Table Of Contents
Before You Configure Your Network
Configuring the Ethernet Interface
Configuring the Dialer Interface
Configuring the Loopback Interface
Configuring the Asynchronous Transfer Mode Interface
AAL5SNAP Encapsulation Configuration Example
AAL5MUX PPP Encapsulation Configuration Example
Configuring Command-Line Access to the Router
Configuring Addressing Parameters
Configuring DHCP Client Support
Configuring an Extended Access List
Configuring Quality of Service Parameters
Configuring a Single PVC Environment
Configuring an Access List and Voice Class
Configure a Policy Map and Specify Voice Queuing
Configuring a Policy Map and Specifying Priority Queuing for Voice Class
Associating the Policy Map to the ATM PVC and Decreasing the ATM Interface MTU
Configuring a Multiple PVC Environment
Voice and Data on Different Subnets
Configuring the ATM Interface and Subinterfaces
Voice and Data on the Same Subnet Using Virtual Circuit Bundling
Specifying IP Precedence and the Service Class for the Voice Network
Configuring Multilink PPP Fragmentation and Interleaving
Specifying the Backup Interface
Defining Traffic Load Threshold
Dial Backup Using the Console Port
Configuring IGMP Proxy and Sparse Mode
Configuring IP Security and GRE Tunneling
Configuring Internet Protocol Parameters
Configuring a GRE Tunnel Interface
Configuring the Ethernet Interfaces
Configuring and Monitoring High-Speed Crypto
Configuring Multilink PPP Fragmentation and Interleaving
Configuring Voice for H.323 Signaling
Configuring the POTS Dial Peers
Configuring Voice Dial Peers for H.323 Signaling
Configuring Voice Ports for H.323 Signaling
Cisco 827 Routers Configuration Examples
Cisco 827-4V Router Configuration
Cisco 827 Router Configuration
Corporate or Endpoint Router Configuration for Data Network
Corporate or Endpoint Router Configuration for Data and Voice Network
Basic Router Configuration
This chapter includes basic feature-by-feature configuration procedures. This chapter is useful if you have a network in place and you want to add specific basic features.
Note
Every feature described is not necessarily supported on every router model. Where possible and applicable, these feature limitations will be listed.
If you prefer to use network scenarios to build a network, see Chapter 2, "Network Scenarios." For advanced router configuration topics and feature descriptions, see Chapter 4, "Advanced Router Configuration."
This chapter contains the following sections:
•
•
•
•
•
•
•
•
Each section includes a configuration example and verification steps, where available.
Before You Configure Your Network
Before you configure your network, you must do the following:
•
•
•
–
–
•
–
–
–
–
•
–
–
–
•
Configuring Basic Parameters
To configure the router, perform the tasks described in the following sections:
•
•
•
•
•
•
A configuration file example that illustrates how to configure the network is presented after the tasks.
After your router boots, the following prompt displays. Enter no.
Would you like to enter the initial configuration dialog [yes]: noFor complete information on how to access global configuration mode, see the "Entering Global Configuration Mode" section in Appendix A, "Cisco IOS Basic Skills." For more information on the commands used in the following tables, see the Cisco IOS Release 12.2 documentation set.
Configuring Global Parameters
Use the following table to configure the router for global parameters.
For complete information on the global parameter commands, see the Cisco IOS Release 12.2 documentation set.
Configuring the Ethernet Interface
To configure the Ethernet interface, use the following table, beginning in global configuration mode.
For complete information on the Ethernet commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Ethernet concepts, see "Concepts."
Note
Configuration Example
The following example shows the Ethernet interface configuration. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)!Verifying Your Configuration
To verify that you have properly configured the Ethernet interface, enter the show interface ethernet0 command. You should see a verification output like the example shown below.
router#show interface eth0Ethernet0 is up, line protocol is upHardware is PQUICC Ethernet, address is 0000.Oc13.a4db(bia0010.9181.1281)Internet address is 170.1.4.101/24MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,reliability 255/255., txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Configuring the Dialer Interface
Use these commands if you are using PPP encapsulation for the ATM PVC.
Use the following table to configure the dialer interface, beginning in global configuration mode.
Configuration Example
The following example shows the dialer interface configuration. You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface atm0pvc 1/40encapsulation aal5mux ppp dialerdialer pool-member 1!interface dialer 0ip address 200.200.100.1 255.255.255.0encapsulation pppdialer pool 1!Verifying Your Configuration
To verify that you have properly configured the dialer interface, enter the show interface virtual-access 1 command. Both line protocol and dialer 0 should be up and running. You should see a verification output like the example shown below.
router(config-if)#show interface virtual-access 1Virtual-Access1 is up, line protocol is upHardware is Virtual Access interfaceInterface is unnumbered. Using address of Dialer0 (2.2.2.1)MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation PPP, loopback not setVirtual-access 1 is up means that the interface is up and running. If you see the output Virtual-access 1 is down, it means that the interface is "administratively down," and the interface is configured with the shutdown command. To bring the interface up, you must enter the no shutdown command.
Configuring the Loopback Interface
This section describes configuring the loopback interface. The loopback interface acts as a placeholder for the static IP address and provides default routing information.
For complete information on the loopback commands, see the Cisco IOS Release 12.2 documentation set.
Configuration Tasks
Use the following table to configure the loopback interface.
Sample Configuration
The loopback interface in this sample configuration is used to support NAT on the virtual-template interface. This sample configuration shows the loopback interface configured on the Ethernet interface with an IP address of 200.200.100.1/24, which acts as a static IP address. The loopback interface points back to virtual-template1, which has a negotiated IP address.
!interface Loopback0ip address 200.200.100.1 255.255.255.0 (static IP address)ip nat outside!interface Virtual-Template1ip unnumbered loopback0no ip directed-broadcastip nat outside!Verifying Your Configuration
To verify that you have properly configured the loopback interface, enter the show interface loopback 0 command. You should see a verification output similar to the following example.
Router #show interface loopback 0Loopback0 is up, line protocol is upHardware is LoopbackInternet address is 200.200.100.1/24MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation LOOPBACK, loopback not setLast input never, output never, output hang neverLast clearing of "show interface" counters neverQueueing strategy: fifoOutput queue 0/0, 0 drops; input queue 0/75, 0 drops5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort0 packets output, 0 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 output buffer failures, 0 output buffers swapped outAnother way to verify the loopback interface is to send multiple ping packets to it:
Router#ping 200.200.100.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 200.200.100.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msConfiguring the Asynchronous Transfer Mode Interface
To configure the Asynchronous Transfer Mode (ATM) interface, use the following table, beginning in global configuration mode.
Note
Step 1
interface ATM 0
Enters configuration mode for the ATM interface.
Step 2
dsl equipment-type {co | cpe}
Configures the DSL equipment type, if applicable.
Step 3
dsl linerate {number | auto}
Specifies the G.SHDSL line rate, if applicable. The range of valid numbers is between 72 and 2312.
Step 4
dsl operating-mode gshdsl symmetric annex annex
Sets the G.SHDSL operating mode, if applicable, and select the G.991.2 annex.
Step 5
ip address ip-address mask
Sets the IP address and subnet mask for the ATM interface.
