Cisco Router 826 Routers Software Configuration Guide

							  
3-23
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring an Extended Access List
administered in a central database rather than in individual routers. TACACS+ also provides support for 
separate modular authentication, authorization, and accounting (AAA) facilities that are configured at 
individual routers.
To configure your router to support TACACS+, you must perform the following tasks: 
Step 1Use the aaa new-model global configuration command to enable AAA. AAA must be configured if you 
plan to use TACACS+. 
Step 2Use the tacacs-server host command to specify the IP address of one or more TACACS+ daemons. 
Step 3Use the tacacs-server key command to specify an encryption key that will be used to encrypt all 
exchanges between the network access server and the TACACS+ daemon. This same key must also be 
configured on the TACACS+ daemon. 
Step 4Use the aaa authentication global configuration command to define the method lists that use TACACS+ 
for authentication. 
Step 5Use line and interface commands to apply the defined method lists to various interfaces. 
You may need to perform other configuration steps if you need to enable accounting for TACACS+ 
connections. For instructions on configuring TACACS+, see the Security Configuration Guide.
Configuring an Extended Access List
To include one or more extended access lists in your router configuration, you can use the following 
commands, beginning in global configuration mode.
Command Purpose
Step 1access-list 100 permit tcp any ip ip 
address-mask establishedPermits any host on the network to access any 
Internet server.
Step 2access-list 100 deny ip ip address-mask anyDenies any Internet host from spoofing any host 
on the network.
Step 3access-list 100 permit tcp host ip address-maskPermits Internet DNS server to send TCP replies 
to any host on the network.
Step 4access-list 100 permit udp host ip address-maskPermits Internet DNS server to send UDP replies 
to any host on the network.
Step 5access-list 100 permit tcp any host ip addressPermits SMTP mail server to access any Internet 
server.
Step 6access-list 100 permit tcp any host ip addressPermits web server to access any Internet server.
Step 7access-list 100 permit tcp any host ip addressPermits FTP server to access any Internet server.
Step 8access-list 100 deny tcp any ip address-maskRestricts any Internet host from making a Telnet 
connection to any host on the network.
Step 9interface atm 0Enters configuration mode for the ATM interface.
Step 10dsl equipment-type co/cpeConfigures the DSL equipment type, if 
applicable. 
						

							  
3-24
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
For more complete information on the extended access list commands, see the Cisco IOS Release 12.2 
documentation set. For information on TCP and UDP port assignments, see Appendix C, “Common Port 
Assignments.”
Configuration Example
This configuration shows an access list being applied to IP address 192.168.1.0.
You do not need to enter the commands marked “default.” These commands appear automatically in the 
configuration file generated when you use the show running-config command.
!
access-list 101 permit tcp any host 192.168.1.0 0.0.0.255
! 
Configuring Quality of Service Parameters
This section describes how to configure Quality of Service (QoS) parameters. The requirements for 
voice QoS are:
Priority queuing for voice traffic
Fragmenting large data packets and interleaving voice packets
You can configure QoS in a single or multiple PVC environment. In a single PVC environment, the 
traffic relies on Cisco IOS to provide priority queuing, using Class Based Weighted Fair Queuing 
(CBWFQ) to prioritize voice traffic and MTU size reduction to perform Layer 3 fragmentation of data 
packets. In a multiple PVC environment, the traffic relies on the ATM interface to provide priority 
queuing for voice and fragmentation and interleaving. 
NoteQoS parameters are supported only on routers with voice features.
For complete information on the QoS commands, see the Cisco IOS documentation set. For more general 
information on QoS concepts, see Chapter 1, “Concepts.”
Step 11dsl linerate number/autoSpecifies the G.SHDSL line rate, if applicable. 
The range of valid numbers is between 72 and 
2312.
Step 12dsl operating-mode gshdsl symmetric annex 
annexSets the G.SHDSL operating mode, if applicable, 
and select the G.991.2 annex.
Step 13ip access-group 100 inActivates access list 100.
Step 14no shutdownEnables interface and configuration changes 
made to the interface.
Step 15exitExits configuration mode for the ATM interface. Command Purpose 
						

