Document ID: 20710
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Parameter Definitions
Configuring the Cisco 2600 Router
Entering Configuration Mode
Configuring the NAT When Using Private IPs on BBSM Network(s) (Optional)
Routing to the Internet
Routing to the Internal BBSM Network
Configuring the SNMP Engine
Configuring the Access List for Security Control
Configuring the Serial Interface
Configuring the Ethernet Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
Configuring BBSM
Common Oversights and Mistakes
Configuring the 3500 XL/XL PWR Switch (Base Switch Configuration)
Entering Configuration Mode
Global Configuration
Configuring the Access List for Security Control
Configuring the FastEthernet0/1 - 0/23 Interface
Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
Configuring the VLAN 1 Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
Configuring the 2900/3500 XL Switch - Port Protected (Edge Switch Configuration)
Entering Configuration Mode
Global Configuration
Configuring the Access List for Security Control
Configuring the FastEthernet0/1 - 0/23 Interface
Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
Configuring the VLAN 1 Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
Configuring the 2900/3500 XL Switch - Virtual Local-Area Network (VLAN) (Optional Edge Switch Configuration)
Entering Configuration Mode
Global Configuration
Global Configuration for VLANs
Confuguring the Access List for Security Control
Configuring the FastEthernet0/1 - 0/23 Interface for VLANs
Configuring the FastEthernet0/24 Interface for VLANs
Configuring the VLAN 1 Interface
Configuring the Telnet Interface
Common Oversights and Mistakes
Cisco Support Community - Featured Conversations
Related Information
Introduction
This document represents best practice methodologies for Cisco MxU Broadband Solution Deployment. The Building Broadband Solution Unit (BBSU) Total Implementation Package (TIP) utilizes Cisco Systems, Inc. Building Broadband Service Manager (BBSM), Ethernet, Long Reach Ethernet (LRE), Aironet, and Cable Product offerings to provide broadband connectivity for the MxU market.
This document is a supplemental tool that is intended for internal use by Cisco partners, resellers, and customers for the deployment of Cisco products. This tool is subject to the terms and conditions of the Cisco TIP License Agreement.
The purpose of this document is to provide baseline configuration guidelines for a Cisco Systems BBSM Network within an Ethernet network, and is not a replacement for individual Point Product Configuration documentation.
Prerequisites
Requirements
Readers of this document should have knowledge of these topics:
-
The BBSM IP scheme for the hotel (BBSM to router and BBSM to client).
-
Internal network design, for instance, IP addresses of all switches and Access Points (APs).
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Parameter Definitions
BBSM_External_IP_Network—The network ID of the BBSM external. network.
BBSM_Internal_IP_Network—The network ID of the BBSM internal network.
BBSM_External_NIC—The IP address of the BBSM external Network Interface Card (NIC).
BBSM_I/E_NIC—The IP address of the internal and external NIC. Commands with this parameter should be repeated for both the internal and external NICs.
BBSM_Internal_NIC—The IP address of the BBSM internal NIC.
BBSM_Name—The name of the BBSM server.
CD_Drive—The drive letter of the computer's CD drive.
IP_Addr—The destination IP address or IP network for router access-list 100.
IP_Address_1—The IP address of the router Serial0/0 interface.
IP_Address_2—The IP address of the router Ethernet0/0 interface.
ISP_Gateway—The gateway IP Address for the router received from the ISP.
Man_Network—The network ID of an approved Management Network.
Netmask—The subnet mask .
password_1—The password required to enter Privileged mode.
password_2—The password required to log on to the switch via Telnet.
Private_IP_(X)—The private IP address to receive a 1:1 NAT mapping to a Real_IP_(X).
Real_IP_(X) —The real IP addresses obtained from the Internet service provider (ISP).
RO_String—The read-only Simple Network Management Protocol (SNMP) community string.
RW_String—The read-write SNMP community string.
Switch_IP—The IP address of the switch.
Wildcard—Used with IP_Addr to determine the size of the destination network for router access-list 100.
Configuring the Cisco 2600 Router
Entering Configuration Mode
Issue the following commands to enter Configuration mode.
Router>enable
!--- Enter password if prompted.
Router#config terminal
Router(config)#enable secret <password_1>
Router(config)#hostname SJ1
!--- Use a unique hostname for each router for easy identification.
Configuring the NAT When Using Private IPs on BBSM Network(s) (Optional)
Issue the following commands to configure the NAT pool for BBSM end users.
