Feedback
Table Of Contents
Feature-by-Feature Router Configurations
Before You Configure Your Network
Configuring the Ethernet Interfaces
Configuring a Console Line for the Router
Configuring PAP Authentication
Configuring Network Address Translation
Configuring Dynamic Host Configuration Protocol
Configuring the DHCP Server and Relay
Configuring an Extended Access List
Configuring Network Time Protocol Support
Configuring IP Security and Generic Routing Encapsulation Tunneling
Configuring Other Security Features
Configuring Service Assurance Agent Support
Feature-by-Feature Router Configurations
This chapter includes feature-by-feature configuration procedures for the Cisco 806 router. This chapter is useful if you have a network in place and you want to add specific features.
If you prefer to use network scenarios to build a network, see Chapter 2, "Network Scenarios."
This chapter contains the following sections:
•
Before You Configure Your Network
•
•
•
•
•
•
•
Note
Before You Configure Your Network
Before you configure your network, you must do the following:
•
•
–
–
–
–
•
–
–
–
•
Configuring Basic Parameters
To configure the router, perform the tasks described in the following sections:
•
•
•
After your router boots, the following prompt displays. Enter no.
Would you like to enter the initial configuration dialog [yes]: noFor complete information on how to access global configuration mode, see the "Entering Global Configuration Mode" section in Appendix A, "Cisco IOS Basic Skills."
Configuring Global Parameters
Perform the following steps to configure the router for global parameters:
For complete information on the global parameter commands, refer to the Cisco IOS Release 12.0 documentation set.
Configuring the Ethernet Interfaces
To configure the Ethernet interfaces, perform the following steps, beginning in global configuration mode.
For complete information on the Ethernet commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on Ethernet concepts, see "Concepts."
Configuration Example
The following example shows the Ethernet interface configuration. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)!interface Ethernet1ip address 192.168.2.1 255.255.255.0no ip directed-broadcast (default)!Verifying Your Configuration
To verify that you have properly configured the Ethernet interface, enter the show interface ethernet 0 command and the show interface ethernet 1 command. You should see a verification output like the following examples:
router#show interface ethernet 0Ethernet0 is up, line protocol is upHardware is PQUICC Ethernet, address is 00ff.ff20.008e(bia 00ff.ff20.008e)Internet address is 192.168.1.1/24MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)router#show interface ethernet 1Ethernet1 is up, line protocol is upHardware is PQUICC_FEC, address is 00ff.ff20.008f(bia 00ff.ff20.008f)Internet address is 192.168.2.1/24MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Configuring a Console Line for the Router
To configure a console line that you can use to access the router over the network, perform the following steps, beginning in global configuration mode.
For complete information on the command line commands, refer to the Cisco IOS Release 12.0 documentation set.
Configuration Example
The following configuration shows the command-line access commands.
You do not need to input the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!line con 0exec-timeout 10 0password 4youreyesonlylogintransport input none (default)stopbits 1 (default)line vty 0 4password secretlogin!Verifying Your Configuration
You can verify your configuration by entering the show line console 0 command. The following example shows partial output from this command.
router#show line console 0Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int* 0 CTY - - - - - 0 1 0/0 -Line 0, Location: "", Type: ""Length: 24 lines, Width: 80 columnsBaud rate (TX/RX) is 9600/9600, no parity, 1 stopbits, 8 databits...Configuring Bridging
Bridges are store-and-forward devices that use unique hardware addresses to filter traffic that would otherwise travel from one segment to another. You can configure the Cisco 806 router as a pure bridge.
To configure bridging, perform the following steps, beginning in global configuration mode.
For complete information on the bridging commands, refer to the Cisco IOS Release 12.0 documentation set. For more general concepts on bridging, see "Concepts."