							  
3-25
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
Configuring a Single PVC Environment
In the single PVC environment, the traffic relies on Cisco IOS to provide priority queuing (using 
CBWFQ). The tasks to configure a single PVC environment are:
Configuring IP precedence 5 for voice packets
Configuring an access list and voice class
Configuring a policy map and specify priority queuing for voice class
Associating the policy map to the ATM PVC and decreasing the MTU of the ATM interface
Configuring IP Precedence
IP precedence gives voice packets a higher priority than other IP data traffic. The ip precedence 
command is used by the router to differentiate voice traffic from data traffic. So you need to ensure that 
the data IP packets do not have the same IP precedence as that of the voice packets.
To configure real-time voice traffic precedence over other IP network traffic, use the following table, 
beginning in global configuration mode.
NoteIn IP precedence, the numbers 1 through 5 identify classes for IP flows; the numbers 6 through 7 are 
used for network and backbone routing and updates. It is recommended that IP precedence 5 is used for 
voice packets. 
Configuring an Access List and Voice Class
To create a policy map and associate a priority queue to the voice class, use the following table, 
beginning in global configuration mode.Command Purpose
Step 1dial-peer voice number voipEnters the dial peer configuration mode to 
configure a VoIP dial peer.
Step 2destination-pattern numberSets a destination pattern.
Step 3session target {ipv4:destination-address} Specifies a destination IP address for the dial peer.
Step 4ip precedence numberSelects a precedence level for the voice traffic 
associated with that dial peer.
Step 5exitExits configuration mode for the dial peer 
interface.
Command Purpose
Step 1access-list 101 permit ip any any precedence 5Configures an access list to match voice packets.
Step 2class-map voiceConfigures a voice class.
Step 3match access-group 101Associates the voice class with the access list. 
						

							  
3-26
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
Configure a Policy Map and Specify Voice Queuing
Follow the steps below to configure a policy map and to specify voice queuing, beginning in global 
configuration mode.
Configuring a Policy Map and Specifying Priority Queuing for Voice Class
To associate the policy map to the ATM PVC and decrease the MTU of the ATM interface so that large 
data packets are fragmented, use the following table, beginning in global configuration mode.
Associating the Policy Map to the ATM PVC and Decreasing the ATM Interface MTU
To associate the policy map to the ATM PVC and decrease the MTU, use the following table, beginning 
in global configuration mode. It is recommended that 300 be used for the MTU size because it is larger 
than the size of the voice packets generated by the different codecs. 
NoteThe default service class for configuring the ATM interface is unspecified bit rate (ubr). In order to attach 
the policy map to the ATM PVC, you must use a service class of vbr-nrt or vbr-rt.Command Purpose
Step 1policy map nameConfigures a policy map1.
1. Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth.
Step 2class voiceSpecifies the class for queuing.
Step 3priority numberSpecifies the priority for queuing.
Command Purpose
Step 1policy map nameConfigures a policy map1.
1. Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth.
Step 2class voiceSpecifies the class for queuing.
Step 3priority bandwidthSpecifies the priority for queuing.
Step 4exitExits configuration mode for the policy map.
Command Purpose
Step 1interface ATM 0Enters configuration mode for the ATM interface.
Step 2ip address ip-address maskSets the IP address and subnet mask for the ATM 
interface.
Step 3pvc vpi/vciCreates an ATM PVC for each end node with 
which the router communicates.
Step 4encapsulation protocolSpecifies the encapsulation type for the PVC. 
Encapsulations can be specified as AAL5SNAP or 
AAL5MUX PPP.
Step 5service policy out nameAssociates the service policy name. 
						

							  
3-27
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
Configuration Example
The following example shows a voice QoS configuration in a single PVC environment using 
AAL5SNAP encapsulation.
!
dial-peer voice 105 voip 
destination-pattern 3.. 
session target ipv4:10.1.2.3 
ip precedence 5
access-list 101 permit ip any any precedence critical
class-map voice 
match access-group 101
policy-map mypolicy 
class voice   
priority 480
int atm0
mtu 300
pvc 8/35 
encapsulation aal5snap   
service-policy out mypolicy 
vbr-rt 640 640 10
!
Configuring a Multiple PVC Environment
In a multiple PVC environment, the traffic relies on the ATM interface to provide priority queuing for 
voice and fragmentation and interleaving. The following figures show the configurations that you can 
use.
Step 6vbr-rt pcr scr bs Specifies the service class.
Step 7exitExits configuration mode for the ATM PVC.
Step 8mtu numberSpecifies the MTU for the ATM interface.
Step 9no shutdownEnables the ATM interface.
Step 10exitExits configuration mode for the ATM interface. Command Purpose 
						

