Table Of Contents
Before You Configure Your Network
Configuring the Ethernet Interface
Configuring the Dialer Interface
Configuring the Loopback Interface
Configuring the Asynchronous Transfer Mode Interface
AAL5SNAP Encapsulation Configuration Example
AAL5MUX PPP Encapsulation Configuration Example
Configuring Command-Line Access to the Router
Configuring Addressing Parameters
Configuring DHCP Client Support
Configuring an Extended Access List
Configuring Quality of Service Parameters
Configuring a Single PVC Environment
Configuring an Access List and Voice Class
Configure a Policy Map and Specify Voice Queuing
Configuring a Policy Map and Specifying Priority Queuing for Voice Class
Associating the Policy Map to the ATM PVC and Decreasing the ATM Interface MTU
Configuring a Multiple PVC Environment
Voice and Data on Different Subnets
Configuring the ATM Interface and Subinterfaces
Voice and Data on the Same Subnet Using Virtual Circuit Bundling
Specifying IP Precedence and the Service Class for the Voice Network
Configuring Multilink PPP Fragmentation and Interleaving
Specifying the Backup Interface
Defining Traffic Load Threshold
Dial Backup Using the Console Port
Configuring IGMP Proxy and Sparse Mode
Configuring IP Security and GRE Tunneling
Configuring Internet Protocol Parameters
Configuring a GRE Tunnel Interface
Configuring the Ethernet Interfaces
Configuring and Monitoring High-Speed Crypto
Configuring Multilink PPP Fragmentation and Interleaving
Configuring Voice for H.323 Signaling
Configuring the POTS Dial Peers
Configuring Voice Dial Peers for H.323 Signaling
Configuring Voice Ports for H.323 Signaling
Cisco 827 Routers Configuration Examples
Cisco 827-4V Router Configuration
Cisco 827 Router Configuration
Corporate or Endpoint Router Configuration for Data Network
Corporate or Endpoint Router Configuration for Data and Voice Network
Basic Router Configuration
This chapter includes basic feature-by-feature configuration procedures. This chapter is useful if you have a network in place and you want to add specific basic features.
Note
Every feature described is not necessarily supported on every router model. Where possible and applicable, these feature limitations will be listed.
If you prefer to use network scenarios to build a network, see Chapter 2, "Network Scenarios." For advanced router configuration topics and feature descriptions, see Chapter 4, "Advanced Router Configuration."
This chapter contains the following sections:
•
•
•
•
•
•
•
•
Each section includes a configuration example and verification steps, where available.
Before You Configure Your Network
Before you configure your network, you must do the following:
•
•
•
–
–
•
–
–
–
–
•
–
–
–
•
Configuring Basic Parameters
To configure the router, perform the tasks described in the following sections:
•
•
•
•
•
•
A configuration file example that illustrates how to configure the network is presented after the tasks.
After your router boots, the following prompt displays. Enter no.
Would you like to enter the initial configuration dialog [yes]: noFor complete information on how to access global configuration mode, see the "Entering Global Configuration Mode" section in Appendix A, "Cisco IOS Basic Skills." For more information on the commands used in the following tables, see the Cisco IOS Release 12.2 documentation set.
Configuring Global Parameters
Use the following table to configure the router for global parameters.
For complete information on the global parameter commands, see the Cisco IOS Release 12.2 documentation set.
Configuring the Ethernet Interface
To configure the Ethernet interface, use the following table, beginning in global configuration mode.
For complete information on the Ethernet commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Ethernet concepts, see "Concepts."
Note
Configuration Example
The following example shows the Ethernet interface configuration. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)!Verifying Your Configuration
To verify that you have properly configured the Ethernet interface, enter the show interface ethernet0 command. You should see a verification output like the example shown below.
router#show interface eth0Ethernet0 is up, line protocol is upHardware is PQUICC Ethernet, address is 0000.Oc13.a4db(bia0010.9181.1281)Internet address is 170.1.4.101/24MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,reliability 255/255., txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Configuring the Dialer Interface
Use these commands if you are using PPP encapsulation for the ATM PVC.
Use the following table to configure the dialer interface, beginning in global configuration mode.