Step 6
pvc vpi/vci
Creates an ATM PVC for each end node with which the router communicates.
Step 7
protocol ip ip-address broadcast
Sets the protocol broadcast for the IP address.
Step 8
encapsulation protocol
Specifies the encapsulation type for the PVC. Encapsulations can be specified as AAL5SNAP, AAL5MUX IP, or AAL5MUX PPP.1
Step 9
tx-ring-limit number
Configures the size of the PVC transmit queue. The default setting is 6.
Step 10
no shutdown
Enables the ATM interface.
Step 11
exit
Exits configuration mode for the ATM interface.
1 This step is optional. If you specify the AAL5MUX PPP encapsulation, you will need to add an additional step to specify the dialer pool-member number using the command dialer-pool member number.
For complete information on the ATM commands, see the Cisco IOS Release 12.2 documentation set. For more general information on ATM concepts, see "Concepts."
AAL5SNAP Encapsulation Configuration Example
The following example shows the ATM interface configuration for AAL5SNAP encapsulation.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface ATM0ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 8/35encapsulation aal5snapprotocol ip 200.200.100.254 broadcast!Verifying Your Configuration
To verify that you have properly configured the ATM interface with AAL5SNAP encapsulation, enter the show interface atm0 command. You should see a verification output like the example shown below.
router#sh int atm0ATM0 is up, line protocol is upHardware is PQUICC_SAR (with Alcatel ADSL Module)Internet address is 1.1.1.1/24MTU 1500 bytes, sub MTU 1500, BW 640 Kbit, DLY 80 usec, reliability113/255. txload 1/255, rxload 1/255Encapsulation aal5snap, loopback not setKeepalive not supportedDTR is pulsed for 5 seconds on resetLCP ClosedAAL5MUX PPP Encapsulation Configuration Example
The following example shows an ATM interface configuration for an AAL5MUX PPP encapsulation.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface ATM0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 8/35encapsulation aal5mux ppp dialerdialer pool-member 1!Verifying Your Configuration
To verify that you have properly configured the ATM interface with AAL5MUX PPP encapsulation, enter the virtual-access 1 command. You should see a verification output like the example shown below.
router#sh int virtual-access 1Virtual-Access1 is up, line protocol is upHardware is Virtual Access interfaceInterface is unnumbered. Using address of Dialer0 (2.2.2.1)MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation PPP, loopback not setVirtual-access 1 is up means that the interface is up and running. If you see the output Virtual-access 1 is down, it means that the interface is "administratively down," and the interface is configured with the shutdown command. To bring the interface up, you must enter the no shutdown command.
Configuring Command-Line Access to the Router
To configure parameters to control access to the router, use the following table, beginning in global configuration mode.
For complete information on the command line commands, see the Cisco IOS Release 12.2 documentation set.
Configuration Example
The following configuration shows the command-line access commands.
You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!line con 0exec-timeout 10 0password 4youreyesonlylogintransport input none (default)stopbits 1 (default)line vty 0 4password secretlogin!Configuring Bridging
Bridges are store-and-forward devices that use unique hardware addresses to filter traffic that would otherwise travel from one segment to another. You can configure the routers as pure bridges.
To configure bridging, use the following table, beginning in global configuration mode.
For complete information on the bridging commands, see the Cisco IOS Release 12.2 documentation set. For more general concepts on bridging, see "Concepts."
Configuration Example
The following configuration example uses bridging with AAL5SNAP encapsulation. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
This configuration example shows the Ethernet and ATM interfaces configured. The Ethernet interface has IP addressing turned off for bridging, and IP directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge-group number to which the ATM interface is associated is set to 1.
The ATM interface has a PVC of 8/35, and the encapsulation is set to AAL5SNAP. The IP address is disabled for bridging and the IP directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge protocol is set to 1 to define the STP.
no ip routing!interface Ethernet0no ip addressno ip directed-broadcast (default)bridge-group 1!interface ATM0no ip addressno ip directed-broadcast (default)pvc 8/35encapsulation aal5snap!bridge-group 1!ip classless (default)!bridge 1 protocol ieee!endVerifying Your Configuration
To verify that you have properly configured bridging, enter the show spanning-tree command. You should see a verification output like the example shown below.
router#show spanning-treeBridge group 1 is executing the IEEE compatible Spanning Tree protocolBridge Identifier has priority 32768, address 1205.9356.0000Configured hello time 2, max age 20, forward delay 15We are the root of the spanning treePort Number size is 9Topology change flag set, detected flag setTimes: hold 1, topology change 35, notification 2hello 2, max age 20, forward delay 15Timers:hello 1, topology change 34, notification 0bridge aging time 15Port 2 (Ethernet0) of Bridge group 1 is forwardingPort path cost 100, Port priority 128Designated root has priority 32768, address 1205.9356.0000Designated bridge has priority 32768, address 1205.9356.0000Designated port is 2, path cost 0Timers:message age 0, forward delay 0, hold 0BPDU:sent 0, received 0Port 3 (ATM0 RFC 1483) of Bridge group 1 is forwardingPort path cost 1562, Port priority 128Designated root has priority 32768, address 1205.9356.0000Designated bridge has priority 32768, address 1205.9356.0000Designated port is 3, path cost 0Timers:message age 0, forward delay 0, hold 0BPDU:sent 0, received 0Configuring Static Routing
Static routes are routing information that you manually configure into the router. If the network topology changes, the static route must be updated with a new route. Static routes are private routes, unless they are redistributed by a routing protocol. Configuring static routing on the 800-series routers is optional.
To configure static routing, use the following table, beginning in global configuration mode.
For complete information on the static routing commands, see the Cisco IOS Release 12.2 documentation set. For more general information on static routing, see "Concepts."
Configuration Example
In the following configuration example, the static route is sending all IP packets with a destination of 1.0.0.0 and a subnet mask of 255.0.0.0 out on the ATM interface to another device with an IP address of 14.0.0.1. Specifically, the packets are being sent to the configured PVC.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!ip classless (default)ip route 1.0.0.0 255.0.0.0 atm0 14.0.0.1no ip http server (default)!Verifying Your Configuration
To verify that you have properly configured static routing, enter the show ip route command and look for static routes signified by the "S."
You should see a verification output like the example shown below.
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-ISinter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 0.0.0.0 to network 0.0.0.05* 2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Ethernet0/0S* 0.0.0.0/0 is directly connected, Ethernet0/0Configuring Dynamic Routing
In dynamic routing, the network protocol adjusts the path automatically based on network traffic or topology. Changes in dynamic routing are shared with other routers in the network.
The IP routing protocol can use the Routing Information Protocol (RIP) or the Enhanced Interior Gateway Routing Protocol (IGRP) to learn routes dynamically. You can configure either one of these routing protocols.
Configuring RIP
To configure RIP routing protocol on the router, use the following table, beginning in global configuration mode.
For complete information on the dynamic routing commands, see the Cisco IOS Release 12.2 documentation set. For more general information on RIP, see "Concepts."
Configuration Example
The following configuration shows RIP version 2 enabled in IP network 10.10.10.0.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!router ripversion 2network 10.0.0.0no auto-summary!Verifying Your Configuration
To verify that you have properly configured RIP, enter the show ip route command and look for RIP routes signified by "R." You should see a verification output like the example shown below.