Configuration Example
The following configuration example uses bridging. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
This configuration example shows the Ethernet 0 and Ethernet 1 interfaces configured. The Ethernet interface has IP addressing turned off for bridging, and IP-directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge-group number with which the Ethernet 1 interface is associated is set to 1. The bridge protocol is set to 1 to define the STP.
no ip routing!interface Ethernet0no ip addressno ip directed-broadcast (default)bridge-group 1!interface Ethernet1no ip addressno ip directed-broadcast (default)bridge-group 1!ip classless (default)!bridge 1 protocol ieee!endVerifying Your Configuration
To verify that you have properly configured bridging, enter the show spanning-tree command. You should see a verification output similar to the following example:
router#show spanning-treeBridge group 1 is executing the ieee compatible Spanning Tree protocolBridge Identifier has priority 32768, address 00ff.ff20.008eConfigured hello time 2, max age 20, forward delay 15Current root has priority 32768, address 00d0.d373.2ec0Root port is 2 (Ethernet0), cost of root path is 200Topology change flag not set, detected flag not setNumber of topology changes 1 last change occurred 00:00:38 agofrom Ethernet0Times: hold 1, topology change 35, notification 2hello 2, max age 20, forward delay 15Timers:hello 0, topology change 0, notification 0, aging 300Port 2 (Ethernet0) of Bridge group 1 is forwardingPort path cost 100, Port priority 128, Port Identifier 128.2.Designated root has priority 32768, address 00d0.d373.2ec0Designated bridge has priority 32768, address 00e0.1e58.8af2Designated port id is 128.4, designated path cost 100Timers:message age 2, forward delay 0, hold 0Number of transitions to forwarding state:1BPDU:sent 1, received 35Port 3 (Ethernet1) of Bridge group 1 is forwardingPort path cost 100, Port priority 128, Port Identifier 128.3.Designated root has priority 32768, address 00d0.d373.2ec0Designated bridge has priority 32768, address 00ff.ff20.008eDesignated port id is 128.3, designated path cost 200Timers:message age 0, forward delay 0, hold 0Number of transitions to forwarding state:1BPDU:sent 26, received 0router#Configuring Routing
This section provides instructions on configuring static, dynamic, and policy-based routing (PBR).
Configuring Static Routing
Static routes are routing information that you manually configure into the router. If the network topology changes, the static route must be updated with a new route. Static routes are private routes, unless they are redistributed by a routing protocol. It is optional to configure static routing on the Cisco 806 router.
To configure static routing, perform the following steps, beginning in global configuration mode.
For complete information on the static routing commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on static routing, see "Concepts."
Configuration Example
In the following configuration example, the static route is defined as a default route through the Dialer 0 interface. You would define a default static route through the Dialer interface when using PPPoE. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!ip classless (default)ip route 0.0.0.0 0.0.0.0 dialer0ip http server (default)!Verifying Your Configuration
To verify that you have properly configured static routing, enter the show ip route command, and look for static routes, indicated by the "S." You should see a verification output similar to the following example:
router#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 0.0.0.0 to network 0.0.0.0192.168.89.0/32 is subnetted, 2 subnets10.0.0.0/24 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Ethernet0S* 0.0.0.0/0 is directly connected, Dialer0router#Configuring Dynamic Routing
In dynamic routing, the network protocol adjusts the path automatically, based on network traffic or topology. Changes in dynamic routing are shared with other routers in the network.
The IP routing protocol can use Routing Information Protocol (RIP) or Enhanced Interior Gateway Routing Protocol (IGRP) to learn routes dynamically. You can configure either of these routing protocols.
Configuring RIP
To configure RIP routing protocol on the router, perform the following steps, beginning in global configuration mode.
For complete information on the dynamic routing commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on RIP, see "Concepts."
