Guest

Cisco 800 Series Routers

Software Enhancements for the Cisco 800 Routers and SOHO Routers

  • Viewing Options

  • PDF (819.6 KB)
  • Feedback
Software Enhancements for the Cisco 800 Routers and SOHO Routers

Table Of Contents

Software Enhancements for the Cisco 800 Routers and SOHO Routers

Related Documents

Supported Features

Adjusting TCP Maximum Segment Size for PPP over Ethernet

Configuration Example

Configuring Low-Latency Queuing and Link Fragmentation and Interleaving

Configuring LLQ

Configuring LFI

Configuring the Length of the PVC Transmit Ring

Configuration Example

DHCP Server Import

Configuring DHCP Server Import

Configuration Examples

IP Control Protocol Subnet Mask Delivery

Configuring IPCP

Configuration Examples

Service Assurance Agent

Secure Shell

IP Named Access Lists

International Phone Support

International Tone, Cadence, Ring Frequency, and Impedance Support

International Caller ID

Configuring International Phone Support

Committed Access Rate

Configuration Example

IP Security Through Network Address Translation Support

VoAAL2 ATM Forum Profile 9 Support

Configuring ATM Forum Profile 9

Configuration Example

ATM OAM F5 Continuity Check Support

oam-pvc manage cc Command

oam retry cc activation-count deactivation-count retry-frequency Command

oam-pvc manage cc deny Command

debug atm oam cc Command

Output Example

RADIUS Support

NAT Default Inside Server Enhancement

Cisco Easy VPN Client

Easy VPN Documentation

Dial-on-Demand Routing for PPPoE Client

Configuring DDR for a PPPoE Client

Configuration Example

Class-Based Traffic Shaping to Support Low-Latency Queuing

Configuring CBTS for LLQ

Configuration Example

Weighted Fair Queuing

Configuring Weighted Fair Queuing

Configuration Example

dsl enable-training-log Command

DNS-Based X.25 Routing

X.25 Load Balancing

X.25 Closed User Group

TACACS+

Authentication Proxy

Port to Application Mapping

CBAC Audit Trails and Alerts

Hot Standby Router Protocol

Configuration Examples

DNS Proxy

Configuration Example

Skinny NAT—Support of IP Phone to Cisco Call Manager

NAT Support of SIP

T.38 Fax Relay

Modem Passthrough Over VoIP

Caller ID for Spain and Austria

SIP Support for VoIP

ADSL LED Blinking When DSL Line Trains

CBQoS MIB and DSCP

Virtual Router Redundancy Protocol (VRRP)

Direct HTTP Enroll with CA Servers

Obtaining Documentation

World Wide Web

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Web Site

Cisco TAC Escalation Center

Obtaining Additional Publications and Information


Software Enhancements for the Cisco 800 Routers and SOHO Routers


April 28, 2003

This document describes new features introduced and provides software configuration information for the following Cisco routers:

The Cisco 801, 802, 803, and 804 ISDN routers

The Cisco 805 serial interface router

The Cisco 806 Ethernet router

The Cisco 820 series routers

The SOHO 70 series routers

This document is updated on an ongoing basis. For last-minute updates to this configuration note, go to the following documentation website:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/index.htm


Note If you have just received your router, note that it may not have been shipped with the most up-to-date Cisco IOS software image. To determine the latest available images for your router, refer to the following website:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/800/index.htm


For information on the Cisco 811 and 813 routers, go to the following documentation website:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/811-813/index.htm

This document contains the following sections:

Related Documents

Supported Features

Obtaining Documentation

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Related Documents

The following documents provide additional information about installing and configuring the Cisco routers whose features are described in this document:

Cisco 800 series routers

Cisco 800 Series Router Cabling and Setup Quick Start Guide—Provides quick installation information on the Cisco 801-804 routers.

Cisco 800 Series Routers Hardware Installation Guide—Provides installation information on the Cisco 801-804 routers.

Cisco 800 Series Routers Software Configuration Guide—Provides sample networks and router configurations for the Cisco 801-804 routers.

Cisco 805 router

Cisco 805 Router Cabling and Setup Quick Start Guide—Provides quick installation information on the Cisco 805 router.

Cisco 805 Router Hardware Installation Guide—Provides installation information on the Cisco 805 router.

Cisco 805 Router Software Configuration Guide—Provides sample networks and router configurations for the Cisco 805 router.

Cisco 806 and SOHO 71 routers

Cisco 806 Router and SOHO 71 Router Hardware Installation Guide—Provides installation information on the Cisco 806 routers and SOHO 71 routers.

Cisco 806 Router and SOHO 71 Router Cabling and Setup Quick Start Guide—Provides quick installation information on the Cisco SOHO 71 router.

Cisco 806 Router Software Configuration Guide—Provides sample networks and router configurations for the Cisco 806 router. The information also applies to the SOHO 71 router.

Regulatory Compliance and Safety Information for the Cisco 806 Router and SOHO 71 Router documentation—Provides safety warnings and compliance information concerning the router.

Cisco 826 router

Cisco 826 Routers Hardware Installation Guide—Provides installation information on the Cisco 826 routers.

Cisco 826 and Cisco SOHO 76 Router Quick Start Guide—Provides quick installation information on the Cisco 826 router.

Cisco 827 routers

Cisco 827 Routers Hardware Installation Guide—Provides installation information on the Cisco 827 routers.

Cisco 827 Router Cabling and Setup Quick Start Guide—Provides quick installation information on the Cisco 827 routers.

Cisco 827 Routers Software Configuration Guide—Provides sample networks and router configurations for the Cisco 827 routers.

Cisco 828 and SOHO 78 routers

Cisco 828 and SOHO 78 Cabling and Setup Quick Start Guide—Provides quick installation information on the Cisco 828 and SOHO 78 routers.

Cisco 828 and SOHO 78 Routers Hardware Installation Guide—Provides installation information on the Cisco 828 and SOHO 78 routers.

Cisco 828 and SOHO 78 Routers Software Configuration Guide—Provides sample networks and router configurations for the Cisco 828 and SOHO 78 routers.

SOHO 77 router

Configuration Note for Cisco SOHO 76 and 77 Routers—Describes software configuration information for the Cisco small office/home office (SOHO) 76 and 77 routers. For information on hardware installation, refer to the Cisco 827 Routers Hardware Installation Guide.

Cisco IOS Release 12.1 Configuration Guides and Command References—Provide Cisco IOS software commands and configurations for your router.

Cisco IOS Release 12.1 Configuration Guides and Command References—Provide Cisco IOS commands and configurations for your router.

Cisco 800 Series routers Cisco IOS release notes—Provide information on Cisco IOS releases for the Cisco 800 platforms.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/800/index.htm

Cisco SOHO Series routers Cisco IOS release notes—Provide information on Cisco IOS releases for the Cisco SOHO platforms.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122relnt/soho_70/index.htm

Supported Features

The following features are described in this document:

Adjusting TCP Maximum Segment Size for PPP over Ethernet

Configuring Low-Latency Queuing and Link Fragmentation and Interleaving

Configuring the Length of the PVC Transmit Ring

DHCP Server Import

IP Control Protocol Subnet Mask Delivery

Service Assurance Agent

Secure Shell

IP Named Access Lists

International Phone Support

Committed Access Rate

IP Security Through Network Address Translation Support

VoAAL2 ATM Forum Profile 9 Support

ATM OAM F5 Continuity Check Support

RADIUS Support

NAT Default Inside Server Enhancement

Cisco Easy VPN Client

Dial-on-Demand Routing for PPPoE Client

Class-Based Traffic Shaping to Support Low-Latency Queuing

Weighted Fair Queuing

dsl enable-training-log Command

DNS-Based X.25 Routing

X.25 Load Balancing

X.25 Closed User Group

TACACS+

Authentication Proxy

Port to Application Mapping

CBAC Audit Trails and Alerts

Hot Standby Router Protocol

DNS Proxy

Skinny NAT—Support of IP Phone to Cisco Call Manager

NAT Support of SIP

T.38 Fax Relay

Modem Passthrough Over VoIP

Caller ID for Spain and Austria

SIP Support for VoIP

ADSL LED Blinking When DSL Line Trains

CBQoS MIB and DSCP

Virtual Router Redundancy Protocol (VRRP)

Direct HTTP Enroll with CA Servers

Table 1 and Table 2 shows which features each router supports and which Cisco IOS release first supported the feature on the router.

Table 1 Features of Cisco 800, 820, and SOHO 70 Routers  

Feature
Release First Available
801 - 804
805
806
826
827, 827H 1
827-4V
828
SOHO
71
SOHO
76
SOHO
77, 77H 2
SOHO
78

Adjusting TCP Maximum Segment Size for PPP over Ethernet

YB=First available on release 12.1(5)YB

XE=First available on release 12.2(1)XE

X

XE

X

YB

X

YB

X

YB

X

XE

 

X

X

YB

X

XE

Low Latency Queuing

YB=First available on release 12.1(5)YB

XM=First available on release 12.2(4)XM

YJ=First available on Base IP images on release 12.2(8)YJ

YM=First available on Base IP images on release 12.2(8)YM

X

XM

X

YB

YJ

X

YB

YJ

X

YB

YJ

X

YM

   

X

YB

Link Fragmentation and Interleaving

YB=First available on release 12.1(5)YB

XE=First available on release 12.2(1)XE

X

YB

X

YB

X

YB

X

XE

   

X

YB

Length of PVC Transmit Ring

X

X

X

X

   

X

DHCP Server Import

XD=First available on release 12.2(1)XD

XE=First available on release 12.2(1)XE

X

XE

X

XD

X

XD

X

XD

X

XE

   

X

XD

X

XE

IPCP Subnet Mask Delivery

XD=First available on release 12.2(1)XD

XE=First available on release 12.2(1)XE

X

XE

X

XD

X

XD

X

XD

X

XE

   

X

XD

X

XE

Service Assurance Agent

XG=First available on release 12.1(3)XG

XD=First available on release 12.2(1)XD

XE=First available on release 12.2(1)XE

X

XG

X

XG

X

XE

X

XD

X

XD

X

XD

X

XE

   

X

XD

X

XE

Secure Shell

XD=First available on release 12.2(1)XD

XE=First available on release 12.2(1)XE

YA=First available on release 12.2(4)YA

X

XE

X

XD

X

XD

X

XD

X

XE

   

X

XD

YA (77H)

IP Named Access Lists

XD=First available on release 12.2(1)XD

XE=First available on release 12.2(1)XE

XH=First available on release 12.2(2)XH

YA=First available on release 12.2(4)YA

X

XH

X

XH

X

XE

X

XD

X

XD

YA (827H)

X

XD

X

XE

   

X

XD

YA (77H)

X

XE

International Phone Support

XI=First available on release 12.2(2)XI

X

XI

   

DHCP Option 12

XI=First available on release 12.2(2)XI

   

X

XI

               

Committed Access Rate

XH=First available on release 12.2(2)XH

XK=First available on release 12.2(2)XK

XM=First available on release 12.2(4)XM

YA=First available on release 12.2(4)YA

X

XM

X

XH

X

XH

YA (827H)

X

H

X

XK

   

NAT Passthrough with Raw IPSEC

XI=First available on release 12.2(2)XI

XK=First available on release 12.2(2)XK

YA=First available on release 12.2(4)YA

X

XI

X

XI

X

XK

X

XK

YA (827H)

X

XI

X

XK

   

X

XI

YA (77H)

X

XK

VoAAL2 Profile 9

XK=First available on release 12.2(2)XK

         

X

XK

         

ATM OAM F5 Continuity Check

XK=First available on release 12.2(2)XK

YA=First available on release 12.2(4)YA

X

XK

X

XK

YA (827H)

   

X

XK

YA (77H)

RADIUS Client Support

XK=First available on release 12.2(2)XK

XE=First available on release 12.2(1)XE

YA=First available on release 12.2(4)YA

X

XE

X

XK

X

XK

YA (827H)

X

XK

X

XK

   

X

XK

NAT Default Inside Server

XK=First available on release 12.2(2)XK

X

XK

   

Cisco Easy VPN Client

YA=First available on release 12.2(4)YA

X

YA

X

YA

X

YA

X

YA

X

YA

   

