Cisco 1941 Configuration Manual Download Page 147

Page: 147 / 408

139

Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide

Chapter Configuring Security Features

Configuring VPN

Enable Policy Lookup

enable policy lookup through AAA

follow these steps

beginning in global configuration mode

SUMMARY STEPS

aaa new-model

aaa authentication login

{

default

list-name

}

method1

[

method2...

]

aaa authorization {network | exec | commands

level

reverse-access

configuration

} {

default

list-name

} [

method1

[

method2...

]]

username

name

{nopassword

password

password

password

encryption-type

encrypted-password

}

DETAILED STEPS

Command or Action

Purpose

Step 1

aaa new-model

Example:

Router(config)# aaa new-model

Router(config)#

Enables the AAA access control model.

Step 2

aaa authentication login

{

default

list-name

}

method1

[

method2...

]

Example:

Router(config)# aaa authentication login

rtr-remote local

Router(config)#

Specifies AAA authentication of selected users at
login, and specifies the method used.

This example uses a local authentication database.
You could also use a RADIUS server for this. For
details, see

Cisco IOS Security Configuration

Guide: Securing User Services, Release 2.4T

and

Cisco IOS Security Command Reference

Step 3

aaa authorization {network | exec | commands

level

reverse-access

configuration

} {

default

list-name

} [

method1

[

method2...

]]

Example:

Router(config)# aaa authorization network

rtr-remote local

Router(config)#

Specifies AAA authorization of all
network-related service requests, including PPP,
and specifies the method of authorization.

This example uses a local authorization database.
You could also use a RADIUS server for this. For
details, see

Cisco IOS Security Configuration

Guide: Securing User Services, Release 2.4T

and

Cisco IOS Security Command Reference

Step 4

username

name

{nopassword

password

password

password

encryption-type

encrypted-password

}

Example:

Router(config)# username username1 password

0 password1

Router(config)#

Establishes a username-based authentication
system.

This example implements a username of

username1

with an encrypted password of

password1

Summary of Contents for 1941

Page 1: ...ffices worldwide Addresses phone numbers and fax numbers are listed on the Cisco website at www cisco com go offices Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide April 10 2015 ...

Page 2: ...ILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVIS...

Page 3: ...ching Cisco Documents page vii Objectives This guide provides an overview and explains how to configure the various features for the Cisco 1900 series Cisco 2900 series and Cisco 3900 series integrated services routers generation 2 ISR G2 Some information may not apply to your particular router model Audience This document is written for experienced technical workers who install monitor and troubl...

Page 4: ... supported on these routers Module 7 Configuring Next Generation High Density PVDM3 Modules Describes how to configure the new next generation PVDM31 installed on your router Module 8 Multi Gigabit Fabric Communication Describes how modules and interface cards inter communicate using the MGF2 on the router Module 9 Upgrading the Cisco IOS Software Describes how to upgrade the Cisco IOS software im...

Page 5: ...figuration register in NVRAM and how to make changes to the register settings using the Cisco IOS CLI 1 PVDM3 packet voice data module 2 MGF Multi Gigabit Fabric 3 CF CompactFlash Convention Indication bold font Commands and keywords and user entered text appear in bold font italic font Document titles new or emphasized terms and arguments for which you supply values are in italic font Elements in...

Page 6: ...nd 3900 Series Integrated Services Routers Hardware Installation Guide Cisco 1900 Series Integrated Services Routers Hardware Installation Guide Cisco Modular Access Router Cable Specifications Installing Replacing and Upgrading Components in Cisco Modular Access Routers and Integrated Services Routers Overview of Cisco Network Modules for Cisco Access Routers Cisco Interface Cards for Cisco Acces...

Page 7: ...ext IOS release following the Cisco IOS 12 4 24 T release For information about new features in Cisco IOS software release 15 0 see the Cisco IOS software pages at Cisco com Go here to read a product bulletin that specifies the software feature sets available for Cisco 1900 2900 and 3900 Series Integrated Services Routers in release 15 0 It also issues recommendations for Flash and DRAM memory con...

Page 8: ...2viii Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Preface Searching Cisco Documents ...

Page 9: ...Ms next generation packet voice data modules PVDM3 Services Performance Engines SPEs high density interfaces for a wide range of connectivity requirements and sufficient performance and slot density for future network expansion requirements and advanced applications are available Power saving hardware and software features are incorporated throughout the series These routers provide access to the ...

Page 10: ...n about enabling the SSLVPN feature USB Console Cisco 3900 series 2900 series and 1900 series ISRs provide an additional mechanism for configuring the system through a USB2 serial console port The traditional RJ 45 serial console port is also available Power Management Some modules and interface cards that are inserted in new slots provide hardware and software power management features described ...

Page 11: ...t support Cisco HIMI5 also support MGF to inter communicate on the router Next generation module drivers integrate with the MGF to perform port configurations configure packet flow and control traffic buffering All configurations are performed from the module side which may or may not lead to changes on the MGF For more information see the Configuring Multi Gigabit Fabric Communication section on ...

Page 12: ...2921 2951 3925 3925E 3945 3945E Services Performance Engine N N N N N N Y Y Y Y Cryptographic Engine Acceleration N N N N N N Y1 1 Must have Services Performance Engine 200 installed in the router Y Y2 2 Must have Services Performance Engine 250 installed in the router Y USB Serial Console Y Y Y Y Y Y Y Y Y Y Power Management Y Y Y Y Y Y Y Y Y Y New Module and Interface Card Features Y Y Y Y Y Y Y...

Page 13: ...00 Series ISRs Table 5 lists the slots and ports available on Cisco 2900 series routers To view the installation guide see the following URL http www cisco com en US docs routers access 2900 hardware installation guide Hardware_Installati on_Guide html Table 4 Cisco 3900 Series Routers Router EHWIC SM Dbl Wide SM ISM PVDM3 CF GE RJ 45 SFP ports SPE Cisco 3945 4 4 1 1 4 2 31 1 One RJ 45 GE two comb...

Page 14: ...inistration of the router with the proprietary cable shipped in the box Type A USB 2 0 Supports USB based flash memory sticks security tokens and USB compliant devices Type B mini port USB Serial Console Supports modem control lines and remote administration of the router using a type B USB compliant cable Licensing Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs support Cisco IOS s...

Page 15: ...s After the initial configuration is completed perform the following steps Step 1 Follow instructions in the Basic Router Configuration section on page 13 to perform additional router configurations Step 2 Optional If you are setting up the Cisco 1941W ISR follow instructions in the Configuring the Wireless Device section on page 247 to configure the embedded wireless device on the router Step 3 F...

Page 16: ...F with fast hellos and short dead timers Table 7 Cisco IOS Commands Functionality Command Name Description Configuration Example Impact Write to NV memory write memory This command writes the device s configuration in to the Non Volatile RAM NVRAM on the boot flash Use this command in privileged EXEC mode Router write memory A BFD flap is triggered when one of the following configuration elements ...

Page 17: ...ed and the configuration is saved using the write mem command the flap is triggered config warm reboot config boot config config boot system Changing boot variables boot bootstrap config host netowrk system This command configures bootstrap image file configuration file router specific config file Networkwide config file or system image file Router config bo ot bootstrap Potential enough to flap b...

Page 18: ...A for all Cisco IOS software packages and features at one time Router config lice nse accept end user agreement Potential enough to flap bfd RTC Battery Failure No CLI Write the event of losing battery for Real Time Clock No CLI Potential enough to flap bfd Note This is a one time event during a hardware failure Erasing NV memory erase nvram This command erases the nvram file system Router erase n...

Page 19: ...icense boot module module name level license level To boot a new software license on routing platforms use the license boot module command in global configuration mode Router config license boot module c2900 technology packa ge datak9 Potential enough to flap bfd Enabling or disabling USB ports config mode hw module usb Enable or disable USB ports from IOS config mode Router config hw module usb d...

Page 20: ...12 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Overview of the Hardware and Software IOS Commands ...

Page 21: ...on how to perform the initial configuration using the Cisco Internet Operating System IOS command line interface on Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers Basic Configuration Default Configuration page 14 Configuring Global Parameters page 15 Interface Configuration Interface Ports page 17 Configuring Gigabit Ethernet Interfaces page 18 Configuring Wi...

Page 22: ...nning config Building configuration Current configuration 723 bytes version 12 4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Router boot start marker boot end marker logging message counter syslog no aaa new model no ipv6 cef ip source route ip cef multilink bundle name authenticated archive log config hidekeys ...

Page 23: ...figure the global parameters for your router follow these steps SUMMARY STEPS 1 configure terminal 2 hostname name 3 enable secret password 4 no ip domain lookup DETAILED STEPS Command Purpose Step 1 configure terminal Example Router enable Router configure terminal Router config Enters global configuration mode when using the console port Use the following to connect to the router with a remote t...

Page 24: ...s the remaining percentage of DRAM memory Example The following example allocates 25 of the DRAM memory to I O memory and the remaining 75 to processor memory Router config t Enter configuration commands one per line End with CNTL Z Router config memory size iomem 5 IO memory size too small minimum IO memory size is 201M Router config Router config memory size iomem 5 50 percentage of DRAM to use ...

Page 25: ...not supported not supported not supported not supported Onboard ISM GE interface on the PCIe service module name ISM 0 0 service module name ISM 0 0 service module name ISM 0 0 service module name ISM 0 0 not supported Onboard ISM GE connection to MGF service module name ISM 0 1 service module name ISM 0 1 service module name ISM 0 1 service module name ISM 0 1 not supported USB usbflash0 usbflash...

Page 26: ...ous interface simply use the interface number to specify the asynchronous line For example line 0 1 0 specifies the line associated with interface serial 0 1 0 on a WIC 2A S in slot 1 Similarly line 0 2 1 specifies the line associated with interface async 0 2 1 on a WIC 2AM in slot 2 2 MGF multi gigabit fabric 3 Applies only to Cisco 2951 Cisco 3925 and Cisco 3925E routers 4 Applies only to Cisco ...

