Cisco 7100 Series VPN Router Installation and Configuration Guide - 7100 ICG - Configuring the Router [Cisco 7100 Series VPN Routers]

Table Of Contents

Performing a Basic Startup Configuration

Checking Conditions Prior to System Startup

Starting the System and Observing Initial Conditions

Configuring a Router

Performing a Basic Configuration Using AutoInstall

Performing a Basic Configuration Using the Setup Facility

Performing a Basic Configuration Using Global Configuration Mode

Using the EXEC Command Interpreter

Configuring the Fast Ethernet Interfaces

Configuring the T1 and E1 Interfaces

Configuring the T3 Interfaces

Configuring the E3 Interfaces

Configuring the ATM Interfaces

Saving the Running Configuration to NVRAM

Checking the Running Configuration Settings

Checking the Interface Configurations

Performing Other Configuration Tasks

Viewing the System Configuration

Replacing or Recovering a Lost Password

Overview of the Password Recovery Procedure

Details of the Password Recovery Procedure

Performing a Basic Startup Configuration

This chapter describes how to start the system and perform a basic configuration for your Cisco 7100 series router. The chapter includes the following sections:

•Checking Conditions Prior to System Startup

•Starting the System and Observing Initial Conditions

•Configuring a Router

•Performing Other Configuration Tasks

•Viewing the System Configuration

•Replacing or Recovering a Lost Password

Complex configuration procedures are beyond the scope of this publication. See the "Related Documentation" section for additional information.

Checking Conditions Prior to System Startup

Check the following conditions before you start your router:

•Each port adapter is securely inserted in its slot.

•All network interface cables are connected.

•A Flash Disk or Flash memory card is installed in its PC Card slot.

•The power cable is connected and secured with the cable-retention clip.

•The console terminal is connected and powered on.

Starting the System and Observing Initial Conditions

After installing the router and connecting cables, start the router as follows:

Step 1 Turn the power switch on the power supply to the on (|) position. The green power (PWR) LED on the router goes on.

Step 2 Listen for the fans; you should immediately hear them operating.

Step 3 During the boot process, observe the system LEDs. The LEDs on most of the fixed interfaces and port adapters go on and off in irregular sequence. Some may go on, go out, and go on again for a short time.

Note The boot LED remains lit when the ISA/ISM is configured for MPPE, and it starts to pulsate after booting when the ISA/ISM is configured for IPSec. The ISA/ISM functions normally whether the boot LED is pulsating or is solid. See the Integrated Service Adapter and Integrated Service Module Installation and Configuration for more information on configuring the ISA/ISM.

Step 4 Observe the initialization process. When the system boot is complete (a few seconds), the network processor begins to initialize the interfaces. During this initialization, the LEDs on each port behave differently (most flash on and off).

The enabled (EN) LED on each interface goes on when initialization is completed, and the console screen displays a script and system banner similar to the following:
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Step 5 When you start up the router for the first time, the system automatically enters the setup command facility, which determines which interfaces are installed and prompts you for configuration information for each one. On the console terminal, after the system displays the system banner and hardware configuration, you will see the following System Configuration Dialog prompt:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
You have the option of proceeding with the setup facility to configure the interfaces, or exiting from setup and using configuration commands to configure global (system-wide) and interface-specific parameters. You do not have to configure the interface immediately; however, you cannot enable the interfaces or connect them to any networks until you have configured them.

•To continue with setup—Enter yes and proceed to the "Performing a Basic Configuration Using the Setup Facility" section.

•To use global configuration mode to enter commands manually—Enter no and proceed to the "Performing a Basic Configuration Using Global Configuration Mode" section.

Some interface LEDs do not light until you have configured them. Complete the first-time startup procedures and configuration, and then refer to the LED descriptions in "Overview," to check the status of the interfaces.

For specific port and service adapters specific to the Cisco 7100 series VPN routers, see the Cisco 7100 Series VPN Router Documentation flyer, and refer to the specific configuration and installation guide for your port adapter for information.

For troubleshooting recommendations and procedures, see "Troubleshooting the Installation."

Configuring a Router

You can configure or modify the configuration of the router using one of the procedures described in the following sections:

•Performing a Basic Configuration Using AutoInstall

•Performing a Basic Configuration Using the Setup Facility

•Performing a Basic Configuration Using Global Configuration Mode

Follow the procedure that best fits the needs of your network configuration.

Note You need to acquire the correct network addresses from your system administrator or consult your network plan to determine correct addresses before you can complete the router configuration.

Enter the show version command to display the router model and the release of Cisco IOS software that is supported on the router. (See the "Viewing the System Configuration" section for sample output of the show version command.)

Performing a Basic Configuration Using AutoInstall

The AutoInstall process configures the router automatically after connection to the WAN. A Transmission Control Protocol/Internet Protocol (TCP/IP) host on your network must be preconfigured to provide the required configuration files. The TCP/IP host may exist anywhere on the network provided the following two conditions are met:

1. The host must be on the remote side of the router's synchronous serial connection to the WAN.

2. User Datagram Protocol (UDP) broadcasts to and from the router and the TCP/IP host are enabled.

Do not use AutoInstall unless the required files are available on the TCP/IP host. Refer to the publications Configuration Fundamentals Configuration Guide and Configuration Fundamentals Command Reference for information about how AutoInstall works. (See "Related Documentation" section for more information.

