Cisco Systems Router 1800 Series User Manual
Have a look at the manual Cisco Systems Router 1800 Series User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 3 Cisco Systems manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
A-3 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix A Cisco IOS Software Basic Skills Understanding Command Modes Ta b l e A-2 Command Modes Summary ModeAccess MethodPromptExit and Entrance MethodAbout This Mode User EXECBegin a session with your router.Router>To exit a router session, enter the logout command. Use this mode for these tasks: Change terminal settings. Perform basic tests. Display system information. Privileged EXECEnter the enable command from user EXEC mode.Router# To exit to user EXEC mode, enter the disable command. To enter global configuration mode, enter the configure command. Use this mode for these tasks: Configure your router operating parameters. Perform the verification steps shown in this guide. To prevent unauthorized changes to your router configuration, access to this mode should be protected with a password as described in “Enable Secret Passwords and Enable Passwords” later in this chapter. Global configurationEnter the configure command from privileged EXEC mode.Router (config)# To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z. To enter interface configuration mode, enter the interface command. Use this mode to configure parameters that apply to your router as a whole. Also, you can access the following modes, which are described later in this table: Interface configuration Router configuration Line configuration Interface configurationEnter the interface command (with a specific interface, such as interface atm 0) from global configuration mode.Router (config-if)# To exit to global configuration mode, enter the exit command. To exit to privileged EXEC mode, enter the end command, or press Ctrl-Z. To enter subinterface configuration mode, specify a subinterface with the interface command. Use this mode to configure parameters for the router Ethernet and serial interfaces or subinterfaces.
A-4 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix A Cisco IOS Software Basic Skills Getting Help Getting Help You can use the question mark (?) and arrow keys to help you enter commands. For a list of available commands at that command mode, enter a question mark: Router> ? access-enable Create a temporary access-list entry access-profile Apply user-profile to interfaceclear Reset functions ... To complete a command, enter a few known characters followed by a question mark (with no space): Router> s?* s=show set show slip systat For a list of command variables, enter the command followed by a space and a question mark: Router> show ? ...clock Display the system clock dialer Dialer parameters and statistics exception exception information... To redisplay a command you previously entered, press the Up Arrow key. You can continue to press the Up Arrow key for more commands. Router configurationEnter one of the router commands followed by the appropriate keyword, for example router rip, from global configuration mode.Router (config- router)# To exit to global configuration mode, enter the exit command. To exit to privileged EXEC mode, enter the end command, or press Ctrl-Z. Use this mode to configure an IP routing protocol. Line configurationEnter the line command with the desired line number, for example, line 0, from global configuration mode.Router (config- line)# To exit to global configuration mode, enter the exit command. To exit to privileged EXEC mode, enter the end command, or press Ctrl-Z. Use this mode to configure parameters for the terminal line. Table A-2 Command Modes Summary (continued) Mode Access Method Prompt Exit and Entrance Method About This Mode
A-5 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix A Cisco IOS Software Basic Skills Enable Secret Passwords and Enable Passwords Enable Secret Passwords and Enable Passwords By default, the router ships without password protection. Because many privileged EXEC commands are used to set operating parameters, you should password-protect these commands to prevent unauthorized use. You can use two commands to do this: enable secret password—A very secure, encrypted password enable password—A less secure, unencrypted local password Both the enable and enable secret passwords control access to various privilege levels (0 to 15). The enable password is intended for local use and is thus unencrypted. The enable secret password is intended for network use; that is, in environments where the password crosses the network or is stored on a TFTP server. You must enter an enable secret or enable password with a privilege level of 1 to gain access to privileged EXEC mode commands. For maximum security, the passwords should be different. If you enter the same password for both during the setup process, your router accepts the passwords, but warns you that they should be different. An enable secret password can contain from 1 to 25 uppercase and lowercase alphanumeric characters. An enable password can contain any number of uppercase and lowercase alphanumeric characters. In both cases, a number cannot be the first character. Spaces are also valid password characters; for example, two words is a valid password. Leading spaces are ignored; trailing spaces are recognized. Entering Global Configuration Mode To make any configuration changes to your router, you must be in global configuration mode. This section describes how to enter global configuration mode while using a terminal or PC that is connected to your router console port. To enter global configuration mode, follow these steps: Step 1After your router boots up, enter the enable or enable secret command: Router> enable Step 2If you have configured your router with an enable password, enter it when you are prompted. The enable password does not appear on the screen when you enter it. This example shows how to enter privileged EXEC mode: Password: enable_passwordRouter# Privileged EXEC mode is indicated by the # in the prompt. You can now make changes to your router configuration. Step 3Enter the configure terminal command to enter global configuration mode: Router# configure terminal Router(config)# You can now make changes to your router configuration.