Page 27: ... card EWIC and service module SM slots see the appropriate interface card or module configuration documents on Cisco com Configuring a Loopback Interface The loopback interface acts as a placeholder for the static IP address and provides default routing information For complete information on the loopback commands see the Cisco IOS Release configuration guide documentation set To configure a loopb...

Page 28: ...roperly configured the loopback interface enter the show interface loopback command You should see verification output similar to the following example Router show interface loopback 0 Loopback0 is up line protocol is up Hardware is Loopback Internet address is 200 200 100 1 24 MTU 1514 bytes BW 8000000 Kbit DLY 5000 usec reliability 255 255 txload 1 255 rxload 1 255 Encapsulation LOOPBACK loopbac...

Page 29: ...max 1 2 4 ms Configuring Command Line Access To configure parameters to control access to the router follow these steps beginning in global configuration mode Note The TTY lines are asynchronous lines used for inbound or outbound modem and terminal connections and can be seen in a router or access server configuration as line x The specific line numbers are a function of the hardware built into or...

Page 30: ...p 4 exec timeout minutes seconds Example Router config line exec timeout 5 30 Router config line Sets the interval that the EXEC command interpreter waits until user input is detected The default is 10 minutes Optionally add seconds to the interval value This example shows a timeout of 5 minutes and 30 seconds Entering a timeout of 0 0 specifies never to time out Step 5 line aux console tty vty li...

Page 31: ...ly configured on the router If the network topology changes the static route must be updated with a new route Static routes are private routes unless they are redistributed by a routing protocol To configure static routes follow these steps beginning in global configuration mode SUMMARY STEPS 1 ip route prefix mask ip address interface type interface number ip address 2 end DETAILED STEPS Command ...

Page 32: ...ll IP packets with a destination IP address of 192 168 1 0 and a subnet mask of 255 255 255 0 on the Gigabit Ethernet interface to another device with an IP address of 10 10 10 2 Specifically the packets are sent to the configured PVC You do not need to enter the command marked default This command appears automatically in the configuration file generated when you use the show running config comma...

Page 33: ...ed static route Gateway of last resort is not set 10 0 0 0 24 is subnetted 1 subnets C 10 108 1 0 is directly connected Loopback0 S 0 0 0 0 0 is directly connected FastEthernet0 Configuring Dynamic Routes In dynamic routing the network protocol adjusts the path automatically based on network traffic or topology Changes in dynamic routes are shared with other routers in the network The Cisco router...

Page 34: ... router Enters router configuration mode and enables RIP on the router Step 2 version 1 2 Example Router config router version 2 Router config router Specifies use of RIP version 1 or 2 Step 3 network ip address Example Router config router network 192 168 1 1 Router config router network 10 10 7 1 Router config router Specifies a list of networks on which RIP is to be applied using the address of...

Page 35: ...10 0 0 0 24 is subnetted 1 subnets C 10 108 1 0 is directly connected Loopback0 R 3 0 0 0 8 120 1 via 2 2 2 1 00 00 02 Ethernet0 0 Configuring Enhanced Interior Gateway Routing Protocol To configure Enhanced Interior Gateway Routing Protocol GRP EGRP follow these steps beginning in global configuration mode SUMMARY STEPS 1 router eigrp as number 2 network ip address 3 end DETAILED STEPS Command Pu...

Page 36: ...Configuration To verify that you have properly configured IP EIGRP enter the show ip route command and look for EIGRP routes indicated by D You should see verification output similar to the following Router show ip route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type...

Page 37: ...ng a Network Interface Device on the L3 Interface Configuring a Network Interface Device NID enables support for the NID functionality on the router without including a NID hardware in the network This feature combines the Customer Premises Equipment CPE and the NID functionality into a physical device The following are the advantages of configuring the NID functionality Eliminates a physical devi...

Page 38: ...ed Step 2 configure terminal Example Router configure terminal Enters the global configuration mode Step 3 interface gigabitethernet slot port Example Router config interface gigabitethernet 0 2 Specifies an interface and enters the interface configuration mode Step 4 port tagging Example Router config if port tagging Inserts the VLAN ID into a packet header to identify which Virtual Local Area Ne...

Page 39: ...0 2 Building configuration Current configuration 10585 bytes interface GigabitEthernet0 2 no ip address duplex auto speed auto port tagging encapsulation dot1q 10 set cos 6 exit end interface GigabitEthernet0 2 1101 encapsulation dot1Q 100 ip address 132 1 101 4 255 255 255 0 interface GigabitEthernet0 2 1102 encapsulation dot1Q 100 ip address 132 1 102 4 255 255 255 0 Use the ping command to veri...

Page 40: ...ing software activation licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Note Internal Ethernet data plane loopback is not supported Restrictions for Configuring External Ethernet Data Plane Loopback Follow the guidelines and take note of the restrictions listed here when configuring Ethernet data plane loopback on a...

Page 41: ...he initiator In such a case the IP address of the subinterface is used as the source IP address of the frame when it is sent back to the initiator Configuring External Ethernet Data Plane Loopback Configuring external Ethernet data plane loopback is permitted on a Layer 3 main interface and subinterfaces Figure 1 represents a sample topology to configure Ethernet data plane loopback Figure 1 Sampl...

Page 42: ...gabitethernet slot port sub port Example Router config interface gigabitethernet 0 2 1101 Specifies the subinterface and enters the subinterface configuration mode Step 4 encapsulation dot1q vlan id or encapsulation dot1q vlan id second dot1q inner vlan id Example Router config subif encapsulation dot1q 100 or Router config subif encapsulation dot1q 100 second dot1q 1101 Defines the encapsulation ...

Page 43: ...fig subif encapsulation dot1q 100 second dot1q 1101 Router config subif ethernet loopback permit external Router config subif end This example shows how to start an Ethernet data plane loopback Router ethernet loopback start local interface gigabitethernet 0 2 1101 external timeout none Command Purpose Step 1 ethernet loopback start local interface gigabitethernet slot port sub port external timeo...

Page 44: ... data plane loopback configuration show ethernet loopback permitted show ethernet loopback active Use the show ethernet loopback permitted command to view the loopback capabilities per interface Router show ethernet loopback permitted Interface SrvcInst Direction Dot1q Dot1ad s Second Dot1q s Gi0 2 1101 N A External 100 1101 Use the show ethernet loopback active command to display the summary of t...

Page 45: ... en US docs ios mcl allreleasemcl all_book html provides more information about these commands Caution Because debugging output is assigned high priority in the CPU process it can diminish the performance of the router or even render it unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff Note Befor...

Page 46: ...licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Restrictions for Configuring Ethernet CFM A specific domain must be configured If it is not an error message is displayed Multiple domains different domain names having the same maintenance level can be configured However associating a single domain name with multiple ...

Page 47: ... config ethernet cfm global Enables CFM processing globally on the router Step 5 ethernet cfm domain domain name level value Example Router config ecfm ethernet cfm domain carrier level 2 Defines a CFM maintenance domain at a specified level and enters the Ethernet CFM configuration mode level can be any value from 0 to 7 Step 6 service service name port Example Router config ecfm service carrier ...

Page 48: ... verify Ethernet CFM configured on a port MEP show ethernet cfm domain show ethernet cfm maintenance points local show ethernet cfm maintenance points remote ping ethernet mpid mpid value domain domain name service service name cos value traceroute ethernet mpid mpid value domain domain name service service name show ethernet cfm error configuration Use the show ethernet cfm domain command to view...

Page 49: ...o carrier Down Gi0 2 none carrier N A Static N A Total Local MEPs 1 Local MIPs None Use the show ethernet cfm maintenance points remote command to display information about remote maintenance point domains or levels In the following example carrier Provider and customer are the maintenance point domains that are configured On router 1 Router1 show ethernet cfm maintenance points remote MPID Domain...

Page 50: ...e MacAddress IfSt PtSt Lvl Domain ID Ingress RDI MA Name Type Id SrvcInst EVC Name Age Local MEP Info 44 carrier 5657 g945 04fa Up Up 2 carrier Gi0 2 carrier S C 100 1101 N A N A 0s MPID 43 Domain carrier MA carrier Use the ping command to verify if Loopback Messages LBM and Loopback Replies LBR are successfully sent and received between the routers Router1 ping ethernet mpid 44 domain carrier ser...

Page 51: ...ated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Ethernet CFM and Y 1731 Performance Monitoring on Layer 3 Interfaces CFM Support on Routed Port and Port MEP 1 5657 a86c fa92 Gi0 2 IngOk RlyHit MEP Not Forwarded 5657 g945 04fa Router ...

Page 52: ... id Step 6 service service name vlan vlan id direction down Step 7 continuity check Step 8 interface gigabitethernet slot port Step 9 ethernet cfm mep domain domain name mpid value service service name Step 10 interface gigabitethernet slot port subinterface Step 11 encapsulation dot1q vlan id Step 12 end DETAILED STEPS Command Purpose Step 1 enable Example Router enable Enables the privileged EXE...

Page 53: ...mple Router config ecfm srv continuity ch eck Enables sending continuity check messages Step 8 interface gigabitethernet slot port Example Router config ecfm srv interface gigabitethernet 0 2 Specifies an interface and enters the interface configuration mode Step 9 ethernet cfm mep domain domain name mpid mpid value service service name Example Router config if ethernet cfm mep domain customer mpi...

Page 54: ...maintenance points remote show ethernet cfm error configuration Use the show ethernet cfm domain command to display the maintenance point domains configured in the network In the following example customer enterprise and carrier maintenance point domains are configured Router show ethernet cfm domain Domain Name customer Level 7 Total Services 1 Services Type Id Dir CC CC int Static rmep Crosschec...