Cisco Easy VPN Client Phase 2

YJ=First available on release 12.2(8)YJ

YM=First available on release 12.2(8)YM

   

X

YJ

X

YJ

X

YJ

X

YJ

X

YM

       

Dial-on-Demand Routing for PPPoE Client

XM=First available on release 12.2(4)XM

YA=First available on release 12.2(4)YA

X

XM

X

XM

X

XM

YA (827H)

X

XM

X

XM

   

X

XM

YA (77H)

X

XM

Class-Based Traffic Shaping to Support Low Latency Queuing

XM=First available on release 12.2(4)XM

X

XM

   

Weighted Fair Queuing

XM=First available on release 12.2(4)XM

YA=First available on release 12.2(4)YA

X

XM

X

XM

X

XM

YA (827H)

X

XM

X

XM

   

dsl enable-training-log command

XM=First available on release 12.2(4)XM

YA=First available on release 12.2(4)YA

X

XM

X

XM

YA (827H)

X

XM

X

XM

       

X.25 Over TCP

XI=First available on release 12.2(2)XI

XG=First available on release 12.1(3)XG

X

XI

X

XG

                 

DNS-Based X.25 Routing

YA=First available on release 12.2(4)YA

X

YA

   

X.25 Load Balancing

YA=First available on release 12.2(4)YA

X

YA

   

X.25 Closed User Group

YA=First available on release 12.2(4)YA

X

YA

   

TACACS+

XE=First available on release 12.2(1)XE
YH
=First available on release 12.2(4)YH
YB=First available on release 12.1(1)YB

   

X

XE

 

X

YB

X

YB

 

X

YH

     

Authentication Proxy

YH=First available on release 12.2(4)YH

   

X

YH

               

Port to Application Mapping

YH=First available on release 12.2(4)YH

   

X

YH

               

CBAC Audit Trails and Alerts

YH=First available on release 12.2(4)YH

   

X

YH

               

Hot Standby Router Protocol

YM=First available on release 12.2(8)YM

   

X

YM

X

YM

X

YM

X

YM

X

YM

       

DNS Proxy

YM=First available on release 12.2(8)YM

   

X

YM

X

YM

X

YM

X

YM

X

YM

       

Skinny NAT—Support of IP Phone to Cisco Call Manager

YM=First available on release 12.2(8)YM

   

X

YM

X

YM

X

YM

X

YM

X

YM

       

NAT Support for SIP

YM=First available on release 12.2(8)YM

   

X

YM

X

YM

X

YM

X

YM

X

YM

       

T.38 Fax Relay

YU=First available on release 12.2(11)YU

         

X

YU

         

Modem Passthrough

YU=First available on release 12.2(11)YU

         

X

YU

         

Caller ID for Spain and Austria

YU=First available on release 12.2(11)YU

         

X

YU

         

SIP Support for VoIP

YU=First available on release 12.2(11)YU

         

X

YU

         

ADSL LED Blinking When DSL Line Trains

YU=First available on release 12.2(11)YU

     

X

YU

X

YU

X

YU

   

X

YU

X

YU

 

CBQoS MIB and DSCP

YU=First available on release 12.2(11)YU

     

X

YU

X

YU

X

YU

X

YU

       

1 The Cisco 827H router was introduced in the Cisco IOS 12.2(4) YA image.

2 The Cisco SOHO 77H router was introduced in the Cisco IOS 12.2(4) YA image.


Table 2 Features of Cisco 830, and SOHO 90 Routers  

Feature
Release First Available
831
836
837
SOHO 91
SOHO 96
SOHO 97

CBQoS MIB and DSCP

ZH=First available on release 12.2(13)ZH

 

X

ZH

X

ZH

     

Virtual Router Redundancy Protocol (VRRP)

ZH=First available on release 12.2(13)ZH

X

ZH

X

ZH

X

ZH

     

Direct HTTP Enroll with CA Servers

ZH=First available on release 12.2(13)ZH

X

ZH

X

ZH

X

ZH

     

The following URL contains links to Cisco IOS release product bulletins for the Cisco 800 and SOHO series routers. You can use them to determine when a feature was released for a particular router.

http://www.cisco.com/warp/public/cc/pd/rt/800/prodlit/index.shtml

Adjusting TCP Maximum Segment Size for PPP over Ethernet

If a Cisco router terminates the PPP over Ethernet (PPPoE) traffic, a computer connected to the Ethernet interface may have problems accessing websites. The solution is to manually reduce the maximum transmission unit (MTU) configured on the computer by constraining the TCP maximum segment size (MSS). Enter the following command on the router's Ethernet 0 interface:

ip tcp adjust-mss mss

where mss is 1452 or less.

Network address translation (NAT) must be configured for the ip tcp adjust-mss command to work.

See Table 1 to determine whether your Cisco router supports this feature.

Configuration Example

The following example shows a configuration of a PPPoE client.

vpdn enable
no vpdn logging
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
interface Ethernet0
 ip address 192.168.100.1 255.255.255.0
 ip tcp adjust-mss 1452
 ip nat inside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35 
  pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username sohodyn password 7 141B1309000528
!
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0.0.0.0.0 Dialer1
access-list 101 permit ip 192.168.100.0.0.0.0.255 any

Configuring Low-Latency Queuing and Link Fragmentation and Interleaving

Low latency queuing (LLQ) provides a low-latency, strict-priority transmit queue for voice over IP (VoIP) traffic.

Link Fragmentation and Interleaving (LFI) reduces voice traffic delay and jitter by fragmenting large data packets and interleaving voice packets within the data fragments.

See Table 1 to determine whether your Cisco router supports these features.

Configuring LLQ

Follow these steps to configure the router for LLQ:


Step 1 Ensure that the voice and data packets have different IP precedence values so that the router can differentiate between them. Normally, data packets should have an IP precedence of 0, and voice packets should have an IP precedence of 5. If the VoIP packets are generated from within the router, you may set the IP precedence to 5 for these packets by entering the ip precedence number command in dial-peer voice configuration mode as follows:

a. Enter the global configuration dial-peer voice 1 voip command.

b. Enter the ip precedence 5 command.

Step 2 Create an access list and a class map for the voice packets.

a. Create an access list by entering the access-list 101 permit ip any precedence 5 command.

b. Create a class map for the voice packets by entering class-map match-all voice command.

c. Link the class map to the access list by entering the match access-group 101 command.

Step 3 Create the LLQ for voice traffic.

a. Create a policy map by entering the policy-map mypolicy command.

b. Define the class by entering the class voice command.

c. Assign the priority bandwidth to the voice traffic. The priority bandwidth assigned to the voice traffic depends on the codec used and the number of simultaneous calls that you allow. For example, a G.711 codec call consumes 200 kbps; therefore, to support one G.711 voice call you would enter a priority 200 command.

Step 4 Attach LLQ to the dialer interface.

a. Enter the global configuration interface dialer 1 command.

b. Create a service policy by entering the service-policy out mypolicy command.


Configuring LFI

Follow these steps to configure the router for LFI.


Note When you are configuring LFI, the data fragment size must be greater than the voice packet size; otherwise, the voice packets fragment and voice quality deteriorates.



Step 1 Configure the dialer bandwidth. The dialer interface has a default bandwidth of 56 kbps, which may be less than the upstream bandwidth of your digital subscriber line (DSL) connection. You can find the upstream bandwidth of your DSL connection by entering the show dsl interface atm0 command in dialer interface configuration mode. If you have two or more permanent virtual circuits (PVCs) sharing the same DSL connection, the bandwidth configured for the dialer interface must be the same as the bandwidth allocated to its assigned PVC.

Step 2 Enable PPP multilink, and configure fragment delay and interleaving for the dialer interface.

a. Enter the global configuration interface dialer 1 command.

b. Specify the dialer bandwidth by entering the bandwidth 640 command. The bandwidth is specified in kilobits per second (kbps).

c. Enter the ppp multilink command.

d. Specify PPP multilink interleaving by entering the ppp multilink interleave command.

e. Define the fragment delay by entering the ppp multilink fragment-delay 10 command.

f. Calculate the fragment size using the following formula:

fragment size = (bandwidth in kbps/8) * fragment delay in milliseconds (ms)

In this case, the fragment size = (640/8) * 10, resulting in a fragment size of 800. The fragment size is greater than the maximum voice packet size of 200, which is G.711 20 ms. A low fragment delay corresponds to a fragment size that may be smaller than the voice packet size, resulting in reduced voice quality.


Configuring the Length of the PVC Transmit Ring

If both voice and data packets share the same PVC, it is important to reduce the PVC transmit (TX) ring size. This reduces the maximum number of data packets and fragments that can be in front of a voice packet in the hardware queue, thus reducing latency.

See Table 1 to determine whether your Cisco router supports this feature.

Follow these steps to reduce the PVC TX ring size:


Step 1 Enter the global configuration int atm 0 command.

Step 2 Specify the PVC number by entering the pvc 1/100 command.

Step 3 Reduce the PVC TX ring size to 3 by entering the tx-ring-limit 3 command.


Configuration Example

The following example combines LFI, LLQ, and the PVC TX ring configurations.

class-map match-all voice
match access-group 101
!
policy-map mypolicy
 class voice
  priority 200 
 class class-default
  fair-queue
!
interface Ethernet0
ip address 70.0.0.1 255.255.255.0
no ip mroute-cache
!
interface ATM0
 no ip address
 bundle-enable
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no ip mroute-cache
 pvc 1/40 
 encapsulation aal5mux ppp dialer
 dialer pool-member 1
 tx-ring-limit 3
!
interface Dialer1
 bandwidth 640
 ip address 60.0.0.1 255.255.255.0
 encapsulation ppp
 dialer pool 1
 service-policy output mypolicy
 ppp multilink
 ppp multilink fragment-delay 10
 ppp multilink interleave
!
ip classless
no ip http server
!
access-list 101 permit ip any any precedence 5
!
voice-port 1
!
voice-port 2
!
voice-port 3
!
voice-port 4
dial-peer voice 110 pots
		 destination-pattern 1105555
 port 1
!
dial-peer voice 210 voip
 destination-pattern 2105555
 session target ipv4:60.0.0.2
 codec g711ulaw
 ip precedence 5

DHCP Server Import

Before Cisco IOS Release 12.1(5), the only way to configure the Dynamic Host Configuration Protocol (DHCP) options on the Cisco IOS DHCP server was through the command-line interface (CLI). However, you may not want to configure the same DHCP options on multiple DHCP servers if you can, instead, configure a remote master DHCP server located on the corporate backbone. In this case, all the local DHCP servers will have the same DHCP options as those configured on the remote DHCP server.

The Cisco IOS DHCP server has been enhanced to allow configuration information to be updated automatically by PPP. You can enable PPP to automatically configure the Domain Name Server (DNS), the Windows Information Name Server (WINS), or the NetBIOS Name Service (NBNS), and the server IP address information within a Cisco IOS DHCP server pool.

See Table 1 to determine whether your Cisco router supports this feature.

Configuring DHCP Server Import

Follow these steps to configure the Cisco router for DHCP server import:


Step 1 Configure the asynchronous transfer mode (ATM) interface and the asymmetric digital subscriber line (ADSL) operating mode.

Step 2 Create an ATM PVC for data traffic, enter virtual circuit configuration mode, and specify the virtual path identifier/virtual channel identifier (VPI /VCI) values, the encapsulation type, and the dial-pool member.

Step 3 Create a dialer interface.

a. Enter configuration mode for the dialer interface.

b. Specify the MTU size as 1492.

c. Assign ip address negotiated to the dialer interface.

d. Configure the dialer group number.

e. Configure PPP encapsulation and (if needed) Challenge Handshake Authentication Protocol (CHAP).

f. Configure IP negotiation of DNS and WINS requests.

Step 4 Define an IP DHCP pool name.

a. Configure the network and domain name (if needed) for the DHCP pool.

b. Enter the import all command.

Step 5 Configure a dialer list and a static route for the dialer interface.