A-6 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix A Cisco IOS Software Basic Skills Using Commands Using Commands This section provides some tips about entering Cisco IOS commands at the command-line interface (CLI). Abbreviating Commands You only have to enter enough ch aracters for the router to recognize the command as unique. This example shows how to enter the show version command: Router # sh v Undoing Commands If you want to disable a feature or undo a command you entered, you can enter the keyword no before most commands; for example, no ip routing. Command-Line Error Messages Ta b l e A-3 lists some error messages that you might encounter while using the CLI to configure your router. Ta b l e A-3 Common CLI Error Messages Error MessageMeaningHow to Get Help % Ambiguous command: show conYou did not enter enough characters for your router to recognize the command.Reenter the command, followed by a question mark ( ?) with no space between the command and the question mark. The possible keywords that you can enter with the command are displayed. % Incomplete command.You did not enter all of the keywords or values required by this command.Reenter the command, followed by a question mark ( ?) with no space between the command and the question mark. The possible keywords that you can enter with the command are displayed. % Invalid input detected at ‘^’ marker.You entered the command incorrectly. The error occurred where the caret mark (^) appears.Enter a question mark (?) to display all of the commands that are available in this command mode.
A-7 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix A Cisco IOS Software Basic Skills Saving Configuration Changes Saving Configuration Changes You need to enter the copy running-config startup-config command to save your configuration changes to nonvolatile RAM (NVRAM) so that they are not lost if there is a system reload or power outage. This example shows how to use this command to save your changes: router# copy running-config startup-configDestination filename [startup-config]? Press Return to accept the default destination filename startup-config, or enter your desired destination filename and press Return. It might take a minute or two to save the configuration to NVRAM. After the configuration has been saved, the following message appears: Building configuration... router# Summary Now that you have reviewed some Cisco IOS software basics, you can begin to configure your router. Remember: You can use the question mark (?) and arrow keys to help you enter commands. Each command mode restricts you to a set of commands. If you are having difficulty entering a command, check the prompt, and then enter the question mark (?) for a list of available commands. You might be in the wrong command mode or using the wrong syntax. If you want to disable a feature, enter the keyword no before the command; for example, no ip routing. Save your configuration changes to NVRAM so that they are not lost if there is a system reload or power outage. Where to Go Next To configure your router, go to Chapter 1, “Basic Router Configuration,” and Chapter 2, “Sample Network Deployments.”
A-8 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix A Cisco IOS Software Basic Skills Where to Go Next
B-1 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 APPENDIXB Concepts This appendix contains conceptual information that may be useful to Internet service providers or network administrators when they configure Cisco routers. To review some typical network scenarios, see Chapter 2, “Sample Network Deployments.” For information on additional details or configuration topics, see Chapter 11, “Additional Configuration Options.” The following topics are included in this appendix: ADSL SHDSL Network Protocols Routing Protocol Options PPP Authentication Protocols TA C A C S + Network Interfaces Dial Backup NAT Easy IP (Phase 1) Easy IP (Phase 2) QoS Access Lists ADSL ADSL is a technology that allows both data and voice to be transmitted over the same line. It is a packet-based network technology that allows high-speed transmission over twisted-pair copper wire on the local loop (“last mile”) between a network service provider (NSP) central office and the customer site, or on local loops created within either a building or a campus. The benefit of ADSL over a serial or dialup line is that it is always on and always connected, increasing bandwidth and lowering the costs compared with a dialup or leased line. ADSL technology is asymmetric in that it allows more bandwidth from an NSP central office to the customer site than from the customer site to the central office. This asymmetry, combined with always-on access (which eliminates call setup), makes ADSL ideal for Internet and intranet surfing, video on demand, and remote LAN access.
B-2 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix B Concepts SHDSL SHDSL SHDSL is a technology based on the G.SHDSL (G.991.2) standard that allows both data and voice to be transmitted over the same line. SHDSL is a packet-based network technology that allows high-speed transmission over twisted-pair copper wire between a network service provider (NSP) central office and a customer site, or on local loops created within either a building or a campus. G.SHDSL devices can extend the reach from central offices and remote terminals to approximately 26,000 feet (7925 m), at symmetrical data rates from 72 kbps up to 2.3 Mbps. In addition, it is repeatable at lower speeds, which means there is virtually no limit to its reach. SHDSL technology is symmetric in that it allows equal bandwidth between an NSP central office and a customer site. This symmetry, combined with always-on access (which eliminates call setup), makes SHDSL ideal for LAN access. Network Protocols Network protocols enable the network to pass data from its source to a specific destination over LAN or WAN links. Routing address tables are included in the network protocols to provide the best path for moving the data through the network. IP The best-known Transmission Control Protocol/Internet Protocol (TCP/IP) at the internetwork layer is IP, which provides the basic packet delivery service for all TCP/IP networks. In addition to the physical node addresses, the IP protocol implements a system of logical host addresses called IP addresses. The IP addresses are used by the internetwork and higher layers to identify devices and to perform internetwork routing. The Address Resolution Protocol (ARP) enables IP to identify the physical address that matches a given IP address. IP is used by all protocols in the layers above and below it to deliver data, which