Cisco Router 826 Routers Software Configuration Guide
Have a look at the manual Cisco Router 826 Routers Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
3-33 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring Quality of Service Parameters Configuring IP Precedence IP Precedence gives voice packets a higher priority than other IP data traffic. The ip precedence command should also be used if RSVP is not enabled and you would like to give voice packets a priority over other IP data traffic. IP Precedence scales better than RSVP, but it provides no admission control. To configure real-time voice traffic precedence over other IP network traffic, use the following table, beginning in global configuration mode. NoteIn IP Precedence, the numbers 1 through 5 identify classes for IP flows; the numbers 6 through 7 are used for network and backbone routing and updates. For complete information on the IP Precedence commands, see the Cisco IOS Release 12.2 documentation set. For more general information on IP Precedence, see Chapter 1, “Concepts.” Configuration Example This configuration example shows a voice configuration with IP precedence set. The IP destination target is set to 8 dialing digits, which automatically sets the IP precedence to 5 by the Cisco 827 routers. The dial peer session target is RAS, which is a protocol that runs between the H.323 voice protocol gateway and gatekeeper. You do not need to enter the commands marked “default.” These commands appear automatically in the configuration file generated when you use the show running-config command. ! access-list 101 permit route-map data permit 10 set ip precedence routing ! Configuring RSVP To minimally configure RSVP for voice traffic, you must enable RSVP on each interface where priority needs to be set. The RSVP feature applies to a single-PVC network only. By default, RSVP is disabled so that it is backwards compatible with systems that do not implement RSVP. To enable RSVP for IP on an interface, use the following interface configuration command: Router(config-if)# ip rsvp bandwidth [interface-kbps] [single-flow-kbps] Command Purpose Step 1configure terminalEnters configuration mode. Step 2dial-peer voice number voipEnters the dial peer configuration mode to configure a VoIP dial peer. Step 3destination-pattern numberSets a destination pattern. Step 4ip precedence numberSelects a precedence level for the voice traffic associated with that dial peer.
3-34 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring Dial Backup This command starts RSVP and sets the bandwidth and single-flow limits. The default maximum bandwidth is up to 75 percent of the bandwidth available on the interface. By default, a flow can reserve up to the entire reservable bandwidth. On subinterfaces, RSVP applies to the more restrictive of the available bandwidths of the physical interface and the subinterface. After enabling RSVP, you must also use the req-qos dial-peer configuration command to request an RSVP session on each VoIP dial peer. Otherwise, no bandwidth is reserved for voice traffic. To request an RSVP session on each VoIP dial peer, use the following table, beginning in global configuration mode: For more information about configuring RSVP, see the “Configuring RSVP” chapter of the Network Protocols Configuration Guide, Part 1, for Cisco IOS Release 12.2. For more general information on RSVP commands, see Chapter 1, “Concepts.” Configuration Example This configuration shows two voice dial peers (number 211 and 212) being configured for RSVP. You do not need to enter the commands marked “default.” These commands appear automatically in the configuration file generated when you use the show running-config command. ! dial-peer voice 211 voip req-qos controlled-load ! dial-peer voice 212 voip req-qos controlled-load ! Configuring Dial Backup You must decide whether to activate the backup interface when the primary line goes down, when the traffic load on the primary line exceeds the defined threshold, or when either occurs. The tasks you perform depend on your decision. Perform the tasks in the following sections to configure dial backup: Specifying the Backup Interface (mandatory) Defining Backup Line Delays (optional) Defining Traffic Load Threshold (optional) Then configure the backup interface for DDR, so that calls are placed as needed. Command Purpose Step 1configure dial-peerEnters configuration mode for the dial peer. Step 2dial-peer voice number voipAssigns the dial peer voice number to configure a VoIP dial peer. Step 3req-qos controlled loadRequests an RSVP session for each dial peer.
3-35
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3 Basic Router Configuration
Configuring Dial Backup
Specifying the Backup Interface
To specify a backup interface for a primary WAN interface or subinterface, enter the backup interface
type number command to select a backup interface.
NoteWhen you use a BRI for a dial backup, neither of the B channels can be used while the interface is in
standby mode. In addition, when a BRI is used as a backup interface and the BRI is configured for legacy
DDR, only one B channel is usable. Once the backup is initiated over one B channel, the second B
channel is unavailable. When the backup interface is configured for dialer profiles, both B channels can
be used.
