Cisco Router 826 Routers Software Configuration Guide
Have a look at the manual Cisco Router 826 Routers Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4-35 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring ATM OAM F5 Continuity Check Support Command Mode Privileged EXEC. Example Output The following example output of the debug atm oam cc command records activity beginning with the entry of the oam-pvc manage cc command, and ending with the entry of the no oam-pvc manage cc command. The ATM 0 interface was specified, and the “both” segment direction was specified. The output shows an activation request sent and confirmed, a series of CC cells sent by the routers on each end of the segment, and a deactivation request and confirmation. router# debug atm oam cc interface atm0 Generic ATM: ATM OAM CC cells debugging is on router# 00:15:05: CC ACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:5 00:15:05: CC ACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:5 00:15:06: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 00:15:07: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:08: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:09: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:10: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:11: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:12: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:13: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:14: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:15: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:16: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:17: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:18: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:19: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:19: CC DEACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:6 00:15:19: CC DEACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:6 The following table describes significant fields. Field Description 00:15:05 Time stamp. CC ACTIVATE MSG (ATM0)Message type and interface. 0Source. 1Sink. VC 1/40 Virtual circuit identifier. Direction:3 Indication of the direction in which the cells are traveling. 1 indicates local router is sink. 2 indicates local router is source. 3 indicates both routers operate as source and sink.
4-36 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring RADIUS Support Configuring RADIUS Support Remote Authentication Dial-In User Service (RADIUS) is supported on the following Cisco routers: Cisco 826 and Cisco 836 Cisco 827, Cisco 827H, Cisco 827-4V, Cisco 831, and Cisco 837 Cisco 828 RADIUS enables you to secure your network against unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for the router to use RADIUS client features. Configuring Cisco Easy VPN Client Routers and other forms of broadband access provide high-performance connections to the Internet. However, many applications also require the security of Virtual Private Network (VPN) connections that perform a high level of authentication and that encrypt the data between two particular endpoints. Establishing a VPN connection between two routers can be complicated, and it typically requires tedious coordination between network administrators to configure the two routers’ VPN parameters. The Cisco Easy VPN client feature eliminates much of this tedious work by implementing Cisco’s Unity Client protocol, which allows most VPN parameters to be defined at a VPN 3000 concentrator acting as an IPSec server. After the IPSec server has been configured, a VPN connection can be created with minimal configuration on an IPSec client, such as a supported Cisco 800 series router. When the IPSec client then initiates the VPN tunnel connection, the IPSec server pushes the IPSec policies to the IPSec client and creates the corresponding VPN tunnel connection. The Cisco Easy VPN client feature supports two modes of operation: Client—Specifies that Network Address Translation/Port Address Translation (NAT/PAT) be done, so that the PCs and other hosts at the client end of the VPN tunnel form a private network that does not use any IP addresses in the destination server’s IP address space. Network Extension—Specifies that the PCs and other hosts at the client end of the VPN tunnel should be given IP addresses in the destination enterprise network’s IP address space, so that they form one logical network. Both modes of operation also optionally support split tunneling, which allows secure access to corporate resources through the VPN tunnel while also allowing Internet access through a connection to an ISP or other service (thereby eliminating the corporate network from the path for Web access). This configuration is enabled by a simple access list implemented on the IPSec server. NoteCisco 800-series routers are supported as IPSec clients of VPN 3000 concentrators. Support for other IPSec servers will be available in a future release. Be sure to see the Cisco IOS release notes for the current release to determine if there are any other limitations on the use of Cisco Easy VPN Client.
