Software Guide
Page 3
...and Submitting a Service Request xvii Getting Started Basic Router Configuration 1-1 Viewing the Default Configuration 1-2 Information Needed for Customizing the Default Parameters 1-2 Interface Port Labels 1-3 Configuring Basic Parameters 1-3 Configure Global Parameters 1-4 Configure Fast Ethernet LAN Interfaces 1-4 Configure WAN Interfaces 1-4 Configure the Fast Ethernet WAN ...10 Verifying Your Configuration 1-10 Configuring Dynamic Routes 1-11 Configuring RIP 1-11 Configuration Example 1-12 Verifying Your Configuration 1-12 Cisco Secure Router 520 Series Software Configuration Guide iii
...and Submitting a Service Request xvii Getting Started Basic Router Configuration 1-1 Viewing the Default Configuration 1-2 Information Needed for Customizing the Default Parameters 1-2 Interface Port Labels 1-3 Configuring Basic Parameters 1-3 Configure Global Parameters 1-4 Configure Fast Ethernet LAN Interfaces 1-4 Configure WAN Interfaces 1-4 Configure the Fast Ethernet WAN ...10 Verifying Your Configuration 1-10 Configuring Dynamic Routes 1-11 Configuring RIP 1-11 Configuration Example 1-12 Verifying Your Configuration 1-12 Cisco Secure Router 520 Series Software Configuration Guide iii
Software Guide
Page 4
...Your Configuration 4-10 5 C H A P T E R Configuring a LAN with DHCP and VLANs 5-1 Configure DHCP 5-2 Configuration Example 5-4 Verify Your DHCP Configuration 5-4 Configure VLANs 5-5 Assign a Switch Port to a VLAN 5-6 Verify Your VLAN Configuration 5-6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPsec Tunnel 6-1 Configure the IKE Policy 6-3 Configure Group Policy ...Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520 Series Software Configuration Guide iv OL-14210-01
...Your Configuration 4-10 5 C H A P T E R Configuring a LAN with DHCP and VLANs 5-1 Configure DHCP 5-2 Configuration Example 5-4 Verify Your DHCP Configuration 5-4 Configure VLANs 5-5 Assign a Switch Port to a VLAN 5-6 Verify Your VLAN Configuration 5-6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPsec Tunnel 6-1 Configure the IKE Policy 6-3 Configure Group Policy ...Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520 Series Software Configuration Guide iv OL-14210-01
Software Guide
Page 8
Contents D A P P E N D I X INDEX Optional Variables C-4 Using the TFTP Download Command C-5 Configuration Register C-5 Changing the Configuration Register Manually C-6 Changing the Configuration Register Using Prompts C-6 Console Download C-7 Command Description C-7 Error Reporting C-8 Debug Commands C-8 Exiting the ROM Monitor C-9 Common Port Assignments D-1 Cisco Secure Router 520 Series Software Configuration Guide viii OL-14210-01
Contents D A P P E N D I X INDEX Optional Variables C-4 Using the TFTP Download Command C-5 Configuration Register C-5 Changing the Configuration Register Manually C-6 Changing the Configuration Register Using Prompts C-6 Console Download C-7 Command Description C-7 Error Reporting C-8 Debug Commands C-8 Exiting the ROM Monitor C-9 Common Port Assignments D-1 Cisco Secure Router 520 Series Software Configuration Guide viii OL-14210-01
Software Guide
Page 11
...228; varoitusmerkki merkitsee vaaraa. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi Preface Appendix C, "ROM Monitor" Appendix D, "Common Port Assignments" Describes the use of the hazards involved with electrical circuitry and be familiar with...device. Note Means reader take note. Describes the currently assigned Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers. Use the statement number provided at the end of data. U verkeert in the translated safety warnings that could cause ...
...228; varoitusmerkki merkitsee vaaraa. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi Preface Appendix C, "ROM Monitor" Appendix D, "Common Port Assignments" Describes the use of the hazards involved with electrical circuitry and be familiar with...device. Note Means reader take note. Describes the currently assigned Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers. Use the statement number provided at the end of data. U verkeert in the translated safety warnings that could cause ...
Software Guide
Page 21
... using the CLI. It also describes the default configuration at startup. 1 C H A P T E R Basic Router Configuration The Cisco Secure Router 520 Series routers are indicated whenever possible. This chapter provides procedures for Customizing the Default Parameters • Interface Port Labels • Configuring Basic Parameters • Configuring Static Routes • Configuring Dynamic Routes Each section includes...