SJ1(config)#ip nat pool all_clients <Real_IP_2> <Real_IP_3> netmask <Netmask> SJ1(config)#ip nat inside source list 1 pool all_clients overload SJ1(config)#ip nat inside source static <Private_IP_X> <Real_IP_X> SJ1(config)#access-list 1 permit <BBSM_Internal_IP_Network> <Wildcard> SJ1(config)#access-list 1 permit <BBSM_External_IP_Network> <Wildcard>
Routing to the Internet
Issue the following command to route to the Internet.
SJ1(config)#ip route 0.0.0.0 0.0.0.0 <ISP_Gateway>
Routing to the Internal BBSM Network
Issue the following command to route to the internal BBSM network.
SJ1(config)#ip route <BBSM_Internal_IP_Network> <Netmask> <BBSM_External_NIC>
Configuring the SNMP Engine
Issue the following commands to configure the SNMP engine.
SJ1(config)#snmp community <RW_String> RW SJ1(config)#snmp community <RO_String> RO
Configuring the Access List for Security Control
Issue the following commands to configure the Access List for security control.
SJ1(config)#access-list 100 permit icmp <Man_Network> <Wildcard> any echo SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq 9488 SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq ftp SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq snmp SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq telnet SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq www SJ1(config)#access-list 100 permit udp <Man_Network> <Wildcard> host <BBSM_I/E_NIC> eq tftp SJ1(config)#access-list 100 permit icmp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> echo SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq telnet SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq www SJ1(config)#access-list 100 permit tcp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq snmp SJ1(config)#access-list 100 permit udp <Man_Network> <Wildcard> <IP_Addr> <Wildcard> eq tftp SJ1(config)#access-list 100 deny ip any <IP_Addr> <Wildcard> SJ1(config)#access-list 100 deny icmp any any echo SJ1(config)#access-list 100 permit ip any any
Note: The above access list statements may be repeated for multiple source and destination IP addresses, source and destination port numbers and protocols.
Configuring the Serial Interface
Issue the following commands to configure the serial interface.
SJ1(config)#interface serial0/0 SJ1(config-if)#ip address <IP_Address_1> <Netmask> SJ1(config-if)#ip nat outside SJ1(config-if)#ip access-group 100 in
Configuring the Ethernet Interface
Issue the following commands to configure the Ethernet interface.
SJ1(config-if)#interface Ethernet0/0 SJ1(config-if)#ip address <IP_Address_2> <Netmask> SJ1(config-if)#ip nat inside
Configuring the Telnet Interface
Issue the following commands to configure the Telnet interface.
SJ1(config-if)#line vty 0 4 SJ1(config-line)#password <password_2> SJ1(config-line)#login SJ1(config-line)#line vty 5 15 SJ1(config-line)#login SJ1(config-line)#^Z !--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring the Cisco 2600 router.
-
NAT configurations are missing or configured incorrectly.
-
The route for the BBSM internal network is missing or incorrect.
Configuring BBSM
Detailed instructions for configuring the BBSM software are included on the BBSM Installation CD at:
<CD_Drive>:\Documentation\config.pdf
Note: Adobe Acrobat Reader must be installed to view this file.
Common Oversights and Mistakes
-
The filter on the external NIC is missing or incorrectly configured.
-
If an error is committed during the installation of the BBSM software, stop the installation, reformat the hard drive and begin the installation with a clean copy of the Windows 2000 Server.
Configuring the 3500 XL/XL PWR Switch (Base Switch Configuration)
Entering Configuration Mode
Issue the following commands to enter configuration mode.
Switch>enable !--- Enter the password if prompted. Switch#config terminal
Global Configuration
Issue the following commands for a global configuration.
Switch(config)#enable secret <password_1> Switch(config)#hostname BaseSwitch1 !--- Use a unique hostname for each switch for easy identification. BaseSwitch1(config)#ip default-gateway <BBSM_Internal_NIC> BaseSwitch1(config)#snmp community <RW_String> RW BaseSwitch1(config)#snmp community <RO_String> RO
Configuring the Access List for Security Control
Issue the following commands for configuring the Access List for security control.
BaseSwitch1(config-if)#exit BaseSwitch1(config)#access-list 100 permit icmp host <BBSM_Internal_NIC> host <Switch IP> echo BaseSwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq telnet BaseSwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq www BaseSwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq tftp BaseSwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq snmp
Configuring the FastEthernet0/1 - 0/23 Interface
Issue the following commands for configuring the FastEthernet0/1 - 0/23 interface.