Page 55: ... domains or levels The following example displays the continuity check messages exchanged between remote MEPs On router 1 Router1 show ethernet cfm maintenance points remote MPID Domain Name MacAddress IfSt PtSt Lvl Domain Ingress RDI MA Type Id SrvcInst EVC Name Age Local MEP Info 110 customer 70ca 9b4d a400 Up Up 7 customer Gi0 2 customer1101 Vlan 100 N A N A 12s MPID 100 Domain customer MA cust...

Page 56: ... command to view Ethernet CFM configuration errors if any The following is a sample output of the show ethernet cfm error configuration command Router show ethernet cfm error configuration CFM Interface Type Id Level Error type Gi0 2 S C 100 5 CFMLeak Configuring Ethernet CFM Double Tagged Packets Complete these steps to configure and enable Ethernet CFM for double tagged packets SUMMARY STEPS Ste...

Page 57: ...p 5 ethernet cfm domain domain name level 0 to 7 Example Router config ecfm ethernet cfm domain customer level 7 Defines a CFM maintenance domain at a specified level and enters Ethernet CFM configuration mode level can be any value from 0 to 7 Step 6 service service name vlan vlan id inner vlan inner vlan id direction down Example Router config ecfm service customer1101 vlan 100 inner vlan 30 dir...

Page 58: ... for double tagged packets show ethernet cfm maintenance points local show ethernet cfm maintenance points remote ping ethernet mpid mpid value domain domain name service service name cos value traceroute ethernet mpid mpid value domain domain name service service name show ethernet cfm error configuration Step 9 ethernet cfm mep domain domain name mpid mpid value service service name Example Rout...

Page 59: ...thernet cfm maintenance points remote command to display the remote maintenance point domains In the following example customer carrier and enterprise are the maintenance point domains that are configured On router 1 Router1 show ethernet cfm maintenance points remote MPID Domain Name MacAddress IfSt PtSt Lvl Domain ID Ingress RDI MA Name Type Id SrvcInst EVC Name Age Local MEP Info 110 customer 8...

Page 60: ...ds Success rate is 100 percent 5 5 round trip min avg max 1 1 1 ms Router Use the traceroute command to send the Ethernet CFM traceroute messages Router traceroute ethernet mpid 100 domain customer service customer1101 Type escape sequence to abort TTL 64 Linktrace Timeout is 5 seconds Tracing the route to 8843 e154 6f01 on Domain customer Level 7 service customer1101 vlan 100 inner vlan 30 Tracer...

Page 61: ...d and then turn off console debug logging using the no logging console command Table 3 debug Commands for Ethernet CFM Configuration debug Command Purpose debug ethernet cfm all Enables all Ethernet CFM debug messages debug ethernet cfm diagnostic Enables low level diagnostic debugging of Ethernet CFM general events or packet related events debug ethernet cfm error Enables debugging of Ethernet CF...

Page 62: ...urement is used to measure frame delay and frame delay variations Ethernet frame delay is measured using the Delay Measurement Message DMM method Restrictions for Configuring Two Way Delay Measurement Follow the guidelines and restrictions listed here when you configure two way delay measurement Y 1731 PM measurement works only for a point to point network topology The granularity of the clock for...

Page 63: ...ue Example Router config ip sla ethernet y1731 delay DMM domain customer vlan 100 mpid 3101 cos 1 source mpid 4101 or Router config ip sla ethernet y1731 delay DMM domain customer vlan 100 inner vlan 1101 mpid 3101 cos 1 source mpid 4101 Configures a two way delay measurement Note Both single tagging and double tagging are supported The following are the parameters delay Specifies the delay distri...

Page 64: ...lan 100 inner vlan 1101 mpid 3101 cos 1 source mpid 4101 router config sla y1731 delay aggregate interval 30 router config sla y1731 delay exit router config ip sla schedule 1101 life forever start time now router config end Verifying Two Way Delay Measurement Configuration Use the following commands to verify the performance monitoring sessions show run sec ip sla show ip sla summary show ip sla ...

Page 65: ...outer show ip sla statistics IPSLAs Latest Operation Statistics IPSLA operation id 1101 Delay Statistics for Y1731 Operation 1101 Type of operation Y1731 Delay Measurement Latest operation start time 10 43 12 930 UTC Mon Oct 21 2013 Latest operation return code OK Distribution Statistics Interval Start time 10 43 12 930 UTC Mon Oct 21 2013 Elapsed time 15 seconds Number of measurements initiated 7...

Page 66: ... Period 30 History Number of intervals 2 Router show ethernet cfm pm session summary Number of Configured Session 150 Number of Active Session 2 Number of Inactive Session 148 Router Router config show ethernet cfm pm session detail 0 Session ID 0 Sla Session ID 1101 Level 7 Service Type S C Service Id 100 1101 Direction Down Source Mac 5352 a824 04fr Destination Mac 5067 a87c fa92 Session Version...

Page 67: ...7862 3591340728 928006818 0 274644 3591340729 927671142 3591340670 864121572 3591340670 864197862 3591340729 927991560 0 244128 Troubleshooting Two Way Delay Measurement Configuration Table 4 lists the debug commands to troubleshoot issues pertaining to the two way delay measurement configuration The Cisco IOS Master Command List at http www cisco com en US docs ios mcl allreleasemcl all_book html...

Page 68: ... Y 1731 Performance Monitoring on Layer 3 Interfaces Support for Y 1731 Performance Monitoring on a Routed Port L3 Subinterface debug epmpal rx Enables debugging of Ethernet PM packet receive events debug epmpal tx Enables debugging of Ethernet PM packet transmit events Table 4 debug Commands for Two Way Delay Measurement Configuration continued debug Command Purpose ...

Page 69: ...port for Y 1731 Performance Monitoring for EVC BD page 87 Support for Switch Virtual Interfaces SVI on ISR G2 Metro Ethernet BD page 90 EVC Quality of Service QoS page 92 Configuring EVCs on Cisco ISR G2 Router Configuring an EFP and a BD on the Cisco ISR G2 Router Configuring a service instance on a Layer 2 port creates an EFP on which you can configure EVC features Note You cannot use the same V...

Page 70: ...ws how to configure Gigabit Ethernet interface 0 1 and enter interface configuration mode Step 4 service instance id ethernet Example Router config if service instance 1 ethernet Configures an Ethernet service instance on an interface and enters Ethernet service configuration mode The example shows how to configure Ethernet service instance 1 Step 5 encapsulation encapsulation type vlan id Example...

Page 71: ...abitEthernet0 0 102 Order 2 If you configure EFP first using the same VLAN ID then you can still configure the subinterface using the same VLAN ID However traffic will flow on the subinterface with higher priority and not on the EFP Configuring an EFP and a subinterface using the same VLAN ID for dot1q encapsulation is allowed and configurable as show in order 2 However the use of an EFP and subin...

Page 72: ...ck on a device does not indicate the start of an actual session Features Supported for Ethernet Data Plane Loopback Locally enabled Ethernet Data Plane Loopback on all Ethernet interface types such as physical and bundle interfaces and sub interfaces and Pseudowire Head End PWHE interfaces In the case of Layer 2 and Layer 3 interfaces only external loopback is supported External loopback is the ty...

Page 73: ...erface path id Step 3 ethernet loopback permit external internal Step 4 end or commit DETAILED STEPS Command Purpose Step 1 configure Example Router configure Enters global configuration mode Step 2 interface GigabitEthernet interface path id Example router config interface 0 1 Enters interface configuration mode and specifies the Ethernet interface name and notation rack slot module port Note The...

Page 74: ...ck router ethernet loopback extend local interface name id id length Step 3 ethernet loopback permit external internal Example Router config if srv ethernet loopback permit external Configures ethernet loopback externally or internally on an interface External loopback allows loopback of traffic from wire Internal loopback allows loopback of traffic from the bridge domain Step 4 end or commit Exam...

Page 75: ...ours Time left 00 01 17 Status Active Filters Dot1ad 100 200 Dot1q Any Source MAC Address aaaa bbbb cccc Destination MAC Address Any Ethertype 0x8902 Class of Service Any LLC OUI Any Local GigabitEthernet0 1 200 ID 2 Direction External Time out 10 minutes Time left 00 00 00 Status Stopping Filters Dot1q 500 Second dot1q 200 Source MAC Address Any Destination MAC Address Any Ethertype Any Class of ...

Page 76: ...ported only if you have purchased the appxk9 licensing package CFM over EVC BD is available only on the Cisco 890 series ISR and ISRG2 platforms For more information about managing software activation licenses on the Cisco ISR and Cisco ISR G2 platforms see http www cisco com en US docs routers access sw_activation SA_on_ISR html Restrictions for Configuring Ethernet CFM A specific domain must be ...

Page 77: ...service up Step 13 end DETAILED STEPS Command Purpose Step 1 enable Example Router enable Enables the privileged EXEC mode Enter your password when prompted Step 2 configure terminal Example Router configure terminal Enters the global configuration mode Step 3 ethernet cfm domain domain name level level id Example Router config ethernet cfm domain Customer level 7 Defines a CFM maintenance domain ...

Page 78: ... size 200 Sets the maximum size for the CFM traceroute cache table Step 10 ethernet cfm traceroute cache hold time minutes Example Router config ethernet cfm traceroute cache hold time 60 Sets the amount of time that CFM traceroute cache entries are retained Step 11 snmp server enable traps ethernet cfm cc mep up mep down config loop cross connect Example Router config snmp server enable traps eth...

Page 79: ...ble traps ethernet cfm crosscheck mep unknown mep missing service up Step 13 end DETAILED STEPS Command Purpose Step 1 enable Example Router enable Enables the privileged EXEC mode Enter your password when prompted Step 2 configure terminal Example Router configure terminal Enters the global configuration mode Step 3 ethernet cfm domain domain name level level id direction outward Example Router c...

Page 80: ...route cache size 200 Sets the maximum size for the CFM traceroute cache table Step 10 ethernet cfm traceroute cache hold time minutes Example Router config ethernet cfm traceroute cache hold time 60 Sets the amount of time that CFM traceroute cache entries are retained Step 11 snmp server enable traps ethernet cfm cc mep up mep down config loop cross connect Example Router config snmp server enabl...

