Cisco Router 826 Routers Software Configuration Guide
Have a look at the manual Cisco Router 826 Routers Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
2-37 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring Dial Backup ip nat inside source route-map secondary interface Dialer3 overload ip classless ! ! When primary link is up again, distance 50 will override 80 if dial backup hasn’t timeout ! Multiple routes because peer ip address are alternated among them when CPE gets connected ip route 0.0.0.0 0.0.0.0 64.161.31.254 50 ip route 0.0.0.0 0.0.0.0 66.125.91.254 50 ip route 0.0.0.0 0.0.0.0 64.174.91.254 50 ip route 0.0.0.0 0.0.0.0 63.203.35.136 80 ip route 0.0.0.0 0.0.0.0 63.203.35.137 80 ip route 0.0.0.0 0.0.0.0 63.203.35.138 80 ip route 0.0.0.0 0.0.0.0 63.203.35.139 80 ip route 0.0.0.0 0.0.0.0 63.203.35.140 80 ip route 0.0.0.0 0.0.0.0 63.203.35.141 80 ip route 0.0.0.0 0.0.0.0 Dialer1 150 no ip http server ip pim bidir-enable ! ! PC ip address behind CPE access-list 101 permit ip 192.168.0.0 0.0.255.255 any access-list 103 permit ip 192.168.0.0 0.0.255.255 any ! ! Watch multiple ip addresses because peers are alternated among them when CPE gets connected dialer watch-list 1 ip 64.161.31.254 255.255.255.255 dialer watch-list 1 ip 64.174.91.254 255.255.255.255 dialer watch-list 1 ip 64.125.91.254 255.255.255.255 ! ! Dial backup will kick in if primary link is not available 5 minutes after CPE starts up dialer watch-list 1 delay route-check initial 300 dialer-list 1 protocol ip permit ! ! To direct traffic to an interface only if the Dialer gets assigned with an ip address route-map main permit 10 match ip address 101 match interface Dialer1 ! route-map backup permit 10 match ip address 103 match interface Dialer3 ! ! line con 0 exec-timeout 0 0 ! ! Change console to aux function modem enable stopbits 1 line aux 0 exec-timeout 0 0 ! ! To enable and communicate with the external modem properly script dialer Dialout modem InOut modem autoconfigure discovery transport input all stopbits 1 speed 115200 flowcontrol hardware line vty 0 4 exec-timeout 0 0 password cisco
2-38 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring Dial Backup login ! scheduler max-task-time 5000 end Configuring Remote Management for the Cisco SOHO 91 Router Follow the steps below to configure remote management for the Cisco SOHO 91 router. Configuration Example The following example shows how to configure a Cisco SOHO 91 router to obtain the IP address for ATM interface via PPP/IPCP address negotiation and shows how to configure and support dial-in maintenance over the console port. ! !Remote management account username dialin password cisco modemcap entry MY_USR_MODEM:MSC=&F1S0=1 ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside hold-queue 100 out ! interface Async1 no ip address encapsulation ppp dialer in-band autodetect encapsulation ppp async default routing async dynamic routing async mode dedicated pap authentication pap callin peer default ip address 192.168.2.2 ! ip nat inside source list 101 interface Dialer1 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 150 ! no ip http server ip pim bidir-enable ! ! access-list 101 permit ip 192.168.0.0 0.0.255.255 any Command Purpose Step 1interface Async1Enters configuration mode for the async interface. Step 2line con 0Enters configuration mode for the console interface. Step 3modem enableChanges the console port to the auxiliary port. Step 4line aux 0Enters configuration mode for the auxiliary interface. Step 5flowcontrol hardwareEnables hardware signal flow control.
2-39 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server dialer-list 1 protocol ip permit ! line con 0 exec-timeout 0 0 modem enable stopbits 1 line aux 0 exec-timeout 0 0 script dialer Dialout modem Dialin modem autoconfigure discovery transport input all stopbits 1 speed 38400 flowcontrol hardware line vty 0 4 login local ! scheduler max-task-time 5000 end Configuring the DHCP Server Dynamic Host Configuration Protocol (DHCP) is an industry-standard protocol for automatically assigning IP configurations to workstations. DHCP uses a client-server model for address allocation. As administrator, you can configure one or more DHCP servers to provide IP address assignment and other TCP/IP-oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client. The DHCP protocol is described in RFC 2131. When configuring a DHCP server, you must configure the server properties, policies, and associated DHCP options. NoteWhenever you change server properties, you must reload the server to load the configuration data from the Network Registrar database. To configure the DHCP server, you must accept Network Registrar’s defaults or supply the data explicitly: The IP address of the server’s interface (Ethernet card). This interface must have a static IP address that is not assigned dynamically by DHCP. The subnet mask, which identifies the network membership of the interface. The subnet mask defaults to the appropriate value, based on the network class of the interface address. In most cases, the subnet mask is 255.255.255.0. Network Registrar uses the interface named default to provide configurable default values for interfaces that the DHCP server discovers automatically. If you delete the default interface, the DHCP server uses hard-coded default values for port numbers and socket buffer sizes for the interfaces that it autodiscovers. If you enable discover-interfaces, the DHCP server uses the operating system platform support to enumerate all the active interfaces on the machine and (unless there is an interface configuration with the ignore feature enabled) attempts to listen on all of these. If you disable discover-interfaces, the DHCP server listens on the interface that you specify, as long as it does not have the ignore feature enabled.
