Document ID: 20709
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Parameter Definitions
Configuring the Cisco 2600 Router
Entering Configuration Mode
Configuring NAT when Using Private IPs on BBSM Network(s) (Optional)
Routing to the Internet
Routing to the Internal BBSM Network
Configuring the SNMP Engine
Configuring the Access List for Security Control
Configuring the Serial Interface
Configuring the Ethernet Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
Configuring BBSM
Common Oversights and Mistakes
Configuring the 3500 XL/XL PWR Switch (Base Switch Configuration)
Entering Configuration Mode
Global Configuration
Configuring the Access List for Security Control
Configuring the FastEthernet0/1 - 0/23 Interface
Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
Configuring the VLAN 1 Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
Configuring the 2900 XL LRE Switch
Entering Configuration Mode
Global Configuration
Configuring the Access List for Security Control
Configuring the LongReachEthernet0/1 - 0/24 Interface
Configuring the LongReachEthernet0/1 - 0/24 Interface Storm Control (Optional)
Configuring the VLAN 1 Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
NetPro Discussion Forums - Featured Conversations
Related Information
Introduction
This document represents best practice methodologies for Cisco MxU Broadband Solution Deployment. The Building Broadband Solution Unit (BBSU) Total Implementation Package (TIP) utilizes Cisco Systems, Inc. Building Broadband Service Manager (BBSM), Ethernet, Long Reach Ethernet (LRE), Aironet, and Cable Product offerings to provide broadband connectivity for the MxU market.
This document is a supplemental tool that is intended for internal use by Cisco partners, resellers, and customers for the deployment of Cisco products. This tool is subject to the terms and conditions of the Cisco TIP License Agreement.
The purpose of this document is to provide baseline configuration guidelines for a Cisco Systems BBSM Network within an LRE network, and is not a replacement for individual Point Product Configuration documentation.
Prerequisites
Requirements
Readers of this document should have knowledge of these topics:
-
BBSM IP scheme for the hotel (BBSM to router and BBSM to client).
-
Internal network design, for instance, Internet Protocol (IP) addresses of all switches and Access Points (APs).
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Parameter Definitions
BBSM_External_IP_Network—The network ID of the BBSM external. network.
BBSM_Internal_IP_Network—The network ID of the BBSM internal network.
BBSM_External_NIC—The IP address of the BBSM external Network Interface Card (NIC).
BBSM_Internal_NIC—The IP address of the BBSM internal NIC.
BBSM_I/E_NIC—The IP address of the internal and external NIC. Commands with this parameter should be repeated for both the internal and external NICs.
CD_Drive—The drive letter of the computer's CD drive.
IP_Addr—The destination IP address or IP network for router access-list 100.
IP_Address_1—The IP address of the router Serial0/0 interface.
IP_Address_2—The IP address of the router Ethernet0/0 interface.
ISP_Gateway—The gateway IP address for the router received from the ISP.
Man_Network—The network ID of an approved Management Network.
Netmask—The subnet mask of the routable IP addresses Real_IP_(X).
password_1—The password required to enter Privileged mode.
password_2—The password required to log on to the switch via Telnet.
Private_IP_x—The private IP Address to receive a 1:1 NAT mapping to a Real_IP_(X).
Real_IP_(X) —The real IP addresses obtained from the Internet service provider (ISP).
RO_String—The read-only Simple Network Management Protocol (SNMP) community string.
RW_String—The read-write SNMP community string.
Switch_IP—The IP address of the 2900/3500 switch.
Wildcard—Used with IP_Addr to determine the size of the destination network for router access-list 100.
Configuring the Cisco 2600 Router
Entering Configuration Mode
Issue the following commands to enter Configuration mode.
Router>enable !--- Enter the password if prompted. Router#config terminal Router(config)#enable secret <password_1> Router(config)#hostname SJ1 !--- Use a unique hostname for each router for easy identification.
Configuring NAT when Using Private IPs on BBSM Network(s) (Optional)
Issue the following commands to configure NAT pool for BBSM end users.