Configuration Examples

The following example shows configuration of the DHCP server import on the Cisco router (CPE):

router-820#show run
Building configuration...
Current configuration:1510 bytes
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router-820
logging rate-limit console 10 except errors
!
username 3620-4 password 0 lab
mmi polling-interval 60
mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip finger
no ip domain-lookup
!
ip dhcp pool 2
import all
network 192.150.2.0 255.255.255.0
domain-name devtest.com
default-router 192.150.2.100 
lease 0 0 3
!
no ip dhcp-client network-discovery
vpdn enable
no vpdn logging
vpdn-group 1
request-dialin
protocol pppoe

call rsvp-sync
!
interface Ethernet0
ip address 192.150.2.100 255.255.255.0
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/16 ilmi
!
pvc 1/40 
protocol pppoe
pppoe-client dial-pool-number 1
!
bundle-enable
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap
ppp ipcp dns request
ppp ipcp wins request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
ip nat inside source list 101 interface Dialer0 overload
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server manager
!
voice-port 1
voice-port 2
voice-port 3
voice-port 4
!
line con 0
transport input none
stopbits 1
line vty 0 4
scheduler max-task-time 5000
end

The following example shows DHCP proxy client configuration:

3620-4#show run
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3620-4
logging rate-limit console 10 except errors
!
username 820-uut1 password 0 lab
username 820-uut4 password 0 lab
memory-size iomem 10
ip subnet-zero
!
no ip finger
!
ip address-pool dhcp-proxy-client
ip dhcp-server 192.150.1.101
vpdn enable
no vpdn logging
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
call rsvp-sync
cns event-service server
!
interface Ethernet0/0
ip address 192.150.1.100 255.255.255.0
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface ATM1/0
no ip address
no atm scrambling cell-payload
no atm ilmi-keepalive
pvc 1/40 
encapsulation aal5snap
protocol pppoe
!
interface Virtual-Template1
ip address 2.2.2.1 255.255.255.0
ip mtu 1492
peer default ip address dhcp
ppp authentication chap
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
dialer-list 1 protocol ip permit
dial-peer cor custom
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
login
end

The following example shows configuration on the remote DHCP server:


2500ref-4#show run
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 2500ref-4
!
no logging console
!
ip subnet-zero
no ip domain-lookup
ip host PAGENT-SECURITY-V3 45.41.44.82 13.15.0.0
ip dhcp excluded-address 2.2.2.1
!
ip dhcp pool 1
network 2.2.2.0 255.255.255.0
dns-server 53.26.25.23 
netbios-name-server 66.22.66.22 
domain-name ribu.com
lease 0 0 5
!
cns event-service server
!
interface Ethernet0
ip address 192.150.1.101 255.255.255.0
interface Ethernet1
ip address 192.168.254.165 255.255.255.0
interface Serial0
no ip address
shutdown
no fair-queue
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
dialer-list 1 protocol ip permit

line con 0
exec-timeout 0 0
transport input none
line aux 0
transport input all
line vty 0 4
login
no scheduler max-task-time
end

IP Control Protocol Subnet Mask Delivery

The IP Control Protocol (IPCP) feature assigns IP address pools to customer premises equipment (CPE) devices. These devices then assign IP addresses to the CPE and to a DHCP pool.

The IPCP feature provides the following functions:

The IOS CPE device requests and uses the subnet.

The Authentication, Authorization, and Accounting (AAA) Remote Authentication Dial-In User Service (RADIUS) provides the subnet and inserts the framed route into the proper virtual route forwarding (VRF) table.

The provider edge or the edge router helps in providing the subnet through IPCP.

DHCP support is no longer on the client side because the CPE can now receive both the IP address and the subnet mask during the PPP setup negotiation. If the CPE uses the DHCP servers to allocate addresses for its own network, subnets can be assigned through the node route processor (NRP) on the network access server (NAS) and distributed to the remote CPE DHCP servers.

See Table 1 to determine whether your Cisco router supports this feature.

Configuring IPCP

Follow these steps to configure the Cisco router (CPE) for IPCP:


Step 1 Configure the ATM interface, and enter the ADSL operating mode.

Step 2 Configure the ATM subinterface.

a. Create an ATM PVC for data traffic, enter virtual circuit configuration mode, and specify the VPI and VCI values.

b. Set the encapsulation of the PVC as aal5mux ppp to support data traffic.

Step 3 Create a dialer interface.

a. Enter configuration mode for the dialer interface.

b. Specify the PPP encapsulation type for the PVC.

c. Enter the ip unnumbered Ethernet 0 command to assign the Ethernet interface to the dialer interface.

d. Configure the dialer group number.

e. Configure CHAP.

f. Enter the ppp ipcp mask request command.

g. Assign a dialer list to this dialer interface.

Step 4 Define an IP DHCP pool name.

a. Enter the import all command.

b. Enter the origin ipcp command.

Step 5 Configure the Ethernet interface, and assign an IP address pool. Enter the pool name that you defined in Step 4.

Step 6 Configure a dialer list and a static route for the dialer interface.


Configuration Examples

The following example shows IPCP configuration on the Cisco router (CPE):

router-8274v-1# show run
Building configuration...
Current configuration:1247 bytes
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname router-8274v-1
!
no logging buffered
logging rate-limit console 10 except errors
!
username 6400-nrp2 password 0 lab
ip subnet-zero
ip dhcp smart-relay
!
ip dhcp pool IPPOOLTEST
import all
origin ipcp
lease 0 0 1
!
no ip dhcp-client network-discovery
!
interface Ethernet0
ip address pool IPPOOLTEST
no shutdown
hold-queue 32 in
!
interface ATM0
no ip address
atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 1/40 
no ilmi manage
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface Dialer0
ip unnumbered Ethernet0
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname router-8274v-1
ppp chap password 7 12150415
ppp ipcp accept-address
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp mask request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
login
!
scheduler max-task-time 5000
end

The following example shows IPCP configuration on the remote server:


6400-nrp2#show run
Building configuration...

Current configuration:1654 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 6400-nrp2
!
aaa new-model
aaa authentication ppp default group radius
aaa authorization network default group radius 
aaa nas port extended
enable password lab
!
username router-8274v-1 password 0 lab
username TB2-8274v-2 password 0 lab
!
redundancy
main-cpu
auto-sync standard
no secondary console enable
ip subnet-zero
no ip finger
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
hold-queue 500 in
!
interface ATM0/0/0.4 point-to-point
pvc 6/40 
encapsulation aal5mux ppp Virtual-Template5
!
!interface ATM0/0/0.5 point-to-point
pvc 5/46 
protocol ip 7.0.0.60 broadcast
encapsulation aal5mux ppp Virtual-Template6
!
interface Ethernet0/0/1
no ip address
shutdown
!
interface Ethernet0/0/0
description admin IP address 192.168.254.201 255.255.255.0
ip address 192.168.254.240 255.255.255.0
!
interface FastEthernet0/0/0
ip address 192.168.100.101 255.255.255.0
half-duplex
!
interface Virtual-Template5
ip unnumbered FastEthernet0/0/0
no keepalive
no peer default ip address
ppp authentication chap
!
interface Virtual-Template6
ip unnumbered FastEthernet0/0/0
no peer default ip address
ppp authentication chap
!
ip classless
no ip http server
!
ip radius source-interface FastEthernet0/0/0
!
radius-server host 192.168.100.100 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server attribute nas-port format d
radius-server key foo
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
!
end

The following example shows IPCP configuration on the RADIUS server (Cisco Access Registrar 1.5):


/opt/AICar1/usrbin-4% ./aregcmd
Access Registrar Configuration Utility Version 1.5
Copyright (C) 1995-1998 by American Internet Corporation, and 1998-2000 by
 Cisco Systems, Inc. All rights reserved.
Cluster:localhost
User:admin
Password:
Logging in to localhost
400 Login failed/opt/AICar1/usrbin-5% ./aregcmd
Access Registrar Configuration Utility Version 1.5
Copyright (C) 1995-1998 by American Internet Corporation, and 1998-2000 by
Cisco Systems, Inc. All rights reserved.
Cluster:localhost
User:admin
Password:
Logging in to localhost

[ //localhost ]
LicenseKey = SBUC-7DQF-PM1E-5HPC (expires in 51 days)
Radius/
Administrators/

Server 'Radius' is Running, its health is 10 out of 10

--> cd radius

[ //localhost/Radius ]
Name = Radius
Description = 
Version = 1.6R1
IncomingScript~ = 
OutgoingScript~ = 
DefaultAuthenticationService~ = local-users
DefaultAuthorizationService~ = local-users
DefaultAccountingService~ = local-file
DefaultSessionService~ = 
DefaultSessionManager~ = 
UserLists/
UserGroups/
Policies/
Clients/
Vendors/
Scripts/
Services/
SessionManagers/
ResourceManagers/
Profiles/
Rules/
Translations/
TranslationGroups/
RemoteServers/
Advanced/
Replication/

--> cd profile

[ //localhost/Radius/Profiles ]
ls
Entries 1 to 6 from 6 total entries
Current filter:<all>

default-PPP-users/
default-SLIP-users/
default-Telnet-users/
StaticIP/
router-8274v-1/
TB2-8274v-2/

--> ls

[ //localhost/Radius/Profiles ]
Entries 1 to 6 from 6 total entries
Current filter:<all>

default-PPP-users/
default-SLIP-users/
default-Telnet-users/
StaticIP/
router-8274v-1/
TB2-8274v-2/

--> cd router-8274v-1

[ //localhost/Radius/Profiles/router-8274v-1 ]
Name = router-8274v-1
Description = 
Attributes/

--> ls

[ //localhost/Radius/Profiles/router-8274v-1 ]
Name = router-8274v-1
Description = 
Attributes/

--> cd attribute

[ //localhost/Radius/Profiles/router-8274v-1/Attributes ]
cisco-avpair = "ip:wins-servers=100.100.100.100 200.200.200.200"
cisco-avpair = "ip:dns-servers=60.60.60.60 70.70.70.70"
Framed-Compression = none
Framed-IP-Address = 40.1.2.30
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Framed-Protoc
l = ppp
Framed-Routing = None
Service-Type = Framed

Service Assurance Agent

The Service Assurance Agent (SAA) is an agent that monitors network performance by measuring key factors such as response time, availability, jitter, connect time, throughput, and packet loss.

The SA agent is a new name and an enhancement for the Response Time Reporter (RTR) feature introduced in Cisco IOS Release 11.2.

For configuration information on this feature, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd301d.htm#xtocid135130

See Table 1 to determine whether your Cisco router supports this feature.

Secure Shell

Secure Shell (SSH) is a protocol that provides a secure and remote connection to a router. SSH is available in two versions, SSH Version 1 and SSH Version 2. Only SSH Version 1 is available in the Cisco IOS software.

For configuration information on this feature, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s5/sshv1.htm

See Table 1 to determine whether your Cisco router supports this feature.

IP Named Access Lists

You can identify IP access lists with an alphanumeric string (name) instead of a number. When you use named access lists, you can configure more IP access lists in a router.

For configuration information on this feature, refer to the following URL:

http://cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt1/1cdip.htm#xtocid2299616

See Table 1 to determine whether your Cisco router supports this feature.

International Phone Support

Cisco IOS software provides international phone support (H.323 only) for the following countries:

Italy

Denmark

Australia

International phone support commands configure voice port settings and caller ID settings.

See Table 1 to determine whether your Cisco router supports this feature.

H.323 international phone support has been tested and verified to work with the following equipment identified for Italy and Denmark.

The following devices are supported in Italy:

Telephones:

Siemens Gigaset 3015 Class Model

Telecom Italia MASTER s.p. LUPO VIEW

Alcatel Dial Face Mod. SIRIO 2000 Basic A

Caller-ID Devices:

BRONDI INDOVINO

Fax equipment:

Canon FAX-B155

The following devices are supported in Denmark:

Telephones:

Tele Danmark dana classic

Tele Danmark Danafon Topas

Caller-ID Devices:

DORO Danmark DOROX5

International Tone, Cadence, Ring Frequency, and Impedance Support

The default voice-port configuration for all voice ports specifies the U.S. country code, 600-ohm impedance, and 25-Hz ring frequency. Cisco IOS software supports commands for setting ring tone, cadence, frequency, and line impedance.

cptone Command

Use the voice-port configuration mode cptone command to specify a regional analog voice interface-related tone. Use the no form of this command to disable the selected tone.

cptone { dk | it | au }

no cptone { dk | it | au }

The following table shows what each code specifies.