2-40 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server Use the dhcp-interface commands to add, remove, and list the IP addresses of your server’s hardware cards. Interfaces are named with the IP address and net mask for the physical device. If you have two interface cards for the server host, use two dhcp-interface create commands to register them both. Use the net mask suffix 16 or 24 as part of the address. nrcmd> dhcp-interface 192.168.1.12/24 create nrcmd> dhcp-interface 10.1.2.3/24 create Use the dhcp-interface set ignore=true command to set all but one interface to ignore Network Registrar. nrcmd> dhcp-interface 10.1.2.3/24 set ignore=true Configuring the Ethernet Interface Follow the steps below to configure the Ethernet interface, beginning in global configuration mode. For complete information on the Ethernet commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Ethernet concepts, see Chapter 1, “Concepts.” Dynamic Addressing Received via IPCP Use the ip address negotiated interface command to enable a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server (via PPP/IPCP). Use the same command to enable all remote hosts to use this single registered IP address to access the global Internet. The following example shows an IPCP configuration. ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer1 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 Command Purpose Step 1interface ethernet 0Enters configuration mode for the Ethernet interface. Step 2ip address ip-address maskSets the IP address and subnet mask for the Ethernet interface. Step 3no shutdownEnables the Ethernet interface to change the state from administratively down to up. Step 4exitExits configuration mode for the Ethernet interface.
2-41 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server ppp authentication pap callin ppp pap sent-username ! USER SPECIFIC password ! USER SPECIFIC ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request ! Configuring the Central Cisco 3620 The following example configures peer and dial backup on the Cisco 3620 router. ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime enable secret password ! hostname c3620 ! boot system flash slot0:c3620-jk2o3s-mz.121-5.3.T logging rate-limit console 10 except errors ! username ISP password ISP ip subnet-zero ip name-server !ISP ip name-server !ISP ip name-server !ISP ! no ip finger ! ip audit notify log ip audit po max-events 100 ip audit smtp spam 25111 no ip dhcp-client network-discovery vpdn enable no vpdn logging ! vpdn-group 1 accept-dialin protocol pppoe virtual-template 2 ! ! ! chat-script Dialout ABORT ERROR ABORT BUSY AT OK ATDT 5555101\T TIMEOUT 45 CONNECT \c ! modemcap entry MY_USR_MODEM:MSC=&F1S0=1 ! call rsvp-sync ! ! interface Loopback1 ip address 21.0.0.2 255.255.255.0 ! interface Loopback2 ip address 22.0.0.2 255.255.255.0 ! interface Ethernet0/0 no ip address half-duplex
2-42 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server no cdp enable ! interface Ethernet0/1 no ip address no ip route-cache no ip mroute-cache half-duplex no cdp enable ! interface ATM1/0 no ip address no atm ilmi-keepalive ! interface ATM1/0.1 point-to-point pvc 1/40 encapsulation aal5mux ppp Virtual-Template1 ! ! interface ATM1/0.2 point-to-point pvc 1/41 encapsulation aal5snap protocol pppoe ! ! interface Virtual-Template1 ip unnumbered Loopback1 peer default ip address pool test ! interface Virtual-Template2 ip unnumbered Loopback2 ip mtu 1492 ! interface Async65 no ip address encapsulation ppp dialer in-band dialer pool-member 1 autodetect encapsulation ppp async default routing async dynamic routing async mode dedicated ! interface Dialer0 ip unnumbered Async65 encapsulation ppp dialer pool 1 dialer remote-name c837 dialer string 5555101 modem-script Dialout dialer-group 1 autodetect encapsulation ppp no cdp enable ! ip local pool test 21.0.0.10 21.0.0.200 ip kerberos source-interface any ip classless no ip http server ! dialer-list 1 protocol ip permit no cdp run ! ! dial-peer cor custom ! !
2-43 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server ! ! ! line con 0 exec-timeout 0 0 transport input none line aux 0 exec-timeout 0 0 no activation-character script dialer Dialout no vacant-message modem InOut modem autoconfigure type MY_USR_MODEM transport input all transport output telnet escape-character NONE autohangup stopbits 1 speed 38400 flowcontrol hardware line vty 0 4 exec-timeout 0 0 login ! end Configuring the Central RADIUS Server Remote Authentication Dial-In User Service (RADIUS) enables you to secure your network against unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for a Cisco 800 series router to use RADIUS client features. To configure RADIUS on your router, you must perform the following tasks: Use the aaa new-model global configuration command to enable authentication, authorization, and accounting (AAA). AAA must be configured if you plan to use RADIUS. Use the aaa authentication global configuration command to define the method lists for RADIUS authentication. Use line and interface commands to enable the defined method lists to be used. For instructions on configuring a RADIUS client, see the Cisco IOS Security Configuration Guide. RFC 1483 Encapsulation with NAT This network shows a remote user connecting to the Internet through an ATM connection with RFC 1483 encapsulation and NAT. You may want to use this scenario if RFC 1483 connections can be used for the network, since there is slightly less overhead than PPP.
