Software Guide
Page 4
... and VLANs 5-1 Configure DHCP 5-2 Configuration Example 5-4 Verify Your DHCP Configuration 5-4 Configure VLANs 5-5 Assign a Switch Port to a VLAN 5-6 Verify Your VLAN Configuration ...5-6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPsec Tunnel 6-1 Configure the IKE Policy 6-3 Configure Group Policy Information 6-4 Apply Mode Configuration to the Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520...
... and VLANs 5-1 Configure DHCP 5-2 Configuration Example 5-4 Verify Your DHCP Configuration 5-4 Configure VLANs 5-5 Assign a Switch Port to a VLAN 5-6 Verify Your VLAN Configuration ...5-6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPsec Tunnel 6-1 Configure the IKE Policy 6-3 Configure Group Policy Information 6-4 Apply Mode Configuration to the Crypto Map 6-5 Enable Policy Lookup 6-6 Configure IPsec Transforms and Protocols 6-6 Configure the IPsec Crypto Method and Parameters 6-7 Cisco Secure Router 520...
Software Guide
Page 5
... 8-3 Configure Inspection Rules 8-4 Apply Access Lists and Inspection Rules to Interfaces 8-4 Configuration Example 8-5 Configuring a Wireless LAN Connection 9-1 Configure the Root Radio Station 9-2 Configure Bridging on VLANs 9-4 Configure Radio Station Subinterfaces 9-5 Configuration Example 9-6 Configuring Additional Features and Troubleshooting Additional Configuration Options 10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring...
... 8-3 Configure Inspection Rules 8-4 Apply Access Lists and Inspection Rules to Interfaces 8-4 Configuration Example 8-5 Configuring a Wireless LAN Connection 9-1 Configure the Root Radio Station 9-2 Configure Bridging on VLANs 9-4 Configure Radio Station Subinterfaces 9-5 Configuration Example 9-6 Configuring Additional Features and Troubleshooting Additional Configuration Options 10-1 Configuring Security Features 11-1 Authentication, Authorization, and Accounting 11-1 Configuring...
Software Guide
Page 10
... software before you begin to have it . Appendix B, "Concepts" Provides general concept explanations of Cisco IOS security features, including firewall and VPN configuration. Cisco Secure Router 520 Series Software Configuration Guide x OL-14210-01 Chapter 5, "Configuring a LAN with multiple VLANs and to configure it act as a DHCP server. Chapter 12, "Troubleshooting" Provides information on...
... software before you begin to have it . Appendix B, "Concepts" Provides general concept explanations of Cisco IOS security features, including firewall and VPN configuration. Cisco Secure Router 520 Series Software Configuration Guide x OL-14210-01 Chapter 5, "Configuring a LAN with multiple VLANs and to configure it act as a DHCP server. Chapter 12, "Troubleshooting" Provides information on...
Software Guide
Page 24
... Specifies the name for WAN connection. Access is afforded through the VLAN. Disables the router from translating unfamiliar words (typos) into IP addresses. The Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers have one ATM interface for the router. ...For more information about creating VLANs, see the Cisco IOS Release 12.3 documentation set. You may assign...
... Specifies the name for WAN connection. Access is afforded through the VLAN. Disables the router from translating unfamiliar words (typos) into IP addresses. The Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over-ISDN routers have one ATM interface for the router. ...For more information about creating VLANs, see the Cisco IOS Release 12.3 documentation set. You may assign...
Software Guide
Page 35
... you in the Ethernet-based scenarios and the Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over the WAN interface with Network Address Translation (NAT). Note To verify that is compatible with DHCP and VLANs" • Chapter 6, "Configuring a VPN ...over -ISDN routers can access this tool at www.cisco.com > Technical Support & Documentation > Tools & Resources with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPsec Tunnel" OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 2-1 Each scenario is described with...
... you in the Ethernet-based scenarios and the Cisco Secure Router 520 ADSL-over-POTS and Cisco Secure Router 520 ADSL-over the WAN interface with Network Address Translation (NAT). Note To verify that is compatible with DHCP and VLANs" • Chapter 6, "Configuring a VPN ...over -ISDN routers can access this tool at www.cisco.com > Technical Support & Documentation > Tools & Resources with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPsec Tunnel" OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 2-1 Each scenario is described with...