Configuration Example
The following configuration shows RIP Version 2 enabled in IP network 10.10.10.0.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!router ripversion 2network 10.10.10.0no auto-summary!Verifying Your Configuration
To verify that you have properly configured RIP, enter the show ip route command, and look for RIP routes, indicated by the "R." You should see a verification output similar to the following example:
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-ISinter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set10.0.0.0/24 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Ethernet0/0R 3.0.0.0/8 [120/1] via 10.10.10.1, 00:00:02, Ethernet0/0router#Configuring IP Enhanced IGRP
To configure IP Enhanced IGRP, perform the following steps, beginning in global configuration mode.
For complete information on the IP Enhanced IGRP commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on Enhanced IGRP concepts, see "Concepts."
Configuration Example
The following configuration shows Enhanced IGRP routing protocol enabled in IP network 10.10.10.0. The Enhanced IGRP autonomous system number is assigned as 100.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!router eigrp 100network 10.10.10.0!Verifying Your Configuration
To verify that you have properly configured IP Enhanced IGRP, enter the show ip route command, and look for Enhanced IGRP routes, indicated by "D." You should see a verification output similar to the following example:
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set210.0.0.0/24 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Ethernet0/0D 3.0.0.0/8 [90/409600] via 10.10.10.1, 00:00:02, Ethernet0/0router#Configuring PBR
To configure PBR, you must complete the following tasks:
•
•
•
For instructions on configuring PBR, refer to the Cisco IOS Release 12.0 Quality of Service Solutions Configuration Guide.
Configuring PPPoE Support
Configuring PPPoE support requires the creation of a VPDN, and changes to the Ethernet interfaces and the Dialer interface. To configure Point-to-Point Protocol over Ethernet (PPPoE) support, perform the following steps, beginning in global configuration mode. This procedure includes steps for configuring CHAP authentication. To configure PAP authentication, perform the steps in the following procedure to configure a VPDN and to configure the Ethernet 0 and the Ethernet 1 interface, but perform the steps in "Configuring PAP Authentication" to configure the Dialer interface.
Configuring PAP Authentication
If you need to use PAP authentication instead of CHAP, configure the VPDN and the Ethernet interfaces as shown in the previous procedure, but configure the Dialer interface by performing the following steps, beginning in global configuration mode.
Configuration Examples
The following example shows the VPDN configuration, and the Ethernet 0, Ethernet 1, and Dialer 0 interface configurations for PPPoE support. Use the show running-config command to view your configuration.
vpdn enablevpdn-group 1request-dialinprotocol pppoe!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip tcp adjust-mss 1452 (required for router to reach all websites)!interface Ethernet1no ip addressip tcp adjust-mss 1452pppoe enablepppoe-client dial-pool-number 1!interface Dialer0ip address negotiatedencapsulation pppdialer pool 1dialer group 1ppp authentication chap!!The following example shows the Dialer configuration when the authentication type is PAP. The VPDN and Ethernet configurations would be the same as in the previous example.
!interface Dialer0ip address negotiatedencapsulation pppdialer pool 1dialer group 1ppp authentication pap callinppp pap sent-username sohodyne password 70703204E42081B!Verifying Your Configuration
To verify that you have properly configured PPPoE, enter the show ip interface dialer command. The verification output should be similar to the following sample. Not all output has been shown.
router#show ip interface dialer 0Dialer1 is up, line protocol is upInternet address is 192.168.89.109/32Broadcast address is 255.255.255.255Address determined by IPCPMTU is 1492 bytesHelper address is not setDirected broadcast forwarding is disabled.....Configuring Network Address Translation
This section describes how to configure addressing using Network Address Translation (NAT). You can configure NAT for static or dynamic address translations. It contains the following sections:
Configuring NAT
To configure static or dynamic inside source translation using NAT, perform the following steps, beginning in global configuration mode.
For complete information on the NAT commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on NAT concepts, see "Concepts."
Configuration Example
The following configuration example shows NAT configured for the Ethernet 0 and Ethernet 1 interfaces.
The Ethernet 0 interface has an IP address of 192.168.1.1 and a subnet mask of 255.255.255.0. NAT is configured as inside, which means that the interface is connected to the inside network that is subject to NAT translation.
