Software Guide
Page 11
...;RKEITÄ TURVALLISUUSOHJEITA Tämä varoitusmerkki merkitsee vaaraa. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi Describes the currently assigned Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers. Conventions This section describes the conventions used in the translated safety warnings... use of each warning to additional information and material. You are in een situatie die lichamelijk letsel kan veroorzaken. U verkeert in a situation that accompanied this guide.
...;RKEITÄ TURVALLISUUSOHJEITA Tämä varoitusmerkki merkitsee vaaraa. SÄILYTÄ NÄMÄ OHJEET OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide xi Describes the currently assigned Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers. Conventions This section describes the conventions used in the translated safety warnings... use of each warning to additional information and material. You are in een situatie die lichamelijk letsel kan veroorzaken. U verkeert in a situation that accompanied this guide.
Software Guide
Page 21
...dynamic routing and advanced quality of the SBCS portfolio, the Cisco Secure Router 520 Series routers deliver a common user experience through integration with the Cisco Configuration Assistant, Cisco Smart Assist, Cisco Monitor Manager, and Cisco Monitor Director. As part of service (QoS) features. ...configuring the basic parameters of your Cisco router, including global parameter settings, routing protocols, interfaces, and command-line access using the CLI. Note Individual router routers may not support every feature described throughout this guide. For complete information on the ...
...dynamic routing and advanced quality of the SBCS portfolio, the Cisco Secure Router 520 Series routers deliver a common user experience through integration with the Cisco Configuration Assistant, Cisco Smart Assist, Cisco Monitor Manager, and Cisco Monitor Director. As part of service (QoS) features. ...configuring the basic parameters of your Cisco router, including global parameter settings, routing protocols, interfaces, and command-line access using the CLI. Note Individual router routers may not support every feature described throughout this guide. For complete information on the ...
Software Guide
Page 28
.... The default is to ping it: Router# ping 200.200.100.1 Type escape sequence to time out. Cisco Secure Router 520 Series Software Configuration Guide 1-8 OL-14210-01 This example specifies a console terminal for the console terminal line. This example shows a ...timeout of "show interface" counters never Queuing strategy: fifo Output queue 0/0, 0 drops; Specifies a unique password for access. Sets the interval that the EXEC command interpreter waits until user...
.... The default is to ping it: Router# ping 200.200.100.1 Type escape sequence to time out. Cisco Secure Router 520 Series Software Configuration Guide 1-8 OL-14210-01 This example specifies a console terminal for the console terminal line. This example shows a ...timeout of "show interface" counters never Queuing strategy: fifo Output queue 0/0, 0 drops; Specifies a unique password for access. Sets the interval that the EXEC command interpreter waits until user...
Software Guide
Page 31
...-router)# Task Enters router configuration mode, and enables RIP on network traffic or topology. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-11 The Cisco routers can configure either of directly connected networks. per-user static route o - periodic downloaded static route Gateway of RIP version 1 or 2. Step 2 version {1 | 2} Specifies use IP...
...-router)# Task Enters router configuration mode, and enables RIP on network traffic or topology. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 1-11 The Cisco routers can configure either of directly connected networks. per-user static route o - periodic downloaded static route Gateway of RIP version 1 or 2. Step 2 version {1 | 2} Specifies use IP...
Software Guide
Page 32
mobile, B - EIGRP external, i - IS-IS level-1, L2 - per-user static route o - Configuration Example The following configuration example shows RIP version 2 enabled in IP network 10.0.0.0 and 192.168.1.0. You should see Appendix ... set 10.0.0.0/24 is subnetted, 1 subnets C 10.108.1.0 is directly connected, Loopback0 R 3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:02, Ethernet0/0 1-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Execute the show running-config command from privileged EXEC mode to pass across classful network boundaries. RIP, M - IS-IS...
mobile, B - EIGRP external, i - IS-IS level-1, L2 - per-user static route o - Configuration Example The following configuration example shows RIP version 2 enabled in IP network 10.0.0.0 and 192.168.1.0. You should see Appendix ... set 10.0.0.0/24 is subnetted, 1 subnets C 10.108.1.0 is directly connected, Loopback0 R 3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:02, Ethernet0/0 1-12 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01 Execute the show running-config command from privileged EXEC mode to pass across classful network boundaries. RIP, M - IS-IS...