Software Guide
Page 42
... to be set , as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of global IP addresses for NAT. Enters configuration mode for the VLAN (on the inside interface. For details about this command and additional parameters that can... be the inside interface for NAT. Cisco Secure Router 520 Series Software Configuration Guide 3-6 OL-14210-01 The second example shows...
... to be set , as well as information about enabling static translation, see the Cisco IOS IP Command Reference, Volume 1 of global IP addresses for NAT. Enters configuration mode for the VLAN (on the inside interface. For details about this command and additional parameters that can... be the inside interface for NAT. Cisco Secure Router 520 Series Software Configuration Guide 3-6 OL-14210-01 The second example shows...
Software Guide
Page 44
...0 extended) Outside interfaces: FastEthernet4 Inside interfaces: Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Cisco Secure Router 520 Series Software Configuration Guide 3-8 OL-14210-01 NAT is on LAN, we have used a private IP address. interface dialer 1 ip address negotiated ppp... outside ! vpdn enable vpdn-group 1 request-dialin protocol pppoe ! interface vlan 1 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast (default) ip nat outside . The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of...
...0 extended) Outside interfaces: FastEthernet4 Inside interfaces: Vlan1 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Cisco Secure Router 520 Series Software Configuration Guide 3-8 OL-14210-01 NAT is on LAN, we have used a private IP address. interface dialer 1 ip address negotiated ppp... outside ! vpdn enable vpdn-group 1 request-dialin protocol pppoe ! interface vlan 1 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast (default) ip nat outside . The VLAN interface has an IP address of 192.168.1.1 with a subnet mask of...
Software Guide
Page 53
... Network Address Translation Verify the Configuration You can verify that can configure NAT for possible address translation. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-7 Chapter 4 Configuring PPP over ATM with dynamic NAT, beginning in the dialer interface 0....ip nat inside source list acl1 pool pool1 interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enables dynamic translation of global IP addresses for the VLAN (on the inside interface, packets sourced from privileged EXEC mode. Enters configuration mode for ...
... Network Address Translation Verify the Configuration You can verify that can configure NAT for possible address translation. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-7 Chapter 4 Configuring PPP over ATM with dynamic NAT, beginning in the dialer interface 0....ip nat inside source list acl1 pool pool1 interface type number Example: Router(config)# interface vlan 1 Router(config-if)# Enables dynamic translation of global IP addresses for the VLAN (on the inside interface, packets sourced from privileged EXEC mode. Enters configuration mode for ...
Software Guide
Page 55
... B, "Concepts." Note Commands marked by "(default)" are implicitly denied. The VLAN interface has an IP address of 192.168.1.1 with a virtual-template interface, you run the show running-config command. ! interface Dialer0 ip address negotiated OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-9 NAT is configured for a client in the...
... B, "Concepts." Note Commands marked by "(default)" are implicitly denied. The VLAN interface has an IP address of 192.168.1.1 with a virtual-template interface, you run the show running-config command. ! interface Dialer0 ip address negotiated OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 4-9 NAT is configured for a client in the...
Software Guide
Page 57
... a client/server router for nodes on these networks. 5 C H A P T E R Configuring a LAN with DHCP and VLANs The Cisco Secure Router 520 Series routers support clients on the Cisco Router 3 1 2 4 92339 1 Fast Ethernet LAN (with multiple networked devices) 2 Router and DHCP server-Cisco Secure Router 520 Series router-connected to each client. Figure 5-1 Physical and Virtual LANs with two...
... a client/server router for nodes on these networks. 5 C H A P T E R Configuring a LAN with DHCP and VLANs The Cisco Secure Router 520 Series routers support clients on the Cisco Router 3 1 2 4 92339 1 Fast Ethernet LAN (with multiple networked devices) 2 Router and DHCP server-Cisco Secure Router 520 Series router-connected to each client. Figure 5-1 Physical and Virtual LANs with two...