To configure the router using AutoInstall, complete the following steps:

Step 1 Attach the appropriate synchronous serial cable to an available synchronous serial interface on the router.

Step 2 Turn the power switch on the power supply to the on (|) position. (This action supplies AC power to the router.)

The router loads the operating system image from Flash memory. If the remote end of the WAN connection is connected and properly configured, the AutoInstall process begins.

Step 3 After the AutoInstall process is complete, use the copy running-config startup-config command to write the configuration data to the router's nonvolatile random-access memory (NVRAM).
Hostname# copy running-config startup-config
Note This step saves the configuration settings to NVRAM. If you fail to do this, your configuration will be lost the next time you reload the router.

Performing a Basic Configuration Using the Setup Facility

If you do not plan to use AutoInstall, do not connect the router's serial (WAN) cable to the network. The router boots from Flash memory and goes automatically into the setup facility, if the WAN interface is not connected.

You can run the setup facility any time you are at the privileged-level (enable) prompt (#) by entering the command setup.

Note If the router does not have a configuration stored in NVRAM, the router attempts to run AutoInstall at startup. After the router determines that AutoInstall is not configured, it defaults to the setup facility.

Configure the global parameters and interface parameters, if you have not already done so (see "Using the EXEC Command Interpreter" section). Global parameters are used for controlling system-wide settings. Interface parameters are used to create a connection over a LAN or WAN.

Complete the following steps to perform a basic configuration using the setup facility:

Step 1 Ensure that a console terminal is connected to the console port, and then boot the router.

The system boots from Flash memory. The following information appears after about 30 seconds. When you see this information, you have successfully booted your router:
              Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco Internetwork Operating System Software 
IOS (tm) EGR Software (c7100-P-M), Released Version 12.0(4)XE
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 07-Jun-99 10:25 by biff
Image text-base:0x600088F8, data-base:0x60A54000
cisco 7140-2T3 (EGR) processor with 61440K/69632K bytes of memory.
R7000 CPU at 262Mhz, Implementation 39, Rev 1.0, 256KB L2, 2048KB L3 Cache
Last reset from power-on
X.25 software, Version 3.0.0.
3 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
125K bytes of non-volatile configuration memory.
40960K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
4096K bytes of Flash internal SIMM (Sector size 256K).
Press RETURN to get started!
Note The banner and the installed hardware sections of the configuration script appear only at initial system startup.

Step 2 Enter yes or press Return to begin the initial configuration dialog.
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
First, would you like to see the current interface summary? [yes]:
In the following example, the summary shows a router at first-time startup; that is, 
nothing is configured. The type of interfaces varies depending on the type of Cisco 7100 
series router you are using and the type of modular port adapter that is installed in the 
router. 
Any interface listed with OK? value "NO" does not have a valid configuration
Interface            IP-Address      OK? Method  Status   Protocol
FastEthernet0/0      unassigned      NO  unset   up       up 
FastEthernet0/1      unassigned      NO  unset   up       up 
ATM1/0               unassigned      NO  unset   down     down 
ATM2/0               unassigned      NO  unset   down     down 
Step 3 Enter the router host name, enable secret password, enable password, and virtual terminal password.
Configuring global parameters:
  Enter host name [Router]: sanjose
  The enable secret is a password used to protect access to
  privileged EXEC and configuration modes. This password, after
  entered, becomes encrypted in the configuration.
  Enter enable secret: barney
  The enable password is used when you do not specify an
  enable secret password, with some older software versions, and
  some boot images.
  Enter enable password: betty
  The virtual terminal password is used to protect
  access to the router over a network interface.
  Enter virtual terminal password: fred
Step 4 Decide whether you want to configure Simple Network Management Protocol (SNMP).

Enter yes or press Return to accept SNMP management; enter no to refuse it.
Configure System Management? [yes/no]: no
  Configure SNMP Network Management? [yes]: no
Step 5 Choose which protocols to support on your interfaces. For IP-only installations, accept the default values for most questions. If you are using IP routing, also select one or two of the following interior routing protocols, using the setup facility: Interior Gateway Routing Protocol (IGRP) or Routing Information Protocol (RIP).