Page 81: ...Step 5 continuity check interval time loss threshold threshold static rmep Step 6 continuity check interval time loss threshold threshold static rmep Step 7 continuity check interval time loss threshold threshold static rmep Step 8 exit Step 9 mep archive hold time minutes Step 10 exit Step 11 ethernet cfm global Step 12 ethernet cfm ieee Step 13 ethernet cfm traceroute cache Step 14 ethernet cfm ...

Page 82: ...n down keyword the service is renamed to the new MA name Step 5 continuity check interval time loss threshold threshold static rmep Example Router config ecfm srv continuity check Enables the transmission of CCMs Step 6 continuity check interval time loss threshold threshold static rmep Example Router config ecfm srv continuity check interval 10 Configures the time period between CCM transmissions...

Page 83: ...ernet cfm traceroute cache size 200 Sets the maximum size for the CFM traceroute cache table Step 15 ethernet cfm traceroute cache hold time minutes Example Router config ethernet cfm traceroute cache hold time 60 Sets the amount of time that CFM traceroute cache entries are retained Step 16 interface type number Example Router config interface ethernet 0 3 Specifies an interface and enters interf...

Page 84: ... threshold threshold static rmep Step 9 exit Step 10 exit Step 11 ethernet cfm global Step 12 ethernet cfm ieee Step 13 ethernet cfm traceroute cache Step 14 ethernet cfm traceroute cache size entries Step 15 ethernet cfm traceroute cache hold time minutes Step 16 interface type number Step 17 ethernet cfm mep level level id inward outward domain domain name mpid id vlan any vlan id vlan id vlan i...

Page 85: ...maps to the same VLAN If you configure a new MA name and do not specify the direction down keyword the service is renamed to the new MA name Step 6 continuity check interval time loss threshold threshold static rmep Example Router config ecfm srv continuity check Enables the transmission of CCMs Step 7 continuity check interval time loss threshold threshold static rmep Example Router config ecfm s...

Page 86: ...bles caching of CFM data learned through traceroute messages Step 14 ethernet cfm traceroute cache size entries Example Router config ethernet cfm traceroute cache size 200 Sets the maximum size for the CFM traceroute cache table Step 15 ethernet cfm traceroute cache hold time minutes Example Router config ethernet cfm traceroute cache hold time 60 Sets the amount of time that CFM traceroute cache...

Page 87: ...ables the privileged EXEC mode Enter your password when prompted Step 2 configure terminal Example Router configure terminal Enters the global configuration mode Step 3 ethernet cfm domain domain name level level id Example Router config ethernet cfm domain Customer level 7 Defines a CFM maintenance domain at a specified level and enters Ethernet CFM configuration mode Step 4 mep mpid mpid Example...

Page 88: ...p crosscheck enable disable domain domain name port vlan vlan id vlan id vlan id vlan id vlan id DETAILED STEPS Step 7 exit Example Router config exit Returns the device to privileged EXEC mode Step 8 ethernet cfm mep crosscheck enable disable domain domain name port vlan vlan id vlan id vlan id vlan id vlan id Example Router ethernet cfm mep crosscheck enable domain cust4 vlan 100 Enables cross c...

Page 89: ...s are not properly configured CE A Configuration Step 3 ethernet cfm domain domain name level level id Example Router config ethernet cfm domain Customer level 7 Defines a CFM maintenance domain at a specified level and enters Ethernet CFM configuration mode Step 4 mep mpid mpid Example Router config ecfm mep mpid 702 Statically defines the MEPs within a maintenance association Step 5 exit Example...

Page 90: ...ep unknown service up U PE A Configuration ethernet cfm global ethernet cfm ieee ethernet cfm traceroute cache ethernet cfm traceroute cache size 200 ethernet cfm traceroute cache hold time 60 ethernet cfm mip auto create level 7 vlan 1 4094 interface gigabitethernet3 2 ethernet cfm mip level 7 vlan 101 Manual MIP ethernet cfm mep domain ServiceProvider L4 mpid 401 vlan 101 ethernet cfm mep domain...

Page 91: ...nect loop config snmp server enable traps ethernet cfm crosscheck mep missing mep unknown service up U PE B Configuration ethernet cfm global ethernet cfm ieee ethernet cfm traceroute cache ethernet cfm traceroute cache size 200 ethernet cfm traceroute cache hold time 60 ethernet cfm domain Customer L7 level 7 mip auto create service Customer1 vlan 101 direction down ethernet cfm domain ServicePro...

Page 92: ...k ethernet cfm domain OperatorB level 2 mep archive hold time 65 mip auto create service MetroCustomer1OpB vlan 101 continuity check interface gigabitethernet1 2 ethernet cfm mip level 2 manual MIP interface gigabitethernet2 2 ethernet cfm mip level 4 manual MIP snmp server enable traps ethernet cfm cc mep up mep down cross connect loop config snmp server enable traps ethernet cfm crosscheck mep m...

Page 93: ...eProvider L4 level 4 mep archive hold time 60 service MetroCustomer1 vlan 101 continuity check ethernet cfm domain OperatorA L1 level 1 mep archive hold time 65 mip auto create service MetroCustomer1OpA vlan 101 continuity check interface gigabitethernet3 2 ethernet cfm mip level 7 vlan 101 Manual MIP ethernet cfm mep domain ServiceProvider L4 mpid 401 vlan 101 ethernet cfm mep domain OperatorA L1...

Page 94: ...e cache ethernet cfm traceroute cache size 200 ethernet cfm traceroute cache hold time 60 ethernet cfm domain Customer L7 level 7 mip auto create service Customer1 vlan 101 direction down ethernet cfm domain ServiceProvider L4 level 4 mep archive hold time 60 service MetroCustomer1 vlan 101 continuity check ethernet cfm domain OperatorB level 2 mep archive hold time 65 service MetroCustomer1OpB vl...

Page 95: ...M provides a standard Ethernet PM function that includes measurement of Ethernet frame delay frame delay variation frame loss and frame throughput measurements specified by the ITU T Y 1731 standard and interpreted by the Metro Ethernet Forum MEF standards group ITU T Y 1731 feature supports key operation and maintenance standards that provide for automated end to end management and monitoring of ...

Page 96: ... address cos cos source mpid source mp id mac address source address Step 5 clock sync Step 6 aggregate interval seconds Step 7 distribution delay delay variation one way number of bins boundary boundary Step 8 frame interval milliseconds Step 9 frame offset offset value Step 10 frame size bytes Step 11 history interval intervals stored Step 12 max delay milliseconds Step 13 owner owner id Step 14...

Page 97: ...llows the operation to calculate one way delay measurements Step 6 aggregate interval seconds Example Router config sla y1731 delay aggregate interval 900 Optional Configures the length of time during which the performance measurements are conducted and the results stored Step 7 distribution delay delay variation one way number of bins boundary boundary Example Router config sla y1731 delay distri...

Page 98: ...he operation Support for Switch Virtual Interfaces SVI on ISR G2 Metro Ethernet BD You can connect a SVI with a Metro Ethernet BD to re direct the traffic from a switch port onto the BD and vice versa as shown in Figure 1 Step 11 history interval intervals stored Example Router config sla y1731 delay history interval 2 Optional Sets the number of statistics distributions kept during the lifetime o...

Page 99: ...upport on BDs Only one SVI may be associated with a BD There is no EVC i e service instance configuration on an SVI All packets on the BD including those from EVCs should be tagged with the VLAN tag specifying the VLAN id of the SVI Only access port configurations are supported Configuring SVI as Access Port First you configure the switch port to add an access port SVI to a BD After this you need ...

Page 100: ... how to define the associated VLAN interface interface Vlan40 no ip address bridge domain 40 end This example shows the BD id matching with the VLAN id interface GigabitEthernet8 no ip address duplex auto speed auto service instance 40 ethernet encapsulation dot1q 40 bridge domain 40 End EVC Quality of Service QoS For information about EVC QoS see http www cisco com c en us td docs ios xml ios qos...

Page 101: ...e redundancy between ISR and another device and not to provide scalable bandwidth between them Restrictions and Guidelines for EtherChannel Feature These restrictions and guidelines apply while configuring EtherChannel feature Configure all physical ports in an EtherChannel manually Negotiation protocol PAgP and LACP are not supported Each EtherChannel can consists of up to four compatibly configu...

Page 102: ...up number 7 end DETAILED STEPS Command Purpose Step 1 configure terminal Example Router configure terminal Enters global configuration mode Step 2 interface port channel number Example Router config interface port channel 1 Specify the EtherChannel port channel logical interface and enter interface configuration mode Step 3 ip address ip address mask Example Router config if ip address 10 0 0 1 25...

Page 103: ... and adding physical interfaces to the EtherChannel Router configure terminal Router config interface port channel 1 Router config if ip address 10 0 0 1 255 255 255 0 Router config if end Router config interface range gigabitEthernet 0 0 1 Router config if channel group 1 Router config if end Step 6 channel group number Example Router config if channel group 1 Add the physical interfaces to the p...

Page 104: ...96 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring EtherChannel ...

Page 105: ...T Port page 116 Configuring Third Party SFPs page 121 Configuring Backup Interfaces This section contains the following topics Configuring the Backup Interface page 97 Configuring Gigabit Ethernet Failover Media page 99 Configuring Cellular Dial on Demand Routing Backup page 101 Configuring the Backup Interface When the router receives an indication that the primary interface is down the backup in...

Page 106: ... an ATM WAN connection Step 2 backup interface interface type interface number Example Router config if backup interface bri 0 0 1 Router config if Assigns an interface as the secondary or backup interface This can be a serial interface or an asynchronous interface For example a serial 1 interface could be configured to back up a serial 0 2 1 interface The example shows a BRI interface configured ...