SJ1(config)#ip nat pool all_clients <Real_IP_2> <Real_IP_3> netmask <Netmask> SJ1(config)#ip nat inside source list 1 pool all_clients overload SJ1(config)#ip nat inside source static <Private_IP_X> <Real_IP_X> SJ1(config)#access-list 1 permit <BBSM_Internal_IP_Network> <Wildcard> SJ1(config)#access-list 1 permit <BBSM_External_IP_Network> <Wildcard>
Routing to the Internet
Issue the following command to route to the Internet.
SJ1(config)#ip route 0.0.0.0 0.0.0.0 <ISP_Gateway>
Routing to the Internal BBSM Network
Issue the following command to route to the internal BBSM network.
SJ1(config)#ip route <BBSM_Internal_IP_Network> <Netmask> <BBSM_External_NIC>
Configuring the SNMP Engine
Issue the following commands to configure the SNMP engine.
SJ1(config)#snmp community <RW_String> RW SJ1(config)#snmp community <RO_String> RO
Configuring the Access List for Security Control
Issue the following commands to configure the Access List for security control.
SJ1(config)#access-list 100 permit icmp <Man_Network> <Wildcard> any echo SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq 9488 SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq ftp SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq snmp SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq telnet SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq www SJ1(config)#access-list 100 permit udp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq tftp SJ1(config)#access-list 100 permit icmp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> echo SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq telnet SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq www SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq snmp SJ1(config)#access-list 100 permit udp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq tftp SJ1(config)#access-list 100 deny ip any <IP_Addr> <Wildcard> SJ1(config)#access-list 100 deny icmp any any echo SJ1(config)#access-list 100 permit ip any any
Note: The above access list statements may be repeated for multiple source and destination IP addresses, source and destination port numbers and protocols.
Configuring the Serial Interface
Issue the following commands to configure the serial interface.
SJ1(config)#interface serial0/0 SJ1(config-if)#ip address <IP_Address_1> <Netmask> SJ1(config-if)#ip nat outside SJ1(config-if)#ip access-group 100 in
Configuring the Ethernet Interface
Issue the following commands to configure the Ethernet interface.
SJ1(config-if)#interface Ethernet0/0 SJ1(config-if)#ip address <IP_Address_2> <Netmask> SJ1(config-if)#ip nat inside
Configuring the Telnet Interface
Issue the following commands to configure the Telnet interface.
SJ1(config-if)#line vty 0 4 SJ1(config-line)#password <password_2> SJ1(config-line)#login SJ1(config-line)#line vty 5 15 SJ1(config-line)#login SJ1(config-line)#^Z !--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring the Cisco 2600 router.
-
NAT configurations are missing or configured incorrectly.
-
The route for the BBSM internal network is missing or incorrect.
Configuring BBSM
Detailed instructions for configuring the BBSM software are included on the BBSM installation CD at:
<CD_Drive>:\Documentation\config.pdf
Note: Adobe Acrobat Reader must be installed to view this file.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring BBSM.
-
The filter on the external NIC is missing or configured incorrectly.
-
If an error is committed during the installation of the BBSM software, stop the installation, reformat the hard drive, and begin the installation with a clean copy of Windows 2000 Server.
Configuring the 3500 XL/XL PWR Switch (Base Switch Configuration)
Entering Configuration Mode
Issue the following commands to enter Configuration mode.
Switch>enable !--- Enter password if prompted. Switch#configure terminal
Global Configuration
Issue the following commands for global configuration.
Switch(config)#enable secret <password_1> Switch(config)#hostname BaseSwitch1 !--- Use a unique hostname for each switch for easy identification. BaseSwitch1(config)#ip default-gateway <BBSM_Internal_NIC> BaseSwitch1(config)#snmp community <RW_String> RW BaseSwitch1(config)#snmp community <RO_String> RO
Configuring the Access List for Security Control
Issue the following commands to configure the Access List for security control.
BaseSwitch1(config)#access-list 100 permit icmp host <BBSM_Internal_NIC> host <Switch IP> echo BaseSwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq telnet BaseSwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq www BaseSwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq tftp BaseSwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq snmp
Configuring the FastEthernet0/1 - 0/23 Interface
Issue the following commands to configure the FastEthernet0/1 - 0/23 interface.
BaseSwitch1(config)#interface fastethernet0/x !--- Where x equals the interface number, for example, 0/1, 0/23. BaseSwitch1(config-if)#port protected BaseSwitch1(config-if)#spanning-tree rootguard BaseSwitch1(config-if)#spanning-tree portfast
Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
Issue the following commands to configure the FastEthernet0/1 - 0/24 interface storm control.