Software Guide
Page 58
... PPP over Ethernet with NAT," and Chapter 4, "Configuring PPP over ATM with NAT" as PPPoE or PPPoA with NAT. Cisco Secure Router 520 Series Software Configuration Guide 5-2 OL-14210-01 VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you must reload the server with the configuration data from...
... PPP over Ethernet with NAT," and Chapter 4, "Configuring PPP over ATM with NAT" as PPPoE or PPPoA with NAT. Cisco Secure Router 520 Series Software Configuration Guide 5-2 OL-14210-01 VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you must reload the server with the configuration data from...
Software Guide
Page 59
...-config)# import all Router(dhcp-config)# Imports DHCP option parameters into the DHCP portion of the router database. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 5-3 The name argument can be a string or an integer. Example: Router(dhcp-config)# default-router 10... 255.255.255.0 Router(dhcp-config)# Defines subnet number (IP) address for a DHCP client. Chapter 5 Configuring a LAN with DHCP and VLANs Configure DHCP Command Step 4 ip dhcp pool name Example: Router(config)# ip dhcp pool dpool1 Router(dhcp-config)# Purpose Creates a DHCP address pool...
...-config)# import all Router(dhcp-config)# Imports DHCP option parameters into the DHCP portion of the router database. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 5-3 The name argument can be a string or an integer. Example: Router(dhcp-config)# default-router 10... 255.255.255.0 Router(dhcp-config)# Defines subnet number (IP) address for a DHCP client. Chapter 5 Configuring a LAN with DHCP and VLANs Configure DHCP Command Step 4 ip dhcp pool name Example: Router(config)# ip dhcp pool dpool1 Router(dhcp-config)# Purpose Creates a DHCP address pool...
Software Guide
Page 60
...a portion of address pools, bindings, and so forth. Configure DHCP Chapter 5 Configuring a LAN with DHCP and VLANs Configuration Example The following commands to view your DHCP configuration. • show ip dhcp import-Displays the optional parameters... 0 Malformed messages 0 Secure arp entries 0 Message BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Received 0 0 0 0 0 0 Leased addresses 0 Cisco Secure Router 520 Series Software Configuration Guide 5-4 OL-14210-01 ip dhcp excluded-address 192.168.9.0 ! ip dhcp pool dpool1 import all network 10.10.0.0...
...a portion of address pools, bindings, and so forth. Configure DHCP Chapter 5 Configuring a LAN with DHCP and VLANs Configuration Example The following commands to view your DHCP configuration. • show ip dhcp import-Displays the optional parameters... 0 Malformed messages 0 Secure arp entries 0 Message BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Received 0 0 0 0 0 0 Leased addresses 0 Cisco Secure Router 520 Series Software Configuration Guide 5-4 OL-14210-01 ip dhcp excluded-address 192.168.9.0 ! ip dhcp pool dpool1 import all network 10.10.0.0...
Software Guide
Page 61
... vlan-name] Example: Router(vlan)# vlan 2 media ethernet name VLAN0002 VLAN 2 added: Name: VLAN0002 Media type: ETHERNET Router(vlan)# vlan 3 media ethernet name red-vlan VLAN 3 added: Name: red-vlan Media type: ETHERNET Router(vlan)# Adds VLANs, with DHCP and VLANs Configure VLANs Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK Router# Sent 0 0 0 0 Configure VLANs Perform these steps to privileged EXEC mode. OL-14210-01 Cisco Secure Router 520...
... vlan-name] Example: Router(vlan)# vlan 2 media ethernet name VLAN0002 VLAN 2 added: Name: VLAN0002 Media type: ETHERNET Router(vlan)# vlan 3 media ethernet name red-vlan VLAN 3 added: Name: red-vlan Media type: ETHERNET Router(vlan)# Adds VLANs, with DHCP and VLANs Configure VLANs Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK Router# Sent 0 0 0 0 Configure VLANs Perform these steps to privileged EXEC mode. OL-14210-01 Cisco Secure Router 520...
Software Guide
Page 62
... configuration information for all configured VLANs. • show VLAN ISL Id: 1 Name: default Media Type: Ethernet VLAN 802.10 Id: 100001 State: Operational MTU: 1500 Translational Bridged VLAN: 1002 Translational Bridged VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco Secure Router 520 Series Software Configuration Guide 5-6 OL...