BaseSwitch1(config)#interface fastethernet0/x !--- Where x equals the interface number, for instance, 0/1, 0/23. BaseSwitch1(config-if)#port protected BaseSwitch1(config-if)#spanning-tree rootguard BaseSwitch1(config-if)#spanning-tree portfast
Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
Issue the following commands for configuring the FastEthernet0/1 - 0/24 interface storm control.
BaseSwitch1(config-if)#port block unicast BaseSwitch1(config-if)#port block multicast
Configuring the VLAN 1 Interface
Issue the following commands for configuring the VLAN 1 interface.
BaseSwitch1(config-if)#interface vlan 1 BaseSwitch1(config-if)#ip address <Switch_IP> <Netmask> BaseSwitch1(config-if)#ip access-group 100 in BaseSwitch1(config-if)#no ip directed-broadcast BaseSwitch1(config-if)#no ip route-cache
Configuring the Telnet Interface
Issue the following commands for configuring the Telnet interface.
BaseSwitch1(config)#line vty 0 4
BaseSwitch1(config-line)#password <password_2>
BaseSwitch1(config-line)#login
BaseSwitch1(config-line)#line vty 5 15
BaseSwitch1(config-line)#login
BaseSwitch1(config-line)#^Z
!--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring the 3500 XL/XL PWR switch (base switch configuration).
-
Base switches should not be included in WEBConfig > Switches.
-
Interface FastEthernet0/24, the port pointing towards the BBSM server, cannot be configured with the port protected, spanning-tree rootguard, or spanning-tree portfast commands.
Configuring the 2900/3500 XL Switch - Port Protected (Edge Switch Configuration)
Entering Configuration Mode
Issue the following commands to enter Configuration mode.
Switch>enable !--- Enter the password if prompted. Switch#config terminal
Global Configuration
Issue the following commands for a global configuration.
Switch(config)#enable secret <password_1> Switch(config)#hostname EdgeSwitch1 !--- Use a unique hostname for each switch for easy identification. EdgeSwitch1(config)#ip default-gateway <BBSM_Internal_NIC> EdgeSwitch1(config)#snmp community <RW_String> RW EdgeSwitch1(config)#snmp community <RO_String> RO
Configuring the Access List for Security Control
Issue the following commands for configuring the Access List for security control.
EdgeSwitch1(config)#access-list 100 permit icmp host <BBSM_Internal_NIC> host <Switch IP> echo EdgeSwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq telnet EdgeSwitch1(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq www EdgeSwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq tftp EdgeSwitch1(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq snmp
Configuring the FastEthernet0/1 - 0/23 Interface
Issue the following commands for configuring the FastEthernet0/1 - 0/23 interface.
EdgeSwitch1(config)#interface fastethernet0/x !--- Where x equals the interface number, for instance, 0/1, 0/23. EdgeSwitch1(config-if)#port protected EdgeSwitch1(config-if)#spanning-tree rootguard EdgeSwitch1(config-if)#spanning-tree portfast
Configuring the FastEthernet0/1 - 0/24 Interface Storm Control (Optional)
Issue the following commands for configuring the the FastEthernet0/1 - 0/24 interface storm control.
EdgeSwitch1(config-if)#port block unicast EdgeSwitch1(config-if)#port block multicast
Configuring the VLAN 1 Interface
Issue the following commands for configuring the VLAN 1 interface.
EdgeSwitch1(config-if)#interface vlan 1 EdgeSwitch1(config-if)#ip address <Switch_IP> <Netmask> EdgeSwitch1(config-if)#ip access-group 100 in EdgeSwitch1(config-if)#no ip directed-broadcast EdgeSwitch1(config-if)#no ip route-cache
Configuring the Telnet Interface
Issue the following commands for configuring the Telnet interface.
EdgeSwitch1(config-if)#line vty 0 4 EdgeSwitch1(config-line)#password <password_2> EdgeSwitch1(config-line)#login EdgeSwitch1(config-line)#line vty 5 15 EdgeSwitch1(config-line)#login EdgeSwitch1(config-line)#^Z !--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring the 2900/3500 XL switch - port protected (edge switch configuration).
-
The switch does not have the correct number of clients configured in WEBConfig > Switches.
-
The correct setting in WEBConfig > Switches is Cisco 2900/3500.