Code
Country
Parameters

dk

Denmark

POTS line type 2 (complex impedance), a-law encoding, OSI disconnect supervision, 25-Hz ringing frequency, 0 guard time

it

Italy

POTS line type 2 (complex impedance), a-law encoding, OSI disconnect supervision, 25-Hz ringing frequency, 0 guard time

au

Australia

POTS line type 2 (complex impedance), a-law encoding, OSI disconnect supervision, 20-Hz ringing frequency, 0 guard time


ring cadence Command

To specify the ring cadence for a Foreign Exchange Station (FXS) voice port, use the ring cadence command in voice-port configuration mode. Use the no form of this command to restore the default value for this command.

ring cadence cadence

no ring cadence

The ring cadence command can take the following values.

Value
Meaning

define

User-defined cadence

pattern01

2 seconds on, 4 seconds off

pattern02

1 second on, 4 seconds off

pattern03

1.5 seconds on, 3.5 seconds off

pattern04

1 second on, 2 seconds off

pattern05

1 second on, 5 seconds off

pattern06

1 second on, 3 seconds off

pattern07

.8 second on, 3.2 seconds off

pattern08

1.5 seconds on, 3 seconds off

pattern09

1.2 seconds on, 3.7 seconds off

pattern10

1.2 seconds on, 4.7 seconds off

pattern11

0.4 second on, 0.2 second off, then
0.4 second on, 2 seconds off

pattern12

0.4 second on, 0.2 second off, then
0.4 second on, 2.6 seconds off


ring frequency Command

To specify the ring frequency for a specified FXS voice port, use the ring frequency command in voice-port configuration mode. Use the no form of this command to restore the default value for this command.

ring frequency frequency

no ring frequency

To select the ring frequency, use the commands as follows.

25

Specify a 25-Hz ring frequency.

50

Specify a 50-Hz ring frequency.


impedance Command

To specify the terminating impedance of a voice port interface, use the impedance command in voice-port configuration mode. Use the no form of this command to restore the default value.

impedance {600c | 600r | 900c | 900r | complex1 | complex2}

no impedance {600c | 600r | 900c | 900r | complex1 | complex2}

The following table shows what each code specifies.

Code
Impedance

600c

600-ohm complex

600r

600-ohm real

900c

900-ohm complex

900r

900-ohm real

complex1

complex 1

complex2

complex 2


When using the impedance command, be aware of the following constraints:

The c600r option selects the current POTS line type 0 implementation.

The 900r option selects the current POTS line type 1 implementation.

The 600c, 900c, complex1, and complex2 options select the current POTS line type 2 implementation.

International Caller ID

Caller ID (CLID) is an analog service that displays the number of the calling line to the receiving line's terminal device when it receives a call. In some countries, CLID is called Calling Line Identity Presentation (CLIP). The Cisco router receives CLID data as a part of the H.225 Setup Message and transmits it to the terminal device, which can either be a CLID device or a telephone capable of showing CLID messages.

There are two types of CLID: Type I and Type II. Type I transmits the CLID information when the receiving phone is on hook. Type II transmits the CLID information when the receiving phone is off hook. Only type I CLID is supported in this release.

caller-id enable Command

To allow the sending of caller ID information to the FXS voice port, use the caller-id enable voice-port configuration command. To disable the sending of caller ID information, use the no form of this command, which also clears all other caller ID configuration settings for the voice port.

caller-id enable

no caller-id enable

The country code specified in the cptone command must represent one of the countries for which caller ID is supported. Caller ID is disabled by default.

caller-id alerting Command

Specify the caller ID alerting method and enable caller ID support by using the caller-id alerting voice-port configuration command. The no form of this command sets the caller ID alerting type to caller ID alerting ring type 1.

caller-id alerting { line-reversal | pre-ring | ring < 1 | 2 > }

no caller-id alerting { line-reversal | pre-ring | ring < 1 | 2 > }

Alerting methods are described in the following table.

Alerting Method
Description

line-reversal

Use line-reversal alerting method.

pre-ring

Set a 250-millisecond pre-ring alerting method for caller ID information for on-hook (Type 1) caller ID at an FXS voice port.

ring < 1 | 2 >

Set the ring-cycle method for receiving caller ID information for on-hook (Type 1) caller ID at an FXS voice port.

 

1-If your telephone service provider specifies it, use this setting to provide caller ID alerting (display) after the first ring at the receiving station.

 

2-If your telephone service provider specifies it, use this setting to provide caller ID alerting (display) after the second ring.


The default alerting method is ring 1. If the country in which the router is installed uses a different alerting method, the appropriate alerting method must be configured. The caller-id alerting ring command can be used in countries using the BellCore/Telcordia standard. The caller-id alerting line-reversal, the caller-id alerting pre-ring, and caller-id alerting ring commands can be used in countries that do not use the BellCore/Telcordia standard.

The caller-id alerting command automatically enables caller ID support for the specific voice port.

caller-id block Command

To request blocking of the display of caller ID information at the far end of a call for calls originated at an FXS port, use the caller-id block voice-port configuration command at the originating Foreign FXS voice port. To allow the display of caller ID information, use the no form of this command.

caller-id block

no caller-id block

The default is no blocking of caller ID information.


Note The calling party information is included in the routed on-net call, as this information is often required for other purposes, such as billing and call blocking. The request to block display of the calling party information on terminating FXS ports is normally accepted by Cisco routers, but no guarantee can be made regarding the acceptance of the request by other equipment.


Configuring International Phone Support

Use the following procedure to configure a voice port to support caller ID, international cadence, impedance, and ring frequency, starting in global configuration mode:


Step 1 Enter the voice-port number command to enter voice-port configuration mode.

Step 2 Enter the cptone country-code command to specify settings for call-progress tone, ring cadence, line impedance, and ring frequency.

Step 3 Enter one of the following commands to enable caller ID:

Enter the caller-id enable command to enable caller ID support.

Enter the caller-id alerting alerting-method command to enable caller ID support and to specify the alerting method.

Step 4 Enter the caller-id block command to request blocking of the display of caller ID information at the far end of the call.

Step 5 Enter end to exit router configuration mode.


Configuration Example

The following voice-port configuration example shows two voice ports configured for the progress tone and line characteristics for Denmark. Caller ID is enabled on both ports, and port 1 requests that caller ID information be blocked at the other end when a phone call originates from this port. The second port uses the line-reversal alerting method.

!
voice-port 1
 cptone dk
 caller-id enable
 caller-id block
 timeouts call-disconnect 0
!
voice-port 2
 cptone dk
 caller-id alerting line-reversal
 timeouts call-disconnect 0

Committed Access Rate

Use the committed access rate (CAR) to limit bandwidth transmission rates to traffic sources and destinations and to specify policies for handling traffic that exceeds the specified bandwidth allocations. To enable CAR, enter the rate-limit command while in ATM interface configuration mode.

See Table 1 to determine whether your Cisco router supports this feature.

Configuration Example

The following example shows a CAR configuration:

interface ATM0.1 point-to-point
 mtu 576
 ip address 10.0.0.10 255.255.255.0
 rate-limit output 368000 2000 2000 conform-action set-dscp-transmit 40 exceed-action 
set-dscp-transmit 48
 pvc 0/33 
  protocol ip 10.0.0.9 broadcast
  vbr-nrt 142 142 1
  encapsulation aal5snap
 !

IP Security Through Network Address Translation Support

Cisco IOS Release 12.2(2)XI NAT supports IP Security (IPSec) client software that does not use Transmission Control Protocol (TCP) wrapping or User Datagram Protocol (UDP) wrapping. On Cisco routers, this feature allows the simultaneous use of multiple, PC-based IPSec clients on which IPSec packet wrapping is disabled or is not supported. When PCs connected to the router create an IPSec tunnel, network address translation (NAT) on the router translates the private IP addresses in these packets to public IP addresses. This NAT feature also supports multiple Point-to-Point Tunneling Protocol (PPTP) sessions, which may be initiated by PCs with PPTP client software.

See Table 1 to determine whether your Cisco router supports this feature.

On the Cisco 801, 802, 803 or 804 routers, you must enter the following global configuration mode command for this feature to work:

ip nat inside source list number interface bri number overload

In this command, number refers to the source list number and the basic rate interface number. The document at the following URL contains a configuration example:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/800/800swcfg/advscen.htm

If the Cisco 801, 802, 803, or 804 router is appropriately configured, you can enter this command for the dialer interface instead of the Basic Rate Interface.

On the Cisco 806 router, you must enter the following global configuration mode command for this feature to work:

ip nat inside source list number interface Ethernet 1 overload

In this command, number refers to the source list number. The document at the following URL provides a configuration example:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/806/806swcg/routconf.htm

On the Cisco 826, Cisco 827, and Cisco 828 routers, you must enter the following command in global configuration mode in order for this feature to work:

ip nat inside source list number interface BVI number overload

Refer to the SOHO 70 and Cisco 800 Series - Release Notes for Release 12.2(2)XI for IPSec through NAT configuration information for the Cisco 801-804 routers and the Cisco 806 router.

VoAAL2 ATM Forum Profile 9 Support

The Cisco 827-4v router supports voice over ATM Adaptation Layer 2 (VoAAL2) ATM Forum Profile 9. ATM Forum Profile 9 supports a 44-byte payload, optimizing voice transport efficiency, and makes interoperability with TdSoft gateways possible, as shown in the configuration in Figure 1.

Figure 1 Sample VOAAL2 Hardware Configuration

This feature enables the Cisco router to interoperate with General Recommendation 303 (GR.303) and V5.2 gateways that communicate with Class 5 switches. The voice PVC is routed to a VoAAL2 gateway that supports either the GR.303 or the V5.2 protocol. This gateway converts the AAL2-encoded voice cells to a format that can be sent over a time division multiplexed connection to a Class 5 switch. The data PVC can be routed through the digital subscriber line access multiplexer (DSLAM) or aggregator to the data network.

See Table 1 to determine whether your Cisco router supports this feature.

Configuring ATM Forum Profile 9

Follow these steps to configure ATM Forum Profile 9 support for a voice port, beginning in global configuration mode.


Step 1 Enter the voice class permanent 1 command to configure a voice class.

Step 2 Enter the signal timing oos timeout disabled command to disable the assertion of the receive oos pattern to the PBX when signaling packets are lost.

Step 3 Enter exit to exit voice class configuration mode.

Step 4 Enter voice service voatm to enter voice service configuration mode.

Step 5 Enter the session protocol aal2 command.

Step 6 Enter mode bles to indicate that VOATM is to be used in broadband loop emulation service (BLES) mode.

Step 7 Enter exit to leave session protocol mode, and then enter exit again to leave voice service configuration mode.

Step 8 Enter interface atm0 to enter ATM 0 interface configuration mode.

Step 9 Enter pvc vpi vci to specify the virtual path identifier and the virtual channel identifier of the PVC.

Step 10 Enter vbr-rt pcr acr bcs to specify the variable bit rate-real time peak cell rate and average cell rate in kbps, and the burst cell size in number of cells.


Note One phone line requires a minimum setting of 78 kbps for both PCR and ACR values.


Step 11 Enter encapsulation aal2 to specify that ATM adaptation layer 2 type encapsulation be used.

Step 12 Enter no atm cell-clumping-disable to ensure that sufficient bandwidth is allocated for data packets when voice calls are in progress.

Step 13 Enter exit to leave ATM 0 interface configuration mode.

Step 14 Enter the dial-peer voice tag voatm command. This command places the router in dial-peer voice configuration mode.

Step 15 Enter the session protocol aal2-trunk command.

Step 16 Enter the session target atm0 pvc vpi/vci cid cid command.

This command has the following parameters:

vpi—Virtual path identifier

vci—Virtual channel identifier

cid—AAL2 channel identifier

Step 17 To specify which codec profile the voice dial peer will use, enter one of these codec aal2 profile commands, as appropriate:

Enter codec aal2-profile atmf 9 g711alaw to specify that only G.711 a-law be used.

Enter codec aal2-profile atmf 9 g711ulaw to specify that only G.711 mu-law be used.

Step 18 Enter the destination-pattern destination string command. The destination string is the phone number in E.164 format that must match the destination string configured for the voice port in order to associate a dial peer with a voice port.