To configure IP routing, enter yes (the default) or press Return, and then select an interior routing protocol.
Configure IP? [yes]: yes
  Configure IGRP routing? [yes]: yes
    Your IGRP autonomous system number [1]: 15
  Configure CLNS? [no]: no
Step 6 Configure the Fast Ethernet LAN port in slot 0, using your own addresses and subnet mask at the setup prompts.
Configuring interface parameters:
Do you want to configure FastEthernet0/0 interface? [yes]: yes
  Use the 100 Base-TX (RJ-45) connector? [yes]: yes
  Operate in full-duplex mode? [no]: yes
  Configure IP on this interface? [yes]: yes
    IP address for this interface: 10.1.1.1
    Subnet mask for this interface [255.0.0.0]: 
    Class A network is 10.0.0.0, 8 subnet bits; mask is /8
Do you want to configure FastEthernet0/1 interface? [yes]: no
Step 7 Configure the ATM port in slot 1. Use your own addresses and subnet mask at the setup prompts.
Do you want to configure ATM1/0 interface? [yes]: yes
  Configure IP on this interface? [yes]: yes
    IP address for this interface: 10.1.1.2
    Subnet mask for this interface [255.0.0.0]:
    Class A network is 10.0.0.0, 8 subnet bits; mask is /8
Do you want to configure ATM2/0 interface? [yes]:no
Step 8 Configure the synchronous serial port in slot 4. Use your own addresses and subnet mask at the setup prompts.
Do you want to configure Serial4/0 interface [yes]:
Configure IP on this interface? [yes]: 
    IP address for this interface: 10.1.1.3 
    Number of bits in subnet field [0]: 
    Class A network is 10.1.1.0, 0 subnet bits; mask is /24
Step 9 Review your configuration to view your changes before they are made permanent. The program also asks you if you want to use this configuration.
The following configuration command script was created:
hostname sanjose
enable secret 5 $1$gG.I$gc9JUfK2r6pIDL0vo3j191
enable password betty
line vty 0 4
password fred
no snmp-server
!
ip routing
no clns routing
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.0.0
 no ip directed-broadcast
 duplex auto
 speed auto
!
interface ATM1/0
 ip address 10.1.1.2 255.255.255.0
 ip broadcast-address 3.3.3.255
 no ip directed-broadcast
 shutdown
 duplex auto
 speed auto
!
interface Serial4/0
 ip address 10.1.1.3
 no ip directed-broadcast
 shutdown
 framing c-bit
 cablelength 10
 dsu bandwidth 44210
!
router igrp 200
 network 10.0.0.0
!
end
Step 10 Save the settings to NVRAM.
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
Your router is now minimally configured and ready to use. You can use the setup command if you want to modify the parameters after the initial configuration. To perform more complex configurations, use the configure command.

Performing a Basic Configuration Using Global Configuration Mode

You will need the following information before beginning the procedures in this section:

•Host name of the router and any passwords you plan to use

•Protocols you plan to route on each new interface

•IP addresses if you plan to configure the interfaces for IP routing

•Timing source for each new interface and clock speeds for external timing

The configure command requires privileged-level access to the EXEC command interpreter, which usually requires a password. Contact your system administrator if necessary to obtain EXEC-level access.

Using the EXEC Command Interpreter

You modify the configuration of your router through the software command interpreter called the EXEC (also called enable mode). You must enter the privileged level of the EXEC command interpreter with the enable command before you can use the configure command to configure a new interface or change the existing configuration of an interface. The system prompts you for a password if one has been set.

The system prompt for the privileged level ends with a pound sign (#) instead of an angle bracket (>). At the console terminal, use the following procedure to enter the privileged level:

Step 1 At the user-level EXEC prompt, enter the enable command. The EXEC prompts you for a privileged-level password as follows:
Router> enable 
Password: 
Step 2 Enter the password (the password is case sensitive). For security purposes, the password is not displayed.

When you enter the correct password, the system displays the privileged-level system prompt (#):
Router#
Step 3 Enter the configure terminal command at the enable prompt to enter configuration mode from the terminal.
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
At this point, you can configure the router's host name, passwords, and other global configurations.

Note To see a list of the configuration commands available to you, enter ? at the prompt or press the Help key while in configuration mode. For more information, refer to the Configuration Fundamentals Configuration Guide and the Configuration Fundamentals Command Reference. See "Related Documentation" section for more information.

Step 4 At this point, you can either:

•Save your configuration—See the "Saving the Running Configuration to NVRAM" section).

•Configure the fixed interfaces on the router as follows:

–Configuring the Fast Ethernet Interfaces

–Configuring the T1 and E1 Interfaces

–Configuring the T3 Interfaces

–Configuring the E3 Interfaces

–Configuring the ATM Interfaces

Configuring the Fast Ethernet Interfaces

The Cisco 7100 series VPN routers have two 10BaseT/100BaseTX autosensing Ethernet/Fast Ethernet interfaces equipped with RJ-45 receptacles.

To configure the Fast Ethernet interfaces, use the duplex command and the speed command. To fully enable autonegotiation on the Fast Ethernet interfaces, use the duplex auto command and the speed auto command.

The default settings and the commands to change the defaults are listed in Table 4-1.

Table 4-1 Fast Ethernet Interface Defaults

Attribute

Default Value

Command

Duplex mode

Autonegotiation¹

duplex {full | half | auto}
no duplex

Speed

Autonegotiation

speed {10 | 100 | auto}
no speed

¹In Cisco IOS Release 12.0(4)XE, the default value for duplex mode is half duplex and the default value for speed is 100 Mbps. In Cisco IOS Release 12.0(5)XE or later releases of 12.0 XE, and in Cisco IOS Release 12.0(6)T or later releases of 12.0 T, the default value for duplex mode and speed is autonegotiation.

If the connected Fast Ethernet port does not support autonegotiation or is not configured for autonegotiation, then the router uses a method called parallel detection which can determine speed, but not duplex. In this case the autosensensing Fast Ethernet port on your Cisco 7100 series router will default to half-duplex mode.

To configure the Fast Ethernet port 0, follow the steps below:

Step 1 At the Router (config)# prompt, enter the interface type slot/port command to enter the interface configuration mode. In this example, Fast Ethernet port 0 is configured:
Router(config)# interface fastethernet 0/0
Router(config-if)#
You can now enter any changes to the configuration.