-
Interface FastEthernet0/24, the port pointing towards the BBSM server, cannot be configured with the port protected, spanning-tree rootguard, or spanning-tree portfast commands.
Configuring the 2900/3500 XL Switch - Virtual Local-Area Network (VLAN) (Optional Edge Switch Configuration)
This configuration is provided for backward compatibility only. The Port Protected configuration is the recommended configuration.
Entering Configuration Mode
Issue the following commands for entering Configuration mode.
Switch>enable !--- Enter the password if prompted. Switch#config terminal
Global Configuration
Issue the following commands for a global configuration.
Switch(config)#enable secret <password_1> Switch(config)#hostname EdgeSwitch2 !--- Use a unique hostname for each switch for easy identification. EdgeSwitch2(config)#ip default-gateway <BBSM_Internal_NIC> EdgeSwitch2(config)#snmp community <RW_String> RW EdgeSwitch2(config)#snmp community <RO_String> RO
Global Configuration for VLANs
Issue the following commands for a VLAN global configuration.
EdgeSwitch2(config)#ip rcmd rsh-enable EdgeSwitch2(config)#ip rcmd remote-host getmac <BBSM_Internal_NIC> Administrator enable EdgeSwitch2(config)#ip rcmd remote-host getmac <BBSM_Internal_NIC> IWAM_<BBSM_Name> enable
Confuguring the Access List for Security Control
Issue the following commands for configuring the Access List for security control.
EdgeSwitch2(config-if)#exit EdgeSwitch2(config)#access-list 100 permit icmp host <BBSM_Internal_NIC> host <Switch IP> echo EdgeSwitch2(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq telnet EdgeSwitch2(config)#access-list 100 permit tcp host <BBSM_Internal_NIC> host <Switch IP> eq www EdgeSwitch2(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq tftp EdgeSwitch2(config)#access-list 100 permit udp host <BBSM_Internal_NIC> host <Switch IP> eq snmp
Configuring the FastEthernet0/1 - 0/23 Interface for VLANs
Issue the following commands for configuring the FastEthernet0/1 - 0/23 interface for VLANs.
EdgeSwitch2(config)#interface fastethernet0/x !--- Where x equals the interface number, for instance, 0/1, 0/23. EgdeSwitch2(config-if)#switchport access vlan x+1 !--- F0/1 = vlan 2, F0/23 = vlan 24 EgdeSwitch2(config-if)#spanning-tree rootguard EgdeSwitch2(config-if)#spanning-tree portfast
Configuring the FastEthernet0/24 Interface for VLANs
Issue the following commands for configuring the FastEthernet0/24 interface for VLANs.
EdgeSwitch2(config-if)#port network EdgeSwitch2(config-if)#switchport multi vlan 1-24 EdgeSwitch2(config-if)#switchport mode multi EdgeSwitch2(config-if)#spanning-tree portfast
Configuring the VLAN 1 Interface
Issue the following commands for configuring the VLAN 1 interface.
EdgeSwitch2(config-if)#interface vlan 1 EdgeSwitch2(config-if)#ip address <Switch_IP> <Netmask> EdgeSwitch2(config-if)#ip access-group 100 in EdgeSwitch2(config-if)#no ip directed-broadcast EdgeSwitch2(config-if)#no ip route-cache
Configuring the Telnet Interface
Issue the following commands for configuring the Telnet interface.
EdgeSwitch2(config-if)#line vty 0 4
EdgeSwitch2(config-line)#password <password_2>
EdgeSwitch2(config-line)#login
EdgeSwitch2(config-line)#line vty 5 15
EdgeSwitch2(config-line)#login
EdgeSwitch2(config-line)#^Z
!--- CTRL-Z ends the configuration session.
Common Oversights and Mistakes
The following common oversights and mistakes are associated with configuring the 2900/3500 XL switch for the VLAN (optional edge switch configuration).
-
The switch does not have the correct number of clients configured in WEBConfig > Switches.
-
The correct setting in WEBConfig > Switches is Cisco 2900/3500 VLAN/Port.
-
The correct rsh configuration must be set, refer to Global Configuration for VLANs for more information.
Cisco Support Community - Featured Conversations
Related Information
- BBSM Glossary
- Cisco Building Broadband Service Manager Technical Support
- Technical Support - Cisco Systems
| Updated: Oct 26, 2005 | Document ID: 20710 |