4-37 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring Cisco Easy VPN Client Easy VPN Documentation The release note “Cisco EZVPN Client for the Cisco uBR905/uBR925 Cable Access Routers” contains instructions for configuring the DHCP server pool, the Easy VPN client profile required to implement Easy VPN, contains example configurations for the IPSec server, and descriptions of commands available to manage Easy Virtual Private Networking. Configuration Example This section provides a client mode configuration example for the Cisco 827 router. The following example configures a Cisco 827 router as an IPSec client, using the Cisco Easy VPN feature in the client mode of operation. This example shows the following components of the Cisco Easy VPN client configuration: DHCP server pool—The ip dhcp pool command creates a pool of IP addresses to be assigned to the PCs connected to the router’s Ethernet1 interface. The pool assigns addresses in the class C private address space (192.168.100.0) and configures each PC so that its default route is 192.168.100.1, which is the IP address assigned to the router’s Ethernet interface. EzVPN client configuration—The first crypto ipsec client ezvpn hw-client command (global configuration mode) creates an EzVPN client configuration named hw-client. This configuration specifies a group name of hw-client-groupname and a shared key value of hw-client-password, and it sets the peer destination to the IP address 188.185.0.5 (which is the address assigned to the interface connected to the Internet on the destination peer router). The EzVPN configuration is configured for the default operations mode client. NoteIf DNS is also configured on the router, the peer option also supports a host name instead of an IP address. The second crypto ipsec client ezvpn hw-client command (ATM 0 interface configuration mode) assigns the EzVPN client configuration to the ATM 0 interface, so that all traffic received and transmitted on that interface is sent through the VPN tunnel. The output of the show running-config command follows: Current configuration :1040 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname c827-18 ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip dhcp excluded-address 192.168.100.1 ! ip dhcp pool CLIENT import all
4-38 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring Dial-on-Demand Routing for PPPoE Client network 192.168.100.0 255.255.255.0 default-router 192.168.100.1 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! crypto ipsec client ezvpn hw-client group hw-client-groupname key hw-client-password mode client peer 188.185.0.5 ! interface Ethernet0 ip address 192.168.100.1 255.255.255.0 hold-queue 100 out ! interface ATM0 ip address 192.168.101.18 255.255.255.0 no atm ilmi-keepalive protocol ip 192.168.101.19 broadcast encapsulation aal5snap ! dsl operating-mode auto crypto ipsec client ezvpn hw-client ! ip classless ip route 0.0.0.0 0.0.0.0 ATM0 ip route 50.0.0.0 255.0.0.0 40.0.0.19 ip http server ip pim bidir-enable ! line con 0 stopbits 1 line vty 0 4 login ! Configuring Dial-on-Demand Routing for PPPoE Client Dial-on-demand routing (DDR) for PPPoE client is supported on the following Cisco routers: Cisco 826 and Cisco 836 Cisco 827, 827H, Cisco 827-4V, Cisco 831, and Cisco 837 Cisco 828 Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 The DDR for PPPoE client feature provides flexibility for subscribers whose ISP charges are based on the amount of time they are connected to the network (non-flat-rate services). With the DDR for PPPoE feature, you can designate a type of traffic as traffic of interest. You can then configure the router so that it will bring up the PPPoE connection when any interesting traffic arrives from the LAN interface and will bring down the connection when the dialer idle timer expires. DDR is configured in Ethernet 1 configuration mode, using the pppoe-client dial-pool-number command with the dial-on demand keyword. The syntax is shown below. pppoe-client dial-pool-number number [dial-on-demand]
4-39 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring Dial-on-Demand Routing for PPPoE Client Configuring DDR for a PPPoE Client Complete the following tasks to configure DDR for a PPPoE client, beginning in global configuration mode: Step 1Enable vpdn. a.Enter the global configuration mode vpdn enable command. b.Enter no vpdn logging command to disable vpdn logging. Step 2Configure a virtual private dial-up network (VPDN) group. a.Enter the global configuration mode vpdn-group number command, to enter vpdn group configuration mode. b.Enter request-dialin to specify the dial-in dialing mode. Step 3Configure the Ethernet 1 interface. a.Enter interface Ethernet 1 to enter Ethernet 1 interface configuration mode. b.Enter pppoe enable to enable PPPoE for this interface. c.Activate DDR and create a dial pool by entering pppoe-client dial-pool-number number dial-on-demand. The number value must match the vpdn group number. Step 4Configure the dialer interface. a.Enter interface dialer 1 to enter dialer interface configuration mode. b.Enter ip address negotiated to indicate that the ip address will be negotiated with the DHCP server. c.Specify the maximum transmission unit size by entering ip mtu 1492. d.Set the encapsulation type by entering encapsulation ppp. e.Enter the dialer pool number command to associate the dialer interface with the dialer pool created for the Ethernet 1 interface. f.Set the idle timer interval by entering dialer idle-timeout 180 either. The either keyword specifies that either inbound or outbound traffic can reset the idle timer. NoteA value of 0 specifies that the timer will never expire and that the connection will always be up. g. Enter dialer hold-queue 100 to set the queue to a size that will hold packets of interest before the connection is established. h.Enter dialer-group 1 to specify the dialer list that defines traffic of interest. i.Leave Dialer 1 interface configuration mode by entering exit. Step 5Enter the global interface configuration dialer-list 1 protocol ip permit command to define IP traffic as the traffic of interest. Syntax Descriptions dial-pool-numberCreate a dial pool. dial-on-demandActivate DDR.