... using the CLI. It also describes the default configuration at startup. 1 C H A P T E R Basic Router Configuration The Cisco Secure Router 520 Series routers are indicated whenever possible. This chapter provides procedures for Customizing the Default Parameters • Interface Port Labels • Configuring Basic Parameters • Configuring Static Routes • Configuring Dynamic Routes Each section includes...
Software Guide
Page 22
To view the default configuration, follow these steps: Step 1 Use the default username cisco and the default password cisco to connect over an ADSL line: Cisco Secure Router 520 Series Software Configuration Guide 1-2 OL-14210-01 PPP authentication type: Challenge Handshake Authentication Protocol (CHAP) or Password ...type: CHAP or PAP - For each PVC determine the type of the LAN and WAN interfaces have been created, console and VTY ports are typically virtual path identifier (VPI), virtual circuit identifier (VCI), and traffic shaping parameters. - PPP client name to -Point Protocol ...
To view the default configuration, follow these steps: Step 1 Use the default username cisco and the default password cisco to connect over an ADSL line: Cisco Secure Router 520 Series Software Configuration Guide 1-2 OL-14210-01 PPP authentication type: Challenge Handshake Authentication Protocol (CHAP) or Password ...type: CHAP or PAP - For each PVC determine the type of the LAN and WAN interfaces have been created, console and VTY ports are typically virtual path identifier (VPI), virtual circuit identifier (VCI), and traffic shaping parameters. - PPP client name to -Point Protocol ...
Software Guide
Page 23
... one or more of that the ADSL signaling type is presented with the tasks in the "Configuring Basic Parameters" section. Table 1-1 Supported Interfaces and Associated Port Labels by Router Router Cisco Secure Router 520 Ethernet-to the Router A configuration example is DMT (also called ANSI T1.413) or DMT Issue 2. OL-14210-01...
... one or more of that the ADSL signaling type is presented with the tasks in the "Configuring Basic Parameters" section. Table 1-1 Supported Interfaces and Associated Port Labels by Router Router Cisco Secure Router 520 Ethernet-to the Router A configuration example is DMT (also called ANSI T1.413) or DMT Issue 2. OL-14210-01...
Software Guide
Page 24
... configured as part of the default VLAN and as such, they are connecting to the router using the console port. Cisco Secure Router 520 Series Software Configuration Guide 1-4 OL-14210-01 Disables the router from translating unfamiliar words (typos) into IP addresses. The... Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers have one ATM interface for WAN connection. Configure Fast Ethernet LAN Interfaces The Fast Ethernet...
... configured as part of the default VLAN and as such, they are connecting to the router using the console port. Cisco Secure Router 520 Series Software Configuration Guide 1-4 OL-14210-01 Disables the router from translating unfamiliar words (typos) into IP addresses. The... Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers have one ATM interface for WAN connection. Configure Fast Ethernet LAN Interfaces The Fast Ethernet...
Software Guide
Page 58
...addresses that the router uses to complete unqualified hostnames (names without a dotted-decimal domain name). VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you have already configured basic router features as well as appropriate for DHCP operation, beginning in ...(config)# Purpose Identifies the default domain that the DHCP server should not assign to use for name and address resolution. Cisco Secure Router 520 Series Software Configuration Guide 5-2 OL-14210-01 If you have not performed these steps to configure your router for your ...
...addresses that the router uses to complete unqualified hostnames (names without a dotted-decimal domain name). VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you have already configured basic router features as well as appropriate for DHCP operation, beginning in ...(config)# Purpose Identifies the default domain that the DHCP server should not assign to use for name and address resolution. Cisco Secure Router 520 Series Software Configuration Guide 5-2 OL-14210-01 If you have not performed these steps to configure your router for your ...
Software Guide
Page 62
... and VLANs Assign a Switch Port to a VLAN Perform these steps to assign a switch port to a VLAN, beginning in global configuration mode: Command Step 1 interface switch port id Example: Router(config)# interface FastEthernet 2 Router(config-if)# Purpose Specifies the switch port that you want to assign to...VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco Secure Router 520 Series Software Configuration Guide 5-6 OL-14210-01 Router# vlan database Router(vlan)# show vlan-switch-Entered from VLAN database mode. Step...
... and VLANs Assign a Switch Port to a VLAN Perform these steps to assign a switch port to a VLAN, beginning in global configuration mode: Command Step 1 interface switch port id Example: Router(config)# interface FastEthernet 2 Router(config-if)# Purpose Specifies the switch port that you want to assign to...VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco Secure Router 520 Series Software Configuration Guide 5-6 OL-14210-01 Router# vlan database Router(vlan)# show vlan-switch-Entered from VLAN database mode. Step...