Note To see a list of the configuration commands available to you, enter ? at the prompt or press the Help key while in configuration mode.

Step 2 Specify the IP address. The following example uses an IP address of 10.1.1.20:
Router(config-if)# ip address 10.1.1.20 255.0.0.0
Step 3 Change a default setting or configure other features on the interface, as needed.

The following example shows you how to change the duplex mode (autonegotiation is the default) and the speed (autonegotiation is the default):
Router(config-if)# duplex half
Router(config-if)# speed 10
Note For more information on configuring interfaces, refer to the Cisco IOS Interface Configuration Guide and the Cisco IOS Interface Command Reference publications. See "Related Documentation" section for more information.

Step 4 Enable the interface.
Router(config-if)# no shutdown
Step 5 Configure additional interfaces as required.

Step 6 Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and return to the EXEC command interpreter.

Step 7 Save the configuration to NVRAM as follows:
Router# copy running-config startup-config
[OK]
(See the "Saving the Running Configuration to NVRAM" section. Also see the "Checking the Interface Configurations" section for examples of interface configurations.)

Configuring the T1 and E1 Interfaces

The Cisco 7120-4T1 provides four channel-independent, synchronous serial ports that support full-duplex operation at T1 (1.544-Mbps) and E1 (2.048-Mbps) speeds. The default settings and the commands to change the defaults are listed in Table 4-2.

Table 4-2 T1 and E1 Interface Defaults

Attribute

Default Value

Command

Duplex mode

Full duplex

half duplex

Clock rate

Uses the external timing signal

clock rate

Invert clock rate

Not inverted

invert-txc

NRZI encoding

NRZ format

nrzi-encoding

CRC 32

16 bits

crc size (16 or 32 bits)

Perform a basic interface configuration using the procedure below.

Note Additional configuration commands may be required, depending on your system requirements and the protocols you plan to route on the interface.

At any time, you can exit the privileged level and return to the user level by entering disable at the prompt as follows:
Router# disable
Step 1 At the Router (config)# prompt, enter the interface type slot/port command to enter the interface configuration mode. In this example, the serial port 0 is configured:
Router(config)# interface serial 1/0
Router(config-if)#
Enter any changes to the configuration.

Note To see a list of the configuration commands available to you, enter ? at the prompt or press the Help key while in configuration mode.

Step 2 Specify the IP address. The following example uses an IP address of 10.1.1.10:
Router(config-if)# ip address 10.1.1.10 255.0.0.0
Step 3 Change the default settings or configure other features on the interface as needed.

The following example sets the external clock rate to 72 kbps:
Router(config-if)# clockrate 72000
Enter the clockrate ? command for a list of valid clock rates. If you enter a nonstandard clock rate (that is, a rate not displayed by the clockrate ? command), the clock rate is rounded to the nearest value that the hardware can support. To determine the value that the clock rate was rounded to, use the show running-configuration command.

Set the external clock rate in bits-per-second if you are configuring a data communications equipment (DCE) interface or you want to perform a loopback test. Skip this step if you are configuring a data terminal equipment (DTE) interface; the interface automatically uses the external timing signal.

The T1 and E1 interfaces support both DTE and DCE mode, depending on the mode of the interface cable attached to the port.

The DCE interface generates its own clock signal (TxC) and sends it to the remote DTE. The remote DTE device returns the clock signal to the DCE. (See Table 4-2 for a list of commands used to change the default settings.)

Note For more information on configuring interfaces, refer to the Cisco IOS Interface Configuration Guide and the Cisco IOS Interface Command Reference publications. See "Related Documentation" section for more information.

Step 4 Enable the interface.
Router(config-if)# no shutdown
Step 5 Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and return to the EXEC command interpreter.

Step 6 Save the new configuration to NVRAM as follows:
Router# copy running-config startup-config
[OK]
(See the "Saving the Running Configuration to NVRAM" section. Also see the "Checking the Interface Configurations" section for examples of interface configurations.)

Configuring the T3 Interfaces

The Cisco 7120-T3 provides one and the Cisco 7140-2T3 provides two high-speed, synchronous serial ports that support full-duplex operation at T3 (45-Mbps) speeds. The default settings and the commands to change the defaults are listed in Table 4-3.

Table 4-3 T3 Interface Defaults

Attribute

Default Value

Command

Clock source

Line

clock source

DSU bandwidth

44210

dsu bandwidth kbps (22 to 44210)

DSU mode

0

dsu mode {0 | 1 | 2}

Scramble

Not enabled

scramble
no scramble

Framing

C-bit

framing {c-bit }| m13 | bypass}

Cable length

10 feet

cablelength feet (0 to 450)

CRC

16 bits

crc size (16 or 32 bits)

Perform a basic interface configuration using the procedure below.

Note Additional configuration commands may be required, depending on your system requirements and the protocols you plan to route on the interface.

At any time, you can exit the privileged level and return to the user level by entering disable at the prompt as follows:
Router# disable
Step 1 At the Router (config)# prompt, enter the interface type slot/port command to enter the interface configuration mode. In this example, the serial port 0 is configured:
Router(config)# interface serial 1/0
Router(config-if)#
You can now enter any changes to the configuration.