Configuration Example
The following example shows the dialer interface configuration. You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface atm0pvc 1/40encapsulation aal5mux ppp dialerdialer pool-member 1!interface dialer 0ip address 200.200.100.1 255.255.255.0encapsulation pppdialer pool 1!Verifying Your Configuration
To verify that you have properly configured the dialer interface, enter the show interface virtual-access 1 command. Both line protocol and dialer 0 should be up and running. You should see a verification output like the example shown below.
router(config-if)#show interface virtual-access 1Virtual-Access1 is up, line protocol is upHardware is Virtual Access interfaceInterface is unnumbered. Using address of Dialer0 (2.2.2.1)MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation PPP, loopback not setVirtual-access 1 is up means that the interface is up and running. If you see the output Virtual-access 1 is down, it means that the interface is "administratively down," and the interface is configured with the shutdown command. To bring the interface up, you must enter the no shutdown command.
Configuring the Loopback Interface
This section describes configuring the loopback interface. The loopback interface acts as a placeholder for the static IP address and provides default routing information.
For complete information on the loopback commands, see the Cisco IOS Release 12.2 documentation set.
Configuration Tasks
Use the following table to configure the loopback interface.
Sample Configuration
The loopback interface in this sample configuration is used to support NAT on the virtual-template interface. This sample configuration shows the loopback interface configured on the Ethernet interface with an IP address of 200.200.100.1/24, which acts as a static IP address. The loopback interface points back to virtual-template1, which has a negotiated IP address.
!interface Loopback0ip address 200.200.100.1 255.255.255.0 (static IP address)ip nat outside!interface Virtual-Template1ip unnumbered loopback0no ip directed-broadcastip nat outside!Verifying Your Configuration
To verify that you have properly configured the loopback interface, enter the show interface loopback 0 command. You should see a verification output similar to the following example.
Router #show interface loopback 0Loopback0 is up, line protocol is upHardware is LoopbackInternet address is 200.200.100.1/24MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation LOOPBACK, loopback not setLast input never, output never, output hang neverLast clearing of "show interface" counters neverQueueing strategy: fifoOutput queue 0/0, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 output buffer failures, 0 output buffers swapped outAnother way to verify the loopback interface is to send multiple ping packets to it:
Router#ping 200.200.100.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 200.200.100.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msConfiguring the Asynchronous Transfer Mode Interface
To configure the Asynchronous Transfer Mode (ATM) interface, use the following table, beginning in global configuration mode.
Note
Step 1
interface ATM 0
Enters configuration mode for the ATM interface.
Step 2
dsl equipment-type {co | cpe}
Configures the DSL equipment type, if applicable.
Step 3
dsl linerate {number | auto}
Specifies the G.SHDSL line rate, if applicable. The range of valid numbers is between 72 and 2312.
Step 4
dsl operating-mode gshdsl symmetric annex annex
Sets the G.SHDSL operating mode, if applicable, and select the G.991.2 annex.
Step 5
ip address ip-address mask
Sets the IP address and subnet mask for the ATM interface.
Step 6
pvc vpi/vci
Creates an ATM PVC for each end node with which the router communicates.
Step 7
protocol ip ip-address broadcast
Sets the protocol broadcast for the IP address.
Step 8
encapsulation protocol
Specifies the encapsulation type for the PVC. Encapsulations can be specified as AAL5SNAP, AAL5MUX IP, or AAL5MUX PPP.1
Step 9
tx-ring-limit number
Configures the size of the PVC transmit queue. The default setting is 6.
Step 10
no shutdown
Enables the ATM interface.
Step 11
exit
Exits configuration mode for the ATM interface.
1 This step is optional. If you specify the AAL5MUX PPP encapsulation, you will need to add an additional step to specify the dialer pool-member number using the command dialer-pool member number.
For complete information on the ATM commands, see the Cisco IOS Release 12.2 documentation set. For more general information on ATM concepts, see "Concepts."
AAL5SNAP Encapsulation Configuration Example
The following example shows the ATM interface configuration for AAL5SNAP encapsulation.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface ATM0ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 8/35encapsulation aal5snapprotocol ip 200.200.100.254 broadcast!Verifying Your Configuration
To verify that you have properly configured the ATM interface with AAL5SNAP encapsulation, enter the show interface atm0 command. You should see a verification output like the example shown below.
router#sh int atm0ATM0 is up, line protocol is upHardware is PQUICC_SAR (with Alcatel ADSL Module)Internet address is 1.1.1.1/24MTU 1500 bytes, sub MTU 1500, BW 640 Kbit, DLY 80 usec, reliability113/255. txload 1/255, rxload 1/255Encapsulation aal5snap, loopback not setKeepalive not supportedDTR is pulsed for 5 seconds on resetLCP ClosedAAL5MUX PPP Encapsulation Configuration Example
The following example shows an ATM interface configuration for an AAL5MUX PPP encapsulation.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface ATM0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 8/35encapsulation aal5mux ppp dialerdialer pool-member 1!Verifying Your Configuration
To verify that you have properly configured the ATM interface with AAL5MUX PPP encapsulation, enter the virtual-access 1 command. You should see a verification output like the example shown below.
router#sh int virtual-access 1Virtual-Access1 is up, line protocol is upHardware is Virtual Access interfaceInterface is unnumbered. Using address of Dialer0 (2.2.2.1)MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation PPP, loopback not setVirtual-access 1 is up means that the interface is up and running. If you see the output Virtual-access 1 is down, it means that the interface is "administratively down," and the interface is configured with the shutdown command. To bring the interface up, you must enter the no shutdown command.