4-40 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring Weighted Fair Queuing Step 6Create a static route for the Dialer 1 interface by entering the ip route 0.0.0.0 0.0.0.0 dialer 1 permanent command. Step 7Enter end to leave router configuration mode. Configuring Weighted Fair Queuing Weighted fair queuing (WFQ) is supported on the following Cisco routers: Cisco 826 and Cisco 836 Cisco 827, Cisco 827H, Cisco 827-4V, Cisco 831, and Cisco 837 Cisco 828 WFQ enables slow-speed links, such as serial links, to provide fair treatment for all types of traffic. In order to do this, WFQ classifies the traffic into different flows (also known as conversations) based on layer three and layer four information, such as IP addresses and TCP ports. It does this without requiring you to define access lists. This means that low-bandwidth traffic effectively has priority over high-bandwidth traffic because high-bandwidth traffic shares the transmission media in proportion to its assigned weight. WFQ is now available on IP Base and IP Firewall Cisco IOS images. WFQ has certain limitations: it is not scalable if the flow amount increases considerably, and native WFQ is not available on high-speed interfaces such as ATM interfaces. Class-based WFQ, available on Cisco IOS Plus images, overcomes these limitations. Configuring Weighted Fair Queuing The following procedure shows how to apply WFQ to the ATM interface of a Cisco router. Step 1Create a policy map for WFQ. a.Enter the policy-map map-name command in global configuration mode to construct a WFQ policy. The map name wfq could be used to specify that this is the policy map for WFQ. b.Enter class class-default to use the default class for all traffic. c.Apply WFQ to all traffic by entering the fair-queue command. d.Enter exit twice to return to global configuration mode. Step 2Apply the policy map to the router interface. a.Enter interface atm number, where number is the ATM interface number. b.Enter pvc vpi/vci to specify which PVC you are applying the policy map to. c.Enter service-policy output map-name to apply the policy to this PVC. If you named the policy map wfq, you would enter the command service-policy output wfq. Step 3Enter end to leave router configuration mode.
4-41 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring DSL Commands Example Configuration The following configuration applies WFQ to PVC 0/33 on the ATM 0.1 interface. The policy map named wfq is created, and WFQ is applied to the default class referenced in that policy map. Then, wfq is referenced in the ATM 0.1 interface configuration. version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password encryption ! hostname 806-uut ! ip subnet-zero ! policy-map wfq class class-default fair-queue ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ! interface atm0.1 no ip address pvc 0/33 service-policy output wfq ! ip classless ip http server ip pim bidir-enable ! line con 0 stopbits 1 line vty 0 4 login ! scheduler max-task-time 5000 end ! Configuring DSL Commands The sections below describe the supported DSL commands. Follow the steps below to configure DSL command-line interface (CLI) commands. Command Purpose Step 1dsl noise-marginSets the noise margin offset. Step 2max-tone-bitsSets the maximum bits per tone limit. Step 3gain-setting rx-offsetSets the receive gain offset. Step 4gain-setting tx-offsetSets the transmit gain offset.