Step 19 Enter the voice-class permanent 1 command to associate this dial peer with the configured voice class.

Step 20 Enter no vad to specify no voice activity detection (VAD).

Step 21 Enter exit to leave dial peer voice configuration mode.

Step 22 Enter the voice port # command to enter voice port configuration mode.

Step 23 Enter the connection trunk destination-pattern command. The destination pattern must match the destination-string configured for the dial peer.

Step 24 Enter the playout-delay mode fixed no-timestamps command. This command causes the AAL2 packet to be played at a fixed rate and causes the timestamps carried in the packet to be ignored.

Step 25 Enter end to exit router configuration mode.


Configuration Example

The following example shows the configuration for two voice ports using Profile 9 and the G.711 a-law codec. VBR-RT, PCR, and ACR values are 312 to accommodate 4 phone lines, although only 2 phone lines are currently configured.

voice service voatm
 !
 session protocol aal2
  mode bles
!
!
voice class permanent 1
 signal timing oos timeout disabled
!
interface atm 0
 no atm cell-clumping-disable
 pvc 1/100
 vbr-rt 312 312 32
 encapsulation aal2
!
voice-port 1
 playout-delay mode fixed no-timestamps
 cptone DK
 timeouts wait-release 3
 connection trunk 8881052
 caller-id enable
 !
voice-port 2
 playout-delay mode fixed no-timestamps
 cptone DK
 timeouts wait-release 3
 connection trunk 8881053
 caller-id enable
!
!dial-peer voice 1000 voatm
 destination-pattern 8881052
 voice-class permanent 1
 session protocol aal2-trunk
 session target ATM0 pvc 1/100 16
 codec aal2-profile ATMF 9 g711alaw
 no vad
!
dial-peer voice 1001 voatm
 destination-pattern 8881053
 voice-class permanent 1
 session protocol aal2-trunk
 session target ATM0 pvc 1/100 17
 codec aal2-profile ATMF 9 g711alaw
 no vad
!

ATM OAM F5 Continuity Check Support

ATM operation administration and maintenance (OAM) F5 continuity check (CC) cells enable network administrators to detect misconfigurations in the ATM layer. Such misconfigurations can cause misdelivery of a cell stream to a third party or can cause unintended merging of cells from multiple sources.

CC cells provide an in-service tool optimized to detect connectivity problems at the ATM layer. CC cells are sent between a router designated as the source location and a router designated as the sink location. The local router can be configured as the source, as the sink, or as both the source and the sink. It is not necessary to enter a CC configuration on the router at the other end of the segment, because the router on which CC has been configured sends a CC activation request to the router at the other end of the segment, directing it to act as either a source or a sink.

See Table 1 to determine whether your Cisco router supports this feature.

oam-pvc manage cc Command

The oam-pvc manage cc command configures continuity checking on a PVC. Use the no form of this command to disable continuity checking on the segment.

oam-pvc manage cc segment direction [ source | sink | both ]

no oam-pvc manage cc segment direction [ source | sink | both ]

Syntax Description

segment direction specifies the CC cell transmission direction.

source

The router is to act as the source of CC cells.

sink

The router is to act as the sink, or destination, for transmitted CC cells.

both

The router is to act as both source and sink.


Default

The default segment direction is sink.

Command Mode

PVC configuration mode.

Command History

Release
Modification

Cisco IOS Release 12.2(2)XK

The keywords cc, segment direction, source, sink, and both were introduced on the Cisco 826, Cisco 827, and SOHO 77 routers.


Usage Guidelines

Using no oam-pvc manage cc deactivates continuity checking regardless of the direction in which it is being performed and regardless of which router initiated continuity checking.

Configuration Examples

The following configuration activates CC over the segment and causes the router to function as the source.

interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction source
 !
 end

The following configuration activates CC over the segment and causes the router to function as the sink.

interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction sink
 !
 end

The following configuration activates CC over the segment and causes the router to function both as the source of CC cells and as the sink:

interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction both
 !
 end

The following configuration deactivates segment CC:
interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
    no oam-pvc manage cc
!
end

oam retry cc activation-count deactivation-count retry-frequency Command

The oam retry cc activation-count deactivation-count retry-frequency command sets the frequency at which CC activation and deactivation requests are sent to the router at the other end of the segment. The no form of this command removes these settings.

oam retry cc activation-count number deactivation-count number retry-frequency seconds

no oam retry cc activation-count number deactivation-count number retry-frequency seconds

Syntax Description

activation-count

Specifies the maximum number of times the activation message will be sent before receiving an acknowledgement.

deactivation-count

Specifies the maximum number of times the deactivation message will be sent before receiving an acknowledgement.

retry-frequency

Specifies the interval between retries.


Default

No default.

Command Mode

PVC configuration.

Command History

Release
Modification

Cisco IOS Release 12.2(2)XK

Introduced on the Cisco 826, Cisco 827, and SOHO 77 routers.


Configuration Example

The following configuration sets the CC activation and deactivation counts, as well as the retry frequency:

interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
  oam-pvc manage cc segment direction source
  retry activation-count 10 deactivation-count 10 retry-frequency 3
 !
 end

oam-pvc manage cc deny Command

The oam-pvc manage cc deny command disables CC support on the virtual circuit (VC) under which the command has been entered. A PVC on which CC support has been disabled will deny CC activation requests. The no form of this command reenables CC support on the VC.

oam-pvc manage cc deny

no oam-pvc manage cc deny

Default

CC is supported by default.

Command Mode

PVC configuration mode.

Command History

Release
Modification

Cisco IOS Release 12.2(2)XK

The cc and deny keywords were introduced on the Cisco 826, Cisco 827, and SOHO 77 routers.


Configuration Example

The following configuration denies segment CC:

interface ATM0
 ip address 10.0.0.3 255.255.255.0
 pvc 0/33 
    oam-pvc manage cc deny
 !
 end

debug atm oam cc Command

You see the results of continuity checking by using the debug atm oam cc command. The no form of this command disables continuity checking debugging.

debug atm oam cc interface atm number

no debug atm oam cc interface atm number

Syntax Description

number

ATM interface number.


Default

Disabled.

Command Mode

Privileged EXEC.

Command History

Release
Modification

Cisco IOS Release 12.2(2)XK

The cc, interface, and atm keywords were introduced on the Cisco 826, Cisco 827, and SOHO 77 routers.


Output Example

The following example output of the debug atm oam cc command records activity, beginning with the entry of the oam-pvc manage cc command and ending with the entry of the no oam-pvc manage cc command. The ATM 0 interface was specified, and the "both" segment direction was specified. The output shows an activation request sent and confirmed, a series of CC cells sent by the routers on each end of the segment, and a deactivation request and confirmation.

router#debug atm oam cc interface atm0
Generic ATM:
  ATM OAM CC cells debugging is on
router#
00:15:05: CC ACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM
Type:8 OAM Func:1 Direction:3 CTag:5
00:15:05: CC ACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell
Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:5
00:15:06: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1
00:15:07: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4
00:15:08: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:09: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:10: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:11: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:12: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:13: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:14: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:15: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:16: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:17: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:18: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:19: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 
00:15:19: CC DEACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM
Type:8 OAM Func:1 Direction:3 CTag:6
00:15:19: CC DEACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell
Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:6

The following table describes significant fields.

Field
Description

00:15:05

Time stamp.

CC ACTIVATE MSG (ATM0)

Message type and interface.

0

Source.

1

Sink.

VC 1/40

Virtual circuit identifier.

Direction:3

Indication of the direction in which the cells are traveling. 1 indicates local router is sink. 2 indicates local router is source. 3 indicates that both routers operate as source and sink.


RADIUS Support

Remote Authentication Dial-In User Service (RADIUS) enables you to secure your network against unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for the router to use RADIUS client features. For instructions on configuring RADIUS, refer to the Cisco 806 Router Software Configuration Guide and to the Cisco IOS Security Configuration Guide.

See Table 1 to determine whether your Cisco router supports this feature.

NAT Default Inside Server Enhancement

NAT syntax has been extended to allow you to specify an inside local address to receive packets that do not match criteria in other NAT statements in the configuration.

See Table 1 to determine whether your Cisco router supports this feature.

The syntax is as follows :

ip nat inside source static inside_local interface interface_name

Syntax Description

inside_local

The configured address to which packets not matching criteria in other NAT statements are to be routed.

interface_name

The name of the interface on which packets undergoing NAT translation will be received.


Default

N/A.

Command Mode

Global configuration mode.

Platforms

Cisco 806 router.

Command History

Release
Modification

Cisco IOS Release 12.2(2)XK

The ability to omit the protocol keyword preceding the inside local address, and to omit the port number after the interface name.


Usage Guidelines

This syntax extends the capability of the ip nat inside source command. Prior to Cisco IOS Release 12.2(2)XK, if a received packet did not match the criteria in any of the NAT statements in the configuration file, address translation would not be carried out, and the packet would be dropped. This new syntax allows you to specify a default address to which all packets not matching other NAT criteria can be routed.

Use access lists to prevent unwanted traffic from being routed to the specified default address.

Configuration Example

This is a configuration file. Figure 2 shows a Cisco 806 router supporting two devices with the addresses 20.0.0.14, and 20.0.0.16. A configuration example is provided after Figure 2.

Figure 2 Cisco 806 Router Performing Network Address Translation for Two Devices

Several NAT statements direct traffic to the address 20.0.0.14. All packets not matching those criteria will be routed to 20.0.0.16.

Current configuration :942 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c806-1
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
interface Ethernet0
 ip address 20.0.0.1 255.0.0.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address 10.0.0.1 255.0.0.0 
 ip nat outside
!
ip nat inside source static tcp 20.0.0.14 80 interface Ethernet1 80
ip nat inside source static udp 20.0.0.14 161 interface Ethernet1 161
!
ip nat inside source static 20.0.0.16 interface Ethernet1
! 20.0.0.16 is defined as the catch-all address
!
ip nat inside source static udp 20.0.0.14 1000 interface Ethernet1 1000
! udp port 1000 traffic will be routed to 20.0.0.14
!
ip nat inside source static tcp 20.0.0.14 23 interface Ethernet1 23
! telnet traffic will be routed to 20.0.0.14
!
ip classless
no ip http server
!
!
line con 0
 stopbits 1
line vty 0 4
 password lab
 login
!

Cisco Easy VPN Client

Routers and other forms of broadband access provide high-performance connections to the Internet. However, many applications also require the security of Virtual Private Network (VPN) connections that perform a high level of authentication and that encrypt the data between two particular endpoints. Establishing a VPN connection between two routers can be complicated, and it typically requires tedious coordination between network administrators to configure the two routers' VPN parameters.

The Cisco Easy VPN client feature eliminates much of this tedious work by implementing Cisco's Unity Client protocol, which allows most VPN parameters to be defined at a VPN 3000 concentrator acting as an IPSec server.

After the IPSec server has been configured, a VPN connection can be created with minimal configuration on an IPSec client, such as a supported Cisco 800 series router. When the IPSec client then initiates the VPN tunnel connection, the IPSec server pushes the IPSec policies to the IPSec client and creates the corresponding VPN tunnel connection.

The Cisco Easy VPN client feature supports two modes of operation:

Client—Specifies that Network Address Translation/Port Address Translation (NAT/PAT) be done, so that the PCs and other hosts at the client end of the VPN tunnel form a private network that does not use any IP addresses in the destination server's IP address space.

Network Extension—Specifies that the PCs and other hosts at the client end of the VPN tunnel should be given IP addresses in the destination enterprise network's IP address space, so that they form one logical network.

Both modes of operation also optionally support split tunneling, which allows secure access to corporate resources through the VPN tunnel while also allowing Internet access through a connection to an ISP or other service (thereby eliminating the corporate network from the path for web access). This configuration is enabled by a simple access list implemented on the IPSec server.


Note Cisco 800 series routers are supported as IPSec clients of VPN 3000 concentrators. Support for other IPSec servers will be available in a future release. Be sure to refer to the Cisco IOS release notes for the current release to determine whether there are any other limitations on the use of Cisco Easy VPN Client.