Note To see a list of the configuration commands available to you, enter ? at the prompt or press the Help key while in configuration mode.

Step 2 Specify the IP address. The following example uses an IP address of 10.1.1.30:
Router(config-if)# ip address 10.1.1.30 255.0.0.0
Step 3 Change the default settings or configure other features on the interface as needed.

The following example shows you how to set the clock source to internal (the default is line) and reduce the effective bandwidth (the default is 44210 kbps):
Router(config-if)# clock source internal
Router(config-if)# dsu bandwidth 16000
Note The local port configuration must match the remote port configuration. For example, if you reduce the effective bandwidth to 16000 on the local port, you must do the same on the remote port.

(See Table 4-3 for a list of commands used to change the default settings. Also see Table C-17 for information regarding data service unit [DSU] feature compatibilities.)

Note For more information on configuring interfaces, refer to the Cisco IOS Interface Configuration Guide and the Cisco IOS Interface Command Reference publications. See "Related Documentation" section for more information.

Step 4 Enable the interface.
Router(config-if)# no shutdown
Step 5 Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and return to the EXEC command interpreter.

Step 6 Save the new configuration to NVRAM as follows:
Router# copy running-config startup-config
[OK]
(See the "Saving the Running Configuration to NVRAM" section. Also see the "Checking the Interface Configurations" section for examples of interface configurations.)

Configuring the E3 Interfaces

The Cisco 7120-E3 provides one and the Cisco 7140-2E3 provides two high-speed, synchronous serial ports that support full-duplex operation at E3 (34-Mbps) speeds. The default settings and the commands to change the defaults are listed in Table 4-4.

Table 4-4 E3 Interface Defaults

Attribute

Default Value

Command

Clock source

Line

clock source

DSU bandwidth

34010

dsu bandwidth kbps (22 to 34010)

DSU mode

0

dsu mode {0 | 1}

National bit

0

national bit {0 | 1}

Scramble

Not enabled

scramble
no scramble

Framing

G.751

framing {bypass¹ | g751}

Cable length

10 feet

cablelength feet (0 to 450)

CRC

16 bits

crc size (16 or 32 bits)

¹If you use the bypass option, scrambling must be set to the default, disabled; the DSU mode must be set to the default, 0; and the DSU bandwidth must be set to the default, 34010.

Perform a basic interface configuration using the procedure below.

Note Additional configuration commands may be required, depending on your system requirements and the protocols you plan to route on the interface.

At any time, you can exit the privileged level and return to the user level by entering disable at the prompt as follows:
Router# disable
Step 1 At the Router (config)# prompt, enter the interface type slot/port command to enter the interface configuration mode. In this example, the serial port 0 is configured:
Router(config)# interface serial 1/0
Router(config-if)#
You can now enter any changes to the configuration.

Note To see a list of the configuration commands available to you, enter ? at the prompt or press the Help key while in configuration mode.

Step 2 Specify the IP address. The following example uses an IP address of 10.1.1.40:
Router(config-if)# ip address 10.1.1.40 255.0.0.0
Step 3 Change the default settings or configure other features on the interface as needed.

The following example shows you how to set the clock source to internal (the default is line) and reduce the effective bandwidth (the default is 34010 kbps):
Router(config-if)# clock source internal
Router(config-if)# dsu bandwidth 16000
Note The local port configuration must match the remote port configuration. For example, if you reduce the effective bandwidth to 16000 on the local port, you must do the same on the remote port.

(See Table 4-4 for a list of commands used to change the default settings. See Table C-17 for information regarding DSU feature compatibilities.)

Note For more information on configuring interfaces, refer to the Cisco IOS Interface Configuration Guide and the Cisco IOS Interface Command Reference publications. See "Related Documentation" section for more information.

Step 4 Enable the interface.
Router(config-if)# no shutdown
Step 5 Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and return to the EXEC command interpreter.

Step 6 Save the new configuration to NVRAM as follows:
Router# copy running-config startup-config
[OK]
(See the "Saving the Running Configuration to NVRAM" section. Also see the "Checking the Interface Configurations" section for examples of interface configurations.)

Configuring the ATM Interfaces

The Cisco 7120-AT3 provides one and the Cisco 7140-2AT3 provides two high-speed, ATM ports that support full-duplex operation at T3 (45-Mbps) speeds. The Cisco 7120-AE3 provides one and the Cisco 7140-2AE3 provides two high-speed, ATM ports that support full-duplex operation at E3 (34-Mbps) speeds. The Cisco 7120-SMI3 provides one and the Cisco 7140-2MM3 provides two ATM ports that support full-duplex operation at OC-3c/STM1 single-mode intermediate reach or multimode (155-Mbps) speeds. The default settings and the commands to change the defaults are listed in Table 4-5.

Table 4-5 ATM T3, E3, and OC3 Interface Defaults

General Attributes

Default Value

Command

ATM clock

Receive clock

atm clock internal
no atm clock internal

MTU size

4470 bytes

mtu bytes (64 to 9188)

T3 Attributes

Line build-out

Short

atm lbo {short | long}

ATM DS3-scramble

Not enabled

atm DS3-scramble
no atm DS3-scramble

ATM DS3 framing

cbitadm

atm framing {m23plcp | cbitplcp | m23adm | cbitadm}

E3 Attributes

ATM E3-scramble

Not enabled

atm e3-scramble
no atm e3-scramble

ATM E3 framing

G.832

atm framing {g832adm | g751adm | g751plcp}

OC3 Attributes

SONET framing

sts-3c

atm sonet stm-1
no atm sonet stm-1

Perform a basic interface configuration using the procedure below.