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-ISinter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Ethernet0/0R 3.0.0.0/8 [120/1] via 2.2.2.1, 00:00:02, Ethernet0/0Configuring IP Enhanced IGRP
To configure IP Enhanced IGRP, use the following table, beginning in global configuration mode.
For complete information on the IP Enhanced IGRP commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Enhanced IGRP concepts, see "Concepts."
Configuration Example
The following configuration shows Enhanced IGRP routing protocol enabled in IP networks 10.0.0.0 and 172.17.0.0. The Enhanced IGRP autonomous system number is assigned as 100.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!router eigrp 100network 10.0.0.0network 172.17.0.0!Verifying Your Configuration
To verify that you have properly configured IP Enhanced IGRP, enter the show ip route command and look for Enhanced IGRP routes signified by "D." You should see a verification output like the example shown below.
router#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, Ethernet0/0D 3.0.0.0/8 [90/409600] via 2.2.2.1, 00:00:02, Ethernet0/0Configuring Addressing Parameters
This section describes how to configure addressing using Network Address Translation (NAT) and Easy IP Phase 1 and 2.
Configuring NAT
You can configure NAT for either static or dynamic address translations.
To configure static or dynamic inside source translation using NAT, use the following table, beginning in global configuration mode.
Note
For complete information on the NAT commands, see the Cisco IOS Release 12.2 documentation set. For more general information on NAT concepts, see "Concepts."
Configuration Example
The following configuration shows NAT configured for the Ethernet and ATM interfaces.
The Ethernet 0 interface has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. NAT is configured for inside, which means that the interface is connected to the inside network that is subject to NAT translation.
The ATM 0 interface has an IP address of 200.200.100.1 and a subnet mask of 255.255.255.0. NAT is configured for outside, which means that the interface is connected to an outside network, such as the Internet.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5snap!ip route 0.0.0.0.0.0.0.0 200.200.100.254!ip nat pool test 200.200.100.1 200.200.100.1 netmask 255.255.255.0ip nat inside source list 101 pool test overloadip classless (default)!Verifying Your Configuration
To verify that you have properly configured NAT, enter the show ip nat statistics command. You should see a verification output like the example shown below.
router#show ip nat statisticsTotal active translations:45 (10 static, 35 dynamic; 45 extended)Outside interfaces:ATM0Inside interfaces:Ethernet0Hits:34897598 Misses:44367Expired translations:119305Dynamic mappings:-- Inside Sourceaccess-list 1 pool homenet refcount 14pool homenet:netmask 255.255.255.0start 200.200.100.1 end 200.200.100.1type generic, total addresses 1, allocated 1 (100%), missesConfiguring Easy IP (Phase 1)
This section explains how to configure Easy IP (Phase 1). Easy IP Phase 1 includes NAT overload and PPP/Internet Protocol Control Protocol (IPCP). NAT overload means that you can use one registered IP address for the interface and use it to access the Internet from all devices in the network.
With PPP/IPCP, Cisco 800-series routers automatically negotiate a globally unique (registered or public) IP address for the interface from the ISP route.
To configure Easy IP (Phase 1), use the following table, beginning in global configuration mode.
For complete information on the Easy IP commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Easy IP (Phase 1) concepts, see "Concepts."
Configuring Easy IP (Phase 2)
This section explains how to configure the Cisco 800 series routers as DHCP servers.
The Easy IP (Phase 2) feature combines DHCP server and relay. With DHCP, LAN devices on an IP network (DHCP clients) can request IP addresses from the DHCP server. The DHCP server allocates IP addresses from a central pool as needed. A DHCP server can be a workstation, PC, or a Cisco router. With the DHCP relay feature configured on the router, the routers can relay IP address requests from the LAN interface and to the DHCP server as shown in Figure 3-1.
Figure 3-1 Easy IP (Phase 2) - DHCP Server and Relay
Configuring DHCP
The following sections describe how to configure the router as a DHCP client, server, or relay.
Configuring DHCP Client Support
Follow these steps to configure the router for DHCP client support:
Step 1
Specifying the value client-id ethernet0 means that the MAC address of the Ethernet interface is used as the client ID when the DHCP request is sent. Otherwise, the MAC address of the BVI interface is used as the client ID.
Step 2
a.
b.
c.
d.
ip nat inside source list 1 interface BVI 1 overload command.Step 3
a.
b.
Configuration Example
The following example shows a configuration of the DHCP client.
Current configuration:!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname c827!!ip subnet-zeroip dhcp excluded-address 10.10.10.1!ip dhcp pool SERVERnetwork 10.10.10.0 255.255.255.0default-router 10.10.10.1import all!bridge irbinterface Ethernet0ip address 10.10.10.1 255.255.255.0no ip directed-broadcastip nat inside!interface ATM0no ip addressno ip directed-broadcastno atm ilmi-keepalivebundle-enablehold-queue 208 in!interface ATM0.1 point-to-pointno ip directed-broadcastpvc 1/100encapsulation aal5snap!bridge-group 1!interface ATM0.2 point-to-pointip address 5.0.0.2 255.0.0.0no ip directed-broadcastpvc 1/101protocol ip 5.0.0.1 broadcastprotocol ip 5.0.0.5 broadcastencapsulation aal5snap!!interface BVI1ip address dhcp client-id Ethernet0no ip directed-broadcastip nat outside!ip nat inside source list 1 interface BVI1 overloadip classlessip route 0.0.0.0 0.0.0.0 BVI1no ip http server!access-list 1 permit 10.10.10.0 0.0.0.255bridge 1 protocol ieeebridge 1 route ip!voice-port 1timing hookflash-in 0!voice-port 2timing hookflash-in 0!voice-port 3timing hookflash-in 0!voice-port 4timing hookflash-in 0!!line con 0exec-timeout 0 0transport input nonestopbits 1line vty 0 4password lablogin!scheduler max-task-time 5000endConfiguring DHCP Server
To configure the router as a DHCP server, use the following table, beginning in global configuration mode.
For more information on the features not used in this configuration, see the Cisco IOS DHCP Server feature module. For more general information on DHCP servers, see "Concepts."
Configuration Example
The following configuration shows a DHCP server configuration for the IP address 20.1.1.2.
!ip dhcp pool CLIENTnetwork 20.20.20.0 255.255.255.0domain-name cisco.comdefault-router 20.20.20.20netbios-name-server 1.1.1.1dns-server 1.1.1.2lease 0 1!Verifying Your Configuration
To verify that you have properly configured the DHCP server, enter the show dhcp server command and look for the assigned server IP. You should see a verification output like the example shown below.
router# show dhcp servershow ip dhcp bindingshow ip dhcp conflictshow ip dhcp server staticsConfiguring the DHCP Relay
This section describes how to configure the router to forward User Datagram Protocol (UDP) broadcasts, including IP address requests, from DHCP clients.
To configure the DHCP relay, use the following table, beginning in global configuration mode.
For complete information on the DHCP relay commands, see the Cisco IOS Release 12.2 documentation set. For more general information on DHCP relays, see "Concepts."