2-44 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server Figure 2-12 shows the network topology for this scenario. Figure 2-12 RFC 1483 Encapsulation with NAT In this scenario, the small business or remote user on the Ethernet LAN can connect to the Internet through ADSL. The Ethernet interface carries the data packet through the LAN and offloads it to the RFC 1483 connection on the ATM interface. The number of ATM PVCs is set by default. NAT, represented as the dashed line at the edge of the 827 routers, signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network. The following configuration topics are covered in this section: Configuring the Ethernet Interface Configuring the ATM Interface Configuring NAT Configuration Examples To add additional features to this network, see Chapter 3, “Basic Router Configuration,” and Chapter 4, “Advanced Router Configuration.” After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see “Cisco 3640 Gateway Configuration Example” at the end of this chapter. 1Small business or remote user2Connection to Ethernet 0 address 192.168.1.1/24 3ATM 0 PVC 8/354The Internet Cisco 827/827-4V 192.168.1.1/24DSLAMATM 0 200.200.100.254 Cisco 6400 Cisco 6400 74579 41 2 3
2-45 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server Configuring the Ethernet Interface Follow the steps below to configure the Ethernet interface, beginning in global configuration mode. Configuring the ATM Interface Use this table to configure the ATM interface, beginning in global configuration mode. Configuring NAT Follow the steps below to configure NAT, beginning in global configuration mode.Command Purpose Step 1interface ethernet 0Enters configuration mode for the Ethernet interface. Step 2ip address 192.168.1.1 255.255.255.0Sets the IP address and subnet mask for the Ethernet interface. Step 3no shutdownEnables the Ethernet interface. Step 4exitExits configuration mode for the Ethernet interface. Command Purpose Step 1interface ATM 0Enters configuration mode for the ATM interface. Step 2ip address 200.200.100.1 255.255.255.0Sets the IP address and subnet mask for the ATM interface. Step 3pvc 8/35Creates an ATM PVC for each end node with which the router communicates. Step 4protocol ip 200.200.100.254 broadcastSets the protocol broadcast for the IP address. Step 5encapsulation typeSpecifies the encapsulation type for the PVC to be AAL5SNAP or AAL5MUX IP. Step 6no shutdownEnables the ATM interface. Step 7exitExits configuration mode for the ATM interface. Command Purpose Step 1ip nat inside source list 1 pool interface ATM0 overloadEnables dynamic translation of addresses permitted by the access list to one of addresses specified in the ATM interface. Step 2ip route 0.0.0.0.0.0.0.0 atm0Sets the IP route to point to the ATM interface as a default gateway. Step 3access-list 1 permit 192.168.1.0.0.0.0.255Defines a standard access list permitting addresses that need translation. Step 4interface ethernet 0Enters configuration mode for the Ethernet interface.
2-46 Cisco 826, 827, 828, 831, 836, and 837 and Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers Software Configuration Guide 78-14565-03 Chapter 2 Network Scenarios Configuring the DHCP Server Configuration Examples In the following configuration examples, you do not have to enter the commands marked “default.” These commands appear automatically in the configuration file generated when you use the show running-config command. The following is an RFC 1483 LLC/SNAP encapsulation over ATM configuration example. ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast (default) ip nat inside ! interface ATM0 ip address 200.200.100.1 255.255.255.0 no ip directed-broadcast (default) ip nat outside no atm ilmi-keepalive (default) pvc 8/35 encapsulation aal5snap protocol ip 200.200.100.254 broadcast ! bundle-enable ! ip nat inside source list 1 interface ATM0 overload ip classless (default) ip route 0.0.0.0 0.0.0.0 200.200.100.254 ! access-list 1 permit 192.168.1.0 0.0.0.255 ! end The following is an RFC 1483 VC-MUX configuration example. ip subnet-zero ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast (default) ip nat inside ! interface ATM0 ip address 200.200.100.1 255.255.255.0 no ip directed-broadcast (default) ip nat outside no atm ilmi-keepalive (default) pvc 8/35 encapsulation aal5mux ip Step 5ip nat insideEstablishes the Ethernet interface as inside interface. Step 6exitExits configuration mode for the Ethernet interface. Step 7interface atm 0Enters configuration mode for the ATM interface. Step 8ip nat outsideEstablishes the ATM interface as outside interface. Step 9exitExits configuration mode for the ATM interface. Command Purpose