Note Additional configuration commands may be required, depending on your system requirements and the protocols you plan to route on the interface.

At any time, you can exit the privileged level and return to the user level by entering disable at the prompt as follows:
Router# disable
Note Information on configuring virtual circuits is described in the "Configuring ATM" chapter of the Wide-Area Networking Configuration Guide publication.

Step 1 At the Router (config)# prompt, enter the interface type slot/port command to enter the interface configuration mode. In this example, the serial port 0 is configured:
Router(config)# interface atm 1/0
Router(config-if)#
Enter any changes to the configuration.

Note To see a list of the configuration commands available to you, enter ? at the prompt or press the Help key while in configuration mode.

Step 2 Specify the IP address. The following example uses an IP address of 10.1.1.50:
Router(config-if)# ip address 10.1.1.50 255.0.0.0
Step 3 Change the default settings or configure other features on the interface as needed. The following example shows you how to change the clock source to internal (the default is receive clock):
Router(config-if)# clock source internal
(See Table 4-5 for a list of commands used to change the default settings.)

Note For more information on configuring interfaces, refer to the Cisco IOS Interface Configuration Guide and the Cisco IOS Interface Command Reference publications. See "Related Documentation" section for more information.

Step 4 Enable the interface.
Router(config-if)# no shutdown
Step 5 Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and return to the EXEC command interpreter.

Step 6 Save the new configuration to NVRAM as follows:
Router# copy running-config startup-config
[OK]
(See the "Saving the Running Configuration to NVRAM" section. Also see the "Checking the Interface Configurations" section for examples of interface configurations.)

Your router is now minimally configured and will boot with the configuration you
have entered.

Saving the Running Configuration to NVRAM

After you have completed configuring your router, enter the following command to store the configuration changes to your startup configuration in NVRAM so the router boots with the configuration you have entered:
Router# copy running-config startup-config
If you fail to save the configuration setting, your configuration will be lost the next time you reload the router.

Checking the Running Configuration Settings

Check your settings and review any changes to your configuration, using the commands below.

•Use the EXEC mode show startup-config command to display the information stored in NVRAM.

•Use the show running-config command to check the value of the settings you have entered before they are saved to NVRAM.

The following example shows a sample output from the show running-config command:
Router# show running-config 
Building configuration...
Current configuration:
!
version 12.0(6)T
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname Router
!
enable password egr
!
ip subnet-zero
ip host Router 10.0.0.0
ip host router 10.0.0.0
ip domain-name cisco.com
!
!
!
interface FastEthernet0/0
 ip address 10.0.0.0 255.0.0.0
 no ip directed-broadcast
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.0 255.255.0.0
 ip broadcast-address 255.255.0.0
 no ip directed-broadcast
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 no ip directed-broadcast
 shutdown
 framing c-bit
 cablelength 10
 dsu bandwidth 44210
!
interface Serial1/1
 no ip address
 no ip directed-broadcast
 shutdown
 framing c-bit
 cablelength 10
 dsu bandwidth 44210
!
interface FastEthernet4/0
 no ip address
 no ip directed-broadcast
 shutdown
!
router igrp 200
 network 10.0.0.0
!
ip classless
no ip http server
!
!
map-list atm1
!
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 login
!
end
Checking the Interface Configurations

You can identify interfaces by using software commands:

•Use the show interfaces command to display information about all interfaces

•Use the show interfaces command with the interface type (Ethernet, Token Ring, ATM, and so forth), slot number, and port number in the format show interfaces type slot/port to display information about a specific interface

The following examples show the display for the Fast Ethernet port 0 in slot 0:
Router# show interfaces fastethernet 0/0
FastEthernet0/0 is up, line protocol is up 
  Hardware is DEC21140A, address is 0050.73ff.6300 (bia 0050.73ff.6300)
  Internet address is 10.0.0.0
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, 
     reliablility 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, 100BaseTX/FX
  ARP type:ARPA, ARP Timeout 04:00:00
  Last input 00:00:04, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy:fifo
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 2000 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     134 packets input, 41451 bytes
     Received 134 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     26 packets output, 5281 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Performing Other Configuration Tasks

Refer to the following publications to make advanced configuration changes after you establish the basic startup configuration for your router:

•Cisco 7100 Series VPN Configuration Guide; this document contains sample configurations.

•Modular configuration and modular command reference publications in the Cisco IOS software configuration documentation set that corresponds to the software release installed on your Cisco hardware. These publications contain additional information on using the configure command.

The configuration publications also provide information about the following tasks:

–Understanding and working with the user interface on your router

–Booting and rebooting the router

–Setting the configuration register

–Loading configuration files or system images using remote copy protocol (rcp) or Trivial File Transfer Protocol (TFTP)

–Reloading the operating system

Viewing the System Configuration

Use the show version and the show diag commands to view information specific to the hardware configuration of your router.