Page 107: ...nfigured This is not a supported configuration and the behavior is unpredictable Assigning Primary and Secondary Failover Media To assign primary and secondary failover media on the GE SFP port follow these steps beginning in EXEC mode SUMMARY STEPS 1 configure terminal 2 interface gigabitethernet slot port 3 media type sfp 4 media type sfp auto failover 5 end DETAILED STEPS Command Purpose Step 1...

Page 108: ...Detect feature To configure the Auto Detect feature follow these steps beginning in global configuration mode SUMMARY STEPS 1 configure terminal 2 interface gigabitethernet slot port 3 no media type Step 3 media type sfp Example Router config if media type sfp Router config if Example Router config if media type rj45 Router config if Designates SFP port as the primary media OR Designates RJ 45 as ...

Page 109: ...route is used See the Configuring DDR Backup Using Floating Static Route section on page 103 Cellular Wireless Modem To configure the 3G wireless modem as backup with Network Address Translation NAT and IPSec on either Global System for Mobile Communications GSM or code division multiple access CDMA networks see Cellular Wireless Modem as Backup with NAT and IPSec Configuration section on page 104...

Page 110: ... group protocol protocol name permit deny list access list number access group 6 ip access list access list number permit ip source address 7 interface cellular 0 8 dialer string string DETAILED STEPS Command or Action Purpose Step 1 configure terminal Example Router configure terminal Enters global configuration mode Step 2 interface type number Example Router config interface ATM 0 Specifies the...

Page 111: ...distance name name Step 6 ip access list access list number permit ip source address Example Router config access list 2 permit 10 4 0 0 Defines traffic of interest Do not use the access list permit all command to avoid sending traffic to the IP network This may result in call termination Step 7 interface cellular 0 Example Router config interface cellular 0 Specifies the cellular interface Step 8...

Page 112: ...009 version 12 4 service timestamps debug datetime msec service timestamps log datetime msec no service password encryption service internal hostname Router boot start marker boot end marker no aaa new model service module wlan ap 0 bootimage autonomous no ipv6 cef ip source route ip cef ip multicast routing Command or Action Purpose Step 1 configure terminal Example Router configure terminal Ente...

Page 113: ...chat script cdma atdt 777 TIMEOUT 180 CONNECT license udi pid CISCO1941W A K9 sn FHH1249P016 archive log config hidekeys redundancy track 234 ip sla 1 reachability interface Loopback0 ip address 1 1 1 1 255 255 255 255 interface Wlan GigabitEthernet0 0 description Internal switch interface connecting to the embedded AP interface GigabitEthernet0 0 ip address dhcp ip virtual reassembly load interva...

Page 114: ...c mode interactive no ppp lcp fast start ppp ipcp dns request ppp timeout retry 120 ppp timeout ncp 30 fair queue 64 16 0 routing dynamic interface ATM0 1 0 no ip address no atm ilmi keepalive no dsl bitswap interface ATM0 1 0 1 point to point ip virtual reassembly pvc 0 35 pppoe client dial pool number 2 interface Vlan1 ip address 10 9 0 254 255 255 0 0 ip nat inside ip virtual reassembly interfa...

Page 115: ...secure server ip dns server ip nat inside source route map nat2cell interface Dialer1 overload ip nat inside source route map nat2dsl interface Dialer2 overload ip route 0 0 0 0 0 0 0 0 Dialer2 track 234 ip route 0 0 0 0 0 0 0 0 Dialer1 253 ip sla 1 icmp echo 128 107 248 247 source interface Dialer2 frequency 5 ip sla schedule 1 life forever start time now access list 1 permit any access list 2 pe...

Page 116: ... timeout 0 0 line aux 0 line 0 0 0 exec timeout 0 0 script dialer cdma login modem InOut no exec transport input all transport output all autoselect ppp rxspeed 3100000 txspeed 1800000 line 67 no activation character no exec transport preferred none transport input all transport output pad telnet rlogin lapb ta mop udptn v120 ssh line vty 0 4 login exception data corruption buffer truncate schedul...

Page 117: ...eer through the centrally managed function The dial backup feature can be added to provide a failover route in case the primary line fails Cisco 3900 series ISRs can use the auxiliary port for dial backup and remote management Figure 1 shows the network configuration used for remote management access and for providing backup to the primary WAN line Figure 1 Dial Backup and Remote Management Throug...

Page 118: ...k ip address interface type interface number ip address 12 access list access list number deny permit source source wildcard 13 dialerwatch list group number ip ip address address mask delay route check initial seconds 14 line aux console tty vty line number ending line number 15 modem enable 16 exit 17 line aux console tty vty line number ending line number 18 flowcontrol none software lock in ou...

Page 119: ...chronous interface and enters configuration mode for the asynchronous interface Configure the asynchronous interface For sample commands that you can use in asynchronous interface configuration mode see the Example section on page 113 Step 6 exit Example Router config if exit Router config Exits interface configuration mode and enters global configuration mode Step 7 interface type number Example ...

Page 120: ...0 0 0 0 255 255 any Defines an extended access list that indicates which addresses need translation Step 13 dialerwatch list group number ip ip address address mask delay route check initial seconds Example Router config dialer watch list 1 ip 22 0 0 2 255 255 255 255 Router config Evaluates the status of the primary link based on the existence of routes to the peer The address 22 0 0 2 is the pee...

Page 121: ...ry MY USER_MODEM MSC F1S0 1 chat script Dialout ABORT ERROR ABORT BUSY AT OK ATDT 5555102 T TIMEOUT 45 CONNECT c interface vlan 1 ip address 192 168 1 1 255 255 255 0 ip nat inside ip tcp adjust mss 1452 hold queue 100 out Dial backup and remote management physical interface interface Async1 no ip address encapsulation ppp dialer in band dialer pool member 3 async default routing async dynamic rou...

Page 122: ...name account password 7 pass ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request IP NAT over Dialer interface using route map ip nat inside source route map main interface Dialer1 overload ip nat inside source route map secondary interface Dialer3 overload ip classless When primary link is up again distance 50 will override 80 if dial backup has not timed out Use multiple routes becau...

Page 123: ...ssigned an IP address route map main permit 10 match ip address 101 match interface Dialer1 route map secondary permit 10 match ip address 103 match interface Dialer3 Change console to aux function line con 0 exec timedout 0 0 modem enable stopbits 1 line aux 0 exec timeout 0 0 To enable and communicate with the external modem properly script dialer Dialout modem InOut modem autoconfigure discover...

Page 124: ...N line Figure 2 shows a dial backup link that goes through a customer premises equipment CPE splitter a digital subscriber line access multiplexer DSLAM and a central office CO splitter before connecting to the ISDN switch Figure 2 Data Line Backup Through CPE Splitter DSLAM and CO Splitter 1 Cisco 3900 series router A Primary DSL interface FE interface Cisco 3900 series router 2 DSLAM B Dial back...

Page 125: ...he dialer watch to activate the backup ISDN line To configure your router ISDN interface for use as a backup interface follow these steps beginning in global configuration mode SUMMARY STEPS 1 isdn switch type switch type 2 interface type number 3 encapsulation encapsulation type 4 dialer pool member number 5 isdn switch type switch type 6 exit 1 PC A Primary DSL interface 2 Cisco 3900 series ISR ...

Page 126: ...sic net3 Router config Specifies the ISDN switch type The example specifies a switch type used in Australia Europe and the United Kingdom For details on other supported switch types see Cisco IOS Dial Technologies Command Reference Step 2 interface type number Example Router config interface bri 0 Router config if Enters configuration mode for the ISDN BRI Step 3 encapsulation encapsulation type E...

Page 127: ...pool 1 Router config if Specifies the dialer pool to be used In the example the dialer pool 1 setting associates the dialer 0 interface with the BRI0 interface because the BRI0 dialer pool member value is 1 Step 11 dialer string dial string isdn subaddress Example Router config if dialer string 384040 Router config if Specifies the telephone number to be dialed Step 12 dialer group group number Ex...

Page 128: ... router provides Internet access for your Cisco router during the ATM network downtime This portion of the example configures the aggregator vpdn enable no vpdn logging vpdn group 1 accept dialin protocol pppoe virtual template 1 interface Ethernet3 description 4700ref 1 ip address 40 1 1 1 255 255 255 0 media type 10BaseT interface Ethernet4 ip address 30 1 1 1 255 255 255 0 media type 10BaseT in...

Page 129: ...00 compatibility Third party SFPs are manufactured by companies that are not on the Cisco approved Vendor List AVL Currently Cisco ISR G2 routers support only Cisco approved SFPs From Release 15 3 2 T Cisco ISR G2 routers recognize third party SFPs Note Cisco does not provide any kind of support for the third party SFPs because they are not validated by Cisco Restrictions Supports only 100BASE SFP...

Page 130: ...configuration mode Step 3 service unsupported transceiver Example Router config service unsupported transceiver Enables third party SFP support Step 4 interface type slot subslot port number Example Router config interface ethernet 0 3 0 Selects an interface to configure Step 5 media type sfp Example Router config if media type sfp Changes media type to SFP Step 6 speed value Example Router config...

Page 131: ... Router config if service unsupported transceiver Router config interface ethernet 0 3 0 Router config if media type sfp Router config if speed 100 Router config if shutdown Router config if no shutdown Router config if exit Router config exit Step 8 no shutdown Example Router config if no shutdown Enables the interface changing its state from administratively DOWN to administratively UP Step 9 ex...

Page 132: ...Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide OL 20696 04 Chapter Configuring Backup Data Lines and Remote Management Configuring Third Party SFPs ...

Page 133: ...clocks to the modules and peripherals on the router ISR G2s must be running Cisco IOS Release 15 0 1 M or later to support EnergyWise Detailed configuration procedures are included in the Cisco EnergyWise Configuration Guide which can be found at Cisco com The following sections provide general information about the EnergyWise feature running on ISR G2s Modules and Interface Supporting EnergyWise ...

Page 134: ...rictions for Power Efficiency Management and OIR Restrictions for Power Efficiency Management and OIR The following restrictions apply when using the power efficiency management feature The online insertion and removal OIR commands cannot be used when a module is in power save mode When the OIR commands are executed power efficiency management cannot be configured on a service module ...