4-42 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 4 Advanced Router Configuration Configuring DSL Commands Configuration Example The following is a configuration example for the dsl command. interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto dsl noise-margin 0 dsl max-tone-bits 14 dsl gain-setting tx-offset 0 dsl gain-setting rx-offset 1 Enabling the DSL Training Log The DSL training log feature is available on the following Cisco routers: Cisco 826 and 836 Cisco 827, 827H, 827-4V, and 837 Cisco 828 By default, a DSL training log is retrieved each time the Cisco router establishes contact with the DSLAM. The training log is a record of the events that occur when the router trains, or negotiates communication parameters, with the DSLAM at the central office. However, retrieving this log adds significant time to the training process, and retrieval is not always necessary after the router has successfully trained. You must use the dsl enable-training-log command to enable the retrieval of this log. The no form of this command disables retrieval of the DSL training log. dsl enable-training-log no dsl enable-training-log Retrieving the DSL Training Log and Then Disabling Further Retrieval of the Training Log Complete the following tasks to retrieve the training log, examine it, and then disable the router from retrieving the training log the next time it trains with the DSLAM. Step 1Configure the router to retrieve the training log. a.Enter the global configuration mode interface ATM number command, where number is the number of the ATM interface. b.Enter dsl enable-training-log to enable the retrieval of the training log. c.Enter end to leave router configuration mode. Step 2Unplug the DSL cable from the DSL socket on the back of the router, wait a few seconds, and then plug the cable back in. Step 3When the “DSL line up” message appears, issue the show dsl int atm number command, where number is the number of the ATM interface, to display the retrieved log. Step 4When you decide that it is no longer necessary for the router to retrieve the training log, reconfigure the router to disable the retrieval of the log by completing the following tasks: a.Enter the global configuration mode interface ATM number command, where number is the number of the ATM interface.
4-43
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 4 Advanced Router Configuration
Configuring DSL Commands
b.Enter no dsl enable-training-log to disable the retrieval of the training log.
c.Enter end to leave router configuration mode.
Selecting Secondary DSL Firmware
This command is available on the following routers:
Cisco 827, 827H, and 827-4V
Cisco 837 routers.
The ATM interface mode dsl firmware secondary command enables you to select the secondary DSL
firmware.
dsl firmware secondary
To revert to using the primary firmware, enter the no form of this command.
no dsl firmware secondary
NoteThe router must retrain in order for the configuration changes to take effect. To retrain the line, you can
unplug the DSL cable from the DSL socket on the back of the router and then plug the DSL cable back
in again.
You can use the show dsl interface atm number command to compare firmware versions in use before
retraining the DSL line, and after retraining.
Output Example
The following example output contains show dsl interface atm command output before the dsl
secondary firmware command is added to the configuration.
827-sus2#sh dsl int atm0
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT)
ITU STD NUM: 0x01 0x01
Vendor ID: ALCB GSPN
Vendor Specific:0x0000 0x0002
Vendor Country: 0x00 0x00
Capacity Used: 66% 74%
Noise Margin: 16.5 dB 17.0 dB
Output Power: 8.0 dBm 12.0 dBm
Attenuation: 0.0 dB 4.0 dB
Defect Status: None None
Last Fail Code: None
Selftest Result:0x49
Subfunction: 0x02
Interrupts: 652 (1 spurious)
Activations: 1
SW Version: 3.8129
FW Version: 0x1A04
4-44
Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide
78-14565-03
Chapter 4 Advanced Router Configuration
Configuring DSL Commands
After the dsl firmware secondary command is added to the configuration and retraining, the show dsl
interface ATM0 output shows that the software version has changed to 3.7123.
827-sus2#sh dsl int atm0
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT)
ITU STD NUM: 0x01 0x01
Vendor ID: ALCB GSPN
Vendor Specific:0x0000 0x0002
Vendor Country: 0x00 0x00
Capacity Used: 71% 74%
Noise Margin: 18.0 dB 17.0 dB
Output Power: 7.5 dBm 12.0 dBm
Attenuation: 0.0 dB 4.0 dB
Defect Status: None None
Last Fail Code: None
Selftest Result:0x00
Subfunction: 0x02
Interrupts: 1206 (2 spurious)
Activations: 2
SW Version: 3.7123
FW Version: 0x1A04
Configuration Example
The following example shows configuration of a Cisco 827 router using secondary DSL firmware.
827-sus2#sh run
Building configuration...
Current configuration :738 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname 827-sus2
!
ip subnet-zero
no ip domain-lookup
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
interface Ethernet0
ip address 192.168.5.23 255.255.255.0
no cdp enable
hold-queue 100 out
!
interface Virtual-Template1
ip address 2.2.3.4 255.255.255.0
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 1/40
encapsulation aal5mux ppp Virtual-Template1
!
dsl operating-mode itu-dmt