... configuration information for all configured VLANs. • show VLAN ISL Id: 1 Name: default Media Type: Ethernet VLAN 802.10 Id: 100001 State: Operational MTU: 1500 Translational Bridged VLAN: 1002 Translational Bridged VLAN: 1003 VLAN ISL Id: 2 Name: VLAN0002 Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Cisco Secure Router 520 Series Software Configuration Guide 5-6 OL...
Software Guide
Page 63
...: 101005 State: Operational MTU: 1500 Bridge Type: SRB Bridge Number: 1 STP Type: IBM Router# show vlan-switch VLAN Name Status Ports 1 default active Fa0, Fa1, Fa3 2 VLAN0002 active Fa2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Cisco Secure Router 520 Series Software Configuration Guide 5-7
...: 101005 State: Operational MTU: 1500 Bridge Type: SRB Bridge Number: 1 STP Type: IBM Router# show vlan-switch VLAN Name Status Ports 1 default active Fa0, Fa1, Fa3 2 VLAN0002 active Fa2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Cisco Secure Router 520 Series Software Configuration Guide 5-7
Software Guide
Page 64
Configure VLANs Chapter 5 Configuring a LAN with DHCP and VLANs VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 1 1003 1003 tr 101003 1500 1005 0 - - srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Cisco Secure Router 520 Series Software Configuration Guide 5-8 OL-14210-01
Configure VLANs Chapter 5 Configuring a LAN with DHCP and VLANs VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 1 1003 1003 tr 101003 1500 1005 0 - - srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0 Cisco Secure Router 520 Series Software Configuration Guide 5-8 OL-14210-01
Software Guide
Page 67
...(config-isakmp)# authentication pre-share Router(config-isakmp)# Specifies the authentication method used in the IKE policy. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-3 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configure the IKE Policy Note...Configuring PPP over Ethernet with NAT," Chapter 4, "Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a LAN with DHCP and VLANs" as appropriate for other router models. If you have not performed these steps to configure the Internet Key Exchange (IKE) policy, beginning in...
...(config-isakmp)# authentication pre-share Router(config-isakmp)# Specifies the authentication method used in the IKE policy. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-3 Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel Configure the IKE Policy Note...Configuring PPP over Ethernet with NAT," Chapter 4, "Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a LAN with DHCP and VLANs" as appropriate for other router models. If you have not performed these steps to configure the Internet Key Exchange (IKE) policy, beginning in...
Software Guide
Page 74
...-model ! aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common ! 6-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Step 8 exit Returns to automatically create the NAT or port address translation (... show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside interface:fastethernet 4 Current State:IPSEC_ACTIVE Last Event:SOCKET_UP Address:8.0.0.5 Mask:255.255.255.255 Default Domain:cisco.com Configuration Example The following configuration example shows a portion of the...
...-model ! aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common ! 6-10 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Step 8 exit Returns to automatically create the NAT or port address translation (... show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside interface:fastethernet 4 Current State:IPSEC_ACTIVE Last Event:SOCKET_UP Address:8.0.0.5 Mask:255.255.255.255 Default Domain:cisco.com Configuration Example The following configuration example shows a portion of the...
Software Guide
Page 75
...-share group 2 lifetime 480 ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! crypto ipsec transform-set vpn1 reverse-route ! crypto ipsec security-association lifetime seconds 86400 ! interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static-map ! Configuration Example OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-11 crypto... secret-password dns 10.50.10.1 10.60.10.1 domain company.com pool dynpool ! Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel username Cisco password 0 Cisco !
...-share group 2 lifetime 480 ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! crypto ipsec transform-set vpn1 reverse-route ! crypto ipsec security-association lifetime seconds 86400 ! interface fastethernet 4 crypto ipsec client ezvpn ezvpnclient outside crypto map static-map ! Configuration Example OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 6-11 crypto... secret-password dns 10.50.10.1 10.60.10.1 domain company.com pool dynpool ! Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel username Cisco password 0 Cisco !