Configuring Command-Line Access to the Router
To configure parameters to control access to the router, use the following table, beginning in global configuration mode.
For complete information on the command line commands, see the Cisco IOS Release 12.2 documentation set.
Configuration Example
The following configuration shows the command-line access commands.
You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!line con 0exec-timeout 10 0password 4youreyesonlylogintransport input none (default)stopbits 1 (default)line vty 0 4password secretlogin!Configuring Bridging
Bridges are store-and-forward devices that use unique hardware addresses to filter traffic that would otherwise travel from one segment to another. You can configure the routers as pure bridges.
To configure bridging, use the following table, beginning in global configuration mode.
For complete information on the bridging commands, see the Cisco IOS Release 12.2 documentation set. For more general concepts on bridging, see "Concepts."
Configuration Example
The following configuration example uses bridging with AAL5SNAP encapsulation. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
This configuration example shows the Ethernet and ATM interfaces configured. The Ethernet interface has IP addressing turned off for bridging, and IP directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge-group number to which the ATM interface is associated is set to 1.
The ATM interface has a PVC of 8/35, and the encapsulation is set to AAL5SNAP. The IP address is disabled for bridging and the IP directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge protocol is set to 1 to define the STP.
no ip routing!interface Ethernet0no ip addressno ip directed-broadcast (default)bridge-group 1!interface ATM0no ip addressno ip directed-broadcast (default)pvc 8/35encapsulation aal5snap!bridge-group 1!ip classless (default)!bridge 1 protocol ieee!endVerifying Your Configuration
To verify that you have properly configured bridging, enter the show spanning-tree command. You should see a verification output like the example shown below.
router#show spanning-treeBridge group 1 is executing the IEEE compatible Spanning Tree protocolBridge Identifier has priority 32768, address 1205.9356.0000Configured hello time 2, max age 20, forward delay 15We are the root of the spanning treePort Number size is 9Topology change flag set, detected flag setTimes: hold 1, topology change 35, notification 2hello 2, max age 20, forward delay 15Timers:hello 1, topology change 34, notification 0bridge aging time 15Port 2 (Ethernet0) of Bridge group 1 is forwardingPort path cost 100, Port priority 128Designated root has priority 32768, address 1205.9356.0000Designated bridge has priority 32768, address 1205.9356.0000Designated port is 2, path cost 0Timers:message age 0, forward delay 0, hold 0BPDU:sent 0, received 0Port 3 (ATM0 RFC 1483) of Bridge group 1 is forwardingPort path cost 1562, Port priority 128Designated root has priority 32768, address 1205.9356.0000Designated bridge has priority 32768, address 1205.9356.0000Designated port is 3, path cost 0Timers:message age 0, forward delay 0, hold 0BPDU:sent 0, received 0Configuring Static Routing
Static routes are routing information that you manually configure into the router. If the network topology changes, the static route must be updated with a new route. Static routes are private routes, unless they are redistributed by a routing protocol. Configuring static routing on the 800-series routers is optional.
To configure static routing, use the following table, beginning in global configuration mode.
For complete information on the static routing commands, see the Cisco IOS Release 12.2 documentation set. For more general information on static routing, see "Concepts."
Configuration Example
In the following configuration example, the static route is sending all IP packets with a destination of 1.0.0.0 and a subnet mask of 255.0.0.0 out on the ATM interface to another device with an IP address of 14.0.0.1. Specifically, the packets are being sent to the configured PVC.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!ip classless (default)ip route 1.0.0.0 255.0.0.0 atm0 14.0.0.1no ip http server (default)!Verifying Your Configuration
To verify that you have properly configured static routing, enter the show ip route command and look for static routes signified by the "S."
You should see a verification output like the example shown below.
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-ISinter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 0.0.0.0 to network 0.0.0.05* 2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Ethernet0/0S* 0.0.0.0/0 is directly connected, Ethernet0/0Configuring Dynamic Routing
In dynamic routing, the network protocol adjusts the path automatically based on network traffic or topology. Changes in dynamic routing are shared with other routers in the network.