The Easy VPN Client feature Phase I was introduced on Cisco IOS Release 12.2(4)YA. Phase I provides for automatic management of the following details:

Negotiating tunnel parameters, such as addresses, algorithms, and lifetime

Establishing tunnels according to the parameters

Automatically creating the NAT/PAT translation and associated access lists that are needed, if any

Authenticating users to make sure that users are who they say they are, by means of usernames, group names, and passwords

Managing security keys for encryption and decryption

Authenticating, encrypting, and decrypting data through the tunnel.

Easy VPN Client Feature Phase II, introduced on Cisco IOS Release 12.2(8)YJ, adds the following features for the supported Cisco 800 routers:

Manual Tunnel Control—For establishing and terminating the IPSec VPN tunnel on demand.

NAT Interoperability Support—Automatically restores the NAT configuration when the IPSec VPN tunnel is disconnected.

Peer Host Name Enhancement—When a peer is defined as a host name, the host name is stored and the DNS lookup is done at time of tunnel connection.

See Table 1 to determine whether this feature is supported on your Cisco router.

Easy VPN Documentation

The "Cisco Easy VPN Client Phase II Feature" document describes Easy VPN Phase I and Phase II features and provides example client mode and network extension mode configurations for the Cisco 806 and the Cisco 827 routers.

Dial-on-Demand Routing for PPPoE Client

The dial-on-demand routing (DDR) for PPPoE client feature provides flexibility for subscribers whose ISP charges are based on the amount of time that they are connected to the network (non-flat-rate services). With the DDR for PPPoE feature, you can designate a type of traffic as traffic of interest. You can then configure the router so that it will bring up the PPPoE connection when any traffic of interest arrives from the LAN interface and will bring down the connection when the dialer idle timer expires. See Table 1 to determine whether your Cisco router supports this feature.

DDR is configured in Ethernet 1 configuration mode, using the pppoe-client dial-pool-number command with the dial-on demand keyword. The syntax is shown below.

pppoe-client dial-pool-number number [dial-on-demand]

Syntax Description

dial-pool-number

Create a dial pool.

dial-on-demand

Activate DDR.


Configuring DDR for a PPPoE Client

Complete the following tasks to configure DDR for a PPPoE client, beginning in global configuration mode:


Step 1 Enable vpdn.

a. Enter the global configuration mode vpdn enable command.

b. Enter no vpdn logging command to disable vpdn logging.

Step 2 Configure a virtual private dial-up network (VPDN) group.

a. Enter the global configuration mode vpdn-group number command, to enter vpdn group configuration mode.

b. Enter request-dialin to specify the dial-in dialing mode.

Step 3 Configure the Ethernet 1 interface.

a. Enter interface Ethernet 1 to enter Ethernet 1 interface configuration mode.

b. Enter pppoe enable to enable PPPoE for this interface.

c. Activate DDR and create a dial pool by entering pppoe-client dial-pool-number number dial-on-demand. The number value must match the vpdn group number.

Step 4 Configure the dialer interface.

a. Enter interface dialer 1 to enter dialer interface configuration mode.

b. Enter ip address negotiated to indicate that the IP address will be negotiated with the DHCP server.

c. Specify the maximum transmission unit size by entering ip mtu 1492.

d. Set the encapsulation type by entering encapsulation ppp.

e. Enter the dialer pool number command to associate the dialer interface with the dialer pool created for the Ethernet 1 interface.

f. Set the idle timer interval by entering dialer idle-timeout 180 either. The either keyword specifies that either inbound or outbound traffic can reset the idle timer.


Note A value of 0 specifies that the timer will never expire and that the connection will always be up.


g. Enter dialer hold-queue 100 to set the queue to a size that will hold packets of interest before the connection is established.

h. Enter dialer-group 1 to specify the dialer list that defines traffic of interest.

i. Leave dialer 1 interface configuration mode by entering exit.

Step 5 Enter the global interface configuration dialer-list 1 protocol ip permit command to define IP traffic as the traffic of interest.

Step 6 Create a static route for the dialer 1 interface by entering the ip route 0.0.0.0 0.0.0.0 dialer 1 permanent command.

Step 7 Enter end to leave router configuration mode.


Configuration Example

The following example shows a DDR configuration for a Cisco 806 router.

vpdn enable
no vpdn logging
!
vpdn-group 1
 request-dialin
 protocol pppoe
!
interface Ethernet0
 ip address 70.0.0.1 255.255.255.0
 no ip mroute-cache
!
interface Ethernet1
 pppoe enable
 pppoe-client dial-pool-number 1 dial-on-demand --->activate DDR
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 180 either ---> define the idle timer interval 
 dialer hold-queue 100 --->queue size to hold interesting packets before connection is up
 dialer-group 1 --> interesting traffic
!
dialer-list 1 protocol ip permit ---> IP traffic is defined as interesting traffic 
!
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
!

Class-Based Traffic Shaping to Support Low-Latency Queuing

Class-Based Traffic Shaping (CBTS) is a feature that can be used by Cisco routers to control the traffic going out of the WAN interface in order to match the interface's transmission speed to the speed of the attached broadband modem or the speed of the remote target interface. CBTS ensures that the traffic conforms to the policies contracted for it, thereby eliminating bottlenecks in topologies with data-rate mismatches.

The shape average kbps and the shape peak kbps commands enable you to define traffic shaping for an interface.


Note CBTS is supported on the Ethernet 1 interface.


See Table 1 to determine whether your Cisco router supports this feature.

Configuring CBTS for LLQ

Complete the following tasks to configure CBTS, beginning in global configuration mode. This procedure tells how to create multiple traffic classes and to associate them with policy maps, and then associate the policy maps with a router interface.


Step 1 Define a traffic classification.

a. Enter the class-map map-name command to define a traffic classification. For example, the name voice could be used to specify that this is a class map for voice traffic.

b. Now in class configuration mode, enter the match ip precedence 5 command to match all IP voice traffic with a precedence of 5. The Cisco Architecture for Voice, Video and Integrated Data (AVVID) documentation specifies a precedence value of 5 for voice-over-IP traffic.

c. Enter exit to leave class configuration mode.

Step 2 Define a policy map and associated classes for low-latency queuing.

a. Enter the policy-map map-name command in global configuration mode to construct policies and to allocate different network resources for the defined traffic classes. The name LLQ could be used to specify that this is the policy map for LLQ.

b. Now in policy-map mode, define a class to handle voice traffic by entering class QOS-class-name, using the class-map name you defined using the class-map command in Step 1. This command places the router in QOS-class configuration mode.

c. Enter priority number, where number is bandwidth in kilobits per second. A value of 300, as shown in the configuration example, provides enough bandwidth for two G.711 voice ports. Before setting a priority value, refer to the specification for the codec used for voice calls.

d. Enter exit to return to policy-map configuration mode.

e. Enter class class-default to use the default class for all traffic other than voice traffic. The name class-default is well known and does not have to be predefined using the class-map command.

f. Apply WFQ to non-voice traffic by entering the fair-queue command.

g. Enter exit twice to return to global configuration mode.

Step 3 Define a traffic-shaping policy map.

a. Enter policy-map map-name in global configuration mode. The name shape should be used to indicate that this map defines overall traffic shaping that is compatible with the remote transmission rate bandwidth.

b. Enter class class-default to associate the default class with this policy map.

c. Set the transmission speed to be used after traffic shaping to match the speed of the broadband modem or remote interface. Enter the shape average kbps command, where kbps is a value in kilobits per second.


Caution The transmission speed entered must be less than or equal to the TX bandwidth of the DSL or cable modem to which the router is attached. Specifying a value greater than the modem's TX bandwidth will result in the modem's becoming congested, and the benefits of applying QOS might be lost.

d. Enter service-policy name to associate the LLQ policy map with the traffic-shaping policy map. If the map name for the low-latency queue were LLQ, then name would be LLQ.

e. Enter exit twice to return to global configuration mode.

Step 4 Apply these policies to the Ethernet 1 interface.

a. Enter the interface Ethernet 1 command.

b. Apply the service policy to the Ethernet 1 interface by entering service-policy output name, where name matches the policy defined in the traffic-shaping policy map. If the traffic-shaping policy map name were shape, the service-policy name would also be shape.

Step 5 Enter end to leave router configuration mode.


Configuration Example

The following example shows how a Cisco 806 router can be configured to connect to a broadband modem with limited bandwidth, while ensuring voice line quality. Two policy maps are configured: policy map LLQ ensures that voice traffic has a strict priority queue with bandwidth of up to 300 kbps; the policy map shape limits the total throughput to 2.2 Mbps.

! C806 CBTS Configuration Example
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password encryption
!
hostname 806-uut
!
ip subnet-zero
!
class-map match-all voice
 match ip precedence 5
!
!
policy-map LLQ
  class voice
    priority 300
  class class-default
   fair-queue
policy-map shape
  class class-default
   shape average 1000000 10000 0
   service-policy LLQ
!
interface Ethernet0
 ip address 1.7.65.11 255.255.0.0
!
interface Ethernet1
 ip address 192.168.1.101 255.255.255.0
service-policy output shape
!
ip classless
ip http server
ip pim bidir-enable
!
line con 0
 stopbits 1
line vty 0 4
 login
!
!
scheduler max-task-time 5000
end
!

Weighted Fair Queuing

Weighted fair queuing (WFQ) enables slow-speed links, such as serial links to provide fair treatment for all types of traffic. In order to do this, WFQ classifies the traffic into different flows (also known as conversations) based on Layer 3 and Layer 4 information, such as IP addresses and TCP ports. WFQ classifies the traffic without requiring you to define access lists. This means that low-bandwidth traffic effectively has priority over high-bandwidth traffic because high-bandwidth traffic shares the transmission media in proportion to its assigned weight. WFQ is now available on IP Base and IP Firewall Cisco IOS images.

WFQ has certain limitations: It is not scalable if the flow amount increases considerably, and native WFQ is not available on high-speed interfaces such as ATM interfaces. Class-based WFQ, available on Cisco IOS Plus images, overcomes these limitations. The "Class-Based Traffic Shaping to Support Low-Latency Queuing" section contains a procedure for setting up multiple classes and policy maps that can be used to configure CBWFQ.

See Table 1 to determine whether your Cisco router supports this feature.

Configuring Weighted Fair Queuing

Follow these steps to apply WFQ to the ATM interface of a Cisco router:


Step 1 Create a policy map for WFQ.

a. Enter the policy-map map-name command in global configuration mode to construct a WFQ policy. The map name wfq could be used to specify that this is the policy map for WFQ.

b. Enter class class-default to use the default class for all traffic.

c. Enter the fair-queue command to apply WFQ to all traffic.

d. Enter exit twice to return to global configuration mode.

Step 2 Apply the policy map to the router interface.

a. Enter interface atm number, where number is the ATM interface number.

b. Enter pvc vpi/vci to specify the PVC to which you are applying the policy map.

c. Enter service-policy output map-name to apply the policy to this PVC. If you named the policy map wfq, you would enter the command service-policy output wfq.

Step 3 Enter end to leave router configuration mode.


Configuration Example

The following configuration applies WFQ to PVC 0/33 on the ATM 0.1 interface. The policy map named wfq is created, and WFQ is applied to the default class referenced in that policy map. Then, wfq is referenced in the ATM 0.1 interface configuration.

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password encryption
!
hostname 806-uut
!
ip subnet-zero
!
policy-map wfq
  class class-default
  fair-queue
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
!
interface atm0.1
 no ip address
 pvc 0/33
  service-policy output wfq
!
ip classless
ip http server
ip pim bidir-enable
!
line con 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
end
!

dsl enable-training-log Command

By default, a DSL training log was retrieved each time the Cisco router established contact with the DSL access multiplexer (DSLAM). The training log is a record of the events that occur when the router trains, or negotiates communication parameters, with the DSLAM at the central office. However, retrieving this log adds a significant amount of time to the training process, and retrieval is not always necessary after the router has successfully trained. Cisco IOS 12.2(4)XM images disable the retrieval of the training log by default, and you must use the dsl enable-training-log command to enable the retrieval of this log. The no form of this command disables retrieval of the DSL training log.

dsl enable-training-log

no dsl enable-training-log

See Table 1 to determine whether your Cisco router supports this feature.

Default

Disabled.

Command Mode

ATM interface configuration.