Software Guide
Page 63
... Net VLAN 802.10 Id: 101005 State: Operational MTU: 1500 Bridge Type: SRB Bridge Number: 1 STP Type: IBM Router# show vlan-switch VLAN Name Status Ports 1 default active Fa0, Fa1, Fa3 2 VLAN0002 active Fa2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active...
... Net VLAN 802.10 Id: 101005 State: Operational MTU: 1500 Bridge Type: SRB Bridge Number: 1 STP Type: IBM Router# show vlan-switch VLAN Name Status Ports 1 default active Fa0, Fa1, Fa3 2 VLAN0002 active Fa2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active...
Software Guide
Page 74
...(config)# interface fastethernet 4 Router(config-if)# Enters the interface configuration mode for the interface to automatically create the NAT or port address translation (PAT) and access list configuration needed for the VPN and IPsec tunnel described in this command would be interface atm...remote configuration applied. aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common ! 6-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Step 8 exit Returns to global configuration mode. aaa new-model ! Verifying Your...
...(config)# interface fastethernet 4 Router(config-if)# Enters the interface configuration mode for the interface to automatically create the NAT or port address translation (PAT) and access list configuration needed for the VPN and IPsec tunnel described in this command would be interface atm...remote configuration applied. aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common ! 6-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Step 8 exit Returns to global configuration mode. aaa new-model ! Verifying Your...
Software Guide
Page 91
... of 4: Addressing and Services for your router. See the Cisco IOS IP Command Reference, Volume 1 of the router, and which compares source and destination ports. Configure Access Lists Perform these configurations tasks, see Chapter 1,... "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," and Chapter 4, "Configuring PPP over ATM with NAT. Chapter 8 Configuring a Simple Firewall Configure Access Lists Note The procedures in this command. OL-14210-01 Cisco Secure Router 520...
... of 4: Addressing and Services for your router. See the Cisco IOS IP Command Reference, Volume 1 of the router, and which compares source and destination ports. Configure Access Lists Perform these configurations tasks, see Chapter 1,... "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," and Chapter 4, "Configuring PPP over ATM with NAT. Chapter 8 Configuring a Simple Firewall Configure Access Lists Note The procedures in this command. OL-14210-01 Cisco Secure Router 520...
Software Guide
Page 111
...description of the steps you have the following sections: • Getting Started • Before Contacting Cisco or Your Reseller • ADSL Troubleshooting • ATM Troubleshooting Commands • Software Upgrade Methods... access the interface (Ethernet, ADSL, or telephone) by using the light-blue console port. Before you call, you should have taken to rule out the router as the ...view status messages from the router and enter commands to the router using Telnet. Before Contacting Cisco or Your Reseller If you cannot locate the source of a problem. Troubleshooting 12 C ...
...description of the steps you have the following sections: • Getting Started • Before Contacting Cisco or Your Reseller • ADSL Troubleshooting • ATM Troubleshooting Commands • Software Upgrade Methods... access the interface (Ethernet, ADSL, or telephone) by using the light-blue console port. Before you call, you should have taken to rule out the router as the ...view status messages from the router and enter commands to the router using Telnet. Before Contacting Cisco or Your Reseller If you cannot locate the source of a problem. Troubleshooting 12 C ...
Software Guide
Page 113
...buffers swapped out Router# show interface fastethernet 0 Ethernet0 is up, line protocol is up Hardware is PQUICC_SAR (with Alcatel ADSL Module) Internet address is 1.1.1.1/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec, reliability 255/255. Example 12-2 Viewing Status of Selected Interfaces Router# show interface atm 0 ... idle disconnect time:300 seconds Last input 01:16:31, output 01:16:31, output hang never Last clearing of all physical ports (Ethernet and ATM) and logical interfaces on reset LCP Closed OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-3
...buffers swapped out Router# show interface fastethernet 0 Ethernet0 is up, line protocol is up Hardware is PQUICC_SAR (with Alcatel ADSL Module) Internet address is 1.1.1.1/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec, reliability 255/255. Example 12-2 Viewing Status of Selected Interfaces Router# show interface atm 0 ... idle disconnect time:300 seconds Last input 01:16:31, output 01:16:31, output hang never Last clearing of all physical ports (Ethernet and ATM) and logical interfaces on reset LCP Closed OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-3
Software Guide
Page 114
... ATM 0.n is down, line protocol is down with the configuration. Fast Ethernet n is up, line protocol is disconnected. 12-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 or • If you are having problems with the specified dialer interface, this can mean it... or the ADSL cable is down • This is a standard message and may not indicate anything is connected to the ATM port. ATM Troubleshooting Commands Chapter 12 Troubleshooting Table 12-1 describes possible command output for the show interface Command Output Description Output Cause For ...