Configuration Example
The following configuration contains commands relevant to DHCP relay only.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!int Ethernet0ip address 192.168.100.1 255.255.255.0ip helper-address 200.200.200.1!Verifying Your Configuration
To verify that you have properly configured the DHCP relay, enter the show dhcp server command. You should see a verification output like the example shown below.
router#show dhcp serverDHCP server:2.2.2.2Leases: 0Offers: 0 Requests:0 Acks:0 Naks:0Declines:0 Releases:0 Bad: 0Configuring TACACS+
The Cisco 827, 831, 836, 837, 827H, and 827-4V routers and the Cisco SOHO 71, 91, 96, and 97 routers support the Terminal Access Controller Access Control System Plus (TACACS+) protocol through Telnet. TACACS+ is a Cisco proprietary authentication protocol that provides remote access authentication and related network security services, such as event logging. User passwords are administered in a central database rather than in individual routers. TACACS+ also provides support for separate modular authentication, authorization, and accounting (AAA) facilities that are configured at individual routers.
To configure your router to support TACACS+, you must perform the following tasks:
Step 1
Step 2
Step 3
Step 4
Step 5
You may need to perform other configuration steps if you need to enable accounting for TACACS+ connections. For instructions on configuring TACACS+, see the Security Configuration Guide.
Configuring an Extended Access List
To include one or more extended access lists in your router configuration, you can use the following commands, beginning in global configuration mode.
For more complete information on the extended access list commands, see the Cisco IOS Release 12.2 documentation set. For information on TCP and UDP port assignments, see "Common Port Assignments."
Configuration Example
This configuration shows an access list being applied to IP address 192.168.1.0.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!access-list 101 permit tcp any host 192.168.1.0 0.0.0.255!Configuring Quality of Service Parameters
This section describes how to configure Quality of Service (QoS) parameters. The requirements for voice QoS are:
•
•
You can configure QoS in a single or multiple PVC environment. In a single PVC environment, the traffic relies on Cisco IOS to provide priority queuing, using Class Based Weighted Fair Queuing (CBWFQ) to prioritize voice traffic and MTU size reduction to perform Layer 3 fragmentation of data packets. In a multiple PVC environment, the traffic relies on the ATM interface to provide priority queuing for voice and fragmentation and interleaving.
Note
For complete information on the QoS commands, see the Cisco IOS documentation set. For more general information on QoS concepts, see "Concepts."
Configuring a Single PVC Environment
In the single PVC environment, the traffic relies on Cisco IOS to provide priority queuing (using CBWFQ). The tasks to configure a single PVC environment are:
•
•
•
•
Configuring IP Precedence
IP precedence gives voice packets a higher priority than other IP data traffic. The ip precedence command is used by the router to differentiate voice traffic from data traffic. So you need to ensure that the data IP packets do not have the same IP precedence as that of the voice packets.
To configure real-time voice traffic precedence over other IP network traffic, use the following table, beginning in global configuration mode.
Note
Configuring an Access List and Voice Class
To create a policy map and associate a priority queue to the voice class, use the following table, beginning in global configuration mode.
Configure a Policy Map and Specify Voice Queuing
Follow the steps below to configure a policy map and to specify voice queuing, beginning in global configuration mode.
Step 1
policy map name
Configures a policy map1 .
Step 2
class voice
Specifies the class for queuing.
Step 3
priority number
Specifies the priority for queuing.
1 Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth.
Configuring a Policy Map and Specifying Priority Queuing for Voice Class
To associate the policy map to the ATM PVC and decrease the MTU of the ATM interface so that large data packets are fragmented, use the following table, beginning in global configuration mode.
Step 1
policy map name
Configures a policy map1 .
Step 2
class voice
Specifies the class for queuing.
Step 3
priority bandwidth
Specifies the priority for queuing.
Step 4
exit
Exits configuration mode for the policy map.
1 Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth.
Associating the Policy Map to the ATM PVC and Decreasing the ATM Interface MTU
To associate the policy map to the ATM PVC and decrease the MTU, use the following table, beginning in global configuration mode. It is recommended that 300 be used for the MTU size because it is larger than the size of the voice packets generated by the different codecs.
Note
Configuration Example
The following example shows a voice QoS configuration in a single PVC environment using AAL5SNAP encapsulation.
!dial-peer voice 105 voipdestination-pattern 3..session target ipv4:10.1.2.3ip precedence 5access-list 101 permit ip any any precedence criticalclass-map voicematch access-group 101policy-map mypolicyclass voicepriority 480int atm0mtu 300pvc 8/35encapsulation aal5snapservice-policy out mypolicyvbr-rt 640 640 10!Configuring a Multiple PVC Environment
In a multiple PVC environment, the traffic relies on the ATM interface to provide priority queuing for voice and fragmentation and interleaving. The following figures show the configurations that you can use.
Voice and Data on Different Subnets
Figure 3-2 shows voice and data packets on different subnets. You can have all voice traffic on an ATM PVC with a VBR-RT service class while the data traffic is transported on an ATM PVC with a UBR service class.
Figure 3-2 Voice and Data on Different Subnets
Configuring the ATM Interface and Subinterfaces
Use this table to configure the ATM interface and subinterfaces, beginning in global configuration mode.
Configuration Example
The following example shows a voice QoS configuration with all data traffic on the 30.0.0.1 network and all voice traffic on the 20.0.0.1 network.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface ATM0.1 point-to-pointip address 20.0.0.1 255.0.0.0no ip directed-broadcast (default)pvc 1/100protocol ip 20.0.0.2 broadcastvbr-rt 424 424 5encapsulation aal5snap!interface ATM0.2 point-to-pointip address 30.0.0.1 255.0.0.0no ip directed-broadcast (default)pvc 1/101protocol ip 30.0.0.2 broadcastencapsulation aal5snapVoice and Data on the Same Subnet Using Virtual Circuit Bundling
Figure 3-3 shows voice and data packets on the same subnet using virtual circuit bundling. Virtual circuit bundling allows multiple PVCs on the same bundle. Using virtual circuit bundling and assigning precedence 5 to the voice packets but not to the data packets ensures that the two types of traffic are separated onto two PVCs.
Figure 3-3 Voice and Data on the Same Subnet with Virtual Circuit Bundling
The tasks for configuring a voice and data network on the same subnet with virtual circuit bundling are as follows:
•
•
•
•
Configuring the ATM Interface
Use the following table to configure the ATM interface, beginning in global configuration mode.
Step 1
interface ATM 0
Enters configuration mode for the ATM interface.
Step 2
dsl equipment-type co/cpe
Configures the DSL equipment type.
Step 3
dsl linerate number/auto
Specifies the G.SHDSL line rate. The range of valid numbers is between 72 and 2312.
Step 4
dsl operating-mode gshdsl symmetric annex annex
Sets the G.SHDSL operating mode, and selects the G.991.2 annex.
Step 5
ip address ip-address mask
Sets the IP address and subnet mask for the ATM interface.
Step 6
bundle name
Specifies a bundle name.
Step 7
encapsulation type
Specifies the encapsulation type for the voice bundle PVC.
Step 8
protocol ip ip-address broadcast
Sets the protocol broadcast for the IP address.
Step 9
pvc-bundle name vpi/vci
Creates a PVC for the voice bundle.