Retrieving the DSL Training Log and Then Disabling Further Retrieval of the Training Log

Complete the following tasks to retrieve the training log, examine it, and then disable the router from retrieving the training log the next time it trains with the DSLAM.


Step 1 Configure the router to retrieve the training log.

a. Enter the global configuration mode interface ATM number command, where number is the number of the ATM interface.

b. Enter dsl enable-training-log to enable the retrieval of the training log.

c. Enter end to leave router configuration mode.

Step 2 Unplug the DSL cable from the DSL socket on the back of the router, wait a few seconds, and then plug the cable back in.

Step 3 When the "DSL line up" message appears, issue the show dsl int atm number command, where number is the number of the ATM interface, to display the retrieved log.

Step 4 When you have decided that it is no longer necessary for the router to retrieve the training log, reconfigure the router to disable the retrieval of the log. Follow these steps:

a. Enter the global configuration mode interface ATM number command, where number is the number of the ATM interface.

b. Enter no dsl enable-training-log to disable the retrieval of the training log.

c. Enter end to leave router configuration mode.


DNS-Based X.25 Routing

X.25 has long operated over an IP network, specifically using Transmission Control Protocol (TCP) as a reliable transport mechanism. This method is known as X.25 over TCP (XOT). However, large networks and financial legacy environments had experienced problems because of the considerable amount of route configuration that needed to be done manually because each router that switched calls over TCP needed every destination configured. Every destination from the host router needed a static IP route statement. For larger environments, these destinations could be as many as several thousand per router. Until now, the only way to map X.121 addresses and IP addresses was on a one-to-one basis, using the x25 route x121address xot ipaddress command.

The solution to this problem is to centralize route configuration in a single location that routers can access for their connectivity needs. This centralization is the function of the Domain Name System (DNS)-based X.25 routing feature, because the DNS server is a database of all domains and addresses on a network.

See Figure 3 for an example. When the router sends a call, the call goes to the DNS server. The DNS server checks its route table, and identifies the X.121 address 444 and its related IP address 10.1.1.3. The DNS server returns the IP address to the host's router, which then creates a route statement and forwards the data to the IP address of the destination's router (10.1.1.3).

Figure 3 DNS-Based X.25 Routing

With the DNS-based X.25 routing feature, it is easy to manage the X.121-to-IP addressing correlation and the mnemonic-to-X.121 addressing correlation. The router does not need a route statement going to all the destinations, instead it needs only a wildcard route statement that covers all addresses in the DNS.

The x25 route disposition xot command option has been modified to include the dns pattern argument after the xot keyword, where pattern is a rewrite element that works in the same way that address substitution utilities works.

To learn how to configure, verify, and troubleshoot DNS-based X.25 routing, refer to the DNS-Based X.25 Routing document at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/x25dns.htm

See Table 1 to determine whether your Cisco router supports this feature.

X.25 Load Balancing

As the number of users accessing a host has grown, competition for the application resources has become a problem. Internet service providers (ISPs) have had to increase the number of users they can support by increasing the number of X.25 lines to the host.

In order to support a large number of virtual circuits (VCs) to a particular destination, configuration of more than one serial interface to the destination has to be configured. When a serial interface is configured to support X.25, there are a fixed number of VCs available for use.

However, the current X.25 method for allocating VCs across multiple serial lines fills one serial line to its VC capacity before using the second line at all. As a result, the first serial line is frequently carrying its maximum data traffic before it runs out of VCs.

Now, using a facility called "hunt group" (the method for X.25 load balancing), a switch is able to view a pool of X.25 lines going to the same host as one address and can assign virtual circuits (VCs) on an "idle logical channel" basis. With this feature, X.25 calls can be load-balanced among all configured outgoing interfaces to fully use and balance all managed lines.

The Cisco 805 supports only the rotary method of load distribution because it has only one serial interface.

Figure 4 shows that the Cisco 805 router is part of hunt group 900. Any X.25 calls to X.121 address 900 received from the Cisco 1750 are alternately routed via the Cisco 1720 router and the Cisco 3640 router.

Figure 4 X.25 Load Balancing

For more details about this feature, refer to the X.25 Load Balancing document at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t3/x25lbal.htm

See Table 1 to determine whether your Cisco router supports this feature.

X.25 Closed User Group

Until now, the Cisco X.25 implementation acted only as an extension between X.25 devices and an X.25 public data network (PDN), as a way of remaining minimally intrusive on the X.25 behavior that would occur if the data terminating equipment (DTE) devices were directly connected. Cisco has introduced a conforming closed user groups (CUGs) service that can be configured for DTE devices that require this service from the routers, allowing Cisco routers to perform this function normally provided by a PDN.

A CUG is a collection of DTE devices for which the network controls access between members and between a member and a non-member. An X.25 network can support up to 10,000 CUGs (numbered between 0 and 9999), each of which can have any number of member DTE devices. An individual DTE becomes a member of a specific network CUG by subscription. The subscription data includes the local number that the DTE will use to identify the network CUG (which may or may not be the same as the network number, as determined by network administration and the DTE device's requirements) and any restriction that prohibits the DTE from placing a call within the CUG or, conversely, that prohibits the network from presenting a call within the CUG to the DTE.

A CUG is a network service that allows various network subscribers (DTE devices) to be segregated into private subnetworks with limited incoming or outgoing access. This means that a DTE must obtain membership from its network service (POP) for the set of CUGs to which it needs access. A DTE may subscribe to none, one, or several CUGs at the same time. A DTE that does not require CUG membership for access is considered to be in the open part of the network. Each CUG typically permits subscribing users to connect to each other but precludes connections with non-subscribing DTE devices.

Figure 5 shows one CUG, designated as CUG 88. The Cisco 1750 router can initiate and receive calls only from the other members of CUG 88. The Cisco 1750 router and the Cisco router 3640 are therefore members of a private subnet, and they cannot be accessed by other DTE devices. The Cisco 805 router and the Cisco 1720 router that are connected to the DTEs check each call they receive to determine whether the call is intended for their CUG. If call is not intended for the CUG, the router rejects the call.

Figure 5 X.25 Closed User Group

See Table 1 to determine whether your Cisco router supports this feature.

For more details about this feature, refer to the X.25 Closed User Groups document at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/x25scugs.htm

TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a Cisco proprietary authentication protocol that provides remote access authentication and related network security services, such as event logging. User passwords are administered in a central database rather than in individual routers. TACACS+ also provides support for separate modular authentication, authorization, and accounting (AAA) facilities that are configured at individual routers.

See Table 1 to determine whether your Cisco router supports this feature.

Refer to the Cisco 806 Software Configuration Guide for more information on TACACS+. A configuration overview is provided at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_fix/806/806swcg/routconf.htm

Authentication Proxy

The Cisco IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. Previously, user identity and related authorized access were associated with a user's IP address, or else a single security policy had to be applied to an entire user group or subnet. Now users can be identified and authorized on the basis of their per-user policy, and access privileges tailored on an individual basis are possible, as opposed to applying a general policy across multiple users.

See Table 1 to determine whether your Cisco router supports this feature.

With the authentication proxy feature, users can log in to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved and applied from a CiscoSecure ACS or other RADIUS or TACACS+ authentication server. The user profiles are active only when there is active traffic from authenticated users.

The authentication proxy is compatible with other Cisco IOS security features such as Network Address Translation (NAT), Context-based Access Control (CBAC), IP Security (IPSec) encryption, and VPN client software.

For instructions on configuring authentication proxy, refer to the Cisco IOS Security Configuration Guide, Release 12.2. You can view this document at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c

Port to Application Mapping

Port to Application Mapping (PAM) is a feature of the Cisco IOS Firewall feature set. PAM allows you to customize TCP or User Datagram Protocol (UDP) port numbers for network services or applications. PAM uses this information to support network environments that run services using ports that are different from the registered or well-known ports associated with an application.

See Table 1 to determine whether your Cisco router supports this feature.

Using the port information, PAM establishes a table of default port-to-application mapping information at the firewall. The information in the PAM table enables CBAC supported services to run on nonstandard ports. Previously, CBAC was limited to inspecting traffic using only the well-known or registered ports associated with an application. Now PAM allows network administrators to customize network access control for specific applications and services.

PAM also supports host or subnet specific port mapping, which allows you to apply PAM to a single host or subnet, using standard access control lists (ACLs). Host- or subnet-specific port mapping is done using standard ACLs.

For instructions on configuring PAM, refer to the Cisco IOS Security Configuration Guide, Release 12.2. You can view PAM configuration instructions at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfpam.htm#xtocid2

CBAC Audit Trails and Alerts

CBAC is a security feature that enables the router to filter TCP and UDP packets, based on application-layer protocol session information, and generate real-time alerts and audit trails. Without CBAC, filtering can be performed only on network layer and transport layer information. Enhanced audit trail features use syslog to track all network transactions, recording time stamps, source host, destination host, ports used, and the total number of transmitted bytes, for advanced, session-based reporting. When CBAC detects suspicious activity, real-time alerts send syslog error messages to central management consoles. Using CBAC inspection rules, you can configure alerts and audit trail information on a per-application protocol basis. For example, if you want to generate audit trail information for HTTP traffic, you can specify that in the CBAC rule covering HTTP inspection.

See Table 1 to determine whether your Cisco router supports this feature.

For instructions on configuring CBAC audit trails and alerts, refer to the Cisco IOS Security Configuration Guide, Release 12.2. You can view CBAC configuration instructions at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfcbac.htm

Hot Standby Router Protocol

Hot Standby Router Protocol (HSRP) enables a set of routers to work together to present the appearance of a single virtual router or default gateway to the hosts on a LAN. HSRP is particularly useful in environments where critical applications are running and fault-tolerant networks have been designed. By sharing an IP address and a MAC address, two or more routers acting as one virtual router are able to seamlessly assume the routing responsibility in the case of a defined event or an unexpected failure. This enables hosts on a LAN to continue to forward IP packets to a consistent IP and MAC address so that the changeover of devices doing the routing is transparent to them and their sessions.

The routers in an HSRP configuration are known as an HSRP group or standby group. A single router selected from the group is responsible for forwarding the packets that hosts send to the virtual router. This router is known as the active router. Another router is selected as the standby router. If the active router fails, the standby assumes the packet forwarding duties of the active router. Although an arbitrary number of routers may run HSRP, only the active router forwards the packets sent to the virtual router.

HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. To configure a router as an active router, it is assigned a priority that is higher than the priority of all the other HSRP-configured routers. The default priority is 100. If any of the routers is configured with a higher priority, those routers will be the active router.

HSRP works by the exchange of multicast messages that advertise priority among HSRP-configured routers. When the active router fails to send a hello messages within a configured period of time, the standby router with highest priority becomes the active router. The transition of the packet-forwarding function between routers is completely transparent to all the hosts on the network.

HSRP-configured routers exchange three types of multicast messages.

Hello—The hello messages convey to other HSRP routers the router's HSRP priority and state information. By default, an HSRP router sends hello messages every 3 seconds.

Coup—When a standby router assumes the function of the active router, it sends a coup message.

Resign—A router that is the active router sends this message when it is about to shut down or when a router with a higher priority sends a hello message.

At any time, HSRP-configured routers will be in one of the following states:

Active—The router is performing packet-transfer functions.

Standby—The router is ready to assume packet-transfer functions if the active router fails.

Speaking and listening—The router is sending and receiving hello messages.

Listening—The router is receiving hello messages.

See Table 1 to determine whether your Cisco router supports this feature.

Syntax Description

standby [group-number] ip [ip-address]

Establishes IP address of virtual router.

standby [group-number] priority number

Sets router's HSRP priority to number.

standby [group-number] preempt

Sets the router to active router when its priority is higher than all the routers in the HSRP group.

standby [group-number] timers hellotime holdtime

Sets the interval in seconds between hello messages and the duration that the router waits before it declares the active router to be down.

Hello time is the time between hello packets.

Hold time is the time that other routers wait before they declare that the active router is down.


Configuration Examples

This section contains configuration examples for two routers in an HSRP group, UUT1 and UUT2. The router UUT2 is configured with the standby priority 120. It will function as the active router if no other router in the group has a higher priority.

UUT1
!
interface Ethernet0
ip address 192.168.2.10 255.255.255.0
standby 1 ip 192.168.2.30
standby 1 priority 110
standby 1 preempt
standby 1 timers 1 3
!