Software Guide
Page 47
...Transfer Mode (PPPoA) clients and network address translation (NAT). PPP over ATM provides a network solution with simplified address handling and straight user verification, as with multiple networked devices-desktops, laptop PCs, switches 2 Fast Ethernet LAN interface (inside interface for NAT, 192.168.1.1/24) 3 ... scenario uses a single static IP address for NAT) 6 PPPoA session between the client and a PPPoA server at the ISP Cisco Secure Router 520 Series Software Configuration Guide 4-1 4 C H A P T E R Configuring PPP over ATM with a PPPoA client and NAT configured on the...
...Transfer Mode (PPPoA) clients and network address translation (NAT). PPP over ATM provides a network solution with simplified address handling and straight user verification, as with multiple networked devices-desktops, laptop PCs, switches 2 Fast Ethernet LAN interface (inside interface for NAT, 192.168.1.1/24) 3 ... scenario uses a single static IP address for NAT) 6 PPPoA session between the client and a PPPoA server at the ISP Cisco Secure Router 520 Series Software Configuration Guide 4-1 4 C H A P T E R Configuring PPP over ATM with a PPPoA client and NAT configured on the...
Software Guide
Page 48
... for example, default routing information, the encapsulation protocol, and the dialer pool to configure this scenario, the small business or remote user on an ATM interface, but each session must be configured on the Fast Ethernet LAN can connect to an Internet service provider (... for cloning virtual access. Multiple PPPoA client sessions can be used to connect to the PPP connection on page 4-9. Cisco Secure Router 520 Series Software Configuration Guide 4-2 OL-14210-01 Configure the Dialer Interface Chapter 4 Configuring PPP over ATM with NAT In this network scenario:...
... for example, default routing information, the encapsulation protocol, and the dialer pool to configure this scenario, the small business or remote user on an ATM interface, but each session must be configured on the Fast Ethernet LAN can connect to an Internet service provider (... for cloning virtual access. Multiple PPPoA client sessions can be used to connect to the PPP connection on page 4-9. Cisco Secure Router 520 Series Software Configuration Guide 4-2 OL-14210-01 Configure the Dialer Interface Chapter 4 Configuring PPP over ATM with NAT In this network scenario:...
Software Guide
Page 58
... Network Registrar database. Step 2 ip name-server server-address1 [server-address2...server-address6] Example: Specifies the address of the user's physical location or LAN connection. Configuration Tasks Perform the following tasks to DHCP clients. In this chapter assume you have not... and VLANs Note Whenever you change server properties, you must reload the server with NAT. Cisco Secure Router 520 Series Software Configuration Guide 5-2 OL-14210-01 VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you have already configured ...
... Network Registrar database. Step 2 ip name-server server-address1 [server-address2...server-address6] Example: Specifies the address of the user's physical location or LAN connection. Configuration Tasks Perform the following tasks to DHCP clients. In this chapter assume you have not... and VLANs Note Whenever you change server properties, you must reload the server with NAT. Cisco Secure Router 520 Series Software Configuration Guide 5-2 OL-14210-01 VLANs The Cisco Secure Router 520 Series routers support four Fast Ethernet ports on which you have already configured ...
Software Guide
Page 65
...many applications also require the security of VPN connections which perform a high level of a remote access VPN that uses the Cisco Easy VPN and an IPsec tunnel to a corporate network. Figure 6-1 Remote Access VPN Using IPsec Tunnel 5 3 4 2 Internet ...6 121782 OL-14210-01 1 1 Remote, networked users 2 VPN client-Cisco Secure Router 520 Series router 3 Router-Providing the corporate office network access Cisco Secure Router 520 Series Software Configuration Guide 6-1 Figure 6-1 shows a typical deployment scenario. Two types of Virtual Private Networks...
...many applications also require the security of VPN connections which perform a high level of a remote access VPN that uses the Cisco Easy VPN and an IPsec tunnel to a corporate network. Figure 6-1 Remote Access VPN Using IPsec Tunnel 5 3 4 2 Internet ...6 121782 OL-14210-01 1 1 Remote, networked users 2 VPN client-Cisco Secure Router 520 Series router 3 Router-Providing the corporate office network access Cisco Secure Router 520 Series Software Configuration Guide 6-1 Figure 6-1 shows a typical deployment scenario. Two types of Virtual Private Networks...