Step 10
vbr-rt pcr scr bs
Sets the service class for the voice bundle.1
Step 11
ip precedence number
Selects an IP precedence level specific to the voice bundle that you created.
Step 12
pvc-bundle name vpi/vci
Creates a PVC for the data bundle.
Step 13
ubr pcr
Sets the service class for the data2 bundle.
Step 14
precedence other
Sets the IP precedence level other to the data bundle that you created.
Step 15
exit
Exits configuration mode for the ATM interface.
1 For voice, the service class must be vbr-rt or vbr-nrt.
2 For data, the service class must be vbr-nrt or ubr.
Specifying IP Precedence and the Service Class for the Voice Network
To configure real-time voice traffic precedence over other IP network traffic, use the following table, beginning in global configuration mode.
Note
Configuration Example
The following configuration shows both voice and data on the same subnet with virtual circuit bundling. IP precedence is set to 5 for the voice packets, but not for the data packets, so that the two types of traffic can be separated onto two different ATM PVCs.
!interface atm0ip address 20.0.0.1 255.0.0.0bundle testencapsulation aal5snapprotocol ip 20.0.0.2 broadcast!pvc-bundle voice 1/100vbr-rt 424 424 5precedence 5!pvc-bundle data 1/101precedence other!dial-peer voice 100 voipdestination-pattern 26..session target ipv4:20.0.0.8ip precedence 5!Configuring Multilink PPP Fragmentation and Interleaving
You should configure multilink PPP fragmentation if you have point-to-point connection using PPP encapsulation or links slower than 2 Mbps in your network.
PPP support for interleaving can be configured on dialer or PRI interfaces.
To configure multilink PPP and interleaving on a dialer interface, use the following table, beginning in global configuration mode.
Note
For complete information on the PPP fragmentation and interleaving commands, see the Dial Solutions Configuration Guide for Cisco IOS Release 12.2. For more general information on PPP fragmentation and interleaving concepts, see "Concepts."
Configuration Example
The following configuration defines a dialer interface that enables multilink PPP with interleaving and a maximum real-time traffic delay of 20 ms. The encapsulation type is defined as aal5mux.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface dialer 1ppp multilinkencapsulated pppppp multilink interleavebandwidth 640ppp multilink fragment-delay 20ip rtp reserve 16384 100 64!interface ATM0pvc 8/35encapsulation aal5mux ppp dialerdialer pool-member 1Verifying Your Configuration
To verify that you have properly configured PPP fragmentation and interleaving, enter the debug ppp multilink fragment command, and then send out one 1500-byte ping packet. The debug message will display information about the fragments being transmitted.
Configuring IP Precedence
IP Precedence gives voice packets a higher priority than other IP data traffic. The ip precedence command should also be used if RSVP is not enabled and you would like to give voice packets a priority over other IP data traffic. IP Precedence scales better than RSVP, but it provides no admission control.
To configure real-time voice traffic precedence over other IP network traffic, use the following table, beginning in global configuration mode.
Note
For complete information on the IP Precedence commands, see the Cisco IOS Release 12.2 documentation set. For more general information on IP Precedence, see "Concepts."
Configuration Example
This configuration example shows a voice configuration with IP precedence set. The IP destination target is set to 8 dialing digits, which automatically sets the IP precedence to 5 by the Cisco 827 routers. The dial peer session target is RAS, which is a protocol that runs between the H.323 voice protocol gateway and gatekeeper.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!access-list 101 permitroute-map data permit 10set ip precedence routing!Configuring RSVP
To minimally configure RSVP for voice traffic, you must enable RSVP on each interface where priority needs to be set. The RSVP feature applies to a single-PVC network only.
By default, RSVP is disabled so that it is backwards compatible with systems that do not implement RSVP. To enable RSVP for IP on an interface, use the following interface configuration command:
Router(config-if)# ip rsvp bandwidth [interface-kbps] [single-flow-kbps]This command starts RSVP and sets the bandwidth and single-flow limits. The default maximum bandwidth is up to 75 percent of the bandwidth available on the interface. By default, a flow can reserve up to the entire reservable bandwidth.
On subinterfaces, RSVP applies to the more restrictive of the available bandwidths of the physical interface and the subinterface.
After enabling RSVP, you must also use the req-qos dial-peer configuration command to request an RSVP session on each VoIP dial peer. Otherwise, no bandwidth is reserved for voice traffic.
To request an RSVP session on each VoIP dial peer, use the following table, beginning in global configuration mode:
For more information about configuring RSVP, see the "Configuring RSVP" chapter of the Network Protocols Configuration Guide, Part 1, for Cisco IOS Release 12.2. For more general information on RSVP commands, see "Concepts."
Configuration Example
This configuration shows two voice dial peers (number 211 and 212) being configured for RSVP.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!dial-peer voice 211 voipreq-qos controlled-load!dial-peer voice 212 voipreq-qos controlled-load!Configuring Dial Backup
You must decide whether to activate the backup interface when the primary line goes down, when the traffic load on the primary line exceeds the defined threshold, or when either occurs. The tasks you perform depend on your decision. Perform the tasks in the following sections to configure dial backup:
•
•
•
Then configure the backup interface for DDR, so that calls are placed as needed.
Specifying the Backup Interface
To specify a backup interface for a primary WAN interface or subinterface, enter the backup interface type number command to select a backup interface.
Note
For more information regarding the available dial backup mechanisms in Cisco IOS, please go to the following URL:
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_tech_note09186a008009457d.shtml
Defining Backup Line Delays
You can configure a value that defines how much time should elapse before a secondary line status changes after a primary line status has changed. You can define two delays:
•
•
To define these delays, use the following syntax:
Router (config-if) # backup delay {enable-delay | never} {disable-delay | never}
Defining Traffic Load Threshold
You can configure dial backup to activate the secondary line, based on the traffic load on the primary line. The software monitors the traffic load and computes a 5-minute moving average. If this average exceeds the value you set for the line, the secondary line is activated and, depending on how the line is configured, some or all of the traffic will flow onto the secondary dialup line.
You can configure a load level for traffic at which additional connections will be added to the primary WAN interface. The load level values range from 1 (unloaded) to 255 (fully loaded).
Use the following syntax to define a WAN line threshold:
Router (config-if) # dialer load-threshold 8 outbound {enable-threshold | never}
{disable-threshold | never}Dial Backup Using the Console Port
The following example shows dial backup using a console port configured for DDR:
interface atm 0ip address 172.30.3.4 255.255.255.0backup interface async1backup delay 10 10!interface async 1ip address 172.30.3.5 255.255.255.0dialer in-banddialer string 5551212dialer-group 1async dynamic routingdialer list 1 protocol ip permitchat-script sillyman """atdt 5551212" TIMEOUT 60 "CONNECT"line aux 0modem chat-script sillymanmodem inoutspeed 9600Configuration Example
The following example shows configuration of dial backup and remote router management on the Cisco 831 and Cisco 837 routers using the console port and dialer watch.