The Ethernet 0 interface configuration for UUT2 is shown below. IP address 192.168.2.30 is a virtual IP address belonging to the same HSRP group as the routers UUT1 and UUT2.

UUT2
!
interface Ethernet0
ip address 192.168.2.20 255.255.255.0
standby 1 ip 192.168.2.30
standby 1 priority 120
standby 1 preempt
standby 1 timers 1 3
!

DNS Proxy

In VPN or PPPoE scenarios, the router on the LAN may act as a local DHCP server and may receive requests for DNS server IP addresses from devices on the LAN. The Proxy DNS feature allows the router to send its own LAN address to devices requesting DNS server IP addresses and to forward DNS queries to the real DNS servers after the WAN connection is established. The router can thus act as a proxy for devices on the LAN.

In forwarding DNS queries, the router caches the responses from the real DNS servers. Over time, the router's cache accumulates the DNS information most often requested, enabling the router to respond to most DNS queries coming from the LAN and reducing the packet overhead on the WAN interface.

In order for Proxy DNS to work, the router must obtain the IP address of the real DNS server from the WAN when the WAN connection is established.

The global configuration command ip dns server enables DNS Proxy server functionality on the router and causes the router to forward DNS queries to the actual DNS servers. The global configuration command dns-server address causes the router to respond to DNS queries with its own IP address.

See Table 1 to determine whether your Cisco router supports this feature.

Configuration Example

The following example shows a router configured to act as a proxy DNS server, and to give its own IP address in replies to DNS queries made by hosts on the LAN.

ip dns server
!
interface ethernet0
ip address 192.168.253.101 255.255.255.0
no shut
!
ip dhcp pool 1
network 192.168.253.0 255.255.255.0
dns-server 192.168.253.101
default-router 192.168.253.101
!

Skinny NAT—Support of IP Phone to Cisco Call Manager

Cisco IP phones use the Selsius Skinny Station Protocol to connect with and register to the Cisco CallManager (CCM). Messages flow back and forth that include IP address and port information used to identify other IP phone users with which a call can be placed.

To be able to deploy Cisco IOS NAT between the IP phone and CCM in a scalable environment, NAT needs to be able to detect the Selsius Skinny Station Protocol and understand the information passed within the messages.

When an IP phone attempts to connect to the CCM and it matches the configured NAT translation rules, NAT will translate the original source IP address and replace it with one from the configured pool. This new address will be reflected in the CCM and be visible to other IP phone users.

See Table 1 to determine whether your Cisco router supports this feature.

NAT listens on the default port of the Cisco CallManager to translate the Skinny messages. If the call manager uses a port other than the default port, that port needs to be configured, using the ip nat service Skinny tcp port global configuration command. To disable the port, use the no form of this command. The syntax of this command is shown below:

ip nat service skinny tcp port number

no ip nat service skinny tcp port number

For more information on this command, refer to the following feature module.

NAT—Support of IP Phone to Cisco CallManager

NAT Support of SIP

Session Initiation Protocol (SIP) is an application-layer signaling protocol for creating and controlling multimedia sessions with two or more participants and a client-server protocol transported over TCP or UDP. The messages in the protocol might have IP addresses embedded in the packet payload. If a message passes through a router configured with NAT, the embedded information is translated and encoded back to the packet.

See Table 1 to determine whether your Cisco router supports this feature.

No configurations changes are needed to this feature. However, the SIP proxy server or user agent sometime may listen to SIP messages in the nonstandard ports. The following global configuration mode command is used to change the configuration.

ip nat service sip tcp port Number

Number is the port number on which the SIP proxy server will listen for SIP messages.

T.38 Fax Relay

The T.38 Fax Relay for Voice over IP (VoIP) feature provides standards-based fax relay protocol support on the Cisco 827-4V router. The T.38 standard defines the IP network protocol used by Internet-aware T.38 fax devices and T.38 IP fax gateways.

The only method that has been available on the Cisco 827-4V router for relaying facsimile transmission over IP network is Cisco Fax Relay. Existing Cisco proprietary protocol uses Telogy DSPware and it is handled at the DSP level without any signaling taking place at the H.323 level. This is the default fax protocol if none is configured.

The Cisco proprietary Fax Relay solution is sometimes not ideal for enterprise and service provider customers who have mixed-vendor networks. Because the T.38 Fax Relay protocol is standards based, Cisco gateways and gatekeepers will now be able to interoperate with third-party T.38-enabled gateways and gatekeepers in a mixed-vendor networks that require real time Fax Relay capabilities are required.

The Cisco 827-4V router supports the H.323 Annex D standard for T.38 Fax relay in H.323 networks. A voice call is established first. When a fax tone is detected, fax switch-over takes place.

In addition to H.323 support, the T.38 fax relay feature also supports the Session Initiation Protocol (SIP).

The T.38 fax relay feature supports modem speeds of 2400 bps, 4800 bps, 7200 bps, 9600 bps, 12000 bps, and 14000 bps.

The T.38 fax gateways provide the following functions:

Demodulates incoming T.30 fax signals at the transmitting gateway


Note T.30 is the standard procedure for fax transmission in the public switched telephone network (PSTN).


Translates T.30 fax signals into T.38 Internet Fax Protocol (IFP) packets

Exchanges IFP packets between the transmitting and receiving T.38 gateways

Translates T.38 IFP packets back into T.30 signals at the receiving gateway

See Table 1 to determine whether your Cisco router supports this feature

Configuration required to enable T.38 Fax Relay

Global configuration mode:

voice service voip

fax protocol t38

Dial-peer configuration mode:

dial-peer voice 2244 voip

fax protocol t38

fax rate 4800

session target ras

Modem Passthrough Over VoIP

The modem passthrough over VoIP feature provides the transport of modem signals through a packet network by using pulse code modulation (PCM)-encoded packets. This feature is supported upto a maximum speed of 28800 bps (28.8 kbps).

The modem passthrough over VoIP feature performs the following functions:

Represses processing functions such as compression, echo cancellation, high-pass filter, and voice activity detection (VAD)

Issues redundant packets to protect against random packet drops

Provides static jitter buffers of 200 ms to protect against clock skew

Discriminates modem signals from voice and fax signals, indicating the detection of the modem signal across the connection, and placing the connection in a state that transports the signal across the network with minimal distortion

Reliably maintains a modem connection across the packet network for a long duration under normal network conditions

See Table 1 to determine whether your Cisco router supports this feature.

Configuration required to enable Modem Passthrough

Global Config Mode:

voip service voip

modem passthrough nse codec g711alaw

Dial-peer config mode:

dial-peer voice 2244 voip

modem passthrough nse codec g711alaw


Note When using the voice service voip and modem passthrough nse commands on a terminating gateway to globally set up fax or modem pass-through with NSEs, you must also ensure that each incoming call will be associated with a VoIP dial peer to retrieve the global fax or modem configuration. You associate calls with dial peers by using the incoming called-number command in dial-peer configuration mode to specify a sequence of digits that incoming calls can match. You can ensure that all calls will match at least one dial peer by using the period character as a wildcard, as follows: incoming called-number .


Caller ID for Spain and Austria

Caller ID (sometimes called CLID or ICLID for incoming call line identification) is an analog service offered by a central office (CO), which supplies calling party information to subscribers. Typically, the calling party number, and sometimes the name, appears on a station (also called extension) device such as a PC telephony software application screen or the display on a telephone. Type 1 Caller ID show the calling party information while the call is ringing, and Type 2 Caller ID shows calling number display while the recipient is on another call. Type 1 Caller ID is supported in this release.

The Caller ID feature supports the sending of calling party information from Foreign Exchange Station (FXS) loop-start and ground-start ports into a Caller-ID-equipped telephone device. The FXS port emulates the extension interface of a private-branch exchange (PBX) or the subscriber interface for a CO switch.

Spain and Austria both use the ETSI-FSK method for sending the caller number to the analog phone.

See Table 1 to determine whether your Cisco router supports this feature.

Configuration required to enable caller id for Spain

voice-port 1

cptone ES

caller-id alerting pre-ring

Configuration required to enable caller id for Austria

voice-port 1

cptone AT

caller-id enable


Note When caller-id alerting CLI is used, The caller ID will be automatically enabled on that port and the user need not enter caller-id enable command for Spain.


The "International Caller ID" section provides detailed configuration information.

SIP Support for VoIP

Session Initiation Protocol (SIP) is an ASCII-based, application-layer control protocol (defined in RFC 2543) that can be used to establish, maintain, and terminate calls between endpoints.

Like other VoIP protocols, SIP is designed to address the functions of signaling and session management within a packet telephony network. Signaling allows call information to be carried across network boundaries. Session management provides the ability to control the attributes of an end-to-end call.

This feature is supported only on the Cisco 827-4V router. The SIP feature on Cisco 827-4V router supports only basic calls between two end points. Supplementary services like call waiting, call forwarding, etc. are not supported on the Cisco 827-4V router.

See Table 1 to determine whether your Cisco router supports this feature.

Configuration required to enable SIP

dial-peer voice 2244 voip

session protocol sipv2

session transport udp

session target sip-sever

sip-ua

retry invite 3

retry cancel 2

sip-server ipv4:192.168.2.60:5060

ADSL LED Blinking When DSL Line Trains

ADSL LED Blinking feature provides information on the status of DSL line. ADSL Tx/Rx is used for this purpose. There are three distinct blinking patterns that indicate the various states of a DSL line when it is training.

1. When the firmware is being downloaded within the router, the LED remains ON for 700 ms and goes OFF for 300 ms.

2. When Modem state is MODEM_ACT_ACK (0x8), it means that the router is waiting to hear from the central office (CO) and is not yet seeing an incoming signal. During this, the LED will be ON and OFF for 50 ms each.

3. When modem state is MODEM_TRAINING (0x10), the LED will always be ON. This means that the DSL line is training.

Shortly after the DSL line has started training, the modem state changes to SHOWTIME, then the router is successfully trained with the DSLAM.


Note The CD LED on the front panel will be OFF during the DSL line training process. This distinguishes from the normal operation when packets are being transmitted or received.


See Table 1 to determine whether your Cisco router supports this feature.

CBQoS MIB and DSCP

The Class-Based Quality of Service Management Information Base (CBQoS MIB) provides access to quality of service (QoS) configuration information and statistics. The CBQoS MIB allows service providers to monitor their QoS offerings. This MIB gives QoS configuration done in the router such as ClassMap, PolicyMap, Match Statements and Feature Actions configuration parameters. The MIB also contains counter objects which gives statistics information such as the number of packets traversed conforming to a policing feature. The MIB uses several indexes to identify QoS features and to distinguish among instances of those features. The MIB provides information about marking and policing done using IP precedence and Differentiated Services Code Point (DSCP).

See Table 1 and Table 2 to determine whether your Cisco router supports this feature.

Virtual Router Redundancy Protocol (VRRP)

The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP enables a group of routers to form a single virtual router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group.

VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, and on MPLS VPNs and VLANs.

For more details on this feature, refer to the following URL:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

See Table 2 to determine whether your Cisco router supports this feature.

Direct HTTP Enroll with CA Servers

Some Certificate Authorities (CA) support enrollment via HTTP. The Cisco IOS allows a user to specify a profile for HTTP enrollment related operations. The Cisco IOS will fill in the command template within the profile with the PKCS 10 certificate request and up to eight user provided values. The resulting message will be sent to the HTTP server and the response will be parsed for a PEM format certificate.

See Table 2 to determine whether your Cisco router supports this feature.

Obtaining Documentation

The following sections explain how to obtain documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com

Translated documentation is available at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Ordering Documentation

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/web/ordering/root/index.html

Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:

Streamline business processes and improve productivity

Resolve technical issues with online support

Download and test software packages

Order Cisco learning materials and merchandise

Register for online skill assessment, training, and certification programs

If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.

Cisco TAC inquiries are categorized according to the urgency of the issue:

Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.

Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.

Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.

Cisco TAC Web Site

You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

http://www.cisco.com/register/

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:

http://www.cisco.com/tac/caseopen

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/go/packet

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private Internets and Intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html

Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:

http://www.cisco.com/en/US/learning/le31/learning_recommended_training_list.html