
c.Specify the maximum transmission unit size by entering ip mtu 1492.
d.Set the encapsulation type by entering encapsulation ppp.
e.Enter the dialer pool number command to associate the dialer interface with 
the dialer pool created for the Ethernet 1 interface.
f.Set the idle timer interval by entering dialer idle-timeout 180 either. The 
either keyword specifies that either inbound or outbound traffic can reset the 
idle timer.
NoteA value of 0 specifies that the timer will never expire and that the 
connection will always be up.
g. Enter dialer hold-queue 100 to set the queue to a size that will hold packets 
of interest before the connection is established.
h.Enter dialer-group 1 to specify the dialer list that defines traffic of interest.
i.Leave Dialer 1 interface configuration mode by entering exit.
Step 5In the global configuration mode, enter the dialer-list 1 protocol ip permit 
command to define IP traffic as the traffic of interest.
Step 6Create a static route for the Dialer 1 interface by entering the ip route 
0.0.0.0 0.0.0.0 dialer 1 permanent command.
Step 7Enter end to leave configuration mode.