!username Router password!PASSWORD!modemcap entry MY_USR_MODEM:MSC=&F1S0=1!chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555102\T" TIMEOUT 60 CONNECT \c!interface Async1no ip addressencapsulation pppdialer in-banddialer pool-member 3autodetect encapsulation pppasync default routingasync dynamic routingasync mode dedicatedpap authentication pap callin!! Dialer3 is for dial backup and remote router management!interface Dialer3ip address negotiatedencapsulation pppno ip route-cacheno ip mroute-cachedialer pool 3dialer remote-name !REMOTE-NAMEdialer idle-timeout 300dialer string 5555102 modem-script Dialoutdialer watch-group 1dialer-group 1autodetect encapsulation ppppeer default ip address 192.168.2.2no cdp enableppp pap sent-username ! USER SPECIFIC password ! USER SPECIFICppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! IP NAT over Dialer interface using route-mapip nat inside source route-map main interface Dialer1 overloadip nat inside source route-map secondary interface Dialer3 overloadip classlessip route 0.0.0.0 0.0.0.0 !(dial backup peer address @ISP)ip route 0.0.0.0 0.0.0.0 Dialer1 150!no ip http serverip pim bidir-enable!!access-list 101 permit ip 192.168.0.0 0.0.255.255 anydialer watch-list 1 ip !(ATM peer address @ISP) 255.255.255.255dialer-list 1 protocol ip permit!! To direct traffic to an interface only if the Dialer gets assigned with an ip addressroute-map main permit 10match ip address 101match interface Dialer1!route-map secondary permit 10match ip address 101match interface Dialer3!line con 0exec-timeout 0 0modem enablestopbits 1line aux 0exec-timeout 0 0script dialer Dialoutmodem InOutmodem autoconfigure type MY_USR_MODEMtransport input allstopbits 1speed 38400flowcontrol hardwareline vty 0 4exec-timeout 0 0login local!The following example shows configuration of remote management using a console port for the Cisco SOHO 91 and Cisco SOHO 97 routers.
!username Router password !PASSWORD!modemcap entry MY_USR_MODEM:MSC=&F1S0=1!interface Async1no ip addressencapsulation pppdialer in-bandautodetect encapsulation pppasync default routingasync dynamic routingasync mode dedicatedpap authentication pap callinpeer default ip address pool clientpool!! dialer 1 used for PPPoE or PPPoATM! PPPoE or PPPoATM dialer1 configurations are not shown in this sample!ip route 0.0.0.0 0.0.0.0 dialer 1 150!dialer list 1 protocol ip permit!ip local pool clientpool 192.168.0.2 192.168.0.10!line con 0exec-timeout 0 0modem enablestopbits 1line aux 0exec-timeout 0 0modem Dialinmodem autoconfigure type MY_USER_MODEMtransport input allstopbits 1speed 38400flowcontrol hardwareto align with line aux 0exec-timeout 0 0login local!Configuration Example
The following example shows dial backup and remote management configuration on the Cisco 836 router, using the ISDN S/T port and dialer watch.
Cisco836#!vpdn enable!vpdn-group 1accept-dialinprotocol pppoe!!Specifies the ISDN switch typeisdn switch-type basic-net3!interface Ethernet0ip address 192.168.1.1 255.255.255.0hold-queue 100 out!!ISDN interface to be used as a backup interfaceinterface BRI0no ip addressencapsulation pppdialer pool-member 1isdn switch-type basic-net3!interface ATM0no ip addressno atm ilmi-keepalivepvc 1/40encapsulation aal5snappppoe-client dial-pool-number 2!dsl operating-mode auto!! Dial backup interface, associated with physical BRI0 interface. Dialer pool 1 associates it with BRI0's dialer pool member 1. Note "dialer watch-group 1" associates a watch list with corresponding "dialer watch-list" commandinterface Dialer0ip address negotiatedencapsulation pppdialer pool 1dialer idle-timeout 30dialer string 384040dialer watch-group 1dialer-group 1!! Primary interface associated with physical ATM0 interface, dialer pool 2 associates it with ATM0's dial-pool-number2interface Dialer2ip address negotiatedip mtu 1492encapsulation pppdialer pool 2dialer-group 2no cdp enable!ip classless!Primary and backup interface given route metricip route 0.0.0.0 0.0.0.0 22.0.0.2ip route 0.0.0.0 0.0.0.0 192.168.2.2 80ip http server!!Watch for interesting trafficdialer watch-list 1 ip 22.0.0.2 255.255.255.255!Specifies interesting traffic to trigger backup ISDN trafficdialer-list 1 protocol ip permit!Configuring IGMP Proxy and Sparse Mode
The Internet Group Management Protocol (IGMP) proxy feature was added to the unidirectional link routing feature to permit hosts that are not directly connected to a downstream router to join a multicast group sourced from an upstream network.
Follow the steps below to configure IGMP proxy and sparse mode, starting in global configuration mode.
Configuration Example
The following example shows the relevant IGMP proxy and sparse mode commands. The Ethernet 0, Ethernet 1, and loopback 0 interfaces have been configured for PIM sparse mode; the PIM RP address has been defined as 10.5.1.1.
ip pim rp-address 10.5.1.1 5access-list 5 permit 239.0.0.0 255.255.255.255!interface loopback 0ip address 10.7.1.1 255.255.255.0ip pim sparse-modeip igmp helper-address udl ethernet 0ip igmp proxy-service!interface ethernet 0ip address 10.2.1.2 255.255.255.0ip pim sparse-modeip igmp unidirectional link!interface ethernet 1ip address 10.5.1.1 255.255.255.0ip pim sparse-modeip igmp mroute-proxy loopback 0!Verifying Your Configuration
You can verify your configuration by using the show ip igmp interface ethernet 0 multicasting command. You should see a verification output similar to the following:
router#show ip igmp interface ethernet 0Ethernet0 is up, line protocol is upInternet address is 10.2.1.2 255.255.255.0IGMP is enabled on interfaceCurrent IGMP host version is 2Current IGMP router version is 2IGMP query interval is 60 secondsIGMP querier timeout is 120 secondsIGMP max query response time is 10 secondsLast member query response interval is 1000 msInbound IGMP access group is not setIGMP activity: 1 joins, 0 leavesMulticast routing is enabled on interfaceMulticast designated router (DR) is 10.2.1.2 (this system)IGMP querying router is 10.2.1.2 (this system)Multicast groups joined (number of users):224.0.1.40 (1)Configuring IP Security and GRE Tunneling
IP Security (IPSec) provides secure tunnels between two peers, such as two routers. You can define which packets are to be considered sensitive and sent through these secure tunnels. You can also define the parameters which should be used to protect these sensitive packets, by specifying characteristics of these tunnels. When the IPSec peer sees a sensitive packet, it sets up the appropriate secure tunnel and sends the packet through the tunnel to the remote peer.
This section contains the following topics:
•
•
•
•
Configurations for both IPSec and Generic Routing Encapsulation (GRE) tunneling are presented in this section. Perform the following steps to configure IPSec using a GRE tunnel, beginning in global configuration mode.
Configuring Internet Protocol Parameters
Follow the steps below to configure IP parameters, starting in global configuration mode.
Configuring an Access List
Use the access-list command to create an access list that permits the GRE protocol and that specifies the starting and ending IP addresses of the GRE tunnel. Use the following syntax:
access-list 101 permit gre host ip-address host ip-address
In the preceding command line, the first host ip-address specifies the tunnel starting point, and the second host ip-address specifies the tunnel endpoint.