BaseSwitch1(config-if)#port block unicast BaseSwitch1(config-if)#port block multicast
Configuring the VLAN 1 Interface
Issue the following commands to configure the VLAN 1 interface.
BaseSwitch1(config-if)#interface vlan 1 BaseSwitch1(config-if)#ip address <Switch_IP> <Netmask> BaseSwitch1(config-if)#ip access-group 100 in BaseSwitch1(config-if)#no ip directed-broadcast BaseSwitch1(config-if)#no ip route-cache
Configuring the Telnet Interface
Issue the following commands to configure the Telnet interface.
BaseSwitch1(config-if)#line vty 0 4
BaseSwitch1(config-line)#password <password_2>
BaseSwitch1(config-line)#login
BaseSwitch1(config-line)#line vty 5 15
BaseSwitch1(config-line)#login
BaseSwitch1(config-line)#^Z
!--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring the 3500 XL/XL PWR switch (base switch configuration).
-
Base switches should not be included in WEBConfig > Switches.
-
Interface FastEthernet0/24, the port pointing towards the BBSM server, cannot be configured with the port protected, spanning-tree rootguard, or spanning-tree portfast commands.
Configuring the 2900 XL LRE Switch
Entering Configuration Mode
Issue the following commands to enter Configuration mode.
Switch>enable !--- Enter the password if prompted. Switch#config terminal
Global Configuration
Issue the following commands for global configuration.
Switch(config)#enable secret <password_1> Switch(config)#hostname LRESwitch1 !--- Use a unique hostname for each switch for easy identification. LRESwitch1(config)#ip default-gateway <BBSM_Internal_NIC> LRESwitch1(config)#snmp community <RW_String> RW LRESwitch1(config)#snmp community <RO_String> RO LRESwitch1(config)#no spanning-tree vlan 1
Configuring the Access List for Security Control
Issue the following commands to configure the Access List for security control.
LRESwitch1(config-if)#exit LRESwitch1(config)#access-list 100 permit icmp host <BBSM_Internal_NIC> host <Switch IP> echo LRESwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq telnet LRESwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq www LRESwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq tftp LRESwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq snmp
Configuring the LongReachEthernet0/1 - 0/24 Interface
Enter the following commands to configure the LongReachEthernet0/1 - 0/24 interface
LRESwitch1(config)#interface longreachethernet0/x !--- Where x equals the interface number, for example, 0/1, 0/24. LRESwitch1(config-if)#port protected LRESwitch1(config-if)#spanning-tree rootguard LRESwitch1(config-if)#spanning-tree portfast
Configuring the LongReachEthernet0/1 - 0/24 Interface Storm Control (Optional)
Issue the following commands to configure the LongReachEthernet0/1 - 0/24 interface storm control.
LRESwitch1(config-if)#port block unicast LRESwitch1(config-if)#port block multicast
Configuring the VLAN 1 Interface
Issue the following commands to configure the VLAN 1 interface.
LRESwitch1(config-if)#interface vlan 1 LRESwitch1(config-if)#ip address <Switch_IP> <Netmask> LRESwitch1(config-if)#ip access-group 100 in LRESwitch1(config-if)#no ip directed-broadcast LRESwitch1(config-if)#no ip route-cache
Configuring the Telnet Interface
Issue the following commands to configure the Telnet interface.
LRESwitch1(config)#line vty 0 4 LRESwitch1(config-line)#password <password_2> LRESwitch1(config-line)#login LRESwitch1(config-line)#line vty 5 15 LRESwitch1(config-line)#login LRESwitch1(config-line)#^Z !--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The switch does not have the correct number of clients configured in WEBConfig > Switches.
NetPro Discussion Forums - Featured Conversations
| NetPro Discussion Forums - Featured Conversations for Network Management |
| Network Infrastructure: Network Management |
| Virtual Private Networks: Network and Policy Management |
Related Information
- BBSM Glossary
- Cisco Building Broadband Service Manager Technical Support
- Technical Support - Cisco Systems
| Updated: Oct 26, 2005 | Document ID: 20709 |