							  
3-28
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
Voice and Data on Different Subnets
Figure 3-2 shows voice and data packets on different subnets. You can have all voice traffic on an ATM 
PVC with a VBR-RT service class while the data traffic is transported on an ATM PVC with a UBR 
service class.
Figure 3-2 Voice and Data on Different Subnets
Configuring the ATM Interface and Subinterfaces
Use this table to configure the ATM interface and subinterfaces, beginning in global configuration mode.1Ethernet 0
2PVC 1/40 VBR (RT), Voice
3PVC 8/35 UBR, Data
P1 P2 P3 P4c82710.0.0.0
11.0.0.033494
12
3
Command Purpose
Step 1interface ATM 0.1 point-to-pointSpecifies the ATM0.1 subinterface.
Step 2ip address ip-address maskSets the IP address and subnet mask for the 
ATM0.1 subinterface.
Step 3pvc vpi/vciCreates an ATM PVC for each end node with 
which the router communicates.
Step 4encapsulation typeSpecifies the encapsulation type for the PVC.
Step 5protocol ip address broadcastSets the protocol broadcast for the IP address.
Step 6interface ATM 0.2 point-to-pointSpecifies the ATM0.2 subinterface.
Step 7ip address ip-address maskSets the IP address and subnet mask for the 
ATM0.2 subinterface.
Step 8pvc vpi/vciCreates an ATM PVC for each end node with 
which the router communicates.
Step 9encapsulation typeSpecifies the encapsulation type for the PVC.
Step 10protocol ip address broadcastSets the protocol broadcast for the IP address.
Step 11exitExits configuration mode for the ATM interface. 
						

							  
3-29
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
Configuration Example 
The following example shows a voice QoS configuration with all data traffic on the 30.0.0.1 network and 
all voice traffic on the 20.0.0.1 network. 
You do not need to enter the commands marked “default.” These commands appear automatically in the 
configuration file generated when you use the show running-config command.
!
interface ATM0.1 point-to-point
ip address 20.0.0.1 255.0.0.0
no ip directed-broadcast (default)
pvc 1/100
protocol ip 20.0.0.2 broadcast
vbr-rt 424 424 5
encapsulation aal5snap
!
interface ATM0.2 point-to-point
ip address 30.0.0.1 255.0.0.0
no ip directed-broadcast (default)
pvc 1/101
protocol ip 30.0.0.2 broadcast
encapsulation aal5snap
Voice and Data on the Same Subnet Using Virtual Circuit Bundling
Figure 3-3 shows voice and data packets on the same subnet using virtual circuit bundling. Virtual circuit 
bundling allows multiple PVCs on the same bundle. Using virtual circuit bundling and assigning 
precedence 5 to the voice packets but not to the data packets ensures that the two types of traffic are 
separated onto two PVCs.
Figure 3-3 Voice and Data on the Same Subnet with Virtual Circuit Bundling
The tasks for configuring a voice and data network on the same subnet with virtual circuit bundling are 
as follows:
Configuring the ATM interface
Configuring the pvc-bundle for voice
Configuring the pvc-bundle for data
Configuring IP precedence for voice packet 1Ethernet 03PVC Bundle 1/40 BVR (RT), Voice
2Bundle4PVC Bundle 8/35 UBR, Data
P1 P2 P3 P4c82774586
1
2
3
4 
						

							  
3-30
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
Configuring the ATM Interface 
Use the following table to configure the ATM interface, beginning in global configuration mode.
Specifying IP Precedence and the Service Class for the Voice Network
To configure real-time voice traffic precedence over other IP network traffic, use the following table, 
beginning in global configuration mode.Command Purpose
Step 1interface ATM 0Enters configuration mode for the ATM interface.
Step 2dsl equipment-type co/cpeConfigures the DSL equipment type.
Step 3dsl linerate number/autoSpecifies the G.SHDSL line rate. The range of 
valid numbers is between 72 and 2312.
Step 4dsl operating-mode gshdsl symmetric annex 
annexSets the G.SHDSL operating mode, and selects 
the G.991.2 annex.
Step 5ip address ip-address maskSets the IP address and subnet mask for the ATM 
interface.
Step 6bundle nameSpecifies a bundle name.
Step 7encapsulation typeSpecifies the encapsulation type for the voice 
bundle PVC. 
Step 8protocol ip ip-address broadcastSets the protocol broadcast for the IP address.
Step 9pvc-bundle name vpi/vciCreates a PVC for the voice bundle.
Step 10vbr-rt pcr scr bs  Sets the service class for the voice bundle.1
1. For voice, the service class must be vbr-rt or vbr-nrt.
Step 11ip precedence numberSelects an IP precedence level specific to the 
voice bundle that you created.
Step 12pvc-bundle name vpi/vciCreates a PVC for the data bundle.
Step 13ubr pcrSets the service class for the data2 bundle.
2. For data, the service class must be vbr-nrt or ubr.
Step 14precedence otherSets the IP precedence level other to the data 
bundle that you created.
Step 15exitExits configuration mode for the ATM interface.
Command Purpose
Step 1dial-peer voice number voipEnters the dial peer configuration mode to 
configure a VoIP dial peer.
Step 2destination-pattern numberSets a destination pattern.
Step 3session target {ipv4:destination-address} Specifies a destination IP address for the dial peer.
Step 4precedence numberSelects a precedence level for the voice traffic 
associated with that dial peer. 
						