For more information regarding the available dial backup mechanisms in Cisco IOS, please go to the
following URL:
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_tech_note09186a008009457d.shtml
Defining Backup Line Delays
You can configure a value that defines how much time should elapse before a secondary line status
changes after a primary line status has changed. You can define two delays:
A delay that applies after the primary line goes down but before the secondary line is activated
A delay that applies after the primary line comes up but before the secondary line is deactivated
To define these delays, use the following syntax:
Router (config-if) # backup delay {enable-delay | never} {disable-delay | never}
Defining Traffic Load Threshold
You can configure dial backup to activate the secondary line, based on the traffic load on the primary
line. The software monitors the traffic load and computes a 5-minute moving average. If this average
exceeds the value you set for the line, the secondary line is activated and, depending on how the line is
configured, some or all of the traffic will flow onto the secondary dialup line.
You can configure a load level for traffic at which additional connections will be added to the primary
WAN interface. The load level values range from 1 (unloaded) to 255 (fully loaded).
Use the following syntax to define a WAN line threshold:
Router (config-if) # dialer load-threshold 8 outbound {enable-threshold | never}
{disable-threshold | never}
Dial Backup Using the Console Port
The following example shows dial backup using a console port configured for DDR:
interface atm 0
ip address 172.30.3.4 255.255.255.0
backup interface async1
backup delay 10 10
!
3-36 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring Dial Backup interface async 1 ip address 172.30.3.5 255.255.255.0 dialer in-band dialer string 5551212 dialer-group 1 async dynamic routing dialer list 1 protocol ip permit chat-script sillyman “““atdt 5551212” TIMEOUT 60 “CONNECT” line aux 0 modem chat-script sillyman modem inout speed 9600 Configuration Example The following example shows configuration of dial backup and remote router management on the Cisco 831 and Cisco 837 routers using the console port and dialer watch. ! username Router password!PASSWORD ! modemcap entry MY_USR_MODEM:MSC=&F1S0=1 ! chat-script Dialout ABORT ERROR ABORT BUSY AT OK ATDT 5555102\T TIMEOUT 60 CONNECT \c ! interface Async1 no ip address encapsulation ppp dialer in-band dialer pool-member 3 autodetect encapsulation ppp async default routing async dynamic routing async mode dedicated pap authentication pap callin ! ! Dialer3 is for dial backup and remote router management ! interface Dialer3 ip address negotiated encapsulation ppp no ip route-cache no ip mroute-cache dialer pool 3 dialer remote-name !REMOTE-NAME dialer idle-timeout 300 dialer string 5555102 modem-script Dialout dialer watch-group 1 dialer-group 1 autodetect encapsulation ppp peer default ip address 192.168.2.2 no cdp enable ppp pap sent-username ! USER SPECIFIC password ! USER SPECIFIC ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request ! ! IP NAT over Dialer interface using route-map ip nat inside source route-map main interface Dialer1 overload ip nat inside source route-map secondary interface Dialer3 overload ip classless
3-37 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring Dial Backup ip route 0.0.0.0 0.0.0.0 !(dial backup peer address @ISP) ip route 0.0.0.0 0.0.0.0 Dialer1 150 ! no ip http server ip pim bidir-enable ! ! access-list 101 permit ip 192.168.0.0 0.0.255.255 any dialer watch-list 1 ip !