The Ethernet 1 interface has an IP address of 192.168.2.1 and a subnet mask of 255.255.255.0. NAT is configured as outside, which means that the interface is connected to an outside network, such as the Internet.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface Ethernet1ip address 192.168.2.1 255.255.255.0no ip directed-broadcast (default)ip nat outside!ip route 0.0.0.0 0.0.0.0 Ethernet1!ip nat pool homenet 192.168.2.1 192.168.2.1 netmask 255.255.255.0ip nat inside source list 101 pool homenet overloadaccess-list 101 permit ip 192.168.1.0 0.0.0.255 anyip classless (default)!Verifying Your Configuration
To verify that you have properly configured NAT, enter the show ip nat translation command. You should see a verification output similar to the following example:
router#show ip nat translationPro Inside global Inside local Outside local Outside globaltcp 192.168.1.1:2267 10.10.10.2:2267 63.148.48.18:80 192.168.2.1:80utcp 192.168.1.1:2262 10.10.10.2:2262 207.69.188.186:53 192.168.2.1:53udp 192.175.89.109:2266 10.10.10.2:2266 207.69.188.186:53 192.168.2.1:53router#Configuring NAT with IPCP
This section explains how to configure NAT overload and PPP/Internet Protocol Control Protocol (IPCP). With NAT overload configured, you can use one registered IP address for the interface, and you can use it to access the Internet from all the devices in the network.
With PPP/IPCP, the Cisco 806 router automatically negotiates a globally unique (registered or public) IP address for the interface from the ISP route.
To configure NAT overload and IPCP, perform the following steps, beginning in global configuration mode.
For complete information on these commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on NAT with IPCP concepts, see "Concepts."
Configuration Example
This configuration example shows the commands relevant to NAT with IPCP configurations. The access list configuration in this example will allow TCP applications such as FTP, Telnet, and HTTP, while blocking raw IP packets. The access list is applied to the Dialer 0 interface.
! ACL For Nataccess-list 101 permit ip 192.168.1.0 0.255.255.255 anyip nat inside source list 101 interface Dialer0 overload!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip nat insideno shutdown!!interface Ethernet1no ip addresspppoe enablepppoe-client dial-pool-number 1!!interface Dialer0ip address 140.10.10.5 255.255.255.0ip nat outsideencapsulation pppdialer pool 1dialer-group 1ppp authentication chap!Verifying Your Configuration
To verify that you have properly configured NAT, enter the show ip nat translation command. You should see a verification output similar to the following example:
router#show ip nat translationPro Inside global Inside local Outside local Outside globaltcp 192.168.1.1:2267 10.10.10.2:2267 63.148.48.18:80 192.168.2.1:80utcp 192.168.1.1:2262 10.10.10.2:2262 207.69.188.186:53 192.168.2.1:53udp 192.175.89.109:2266 10.10.10.2:2266 207.69.188.186:53 192.168.2.1:53router#Configuring Dynamic Host Configuration Protocol
This section explains how to configure the Cisco 806 router for Dynamic Host Configuration Protocol (DHCP) support. It includes the following topics:
•
Configuring the DHCP Server and Relay
This section explains how to configure the Cisco 806 router as a DHCP server.
With DHCP, LAN devices on an IP network (DHCP clients) can request IP addresses from the DHCP server. The DHCP server allocates IP addresses from a central pool as needed. A DHCP server can be a workstation, a PC, or a Cisco router.
Configuring the DHCP Server
To configure the router as a DHCP server, perform the following steps, beginning in global configuration mode.
For more information on the features not used in this configuration, refer to the Cisco IOS DHCP Server feature module. For more general information on DHCP servers, see "Concepts."
Configuration Example
The following example shows commands relevant to a DHCP server configuration. This DHCP server leases its addresses for 100 days.