The IP routing protocol can use the Routing Information Protocol (RIP) or the Enhanced Interior Gateway Routing Protocol (IGRP) to learn routes dynamically. You can configure either one of these routing protocols.
Configuring RIP
To configure RIP routing protocol on the router, use the following table, beginning in global configuration mode.
For complete information on the dynamic routing commands, see the Cisco IOS Release 12.2 documentation set. For more general information on RIP, see "Concepts."
Configuration Example
The following configuration shows RIP version 2 enabled in IP network 10.10.10.0.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!router ripversion 2network 10.0.0.0no auto-summary!Verifying Your Configuration
To verify that you have properly configured RIP, enter the show ip route command and look for RIP routes signified by "R." You should see a verification output like the example shown below.
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-ISinter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Ethernet0/0R 3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:02, Ethernet0/0Configuring IP Enhanced IGRP
To configure IP Enhanced IGRP, use the following table, beginning in global configuration mode.
For complete information on the IP Enhanced IGRP commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Enhanced IGRP concepts, see "Concepts."
Configuration Example
The following configuration shows Enhanced IGRP routing protocol enabled in IP networks 10.0.0.0 and 172.17.0.0. The Enhanced IGRP autonomous system number is assigned as 100.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!router eigrp 100network 10.0.0.0network 172.17.0.0!Verifying Your Configuration
To verify that you have properly configured IP Enhanced IGRP, enter the show ip route command and look for Enhanced IGRP routes signified by "D." You should see a verification output like the example shown below.
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Ethernet0/0D 3.0.0.0/8 [90/409600] via 2.2.2.1, 00:00:02, Ethernet0/0Configuring Addressing Parameters
This section describes how to configure addressing using Network Address Translation (NAT) and Easy IP Phase 1 and 2.
Configuring NAT
You can configure NAT for either static or dynamic address translations.
To configure static or dynamic inside source translation using NAT, use the following table, beginning in global configuration mode.
Note
For complete information on the NAT commands, see the Cisco IOS Release 12.2 documentation set. For more general information on NAT concepts, see "Concepts."
Configuration Example
The following configuration shows NAT configured for the Ethernet and ATM interfaces.
The Ethernet 0 interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is configured for inside, which means that the interface is connected to the inside network that is subject to NAT translation.
The ATM 0 interface has an IP address of 200.200.100.1 and a subnet mask of 255.255.255.0. NAT is configured for outside, which means that the interface is connected to an outside network, such as the Internet.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5snap!ip route 0.0.0.0.0.0.0.0 200.200.100.254!ip nat pool test 200.200.100.1 200.200.100.1 netmask 255.255.255.0ip nat inside source list 101 pool test overloadip classless (default)!Verifying Your Configuration
To verify that you have properly configured NAT, enter the show ip nat statistics command. You should see a verification output like the example shown below.
router#show ip nat statisticsTotal active translations:45 (10 static, 35 dynamic; 45 extended)Outside interfaces:ATM0Inside interfaces:Ethernet0Hits:34897598 Misses:44367Expired translations:119305Dynamic mappings:-- Inside Sourceaccess-list 1 pool homenet refcount 14pool homenet:netmask 255.255.255.0start 200.200.100.1 end 200.200.100.1type generic, total addresses 1, allocated 1 (100%), missesConfiguring Easy IP (Phase 1)
This section explains how to configure Easy IP (Phase 1). Easy IP Phase 1 includes NAT overload and PPP/Internet Protocol Control Protocol (IPCP). NAT overload means that you can use one registered IP address for the interface and use it to access the Internet from all devices in the network.
With PPP/IPCP, Cisco 800-series routers automatically negotiate a globally unique (registered or public) IP address for the interface from the ISP route.
To configure Easy IP (Phase 1), use the following table, beginning in global configuration mode.
For complete information on the Easy IP commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Easy IP (Phase 1) concepts, see "Concepts."
Configuring Easy IP (Phase 2)
This section explains how to configure the Cisco 800 series routers as DHCP servers.
The Easy IP (Phase 2) feature combines DHCP server and relay. With DHCP, LAN devices on an IP network (DHCP clients) can request IP addresses from the DHCP server. The DHCP server allocates IP addresses from a central pool as needed. A DHCP server can be a workstation, PC, or a Cisco router. With the DHCP relay feature configured on the router, the routers can relay IP address requests from the LAN interface and to the DHCP server as shown in Figure 3-1.
Figure 3-1 Easy IP (Phase 2) - DHCP Server and Relay
Configuring DHCP