Page 135: ...pted Transport VPN page 150 Configuring the Cryptographic Engine Accelerator Services Performance Engine 200 and Services Performance Engine 250 have an onboard cryptographic engine accelerator that is shared between SSLVPN and IPSec protocols By default acceleration of SSL is disabled so IPSec performance is maximized To set up a router as an SSLVPN gateway enable hardware acceleration for SSLVPN...

Page 136: ... method for collecting and sending security server information used for billing auditing and reporting such as user identities start and stop times executed commands such as PPP number of packets and number of bytes AAA uses protocols such as Remote Authentication Dial In User Service RADIUS Terminal Access Controller Access Control System Plus TACACS or Kerberos to administer its security functio...

Page 137: ...e Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html Creating an IP Access List and Applying It to an Interface Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values Refining an IP Access List Displaying and Clearing IP Access List Data Using ACL Manageability Access Groups An access group...

Page 138: ...at the dynamic access list remains active without return traffic passing through the router When the timeout value is reached the dynamic access list is removed and subsequent packets possibly valid ones are not permitted Use the same inspection name in multiple statements to group them into one set of rules This set of rules can be activated elsewhere in the configuration by using the ip inspect ...

Page 139: ...Support and Usability Enhancements section of Cisco IOS Security Configuration Guide Securing the Data Plane Release 12 4T at http www cisco com en US docs ios sec_data_plane configuration guide 12_4t sec_data_plane_12_4t_book html Content Filtering Cisco 3900 series 2900 series and 1900 series ISRs provide category based URL filtering The user provisions URL filtering on the ISR by selecting cate...

Page 140: ...emote nodes The Cisco Easy VPN client feature can be configured in one of two modes client mode or network extension mode Client mode is the default configuration and allows only devices at the client site to access resources at the central site Resources at the client site are unavailable to the central site Network extension mode allows users at the central site where the Cisco VPN 3000 series c...

Page 141: ...igure 2 Site to Site VPN Using an IPSec Tunnel and GRE For more information about IPSec and GRE configuration see the Configuring Security for VPNs with IPSec chapter of Cisco IOS Security Configuration Guide Secure Connectivity Release 12 4T at http www cisco com en US docs ios sec_secure_connectivity configuration guide 12_4t sec_secure_connectivity_12_4t_book html Configuration Examples Each ex...

Page 142: ...s You must specify parameters such as internal IP addresses internal subnet masks DHCP server addresses and Network Address Translation NAT Configure a VPN over an IPSec Tunnel section on page 134 Create a Cisco Easy VPN Remote Configuration section on page 143 Configure a Site to Site GRE Tunnel section on page 146 Configure a VPN over an IPSec Tunnel Perform the following tasks to configure a VP...

Page 143: ... IKE negotiation The priority is a number from 1 to 10000 with 1 being the highest Also enters the ISAKMP1 policy configuration mode Step 2 encryption des 3des aes aes 192 aes 256 Example Router config isakmp encryption 3des Router config isakmp Specifies the encryption algorithm used in the IKE policy The example specifies 168 bit DES2 Step 3 hash md5 sha Example Router config isakmp hash md5 Rou...

Page 144: ...seconds for an IKE SA5 Step 7 exit Example Router config isakmp exit Router config Exits IKE policy configuration mode and enters global configuration mode 1 ISAKMP Internet Security Association Key and Management Protocol 2 DES data encryption standard 3 MD5 Message Digest 5 4 SHA 1 Secure Hash standard 5 SA security association Command or Action Purpose Command or Action Purpose Step 1 crypto is...

Page 145: ... config isakmp group domain company com Router config isakmp group Specifies group domain membership Step 5 exit Example Router config isakmp group exit Router config Exits IKE group policy configuration mode and enters global configuration mode Step 6 ip local pool default poolname low ip address high ip address Example Router config ip local pool dynpool 30 30 30 20 30 30 30 30 Router config Spe...

Page 146: ...to map tag client configuration address initiate respond DETAILED STEPS Command or Action Purpose Step 1 crypto map map name isakmp authorization list list name Example Router config crypto map dynmap isakmp authorization list rtr remote Router config Applies mode configuration to the crypto map and enables key lookup IKE queries for the group policy from an AAA server Step 2 crypto map tag client...

Page 147: ...d users at login and specifies the method used This example uses a local authentication database You could also use a RADIUS server for this For details see Cisco IOS Security Configuration Guide Securing User Services Release 2 4T and Cisco IOS Security Command Reference Step 3 aaa authorization network exec commands level reverse access configuration default list name method1 method2 Example Rou...

Page 148: ...pto ipsec transform set transform set name 3 crypto ipsec security association lifetime seconds seconds kilobytes kilobytes DETAILED STEPS Command or Action Purpose Step 1 crypto ipsec profile profile name Example Router config crypto ipsec profile pro1 Router config Configures an IPSec profile to apply protection on the tunnel for encryption Step 2 crypto ipsec transform set transform set name tr...

Page 149: ...verse route 4 exit 5 crypto map map name seq num ipsec isakmp dynamic dynamic map name discover profile profile name DETAILED STEPS Command or Action Purpose Step 1 crypto dynamic map dynamic map name dynamic seq num Example Router config crypto dynamic map dynmap 1 Router config crypto map Creates a dynamic crypto map entry and enters crypto map configuration mode See Cisco IOS Security Command R...

Page 150: ...lows the rest of the traffic to pass and provides connectivity to the Internet To apply a crypto map to an interface follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 crypto map map name 3 exit DETAILED STEPS Step 4 exit Example Router config crypto map exit Router config Returns to global configuration mode Step 5 crypto map map name seq num ipsec i...

Page 151: ... Cisco Easy VPN remote configuration and assign it to the outgoing interface To create the remote configuration follow these steps beginning in global configuration mode SUMMARY STEPS 1 crypto ipsec client ezvpn name 2 group group name key group key 3 peer ipaddress hostname 4 mode client network extension network extension plus 5 exit 6 crypto isakmp keepalive seconds 7 interface type number 8 cr...

Page 152: ...00 1 Router config crypto ezvpn Specifies the peer IP address or hostname for the VPN connection Note A hostname can be specified only when the router has a DNS server available for hostname resolution Note Use this command to configure multiple peers for use as backup If one peer goes down the Easy VPN tunnel is established with the second available peer When the primary peer comes up again the t...

Page 153: ...400 crypto dynamic map dynmap 1 set transform set vpn1 reverse route crypto map static map 1 ipsec isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr remote crypto map dynmap client configuration address respond Step 7 interface type number Example Router config interface fastethernet 4 Router config if Enters the interface configuration mode for the interface to which you are a...

Page 154: ... GRE tunnel follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface type number 2 ip address ip address mask 3 tunnel source interface type number 4 tunnel destination default gateway ip address 5 crypto map map name 6 exit 7 ip access list standard extended access list name 8 permit protocol source source wildcard destination destination wildcard 9 exit DETAILED STEPS ...

Page 155: ...tic routes to the tunnel interface must be configured to establish connectivity between the sites See Cisco IOS Security Configuration Guide Secure Connectivity Release 12 4T for details Step 6 exit Example Router config if exit Router config Exits interface configuration mode and returns to global configuration mode Step 7 ip access list standard extended access list name Example Router config ip...

Page 156: ...hentication pre share group 2 crypto isakmp client configuration group rtr remote key secret password dns 10 50 10 1 10 60 10 1 domain company com pool dynpool crypto ipsec transform set vpn1 esp 3des esp sha hmac crypto ipsec security association lifetime seconds 86400 crypto dynamic map dynmap 1 set transform set vpn1 reverse route crypto map static map 1 ipsec isakmp dynamic dynmap crypto map d...

Page 157: ...sociated addresses used for NAT access list 102 permit ip 10 1 1 0 0 0 0 255 any acl 103 defines traffic allowed from the peer for the IPsec tunnel access list 103 permit udp host 200 1 1 1 any eq isakmp access list 103 permit udp host 200 1 1 1 eq isakmp any access list 103 permit esp host 200 1 1 1 any Allow ICMP for debugging but should be disabled because of security implications access list 1...

Page 158: ...unicast traffic GET VPN enables the router to apply encryption to nontunneled that is native IP multicast and unicast packets and eliminates the requirement to configure tunnels to protect multicast and unicast traffic By removing the need for point to point tunnels meshed networks can scale higher while maintaining network intelligence features that are critical to voice and video quality such as...

Page 159: ...ceive packets with SGT embedded in the MAC L2 layer This feature is called L2 SGT imposition This allows Ethernet interfaces on the device to be enabled for L2 SGT imposition to enable the device to insert an SGT in the packet that is to be carried to its next hop Ethernet neighbor SGT over Ethernet Tagging is a type of hop by hop propagation of SGTs embedded in clear text unencrypted Ethernet pac...

Page 160: ...ep 5 propagate sgt Example Router config if cts manual propagate sgt Enables L2 SGT imposition for egress traffic on the interface Note If you configure cts manual command CTS SGT propagation is enabled by default To disable CTS SGT propagation use no propagate sgt command Step 6 policy static sgt tag trusted Example Router config if cts manual policy static sgt 77 trusted Configures a static SGT ...

Page 161: ...minal Router config interface gigabitethernet 0 0 Router config if cts manual Router config if cts manual no propagate sgt Router config if cts manual policy static sgt 77 trusted Router config if cts manual end Router show running interface gigabitethernet 0 0 interface gigabitethernet 0 0 ip address 50 0 0 1 255 255 255 0 cts manual no propagate sgt policy static sgt 77 trusted end Verifying SGT...

Page 162: ...154 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Security Features SGT over Ethernet Tagging ...

Page 163: ...2 Control Direction Wake on LAN page 163 Preauthentication Access Control List page 166 Downloadable Access Control List page 167 Filter ID or Named Access Control List page 167 IP Device Tracking page 167 Note Critical authentication which is also known as Inaccessible Authentication Bypass or AAA Fail Policy does not support the Identity features on the Onboard Gigabit Ethernet Layer 3 ports Aut...