(ATM peer address @ISP) 255.255.255.255 dialer-list 1 protocol ip permit ! ! To direct traffic to an interface only if the Dialer gets assigned with an ip address route-map main permit 10 match ip address 101 match interface Dialer1 ! route-map secondary permit 10 match ip address 101 match interface Dialer3 ! line con 0 exec-timeout 0 0 modem enable stopbits 1 line aux 0 exec-timeout 0 0 script dialer Dialout modem InOut modem autoconfigure type MY_USR_MODEM transport input all stopbits 1 speed 38400 flowcontrol hardware line vty 0 4 exec-timeout 0 0 login local ! The following example shows configuration of remote management using a console port for the Cisco SOHO 91 and Cisco SOHO 97 routers. ! username Router password !PASSWORD ! modemcap entry MY_USR_MODEM:MSC=&F1S0=1 ! interface Async1 no ip address encapsulation ppp dialer in-band autodetect encapsulation ppp async default routing async dynamic routing async mode dedicated pap authentication pap callin peer default ip address pool clientpool ! ! dialer 1 used for PPPoE or PPPoATM ! PPPoE or PPPoATM dialer1 configurations are not shown in this sample ! ip route 0.0.0.0 0.0.0.0 dialer 1 150 ! dialer list 1 protocol ip permit ! ip local pool clientpool 192.168.0.2 192.168.0.10
3-38 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring Dial Backup ! line con 0 exec-timeout 0 0 modem enable stopbits 1 line aux 0 exec-timeout 0 0 modem Dialin modem autoconfigure type MY_USER_MODEM transport input all stopbits 1 speed 38400 flowcontrol hardware to align with line aux 0 exec-timeout 0 0 login local ! Configuration Example The following example shows dial backup and remote management configuration on the Cisco 836 router, using the ISDN S/T port and dialer watch. Cisco836# ! vpdn enable ! vpdn-group 1 accept-dialin protocol pppoe ! !Specifies the ISDN switch type isdn switch-type basic-net3 ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 hold-queue 100 out ! !ISDN interface to be used as a backup interface interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5snap pppoe-client dial-pool-number 2 ! dsl operating-mode auto ! ! Dial backup interface, associated with physical BRI0 interface. Dialer pool 1 associates it with BRI0’s dialer pool member 1. Note “dialer watch-group 1” associates a watch list with corresponding “dialer watch-list” command interface Dialer0 ip address negotiated encapsulation ppp dialer pool 1 dialer idle-timeout 30
3-39
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 3 Basic Router Configuration
Configuring IGMP Proxy and Sparse Mode
dialer string 384040
dialer watch-group 1
dialer-group 1
!
! Primary interface associated with physical ATM0 interface, dialer pool 2 associates it
with ATM0’s dial-pool-number2
interface Dialer2
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
!
ip classless
!Primary and backup interface given route metric
ip route 0.0.0.0 0.0.0.0 22.0.0.2
ip route 0.0.0.0 0.0.0.0 192.168.2.2 80
ip http server
!
!Watch for interesting traffic
dialer watch-list 1 ip 22.0.0.2 255.255.255.255
!Specifies interesting traffic to trigger backup ISDN traffic
dialer-list 1 protocol ip permit
!
Configuring IGMP Proxy and Sparse Mode
The Internet Group Management Protocol (IGMP) proxy feature was added to the unidirectional link
routing feature to permit hosts that are not directly connected to a downstream router to join a multicast
group sourced from an upstream network.
Follow the steps below to configure IGMP proxy and sparse mode, starting in global configuration mode.
Command Purpose
Step 1ip multicast-routingEnables IP multicast forwarding.
Step 2ip pim rp-address addressConfigures the Protocol Independent Multicast
(PIM) Rendezvous Point (RP) address.
Step 3interface ethernet 0Enters Ethernet 0 interface configuration mode.
Step 4ip address ip-address subnet-maskConfigures an IP address and subnet mask for the
Ethernet 0 interface.
Step 5ip pim { sparse |dense }-modeConfigures the Ethernet 0 interface for PIM
sparse mode or PIM dense mode.
Step 6interface Ethernet 1Enters Ethernet 1 configuration mode.
Step 7ip address {ip-address subnet-mask negotiated} Specifies an IP address and subnet mask for the
dialer interface, or indicates that the IP address is
to be negotiated.
Step 8ip pim {sparse | dense} -modeConfigures the dialer interface for PIM sparse
mode or PIM dense mode.