Software Guide
Page 66
...such as Easy VPN Remote nodes. Configuration Tasks Perform the following tasks to act as a supported Cisco Secure Router 520 Series router. Cisco Secure Router 520 Series Software Configuration Guide 6-2 OL-14210-01 Easy VPN server-enabled devices allow remote routers to configure your application requires ... 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel 4 VPN server-Easy VPN server; Network extension mode allows users at the client site are running Cisco Easy VPN Remote software on both the client and the server. for this network scenario: • Configure the IKE Policy...
...such as Easy VPN Remote nodes. Configuration Tasks Perform the following tasks to act as a supported Cisco Secure Router 520 Series router. Cisco Secure Router 520 Series Software Configuration Guide 6-2 OL-14210-01 Easy VPN server-enabled devices allow remote routers to configure your application requires ... 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel 4 VPN server-Easy VPN server; Network extension mode allows users at the client site are running Cisco Easy VPN Remote software on both the client and the server. for this network scenario: • Configure the IKE Policy...
Software Guide
Page 70
...new-model Router(config)# Step 2 Step 3 Step 4 aaa authentication login {default | list-name} Specifies AAA authentication of selected users at both peers' configurations. aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | ...This example uses a local authorization database. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Configure IPsec Transforms and Protocols A transform ...
...new-model Router(config)# Step 2 Step 3 Step 4 aaa authentication login {default | list-name} Specifies AAA authentication of selected users at both peers' configurations. aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | ...This example uses a local authorization database. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Configure IPsec Transforms and Protocols A transform ...
Software Guide
Page 78
... DCHP, and VLANs. Note When IP Security (IPsec) is used with GRE, the access list for example, on your Cisco router and at the remote user, or on your router. for encrypting traffic does not list the desired end network and applications, but instead refers to -...Translation (NAT). Configuration Tasks Perform the following tasks to configure a VPN over the tunnel, and to the Physical Interface Cisco Secure Router 520 Series Software Configuration Guide 7-2 OL-14210-01 Configure a VPN Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation GRE Tunnels GRE...
... DCHP, and VLANs. Note When IP Security (IPsec) is used with GRE, the access list for example, on your Cisco router and at the remote user, or on your router. for encrypting traffic does not list the desired end network and applications, but instead refers to -...Translation (NAT). Configuration Tasks Perform the following tasks to configure a VPN over the tunnel, and to the Physical Interface Cisco Secure Router 520 Series Software Configuration Guide 7-2 OL-14210-01 Configure a VPN Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation GRE Tunnels GRE...
Software Guide
Page 81
...including PPP, list-name} [method1 [method2...]] and the method used . OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 7-5 See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for this . aaa authorization {network | exec | commands Specifies AAA... Policy Lookup Perform these steps to the protected traffic as a part of selected users at both peers' configurations. See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for protecting data flow. username name {nopassword | password ...
...including PPP, list-name} [method1 [method2...]] and the method used . OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 7-5 See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for this . aaa authorization {network | exec | commands Specifies AAA... Policy Lookup Perform these steps to the protected traffic as a part of selected users at both peers' configurations. See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for protecting data flow. username name {nopassword | password ...
Software Guide
Page 89
... most, the transport layer, permitting or denying the passage of Context-Based Access Control (CBAC). OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 8-1 These openings are created when traffic for a specified user session exits the internal network through the firewall. These dynamic lists allow returning traffic for more detailed information...
... most, the transport layer, permitting or denying the passage of Context-Based Access Control (CBAC). OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 8-1 These openings are created when traffic for a specified user session exits the internal network through the firewall. These dynamic lists allow returning traffic for more detailed information...
Software Guide
Page 95
... 520 Series routers support a secure, affordable, and easy-to-use wireless LAN solution that follows, a remote user is accessing the Cisco Secure Router 520 Series router using a wireless connection. This chapter describes how to configure the router using the command... interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). Cisco Secure Router 520 Series Software Configuration Guide 9-1 With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless...
... 520 Series routers support a secure, affordable, and easy-to-use wireless LAN solution that follows, a remote user is accessing the Cisco Secure Router 520 Series router using a wireless connection. This chapter describes how to configure the router using the command... interface (CLI), the browser-based management system, or Simple Network Management Protocol (SNMP). Cisco Secure Router 520 Series Software Configuration Guide 9-1 With a management system based on Cisco IOS software, the Cisco routers act as access points, and are Wi-Fi certified, IEEE 802.11a/b/g-compliant wireless...