!ip dhcp pool CLIENTnetwork 10.10.10.0 255.255.255.0domain-name cisco.comdefault-router 10.10.10.20netbios-name-server 10.10.10.40dns-server 10.10.10.80lease 100!Verifying Your Configuration
To verify that the server is assigning IP addresses to attached devices, use the show ip dhcp binding command on the DHCP server. You should see a verification output similar to the following example:
router#show ip dhcp bindingIP address Hardware address Lease expiration Type10.10.10.2 0100.80c7.ecd6.70 Sep 02 2001 07:36 PM Automaticrouter#Configuring the DHCP Relay
This section describes how to configure the router to forward User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients. With the DHCP relay feature configured on the Cisco 806 router, the router can relay IP address requests from the LAN interface to the DHCP server.
To configure the DHCP relay, perform the following steps, beginning in global configuration mode.
For complete information on the DHCP relay commands, refer to the Cisco IOS Release 12.0 documentation set. For more general information on DHCP relays, see "Concepts."
Configuration Example
The following configuration contains commands relevant to the DHCP relay only.
!interface Ethernet0ip address 192.168.100.1 255.255.255.0ip helper-address 200.200.200.1!Configuring a DHCP Client
If you do not configure PPPoE on the Cisco 806, you may wish to configure a DHCP client for the Ethernet 1 interface. Perform the following steps to configure the router for DHCP client support, starting in global configuration mode.
Configuration Example
The following configuration example shows the commands relevant to the Ethernet 1 interface. These command appear in the configuration file generated when you use the show running-config command.
!interface Ethernet1ip address dhcp!Verifying Your Configuration
If the Cisco 806 router is a DHCP client, you can use the show dhcp lease command to determine the IP address the router is using, the subnet mask, the lease time, and other useful information.
You should see verification output similar to the following:
router# show dhcp leaseTemp IP addr: 188.188.1.40 for peer on Interface: Ethernet1Temp sub net mask: 0.0.0.0DHCP Lease server: 4.0.0.32, state: 3 BoundDHCP transaction id: 2431Lease: 3600 secs, Renewal: 1800 secs, Rebind: 3150 secsTemp default-gateway addr: 188.188.1.1Next timer fires after: 00:58:01Retry count: 0 Client-ID: 0010.7b43.aa01Configuring IP Multicasting
Configure multicast routing by completing the following tasks, starting in global configuration mode.
Configuration Example
The following example shows the relevant multicast-routing commands. The Ethernet 0 and the Dialer 0 interfaces have been configured for PIM sparse mode, and the PIM RP address has been defined as 192.168.20.3.
!hostname R1!ip subnet-zeroip multicast-routingip pim rp-address 192.168.20.3!!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip pim sparse-mode!!interface Dialer0ip address 140.10.10.5 255.255.255.0ip pim sparse-modeip route-cache!Verifying Your Configuration
You can verify your configuration of multicasting by using the show ip igmp interface ethernet 0 command. You should see verification output similar to the following:
router#show ip igmp interface ethernet 0Ethernet0 is up, line protocol is upInternet address is 192.168.1.1/24IGMP is enabled on interfaceCurrent IGMP host version is 2Current IGMP router version is 2IGMP query interval is 60 secondsIGMP querier timeout is 120 secondsIGMP max query response time is 10 secondsLast member query response interval is 1000 msInbound IGMP access group is not setIGMP activity:1 joins, 0 leavesMulticast routing is enabled on interfaceMulticast TTL threshold is 0Multicast designated router (DR) is 12.0.0.1 (this system)IGMP querying router is 12.0.0.1 (this system)Multicast groups joined (number of users):224.0.1.40(1)Configuring an Extended Access List
To include one or more extended access lists in your router configuration, complete the following steps, beginning in global configuration mode.
Note
For more complete information on the extended access list commands, refer to the Cisco IOS Release 12.0 documentation set. For information on TCP and UDP port assignments, see "Common Port Assignments."
Configuration Example
This configuration shows an access list being applied to IP address 198.92.32.130.