Configuring IPSec
Follow the steps below to configure IPSec, starting in global configuration mode.
Configuring a GRE Tunnel Interface
Follow the steps below to configure the generic routing encapsulation (GRE) tunnel interface, starting in global configuration mode.
Configuring the Ethernet Interfaces
Perform the following tasks to configure the Ethernet 0 and Ethernet 1 interfaces, starting in global configuration mode.
Configuring Static Routes
Follow the steps below to configure static routes, starting in global configuration mode.
Configuring and Monitoring High-Speed Crypto
Use the following command to enable high-speed crypto, starting with global configuration mode.
crypto engine acceleratorTo disable high-speed crypto, use the following command:
no crypto engine acceleratorTo monitor high-speed crypto, use the following command:
show crypto engine accelerator statistic
For more information on configuring IPSec, see the Cisco IOS Security Configuration Guide.
Configuration Example
This configuration example for the Cisco 831 router shows IPSec being used over a GRE tunnel. The example also applies to a SOHO 91 router. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname 831-uut1!memory-size iomem 10!ip subnet-zero!ip audit notify logip audit po max-events 100!crypto isakmp policy 1encr 3desauthentication pre-sharecrypto isakmp key grel address 100.1.1.1!crypto ipsec security-association lifetime seconds 86400!crypto ipsec transform-set strong esp-3des esp-sha-hmac!crypto map mymap local-address Ethernet1crypto may mymap 1 ipsec-isakmpset peer 100.1.1.1set transform-set strongmatch address 151!!!!interface Tunnel0ip address 1.1.1.1 255.255.255.0tunnel source Ethernet1tunnel destination 100.1.1.1crypto map mymap!interface Ethernet0ip address 202.2.2.2 255.255.255.0hold-queue 100 out!interface Ethernet1ip address 100.1.1.1 255.255.255.0crypto map mymap!ip classlessip route 200.1.1.0 255.255.255.0 Tunnel0ip http server!!access-list 151 permit gre host 100.1.1.2 host 100.1.1.1!line con 0no modem enablestopbits 1line aux 0line vty 0 4!scheduler max-task-time 5000The following example shows IPSec configuration on a Cisco 837 router.
version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname 837-uutl!memory-size iomem 10!mmi polling-interval 60no mmi auto-configureno mmi pvcmmi snmp-timeout 180ip subnet-zero!ip audit notify logip audit po max-events 100ip ssh time-out 120ip ssh authentication-retries 3!crypto isakmp policy 1encr 3desauthentication pre-sharecrypto isakmp key grel address 100.1.1.1!crypto ipsec transform-set strong esp-3des esp-sha-hmac!crypto map mymap local-address ATM0crypto map mymap 1 ipsec-isakmpset peer 100.1.1.1set transform-set strongmatch address 151!interface Tunnel0ip address 1.1.1.1 255.255.255.0ip mtu 1440tunnel source ATM0tunnel destination 100.1.1.1crypto map mymap!interface Ethernet0ip address 202.2.2.2 255.255.255.0hold-queue 100 out!interface ATM0ip address 100.1.1.2 255.255.255.0no atm ilmi-keepalivepvc 1/40protocol ip 100.1.1.1 broadcastencapsulation aa15snap!dsl operating-mode autocrypto map mymap!ip classlessip route 200.1.1.0 255.255.255.0 Tunnel0ip http serverip pim bidir-enableConfiguring Multilink PPP Fragmentation and Interleaving
You should configure multilink PPP fragmentation if you have point-to-point connection using PPP encapsulation or if you have links slower than your network.
PPP support for interleaving can be configured on a dialer interface.
Follow the steps below to configure multilink PPP and interleaving on a dialer interface, beginning in global configuration mode.
For complete information on the PPP fragmentation and interleaving commands, see the Dial Solutions Configuration Guide for Cisco IOS Release 12.0T. For general information on PPP fragmentation and interleaving concepts, see "Concepts."
Configuration Example
The following configuration defines a dialer interface that enables multilink PPP with interleaving and a maximum real-time traffic delay of 20 ms. The encapsulation type is defined as aal5mux.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!interface dialer 1ppp multilinkencapsulated pppppp multilink interleavebandwidth 640ppp multilink fragment-delay 20ip rtp reserve 16384 100 64!interface ATM0pvc 8/35encapsulation aal5mux ppp dialerdialer pool-member 1Verifying Your Configuration
To verify that you have properly configured PPP fragmentation and interleaving, enter the debug ppp multilink fragment command, and then send out one 1500-byte ping packet. The debug message will display information about the fragments being transmitted.
Configuring IP Precedence
IP Precedence gives voice packets higher priority than other IP data traffic. Complete the following steps to configure real-time voice traffic precedence over other IP network traffic, beginning in global configuration mode.
Note
For complete information on the IP Precedence commands, see the Cisco IOS Release 12.2 documentation set. For general information on IP Precedence, see "Concepts."
Configuration Example
This configuration example shows a voice configuration with IP Precedence set. The IP destination target is set to 8 dialing digits, which automatically sets the IP precedence to 5 on the Cisco routers. The dial peer session target is RAS, which is a protocol that runs between the H.323 voice protocol gateway and gatekeeper.
You do not need to enter the commands marked "default." These commands appear automatically in the configuration file that is generated when you use the show running-config command.
!access-list 101 permitroute-map data permit 10set ip precedence routingConfiguring Voice
The Cisco 827 routers support voice using the H.323 signaling protocol.
•
•
The default signaling protocol is H.323 signaling standard.
Prerequisite Tasks
Before you can configure your router to use voice, you need to perform the following tasks:
•
•
•
•
Configuring Voice for H.323 Signaling
This section describes the tasks you need to perform to configure the router for H.323 signaling on the voice ports.
Configuring the POTS Dial Peers
To configure the POTS dial peers, use the following table, beginning in global configuration mode.
Configuring Voice Dial Peers for H.323 Signaling
Follow the steps below to configure voice dial peers for H.323 signaling, beginning in global configuration mode.
Configuring Voice Ports for H.323 Signaling
Voice port configuration should be automatic in the United States, however, if you are overseas, you may need to do the following voice port configuration, beginning in global configuration mode.
For complete information on the dial peer commands, see the Cisco IOS Release 12.2 documentation set. For more general information on dial peer concepts, see "Concepts."
Configuring Number Expansion
This section describes how to expand an extension number into a particular destination pattern. Use the following global configuration command to expand the extension number:
Router(config)# num-exp extension-number extension-stringTo verify that you have mapped the telephone numbers correctly, enter the show num-exp command.
After you have configured dial peers and assigned destination patterns to them, enter the show dialplan number command to see how a telephone number maps to a dial peer.
For complete information on the number expansion commands, see the Cisco IOS documentation set.