Page 164: ...ction Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode Step 4 authentication port control auto Example Router config if ...

Page 165: ...0 1 MAC Address 0201 0201 0201 IP Address Unknown User Name testUser1 Status Authz Success Domain DATA Oper host mode single host Oper control dir both Authorized By Authentication Server Vlan Group N A AAA Policies Session timeout N A Idle timeout N A Common Session ID 03030303000000000000BA04 Acct Session ID 0x00000001 Handle 0x6D000001 Runnable methods list Method State dot1x Authc Success c192...

Page 166: ...MAC Address 0201 0201 0201 IP Address Unknown User Name 02 01 02 01 02 01 Status Authz Success Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 interface gigabitethernet slot port Example Router config interface gigabitetherne...

Page 167: ...tempts made by a client A router cannot provide authentication services to clients through the interface Auto This enables IEEE 802 1X authentication and causes a port to start in the unauthorized state allowing only Extensible Authentication Protocol over LAN EAPoL frames to be sent and received through a port The authentication process begins when the link state of the port transitions from down...

Page 168: ... Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode Step 4 authentication port control auto force authorized force ...

Page 169: ...lDirection Both HostMode SINGLE_HOST QuietPeriod 60 ServerTimeout 0 SuppTimeout 30 ReAuthMax 2 MaxReq 2 TxPeriod 30 c1921 show authentication sessions Interface MAC Address Method Domain Status Session ID Gi0 1 unknown dot1x DATA Authz Failed 0303030300000009002AB7FC c1921 show authentication sessions interface gi0 1 Interface GigabitEthernet0 1 MAC Address Unknown IP Address Unknown Status Authz ...

Page 170: ... for the Identity features on the Onboard Gigabit Ethernet Layer 3 ports In single host mode only one client can be connected to the IEEE 802 1X enabled router port The router detects the client by sending an EAPol frame when the port link state changes to up state If a client leaves or is replaced with another client the router changes the port link state to down and the port returns to the unaut...

Page 171: ... other devices in the network Configuring Control Direction Wake on LAN Perform these steps to configure Control Direction Wake on LAN SUMMARY STEPS 1 enable 2 configure terminal 3 interface gigabitethernet slot port 4 authentication control direction in both Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure ...

Page 172: ...obal configuration mode Step 3 interface gigabitethernet slot port Example Router config interface gigabitethernet 0 0 Enters interface configuration mode Step 4 authentication control direction in both Example Router config if authentication control direction in Router config if authentication control direction both Configures the port mode as unidirectional or bidirectional in The port can send ...

Page 173: ...terface GigabitEthernet0 1 MAC Address 0201 0201 0201 IP Address Unknown User Name testUser1 Status Authz Success Domain DATA Oper host mode single host Oper control dir both Authorized By Authentication Server Vlan Group N A AAA Policies Session timeout N A Idle timeout N A Common Session ID 03030303000000000000BA04 Acct Session ID 0x00000001 Handle 0x6D000001 Runnable methods list Method State d...

Page 174: ...es Session timeout N A Idle timeout N A Common Session ID 030303030000000C00310024 Acct Session ID 0x0000000F Handle 0x8C00000D Runnable methods list Method State dot1x Authc Success c1921 show dot1x interface g0 1 Dot1x Info for GigabitEthernet0 1 PAE AUTHENTICATOR PortControl AUTO ControlDirection In HostMode SINGLE_HOST QuietPeriod 60 ServerTimeout 0 SuppTimeout 30 ReAuthMax 2 MaxReq 2 TxPeriod...

Page 175: ...he port use the show ip access list privileged EXEC command to display the downloaded ACL on the port Filter ID or Named Access Control List Filter Id also works as a dACL but the ACL commands are configured on the authenticator Authentication authorization and accounting AAA provides the name of the ACL to the authenticator IP Device Tracking The IP Device Tracking feature is required for the dAC...

Page 176: ...Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Identity Features on Layer 3 Interface IP Device Tracking ...

Page 177: ...y page 171 Cisco Unified SIP Proxy CUSP page 172 Gatekeeper page 172 Call Control Protocols page 172 Trunk side Protocols page 172 Line side Protocols page 173 Unified Communications Gateways page 174 TDM Gateways page 175 Cisco Unified Border Element page 176 Unified Messaging Gateway page 176 IP Media Services page 177 Conferencing Transcoding and Media Termination Point MTP page 177 RSVP Agent ...

Page 178: ...o Unified Communications Manager Express page 170 Unified Survivable Remote Site Telephony page 171 Cisco Unified SIP Proxy CUSP page 172 Gatekeeper page 172 Cisco Unified Communications Manager Express Cisco Unified Communications Manager Express CME is a feature rich entry level IP telephony solution that is integrated directly into Cisco IOS software Cisco Unified CME allows small business cust...

Page 179: ... register to the remote site router in SRST mode allowing all inbound and outbound dialing to be routed off to the PSTN on a backup Foreign Exchange Office FXO BRI or Primary Rate Interface PRI connection Unified SRST provides redundancy for both Cisco IP as well as Analog phones to ensure that the telephone system remains operational during network failures Both Skinny Client Control Protocol SCC...

Page 180: ... these endpoints with call routing and call admission control functions The endpoints communicate with the Gatekeeper using the H 323 Registration Admission Status RAS protocol The H 323 Gatekeeper is a special Cisco IOS software image that runs on the Cisco ISR platforms and the AS5350XM and AS5400XM Universal Gateway platforms The Cisco IOS H 323 Gatekeeper is an application that acts as the poi...

Page 181: ...irewall SIP Enhancements ALG and AIC at Cisco com Media Gateway Control Protocol MGCP Media Gateway Control Protocol MGCP RFC 2705 defines a centralized architecture for creating multimedia applications including Voice over IP VoIP See Cisco IOS MGCP and Related Protocols Configuration Guide for more information ISRs are configured primarily as residential gateways RGWs under MGCP For residential ...

Page 182: ...ession Initiation Protocol SIP is a peer to peer multimedia signaling protocol developed in the IETF IETF RFC 3261 Session Initiation Protocol is ASCII based It resembles HTTP and it reuses existing IP protocols such as DNS and SDP to provide media setup and tear down See Cisco IOS SIP Configuration Guide for more information For router configuration information under SIP see the Basic SIP Configu...

Page 183: ...T1 or E1 interfaces The Cisco ISR series voice gateway routers can communicate with the Cisco Unified Communications Manager using Session Initiation Protocol SIP H 323 or Media Gateway Control Protocol MGCP The Cisco IOS voice gateway routers can also connect directly to other Cisco voice gateway routers using SIP or H 323 and to various other VoIP destinations and call agents For more informatio...

Page 184: ... and billing information on each network segment separately Security Provides interworking between encrypted and non encrypted network segment SIP registration services DOS protection authentication services and toll fraud protection on H 323 or SIP trunks See Cisco Unified Border Element Configuration Guide at Cisco com for more information http www cisco com en US docs ios voice cube configurati...

Page 185: ...ture implements a Resource Reservation Protocol RSVP agent on Cisco IOS voice gateways that support Cisco Unified Communications Manager Version 5 0 1 The RSVP agent enables Cisco Unified Communications Manager to provide resource reservation for voice and video media to ensure QoS and call admission control CAC Cisco Unified Communications Manager controls the RSVP agent through Skinny Client Con...

Page 186: ...usted Firewall Cisco Unified Communications Trusted Firewall Control pushes intelligent services onto the network through a Trusted Relay Point TRP Firewall traversal is accomplished using Simple Session Traversal Utilities for NAT STUN on a TRP co located with a Cisco Unified Communications Manager Express Cisco Unified CME Cisco Unified Border Element CUBE Media Termination Point MTP Transcoder ...

Page 187: ... information http www cisco com en US docs ios 12_4t 12_4t15 srtpstub html wp1008975 Virtual Route Forward Virtual Route Forward VRF is the technique to create multiple virtual networks within a single network entity In a single network component we can create multiple VRFs to create the isolation among each other In our regular deployment of Unified Communication we create different VLANs for voi...

Page 188: ...nt Scalable solution from 4 to 16 concurrent voicemail or Automated Attendant calls and 12 to 250 mailboxes Deployable with Cisco Unified Communications Manager Express Cisco Unified Communications Manager Cisco Unity and Cisco Unity Connection systems See the Unity Express Configuration guides at Cisco com for more information http www cisco com en US products sw voicesw ps2237 products_installat...

Page 189: ...te_paper09186 a00800a3e6c shtml Cisco Application Extension Platform Cisco Application Extension Platform AXP is an open network platform for application development integration and hosting It is a service module on the Cisco Integrated Services Router ISR AXP realizes the Network as a Platform vision of Cisco while bringing collaborative partnerships and accelerating innovation Cisco AXP offers t...

Page 190: ... AXL API methods known as requests use a combination of HTTPS and SOAP SOAP is an XML remote procedure call RPC protocol The server receives the XML structures and executes the request If the request completes successfully the system returns the appropriate AXL response All responses are named identically to the associated requests except that the word Response is appended See Cisco Unified Commun...

Page 191: ...0 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Unified Communications on Cisco Integrated Services Routers Online Insertion and Removal ...

Page 192: ...0 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Unified Communications on Cisco Integrated Services Routers Online Insertion and Removal ...

Page 193: ... resources and share DSP resources across voice service modules when there is a combination of PVDM2 based using 5510 DSP modules and PVDM3 based modules in one router This supports the coexistence of PVDM2 PVDM2 DM and PVDM3 modules on separate boards in the same router However any PVDM2 modules inadvertently deployed on the same voice card as PVDM3 modules are shut down Note Different generation...