!access-list 101 permit tcp any host 198.92.32.130 0.0.0.255!Verifying Your Configuration
Use the show access-lists command to verify access list configuration. The following example shows sample output for all access lists with the tag 101:
router> show access-lists 105Extended IP access list 105permit icmp any any echo-replypermit icmp any any time-exceededpermit icmp any any packet-too-bigpermit icmp any any traceroutepermit icmp any any unreachabledeny ip host 255.255.255.255 anydeny ip 192.168.1.0 0.0.0.255 anyConfiguring Network Time Protocol Support
The Network Time Protocol (NTP) is a protocol designed to time-synchronize a network of machines. NTP runs over UDP, which runs over IP. An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP then distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of one another.
To identify a Network Time Protocol (NTP) server on the network and configure the Cisco 806 router as an NTP client, enter the following command in global configuration mode:
ntp server ip-address
where ip-address is the address of an NTP server on the network.
To configure the Cisco 806 router function as an NTP server, enter the following command in global configuration mode:
ntp master stratum-number
where stratum-number indicates the number of hops between the Cisco 806 router and an authorotative time source.
Configuring IP Security and Generic Routing Encapsulation Tunneling
IP Security (IPSec) provides secure tunnels between two peers, such as two routers. You define which packets are to be considered sensitive and thus should be sent through these secure tunnels. You also define the parameters which should be used to protect these sensitive packets, by specifying characteristics of these tunnels. Then, when the IPSec peer sees a sensitive packet, it sets up the appropriate secure tunnel and sends the packet through the tunnel to the remote peer.
The configuration of IPSec and GRE tunneling are presented together in this section. To configure IPSec using a GRE tunnel, perform the following steps, beginning in global configuration mode.
For more information on configuring IPSec and GRE tunneling, refer to the Cisco IOS Security Configuration Guide.
Configuration Example
The following configuration example shows the commands relevant to IPSec and and GRE tunneling. Note that the crypto map named mymap is associated with the Tunnel 0 interface and with the Ethernet 1 interface, and that the tunnel destination address of 140.10.10.6 matches the end point address in the access list.
!crypto isakmp policy 10hash md5authentication pre-sharecrypto isakmp key cisco123 address 140.10.10.6!crypto ipsec transform-set myset esp-des esp-md5-hmac!crypto map mymap local-address Ethernet1crypto map mymap 10 ipsec-isakmpset peer 140.10.10.6set transform-set mysetmatch address 101!interface Tunnel0ip address 11.0.0.1 255.0.0.0tunnel source Ethernet1tunnel destination 140.10.10.6crypto map mymap!!interface Ethernet1ip address 140.10.10.5 255.255.255.0crypto map mymap!access-list 101 permit gre host 140.10.10.5 host 140.10.10.6!Configuring Other Security Features
This section provides information about the security features available on the Cisco 806 router.
Configuring a RADIUS Client
Remote Authentication Dial-In User Service (RADIUS) enables you to secure your network agains unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for the Cisco 806 to use RADIUS client features.
To configure RADIUS on your Cisco 806 router, you must perform the following tasks:
•
•
•
For instructions on configuring a RADIUS client, refer to the Cisco IOS Security Configuration Guide.
Configuring TACACS+
To configure your router to support TACACS+, you must perform the following tasks:
•
•
•
•
You may need to perform other configuration steps if you need to enable accouting for TACACS+ connections. For instructions on configuring TACACS+, refer to the Security Configuration Guide.
Configuring Service Assurance Agent Support
The Cisco Service Assurance Agent (SA Agent) is an application-aware synthetic operation agent that monitors network performance by measuring key metrics such as response time, availability, jitter (interpacket delay variance), connect time, throughput, and packet loss. These metrics can be used for troubleshooting, for analysis for prevention of problems, and for designing future network topologies.
For instructions on configuring SA Agent support, refer to the Cisco IOS Release 12.0 documentation set.