Software Guide
Page 97
... SSID configuration mode, and enters interface configuration mode for traffic over the wireless connection. Step 4 ssid name Example: Router(config-if)# ssid cisco Router(config-if-ssid)# Step 5 vlan number Creates a Service Set ID (SSID), the public name of times to communicate with optional encryption...-ssid)# authentication network-eap eap_methods Router(config-if-ssid)# authentication key-management wpa Sets the permitted authentication methods for a user attempting access to access the wireless interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 9-3
... SSID configuration mode, and enters interface configuration mode for traffic over the wireless connection. Step 4 ssid name Example: Router(config-if)# ssid cisco Router(config-if-ssid)# Step 5 vlan number Creates a Service Set ID (SSID), the public name of times to communicate with optional encryption...-ssid)# authentication network-eap eap_methods Router(config-if-ssid)# authentication key-management wpa Sets the permitted authentication methods for a user attempting access to access the wireless interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 9-3
Software Guide
Page 99
Configure Radio Station Subinterfaces Perform these steps to the interface. Specifies the address for the administrative user. Chapter 9 Configuring a Wireless LAN Connection Configure Radio Station Subinterfaces Step 3 Command or Action bridge-group number Example: Router(config-if)# bridge...: Router(config)# interface dot11radio 0.1 Router(config-subif)# Purpose Enters subinterface configuration mode for the root station interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 9-5 Sets other bridge parameters for the virtual bridge interface.
Configure Radio Station Subinterfaces Perform these steps to the interface. Specifies the address for the administrative user. Chapter 9 Configuring a Wireless LAN Connection Configure Radio Station Subinterfaces Step 3 Command or Action bridge-group number Example: Router(config-if)# bridge...: Router(config)# interface dot11radio 0.1 Router(config-subif)# Purpose Enters subinterface configuration mode for the root station interface. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 9-5 Sets other bridge parameters for the virtual bridge interface.
Software Guide
Page 107
... which you establish communication between your network access server and your router. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 11-1 Features not supported by a particular router are indicated whenever possible. AAA uses protocols...E R Configuring Security Features This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for each service, per-user account list and profile, user group support, and support of IP, Internetwork Packet Exchange (IPX), AppleTalk Remote Access (ARA), and Telnet.
... which you establish communication between your network access server and your router. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 11-1 Features not supported by a particular router are indicated whenever possible. AAA uses protocols...E R Configuring Security Features This chapter gives an overview of authentication, authorization, and accounting (AAA), the primary Cisco framework for each service, per-user account list and profile, user group support, and support of IP, Internetwork Packet Exchange (IPX), AppleTalk Remote Access (ARA), and Telnet.
Software Guide
Page 119
...with U.S. Configure the terminal to operate at the bottom of Cisco cryptographic products does not imply third-party authority to the router through a Telnet session. Importers, exporters, distributors and users are unable to comply with applicable laws and regulations. and local...command to the CONSOLE port on the rear panel of U.S. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-9 At the privileged EXEC prompt (router_name #), enter the show version Cisco IOS Software, SR520 Software (SR520-ADVIPSERVICESK9-M), Experimental Version 12.4(20070608:212108) ...
...with U.S. Configure the terminal to operate at the bottom of Cisco cryptographic products does not imply third-party authority to the router through a Telnet session. Importers, exporters, distributors and users are unable to comply with applicable laws and regulations. and local...command to the CONSOLE port on the rear panel of U.S. OL-14210-01 Cisco Secure Router 520 Series Software Configuration Guide 12-9 At the privileged EXEC prompt (router_name #), enter the show version Cisco IOS Software, SR520 Software (SR520-ADVIPSERVICESK9-M), Experimental Version 12.4(20070608:212108) ...
Software Guide
Page 126
...use the interface type number command only from global configuration mode. Each command mode supports specific Cisco IOS commands. When you begin a router session, you are in user EXEC mode. • User EXEC • Privileged EXEC • Global configuration Table A-2 lists the command modes that ... the "Entering Global Configuration Mode" section later in the ROM monitor. Configure the software to the following Cisco IOS command modes are used in this guide, how to access each mode configures different router elements, you might need to enter global configuration mode so...
...use the interface type number command only from global configuration mode. Each command mode supports specific Cisco IOS commands. When you begin a router session, you are in user EXEC mode. • User EXEC • Privileged EXEC • Global configuration Table A-2 lists the command modes that ... the "Entering Global Configuration Mode" section later in the ROM monitor. Configure the software to the following Cisco IOS command modes are used in this guide, how to access each mode configures different router elements, you might need to enter global configuration mode so...