Use the show version (or show hardware) command to display the system hardware (the network processing engine and number of interfaces installed), the software version, the names and sources of configuration files, and the boot images.

The following sample output of the show version command shows that the router is running Cisco IOS Release 12.0(4)XE:
Router# show version
Cisco Internetwork Operating System Software 
IOS (tm) EGR Software (c7100-P-M), Released Version 12.0(4)XE 
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 07-Jun-99 17:49 by biff
Image text-base:0x600088F8, data-base:0x60A54000
ROM:System Bootstrap, Version 12.0(4)XE, RELEASED SOFTWARE
BOOTFLASH:EGR Software (c7100-BOOT-M), Released Version 12.0(1990607:041101)
Router uptime is 19 minutes
System restarted by reload
System image file is "c7100-p-mz"
cisco 7120-T3 (EGR) processor with 61440K/69632K bytes of memory.
R527x CPU at 225Mhz, Implementation 40, Rev 10.0, 2048KB L2 Cache
Last reset from power-on
X.25 software, Version 3.0.0.
3 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
125K bytes of non-volatile configuration memory.
4096K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2000
Use the show diag command to determine what types of port adapters are installed in the router. You can also use the show diag slot command to display information about a specific port adapter slot.

The following example shows the show diag command output from a Cisco 7120-T3:
Router# show diag
Slot 0:
        10/100 Fast-ethernet with RJ45 Integrated port adapter, 2 ports
        Integrated port adapter is analyzed 
        EEPROM contents at hardware discovery:
        Hardware revision 1.0               Board revision A0
        EEPROM format version 1
        EEPROM contents (hex):
          0x20:01 D3 01 00 00 A4 19 EC 49 06 98 04 00 00 00 00
          0x30:50 00 00 00 98 10 21 00 FF FF FF FF FF FF FF FF
Slot 1:
        T3 PA Integrated port adapter, 1 port
        Integrated port adapter is analyzed 
        EEPROM contents at hardware discovery:
        Hardware revision 1.0           Board revision A0
        EEPROM format version 1
        EEPROM contents (hex):
          0x20:01 70 01 00 00 BD 14 80 49 0A 38 02 00 00 00 00
          0x30:50 00 00 00 99 03 09 00 FF FF FF FF FF FF FF FF
Slot 3:
        Fast-ethernet (TX-ISL) Port adapter, 1 port
        Port adapter is analyzed 
        Port adapter insertion time 00:20:37 ago
        EEPROM contents at hardware discovery:
        Hardware revision 1.0           Board revision A0
        Serial number     10754540      Part number    73-1688-04
        Test history      0x0           RMA number     00-00-00
        EEPROM format version 1
        EEPROM contents (hex):
          0x20:01 11 01 00 00 A4 19 EC 49 06 98 04 00 00 00 00
          0x30:50 00 00 00 98 10 21 00 FF FF FF FF FF FF FF FF
Use the show c7100 command to show the contents of the EPROM. The show c7100 command is used mainly for diagnostic purposes. Following is show c7100 command sample output from a Cisco 7140-2T3:
Router# show c7100
Network IO Interrupt Throttling:
 throttle count=0, timer count=0
 active=0, configured=0
 netint usec=4000, netint mask usec=200
C7140-2T3 CPU EEPROM:
        Hardware revision 2.0           Board revision A0
        Serial number     11605417      Part number    73-FIXX-ME
        Test history      0x0           RMA number     00-00-00
        EEPROM format version 1
        EEPROM contents (hex):
          0x20:01 D4 02 00 00 B1 15 A9 49 0D 51 02 00 00 00 00
          0x30:50 00 00 00 98 12 30 00 00 00 FF FF FF FF FF 00
C7140-2T3 Extension EEPROM:
        MAC Address block size   :128
        Chassis MAC Address      :0050.73ff.6300
        Number of Slots          :1
        Model                    :7140-2T3
        Power Supply Type        :AC
        Platform features        :00 80 01 09 00 8E 00 16 
                                   00 91 00 05 
        EEPROM contents (hex):
          0x00:43 00 80 C3 06 00 50 73 FF 63 00 01 01 40 00 05
          0x10:CB 12 37 31 34 30 2D 32 54 33 00 00 00 00 37 31
          0x20:34 30 2D 32 0B 00 C9 0C 00 80 01 09 00 8E 00 16
          0x30:00 91 00 05 C7 1C 45 53 00 46 00 40 00 4B 00 48
          0x40:00 88 00 74 00 84 00 7F 00 84 00 84 00 00 00 00
          0x50:B8 97 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
TLB entries :
Virt Address range      Phy Address range       Attributes
0x4B000000:0x4B1FFFFF   0x4B000000:0x4B1FFFFF   CacheMode=2, RW, Invalid
0x4B200000:0x4B3FFFFF   0x4B200000:0x4B3FFFFF   CacheMode=2, RW, Invalid
For specific information on the show diag and other software commands, refer to the modular configuration and modular command reference publications in the Cisco IOS software configuration documentation set that corresponds to the software release installed on your Cisco hardware.

Replacing or Recovering a Lost Password

It is possible to recover the enable or console login password. The enable secret password is encrypted, however, and must be replaced with a new enable secret password.

To replace or recover a lost password, see "Troubleshooting the Installation."