means that all TCP/IP data flows through IP when it is sent and received regardless of its final destination. IP is a connectionless protocol, which means that IP does not exchange control information (called a handshake) to establish an end-to-end connection before transmitting data. In contrast, a connection-oriented protocol exchanges control information with the remote computer to verify that it is ready to receive data before sending it. When the handshaking is successful, the computers have established a connection. IP relies on protocols in other layers to establish the connection if connection-oriented services are required. Internet Packet Exchange (IPX) exchanges routing information using Routing Information Protocol (RIP), a dynamic distance-vector routing protocol. RIP is described in more detail in the following subsections. Routing Protocol Options Routing protocols include the following: Routing Information Protocol (RIP) Enhanced Interior Gateway Routing Protocol (Enhanced IGRP)
B-3 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix B Concepts PPP Authentication Protocols RIP and Enhanced IGRP differ in several ways, as shown in Ta b l e B-1. Ta b l e B-1 RIP and Enhanced IGRP Comparison ProtocolIdeal TopologyMetricRouting Updates RIPSuited for topologies with 15 or fewer hops.Hop count. Maximum hop count is 15. Best route is one with lowest hop count.By default, every 30 seconds. You can reconfigure this value and also use triggered extensions to RIP. Enhanced IGRPSuited for large topologies with 16 or more hops to reach a destination.Distance information. Based on a successor, which is a neighboring router that has a least-cost path to a destination that is guaranteed to not be part of a routing loop.Hello packets sent every 5 seconds, as well as incremental updates sent when the state of a destination changes. RIP RIP is an associated protocol for IP, and is widely used for routing protocol traffic over the Internet. RIP is a distance-vector routing protocol, which means that it uses distance (hop count) as its metric for route selection. Hop count is the number of routers that a packet must traverse to reach its destination. For example, if a particular route has a hop count of 2, then a packet must traverse two routers to reach its destination. By default, RIP routing updates are broadcast every 30 seconds. You can reconfigure the interval at which the routing updates are broadcast. You can also configure triggered extensions to RIP so that routing updates are sent only when the routing database is updated. For more information on triggered extensions to RIP, see the Cisco IOS Release 12.3 documentation set. Enhanced IGRP Enhanced IGRP is an advanced Cisco proprietary di stance-vector and link state routing protocol, which means it uses a metric more sophisticated than distan ce (hop count) for route selection. Enhanced IGRP uses a metric based on a successor, which is a ne ighboring router that has a least-cost path to a destination that is guaranteed not to be part of a routing loop. If a successor for a particular destination does not exist but neighbors advertise the destination, the router must recompute a route. Each router running Enhanced IGRP sends hello packets every 5 seconds to inform neighboring routers that it is functioning. If a particular router does not send a hello packet within a prescribed period, Enhanced IGRP assumes that the state of a destination has changed and sends an incremental update. Because Enhanced IGRP supports IP, you can use one routing protocol for multiprotocol network environments, minimizing the size of the routing tables and the amount of routing information. PPP Authentication Protocols The Point-to-Point Protocol (PPP) encapsulates networ k layer protocol information over point-to-point links. PPP originally emerged as an encapsulation prot ocol for transporting IP traffic over point-to-point links. PPP also established a standard for the assignment and management of IP addresses, asynchronous
B-4 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Appendix B Concepts PPP Authentication Protocols (start/stop) and bit-oriented synchronous encapsulation, network protocol multiplexing, link configuration, link quality testing, error detection, and option negotiation for such capabilities as network-layer address negotiation and data-compression negotiation. PPP supports these functions by providing an extensible Link Control Protocol (LCP) and a family of Network Control Protocols (NCPs) to negotiate optional configuration parameters and facilities. The current implementation of PPP supports two security authentication protocols to authenticate a PPP session: Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) PPP with PAP or CHAP authentication is often used to inform the central site which remote routers are connected to it. PAP PAP uses a two-way handshake to verify the passwords between routers. To illustrate how PAP works, imagine a network topology in which a remote office Cisco router is connected to a corporate office Cisco router. After the PPP link is established, the remote office router repeatedly sends a configured username and password until the corporate office router accepts the authentication. PAP has the following characteristics: The password portion of the authentication is sent across the link in clear text (not scrambled or encrypted). PAP provides no protection from playback or repeated trial-and-error attacks. The remote office router controls the frequency and timing of the authentication attempts. CHAP CHAP uses a three-way handshake to verify passwords. To illustrate how CHAP works, imagine a network topology in which a remote office Cisco router is connected to a corporate office Cisco router. After the PPP link is established, the corporate office router sends a challenge message to the remote office router. The remote office router responds with a variable value. The corporate office router checks the response against its own calculation of the value. If the values match, the corporate office router accepts the authentication. The authentication process can be repeated any time after the link is established. CHAP has the following characteristics: The authentication process uses a variable challenge value rather than a password. CHAP protects against playback attack through the use of the variable challenge value, which is unique and unpredictable. Repeated challenges limit the time of exposure to any single attack. The corporate office router controls the frequency and timing of the authentication attempts. NoteWe recommend using CHAP because it is the more secure of the two protocols.