... ATM 0.n is down, line protocol is down with the configuration. Fast Ethernet n is up, line protocol is disconnected. 12-4 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 or • If you are having problems with the specified dialer interface, this can mean it... or the ADSL cable is down • This is a standard message and may not indicate anything is connected to the ATM port. ATM Troubleshooting Commands Chapter 12 Troubleshooting Table 12-1 describes possible command output for the show interface Command Output Description Output Cause For ...
Software Guide
Page 118
... ABCD 01:23:48: 01:23:48:ATM0(I ) would mean receive packet. Software Upgrade Methods Several methods are available for upgrading software on the Cisco Secure Router 520 Series routers, including: • Copy the new software image to flash memory over the LAN or WAN while the existing...software image over the console port while in ROM monitor mode. • From ROM monitor mode, boot the router from a software image that is generating the packet. To use this method, the TFTP server must be on the same LAN as the router. 12-8 Cisco Secure Router 520 Series Software Configuration Guide OL...
... ABCD 01:23:48: 01:23:48:ATM0(I ) would mean receive packet. Software Upgrade Methods Several methods are available for upgrading software on the Cisco Secure Router 520 Series routers, including: • Copy the new software image to flash memory over the LAN or WAN while the existing...software image over the console port while in ROM monitor mode. • From ROM monitor mode, boot the router from a software image that is generating the packet. To use this method, the TFTP server must be on the same LAN as the router. 12-8 Cisco Secure Router 520 Series Software Configuration Guide OL...
Software Guide
Page 119
... 1 Step 2 Step 3 Connect an ASCII terminal or a PC running a terminal emulation program to import, export, distribute or use . laws governing Cisco cryptographic products may be performed through the console port. Reset the Configuration Register Value Note Recovering a lost password is subject to display the existing configuration register value (shown in bold...a Telnet session. and local country laws. By using this product immediately. If you agree to comply with applicable laws and regulations. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-9
... 1 Step 2 Step 3 Connect an ASCII terminal or a PC running a terminal emulation program to import, export, distribute or use . laws governing Cisco cryptographic products may be performed through the console port. Reset the Configuration Register Value Note Recovering a lost password is subject to display the existing configuration register value (shown in bold...a Telnet session. and local country laws. By using this product immediately. If you agree to comply with applicable laws and regulations. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-9
Software Guide
Page 125
Table A-1 Terminal Emulation Software PC Operating System Windows 95, Windows 98, Windows 2000, Windows NT, Windows XP Software HyperTerm (included with Cisco IOS software, go to one of the following chapters: • Chapter 1, "Basic Router Configuration" • Chapter 2, "Sample Network ... Summary • Where to Go Next If you are already familiar with Windows software), ProComm Plus OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-1 This appendix contains the following sections: • Configuring the Router from a PC connected through the console...
Table A-1 Terminal Emulation Software PC Operating System Windows 95, Windows 98, Windows 2000, Windows NT, Windows XP Software HyperTerm (included with Cisco IOS software, go to one of the following chapters: • Chapter 1, "Basic Router Configuration" • Chapter 2, "Sample Network ... Summary • Where to Go Next If you are already familiar with Windows software), ProComm Plus OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-1 This appendix contains the following sections: • Configuring the Router from a PC connected through the console...
Software Guide
Page 129
... does not appear on a TFTP server. Using Commands This section provides some tips about entering Cisco IOS commands at the command-line interface (CLI). OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-5 for network use; trailing spaces are prompted. You can now make... it when you enter it. Entering Global Configuration Mode To make changes to 15). This example shows how to your router console port. Appendix A Cisco IOS Software Basic Skills Entering Global Configuration Mode You can use two commands to do this: • enable secret password-A very...
... does not appear on a TFTP server. Using Commands This section provides some tips about entering Cisco IOS commands at the command-line interface (CLI). OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide A-5 for network use; trailing spaces are prompted. You can now make... it when you enter it. Entering Global Configuration Mode To make changes to 15). This example shows how to your router console port. Appendix A Cisco IOS Software Basic Skills Entering Global Configuration Mode You can use two commands to do this: • enable secret password-A very...