Overview of the Password Recovery Procedure

An overview of the password recovery procedure follows:

Step 1 Enter the show version command to determine the existing configuration register value if you can log in to the router.

Step 2 Press the Break key within 60 seconds to get to the bootstrap program prompt (ROM monitor). You might need to reload the system image by power cycling the router.

Step 3 Change the configuration register so the following functions are enabled: Break, ignore startup configuration, and boot from Flash memory.

Note The key to recovering a lost password is to set the configuration register bit 6 (0x0040) so that the startup configuration (usually in NVRAM) is ignored. This allows you to log in without using a password and to display the startup configuration passwords.

Step 4 Power cycle the router by turning power off and then back on.

Step 5 Log in to the router and enter the privileged EXEC mode.

Step 6 Enter the show startup-config command to display the passwords.

Step 7 Recover or replace the displayed passwords.

Step 8 Change the configuration register back to its original setting.

Note To recover a lost password if the Break function is disabled on the router, you must have physical access to the router.

Details of the Password Recovery Procedure

Complete the following steps to recover or replace a lost enable, enable secret, or console login password:

Step 1 Attach an ASCII terminal to the console port on your router.

Step 2 Configure the terminal to operate at 9600 baud, 8 data bits, no parity, and 2 stop bits.

Step 3 If you can log in to the router as a nonprivileged user, enter the show version command to display the existing configuration register value. Note the value for use later and proceed to Step 6. If you cannot log in to the router at all, go to the next step.
Router> show version
Step 4 Press the Break key or send a Break from the console terminal. If Break is enabled, the router enters the ROM monitor, indicated by the ROM monitor prompt (rommon1>). Proceed to Step 6. If Break is disabled, power cycle the router (turn the router off or unplug the power cord, and then restore power). Then proceed to Step 5.

Step 5 Within 60 seconds of restoring the power to the router, press the Break key or send a Break. This action causes the router to enter the ROM monitor and display the ROM monitor prompt (rommon1>).

Step 6 Set the configuration register using the configuration register utility—enter the confreg command at the ROM monitor prompt as follows:
rommon1> confreg
Step 7 Answer yes to the "enable ignore system config info?" question and note the current configuration register settings.

Step 8 Initialize the router by entering the reset command as follows:
rommon2> reset
The router initializes, the configuration register is set to 0x142, and the router boots the system image from Flash memory and enters the System Configuration Dialog (setup) as follows:
--- System Configuration Dialog --
Step 9 Enter no in response to the System Configuration Dialog prompts until the following message is displayed:
Press RETURN to get started!
Step 10 Press Return. The user EXEC prompt is displayed as follows:
Router>
Step 11 Enter the enable command to enter privileged EXEC (enable) mode. Then enter the show startup-config command to display the passwords in the configuration file as follows:
Router# show startup-config
Step 12 Scan the configuration file display looking for the passwords (the enable passwords are usually near the beginning of the file, and the console login or user EXEC password is near the end). The passwords displayed look something like this:
enable secret 5 $1$ORPP$s9syZt4uKn3SnpuLDrhuei
enable password 23skiddoo
.
.
line con 0
 password onramp
The enable secret password is encrypted and cannot be recovered; it must be replaced. The enable and console passwords may be encrypted or clear text. Proceed to the next step to replace an enable secret, console login, or enable password. If there is no enable secret password, note the enable and console login passwords, if they are not encrypted, and proceed to Step 16.

Caution Do not execute the next step unless you have determined you must change or replace the enable, enable secret, or console login passwords. Failure to follow the steps as shown might cause you to erase your router configuration.

Step 13 Enter the configure memory command to load the startup configuration file into running memory. This action allows you to modify or replace passwords in the configuration.
Router# configure memory
Step 14 Enter the privileged EXEC command configure terminal to enter configuration mode.
Hostname# configure terminal
Step 15 Change all three passwords using the following commands:
Hostname(config)# enable secret newpassword1 
Hostname(config)# enable password newpassword2
Hostname(config)# line con 0
Hostname(config-line)# password newpassword3
Change only the passwords necessary for your configuration. You can remove individual passwords by using the no form of the above commands. For example, entering the no enable secret command removes the enable secret password.

Step 16 Configure all interfaces to be not administratively shut down as follows:
Hostname(config)# interface fastethernet 0/0
Hostname(config-if)# no shutdown
Caution Enter the equivalent commands for all interfaces that were originally configured. If you omit this step, all interfaces are administratively shut down and unavailable when the router is restarted.

Step 17 Use the config-register command to set the configuration register to the original value noted in Step 3 or Step 6, or to the factory default value 0x2102 as follows:
Hostname(config)# config-register 0x2102
Step 18 Press Ctrl-Z (hold down the Control key while you press Z) or enter end to exit configuration mode and return to the EXEC command interpreter.

Caution Do not execute the next step unless you have changed or replaced a password. If you skipped Step 12 throughStep 15, skip to Step 19. Failure to observe this caution causes you to erase your router configuration file.

Step 19 Enter the copy running-config startup-config command to save the new configuration to NVRAM.

Step 20 Enter the reload command to reboot the router.

Step 21 Log in to the router with the new or recovered passwords.

This completes the steps for recovering or replacing a lost enable, enable secret, or console login password.