Configuration Example
This configuration shows voice traffic configured. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!class-map voicematch access-group 101!policy-map mypolicyclass voicepriority 128class class-defaultfair-queue 16!ip subnet-zero!gateway!interface Ethernet0ip address 20.20.20.20 255.255.255.0no ip directed-broadcast (default)ip route-cache policyip policy route-map data!interface ATM0ip address 10.10.10.20 255.255.255.0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 1/40service-policy output mypolicyprotocol ip 10.10.10.36 broadcastvbr-nrt 640 600 4! 640 is the maximum upstream rate of ADSLencapsulation aal5snap!bundle-enableh323-gateway voip interfaceh323-gateway voip id gk-twister ipaddr 172.17.1.1 1719h323-gateway voip h323-id gw-820h323-gateway voip tech-prefix 1#!router eigrp 100network 10.0.0.0network 20.0.0.0!ip classless (default)no ip http server!access-list 101 permit ip any any precedence criticalroute-map data permit 10set ip precedence routine!!line con 0exec-timeout 0 0transport input nonestopbits 1line vty 0 4login!!voice-port 1local-alertingtimeouts call-disconnect 0!voice-port 2local-alertingtimeouts call-disconnect 0!voice-port 3local-alertingtimeouts call-disconnect 0!voice-port 4local-alertingtimeouts call-disconnect 0!dial-peer voice 10 voipdestination-pattern ........ip precedence 5session target ras!dial-peer voice 1 potsdestination-pattern 5258111port 1!dial-peer voice 2 potsdestination-pattern 5258222port 2!dial-peer voice 3 potsdestination-pattern 5258333port 3!dial-peer voice 4 potsdestination-pattern 5258444port 4!endCisco 827 Routers Configuration Examples
The following examples are for the following configurations:
•
•
•
•
These configurations are intended to be examples only. Your router configuration may look different depending on your network.
Cisco 827-4V Router Configuration
The following is a configuration for the Cisco 827-4V router configured for H.323 signaling voice traffic. These commands appear automatically in the configuration file generated when you use the show running-config command.
ip subnet-zero!bridge crb!interface Ethernet0no ip addressno ip directed-broadcastbridge-group 1!interface ATM0no ip addressno ip directed-broadcastno atm ilmi-keepalivebundle-enable!interface ATM0.1 point-to-pointip address 1.0.0.1 255.255.255.0no ip directed-broadcastpvc voice 1/40protocol ip 1.0.0.2 broadcastencapsulation aal5snap!!interface ATM0.2 point-to-pointno ip addressno ip directed-broadcastpvc data 1/41encapsulation aal5snap!bridge-group 1!ip classless!bridge 1 protocol ieee!voice-port 1local-alertingtimeouts call-disconnect 0!voice-port 2local-alertingtimeouts call-disconnect 0!voice-port 3local-alertingtimeouts call-disconnect 0!voice-port 4local-alertingtimeouts call-disconnect 0!dial-peer voice 101 potsdestination-pattern 14085271111port 1!dial-peer voice 1100 voipdestination-pattern 12123451111codec g711ulawsession target ipv4:1.0.0.2!dial-peer voice 102 potsdestination-pattern 14085272222port 2!dial-peer voice 1200 voipdestination-pattern 12123452222codec g711ulawsession target ipv4:1.0.0.2!dial-peer voice 103 potsdestination-pattern 14085273333port 3!dial-peer voice 1300 voipdestination-pattern 12123453333codec g711ulawsession target ipv4:1.0.0.2!dial-peer voice 104 potsdestination-pattern 14085274444port 4!dial-peer voice 1400 voipdestination-pattern 12123454444codec g711ulawsession target ipv4:1.0.0.2!Cisco 827 Router Configuration
The following is a configuration for the Cisco 827 router. These commands appear automatically in the configuration file generated when you use the show running-config command.
Current configuration:!version 12.2no service pad (default)service timestamps debug uptime (default)service timestamps log uptime (default)no service password-encryption (default)hostname Cisco827enable secret 5 $1$RnI.$K4mh5q4MFetaqKzBbQ7gv0ip subnet-zerono ip domain-lookupip dhcp-server 20.1.1.2ipx routing 0010.7b7e.5499!In the preceding command, the router MAC address is automatically used !as the router IPX address.!interface Ethernet0ip address 10.1.1.1 255.255.255.0no ip directed-broadcast (default)ipx network 100 novell-ether!interface ATM0ip address 14.0.0.17 255.0.0.0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 8/35protocol ip 14.0.0.1 no broadcastencapsulation aal5snap!router ripversion 2network 10.0.0.0network 30.0.0.0no auto-summary!no ip http server (default)ip classless (default)!line con 0exec-timeout 10 0password 4youreyesonlylogintransport input none (default)stopbits 1 (default)line vty 0 4password secretlogin!endCorporate or Endpoint Router Configuration for Data Network
This section shows a configuration that you can use to configure a Cisco 3600 router as a corporate or endpoint router in your data network.You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
Current configuration:!version 12.2no service pad (default)service timestamps debug uptime (default)service timestamps log uptime (default)no service password-encryption (default)!hostname c3600enable secret 5 $1$8TI8$WjLcYWgZ7EZhqH49Y2hJV!ip subnet-zerono domain-lookupipx routing 0010.7b7e.5498!In the preceding command, the router MAC address is automatically used as the router IPX address.!interface Ethernet0ip address 20.0.0.1 255.0.0.0no ip directed-broadcast (default)ipx network 200!router ripversion 2network 20.0.0.0network 30.0.0.0no auto-summary!no ip http server (default)ip classless (default)!protocol ip 2.0.0.1 broadcast!line con 0exec-timeout 0 0transport input none (default)stopbits 1 (default)line vty 0 4password secretlogin!endCorporate or Endpoint Router Configuration for Data and Voice Network
This section shows a configuration that you can use to configure a Cisco 3600 router as a corporate or endpoint router in your data and voice network.You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
Current configuration:!version 12.2service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname c3640!ip subnet-zero!cns event-service server!!!voice-port 1/0/0no echo-cancel enable!voice-port 1/1/0!voice-port 1/1/1!dial-peer voice 101 potsdestination-pattern 5552222port 1/0/0!dial-peer voice 102 potsdestination-pattern 5554444port 1/0/1!dial-peer voice 103 potsdestination-pattern 5556666port 1/1/0!dial-peer voice 104 potsdestination-pattern 5558888port 1/1/1dial-peer voice 1100 voipdestination-pattern 5551111codec g711alawip precedence 5no vadsession target ipv4:2.0.0.3!dial-peer voice 1101 voipdestination-pattern 5553333codec g711alawip precedence 5no vadsession target ipv4:2.0.0.3!dial-peer voice 1102 voipdestination-pattern 5555555codec g711alawip precedence 5session target ipv4:2.0.0.3!dial-peer voice 1103 voipdestination-pattern 5557777codec g711alawip precedence 5session target ipv4:2.0.0.3!process-max-time 200!interface Ethernet0/1no ip addressno ip directed-broadcast (default)shutdown!router ripversion 2network 3.0.0.0!ip classless (default)ip route 0.0.0.0 0.0.0.0 Ethernet 0/0ip route 1.0.0.0 255.0.0.0 3.0.0.0ip route 2.0.0.0 255.0.0.0 3.0.0.1ip route 5.0.0.0 255.0.0.0 3.0.0.1ip route 40.0.0.0 255.255.255.0 172.28.9.1ip route 172.28.5.0 255.255.255.0 172.28.9.1ip route 172.28.9.0 255.255.255.0 172.28.9.1no http server!line con 0transport input none (default)line aux 0line vty 0 4login!end