3-40 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring IGMP Proxy and Sparse Mode Configuration Example The following example shows the relevant IGMP proxy and sparse mode commands. The Ethernet 0, Ethernet 1, and loopback 0 interfaces have been configured for PIM sparse mode; the PIM RP address has been defined as 10.5.1.1. ip pim rp-address 10.5.1.1 5 access-list 5 permit 239.0.0.0 255.255.255.255 ! interface loopback 0 ip address 10.7.1.1 255.255.255.0 ip pim sparse-mode ip igmp helper-address udl ethernet 0 ip igmp proxy-service ! interface ethernet 0 ip address 10.2.1.2 255.255.255.0 ip pim sparse-mode ip igmp unidirectional link ! interface ethernet 1 ip address 10.5.1.1 255.255.255.0 ip pim sparse-mode ip igmp mroute-proxy loopback 0 ! Step 9ip igmp mroute-proxy loopback 0When used with the ip igmp proxy-service command, this command enables all forwarding entries in the multicast forward table of IGMP to report to a proxy service interface. Step 10endExits router configuration mode. Step 11interface loopback 0Enters loopback interface configuration mode. Step 12ip address ip-address subnet-maskConfigures an IP address and subnet mask for the loopback 0 interface. Step 13ip pim sparse-modeConfigures the loopback interface for PIM sparse mode or PIM dense mode. Step 14ip igmp helper-address udl ethernet 0Enters IGMP helper-address unidirectional link to Ethernet 0 Step 15ip igmp proxy-serviceEnables the multicast route proxy service. Based on the IGMP query interval, the router periodically checks the mroute table for forwarding entries that match interfaces configured with the ip igmp mroute-proxy command. Where there is a match, one IGMP report is created and received on this interface. This command is intended to be used with the ip igmp helper-address udl command, which forwards the IGMP report to an upstream router. Command Purpose
3-41 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring IP Security and GRE Tunneling Verifying Your Configuration You can verify your configuration by using the show ip igmp interface ethernet 0 multicasting command. You should see a verification output similar to the following: router#show ip igmp interface ethernet 0 Ethernet0 is up, line protocol is up Internet address is 10.2.1.2 255.255.255.0 IGMP is enabled on interface Current IGMP host version is 2 Current IGMP router version is 2 IGMP query interval is 60 seconds IGMP querier timeout is 120 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 ms Inbound IGMP access group is not set IGMP activity: 1 joins, 0 leaves Multicast routing is enabled on interface Multicast designated router (DR) is 10.2.1.2 (this system) IGMP querying router is 10.2.1.2 (this system) Multicast groups joined (number of users): 224.0.1.40 (1) Configuring IP Security and GRE Tunneling IP Security (IPSec) provides secure tunnels between two peers, such as two routers. You can define which packets are to be considered sensitive and sent through these secure tunnels. You can also define the parameters which should be used to protect these sensitive packets, by specifying characteristics of these tunnels. When the IPSec peer sees a sensitive packet, it sets up the appropriate secure tunnel and sends the packet through the tunnel to the remote peer. This section contains the following topics: Configuring Internet Protocol Parameters Configuring an Access List Configuring IPSec Configuring a GRE Tunnel Interface Configuring the Ethernet Interface Configuring Static Routes Configuring and Monitoring High-Speed Crypto Configuration Example Configurations for both IPSec and Generic Routing Encapsulation (GRE) tunneling are presented in this section. Perform the following steps to configure IPSec using a GRE tunnel, beginning in global configuration mode.
3-42 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 3 Basic Router Configuration Configuring IP Security and GRE Tunneling Configuring Internet Protocol Parameters Follow the steps below to configure IP parameters, starting in global configuration mode. Configuring an Access List Use the access-list command to create an access list that permits the GRE protocol and that specifies the starting and ending IP addresses of the GRE tunnel. Use the following syntax: access-list 101 permit gre host ip-address host ip-address In the preceding command line, the first host ip-address specifies the tunnel starting point, and the second host ip-address specifies the tunnel endpoint. Configuring IPSec Follow the steps below to configure IPSec, starting in global configuration mode.Command Purpose Step 1ip subnet-zeroConfigures the router to recognize the zero subnet range as the valid range of addresses. Step 2no ip fingerBlocks incoming IP finger packets. Step 3no ip domain-lookupDisables the router from interpreting unfamiliar words (typographical errors) as host names entered during a console session. Step 4ip classlessFollows classless routing forwarding rules. Command Purpose Step 1crypto isakmp policy 10Defines an Internet Key Exchange (IKE) policy, and assigns the policy a priority. This command places the router in IKE policy configuration mode. Step 2hash md5Specifies the MD5 hash algorithm for the policy. Step 3authentication pre-shareSpecifies pre-share key as the authentication method. Step 4exitExits IKE policy configuration mode. Step 5crypto isakmp key name address ip-addressConfigures a pre-shared key and static IP address for each VPN client. Step 6crypto ipsec transform-set name esp-des esp-md5-hmacDefines a combination of security associations to occur during IPSec negotiations. Step 7crypto map name local-address ethernet 1Creates a crypto map, and specifies and names an identifying interface to be used by the crypto map for IPSec traffic.