							  
3-31
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
NoteIn IP precedence, the numbers 1 through 5 identify classes for IP flows; the numbers 6 through 7 are 
used for network and backbone routing and updates. It is recommended that IP precedence of 5 be used 
for voice packets.
Configuration Example
The following configuration shows both voice and data on the same subnet with virtual circuit bundling. 
IP precedence is set to 5 for the voice packets, but not for the data packets, so that the two types of traffic 
can be separated onto two different ATM PVCs.
!
interface atm0
ip address 20.0.0.1 255.0.0.0
bundle test
encapsulation aal5snap
protocol ip 20.0.0.2 broadcast
!
pvc-bundle voice 1/100 
vbr-rt 424 424 5
precedence 5
!
pvc-bundle data 1/101
precedence other
!
dial-peer voice 100 voip
destination-pattern 26..
session target ipv4:20.0.0.8
ip precedence 5
!
Configuring Multilink PPP Fragmentation and Interleaving
You should configure multilink PPP fragmentation if you have point-to-point connection using PPP 
encapsulation or links slower than 2 Mbps in your network.
PPP support for interleaving can be configured on dialer or PRI interfaces.
To configure multilink PPP and interleaving on a dialer interface, use the following table, beginning in 
global configuration mode.
Command Purpose
Step 1interface dialerEnters configuration mode for the dialer 
interface. 
Step 2ppp multilinkEnables multilink PPP for the dialer interface.
Step 3bandwidth nSpecifies the bandwidth number associated with 
the PVC that is using the dialer interface, where n 
is the value of the sustained cell rate (SCR) 
parameter of the PVC using that dialer interface. 
This is important because otherwise the dialer 
interface will assume a value of 100 kbps if a 
specific class of service is configured. 
						

							  
3-32
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3      Basic Router Configuration
Configuring Quality of Service Parameters
NoteYou can use the ip rtp reserve command instead of configuring RSVP. If you configure RSVP, this 
command is not required.
For complete information on the PPP fragmentation and interleaving commands, see the Dial Solutions 
Configuration Guide for Cisco IOS Release 12.2. For more general information on PPP fragmentation 
and interleaving concepts, see Chapter 1, “Concepts.” 
Configuration Example
The following configuration defines a dialer interface that enables multilink PPP with interleaving and 
a maximum real-time traffic delay of 20 ms. The encapsulation type is defined as aal5mux.
You do not need to enter the commands marked “default.” These commands appear automatically in the 
configuration file generated when you use the show running-config command.
!
interface dialer 1
ppp multilink
encapsulated ppp
ppp multilink interleave
bandwidth 640
ppp multilink fragment-delay 20
ip rtp reserve 16384 100 64
!
interface ATM0
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
Verifying Your Configuration
To verify that you have properly configured PPP fragmentation and interleaving, enter the debug ppp 
multilink fragment command, and then send out one 1500-byte ping packet. The debug message will 
display information about the fragments being transmitted.
Step 4ppp multilink interleaveEnables interleaving for RTP packets among the 
fragments of larger packets on a multilink PPP 
bundle.
Step 5ppp multilink fragment-delay millisecondsConfigures a maximum fragment delay of 20 ms. 
This command is optional.
Step 6ip rtp reserve lowest-UDP-port range-of-ports 
[maximum-bandwidth]Reserves a special queue for real-time packet 
flows to specified destination UDP ports, 
allowing real-time traffic to have higher priority 
than other flows. This only applies if you have 
not configured RSVP.
Step 7exitExits configuration mode for the dialer interface. Command Purpose