Page 194: ...f you have installed the PVDM3 cards in your Cisco gateway make certain that you have complied with the hardware installation instructions in Cisco 2900 Series and 3900 Series Integrated Services Routers Hardware Installation Guide Restrictions for Configuring the PVDM3 Module on Cisco Voice Gateway Routers The PVDM3 card can only be installed and used on the following Cisco voice gateway routers ...

Page 195: ...s a maximum of six DSPs per PVDM3 For backward compatibility for 5510 DSPs the existing numbering scheme is maintained see Table 1 and for PVDM3 DSPs a new numbering scheme is applied see Table 2 Note The numbering schemes shown in Table 1 and Table 2 are examples only and the DSP cards must be installed in the PVDM slots as shown for these sample numbering schemes to be correct For more informati...

Page 196: ...echnology Support of high speed modems V 32 and V 34 using Modem Relay technology Interface with Secure Telephony STU phones using Secure Telephony over IP standard technology Support for interfacing VoIP channel to Land Mobile Radio LMR networks Support for secure VoIP through the implementation of SRTP for both encryption and authentication of RTP packets Support for text telephony Baudot using ...

Page 197: ...one Cisco Unified Communications Manager group The profile ID and service type uniquely identify a profile allowing the profile to uniquely map to a Cisco Unified Communications Manager group that contains a single pool of Cisco Unified Communications Manager servers Conferencing Voice conferencing involves adding several parties to a phone conversation In a traditional circuit switched voice netw...

Page 198: ...ast to session application endpoints when DSP oversubscription occurs for both analog ports and digital ports except PRI and BRI FXO signaling and application controlled endpoints are not supported This feature does not apply to insufficient DSP credits due to mid call codec changes while a call is already established Online Insertion and Removal Cisco 3900 Series ISRs support only managed online ...

Page 199: ...nfigure terminal Enter global configuration mode Step 3 controller e1 slot port Example Router config controller e1 0 0 0 Enter config controller mode Step 4 shutdown Example Router config controller shutdown Administratively shuts down the controller port Step 5 exit Example Router config controller exit Exit config controller mode Step 6 voice port slot number port Example Router config voice po...

Page 200: ...lot or in an empty slot 4 hw module sm slot oir start DETAILED STEPS Restart the controller and voice ports SUMMARY STEPS 1 configure terminal 2 controller e1 slot port 3 no shutdown 4 exit 5 voice port slot number port 6 no shutdown 7 exit Command or Action Purpose Step 1 hw module sm slot oir stop Example Router hw module sm 1 oir stop Shuts down the specified module to prepare it for removal St...

Page 201: ...Enters global configuration mode Step 2 controller e1 slot port Example Router config controller e1 0 0 0 Enters config controller mode Step 3 no shutdown Example Router config controller no shutdown Restarts the controller port Step 4 exit Example Router config controller exit Exits config controller mode Step 5 voice port slot number port Example Router config voice port 0 0 0 1 Enters config vo...

Page 202: ...for example the motherboard has PVDM3 another voice card has PVDM2 and a third voice card has no PVDM there is a new CLI command under the voice card CLI that allows the voice card to choose which type of PVDM to use for TDM sharing pooling voice card 2 dsp tdm pooling type PVDM2 PVDM3 For more information about TDM sharing pooling see the documents listed in the Additional References section on p...

Page 203: ...ransitions Successful Unsuccessful SHUT 0 0 FRUGAL 0 0 FULL 0 0 Slot 0 2 Levels supported 0x441 SHUT FRUGAL FULL CURRENT level 10 FULL Previous level 0 SHUT Transitions Successful Unsuccessful SHUT 1 0 FRUGAL 0 1 FULL 1 0 Slot 0 3 Levels supported 0x441 SHUT FRUGAL FULL CURRENT level 10 FULL Previous level 10 FULL Transitions Successful Unsuccessful SHUT 0 0 FRUGAL 0 0 FULL 0 0 Step 2 show voice c...

Page 204: ... on slot 0 dsp 1 State UP firmware 26 0 135 Max signal voice channel 43 43 Max credits 645 num_of_sig_chnls_allocated 35 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 630 reserved credits 0 Signaling channels allocated 35 Voice channels allocated 1 Credits used rounded up 15 Voice channels Ch01 voice port 0 1 1 23 2 codec g711alaw credits allocated 15 Slot ...

Page 205: ...d 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 645 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 Slot 0 Device idx 1 PVDM Slot 0 Dsp Type SP2600 dsp 5 State UP firmware 26 0 135 Max signal voice channel 43 43 Max credits 645 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared...

Page 206: ...ot 1 DSP groups on slot 2 dsp 1 State UP firmware 26 0 133 Max signal voice channel 16 16 Max credits 240 num_of_sig_chnls_allocated 0 Transcoding channels allocated 0 Group FLEX_GROUP_VOICE complexity FLEX Shared credits 240 reserved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used rounded up 0 dsp 2 State UP firmware 26 0 133 Max signal voice channel 16 16 Max cre...

Page 207: ...o display the hunt order in which DSPs are utilized for particular services in this example voice conferencing and transcoding are shown for slot 0 Router show voice dsp sorted list slot 0 DSP id selection list for different service for Card 0 Voice 01 02 03 04 05 06 07 Conf 07 06 05 04 03 02 01 Xcode 01 02 03 04 05 06 07 Step 5 show voice dsp capabilities slot number dsp number Use this command t...

Page 208: ...rved credits 0 Signaling channels allocated 0 Voice channels allocated 0 Credits used 0 Oversubscription can either be an indicator or a counter DSP type SP260x Step 7 show voice dsp statistics device Use this command to display DSP voice statistics for the device Router show voice dsp statistics device DEVICE DSP CURR AI RST WDT ACK MAC TX RX PACK KEEPALIVE ID ID STATE COUNT FAIL ADDRESS COUNT TX...

Page 209: ... gaints vlan id 2 BP throttle change count 0 Current throttle flag 0 TX messages at congestion count 0 Step 9 show voice dsp statistics ack Use this command to display ACK statistics for the device Router show voice dsp statistics ack DSP ACK RETRY TOTAL WAITING ID DEPTH COUNT RETRANSMITTION FOR ACK ACK is enabled Step 10 debug voice dsp crash dump Use this command to display debugging information...

Page 210: ... Current configuration 3726 bytes version 12 4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Router boot start marker boot end marker card type t1 0 0 card type t1 2 0 card type t1 2 1 logging message counter syslog logging buffered 10000000 no aaa new model clock timezone PST 8 no network clock participate slot 2...

Page 211: ...gth long 0db ds0 group 1 timeslots 1 24 type e m immediate start controller T1 0 0 1 cablelength long 0db pri group timeslots 1 24 controller T1 2 0 controller T1 2 1 controller T1 2 0 0 cablelength long 0db controller T1 2 0 1 cablelength long 0db interface GigabitEthernet0 0 mtu 9600 ip address 10 1 32 147 255 255 0 0 duplex auto speed auto no cdp enable interface GigabitEthernet0 1 mtu 9600 ip ...

Page 212: ...abitEthernet0 0 sccp ccm 10 1 32 147 identifier 1 priority 1 version 5 0 1 sccp sccp ccm group 1 associate ccm 1 priority 1 associate profile 3 register CONFERENCE associate profile 2 register UNIVERSAL associate profile 1 register G711_ANY dspfarm profile 1 transcode codec g711ulaw codec g711alaw codec g722 64 maximum sessions 40 associate application SCCP dspfarm profile 2 transcode universal co...

Page 213: ...153 codec g722 64 no vad dial peer voice 203 voip destination pattern 408555 5 9 session protocol sipv2 session target ipv4 10 1 32 153 codec g723r53 gatekeeper shutdown telephony service sdspfarm units 5 sdspfarm transcode sessions 128 sdspfarm tag 1 G711_ANY sdspfarm tag 2 UNIVERAL sdspfarm tag 4 CONFERENCE max ephones 40 max dn 80 ip source address 10 1 32 147 port 2000 max conferences 32 gain ...

Page 214: ...formation for Cisco IOS voice commands Cisco IOS Voice Command Reference Configuration information for Cisco Voice Gateway Routers that are configured for Cisco Unified Communications Manager Cisco Unified Communications Manager and Cisco IOS Interoperability Guide Complete hardware installation instructions for installing the PVDM3 Cisco 2900 Series and 3900 Series Integrated Services Routers Har...

Page 215: ... train Unless noted otherwise subsequent releases of that Cisco IOS software release train also support that feature Description Link The Cisco Support and Documentation website provides online resources to download documentation software and tools Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies Access ...

Page 216: ...e Module FC Flex Complexity FPGA Field Programmable Gate Array HC High Complexity HDLC High level Data Link Control Protocol HPI Host Port Interface LC Low Complexity MAC Media Access Control MC Medium Complexity McBSP Multi Channel Buffer Serial Port MTBF Mean Time Between Failures MTP Media Termination Point NTE Named Telephone Events OIR Online Insertion and Removal PCE Packet Classification En...

Page 217: ...Routers Generation 2 Software Configuration Guide Chapter Configuring Next Generation High Density PVDM3 Modules Glossary TDM Time Division Multiplexing UHPI Universal Host Port Interface VIC Voice Interface Card VLAN Virtual LAN VNM Voice Network Module VWIC Voice WAN Interface Card ...

Page 218: ...10 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Next Generation High Density PVDM3 Modules Glossary ...

Page 219: ... interface cards that communicate without CPU involvement reduce load and increase performance on the router Modules and interface cards that do not utilize the MGF communicate with the CPU using the PCI Express PCIe link The following sections describe module and interface card communication through the MGF Restrictions for Module and Interface Card Communication page 211 Supported Slots Modules ...

Page 220: ...cating through the MGF In this scenario traffic goes from the WLAN through the Multi Gigabit Fabric s CPU port and out through a port on the front panel Cisco Etherswitch Service Modules The following Cisco EtherSwitch service modules provide Cisco modular access routers the ability to stack Cisco EtherSwitch service modules as Layer 2 switches using Cisco StackWise technology NME 16ES 1G NME 16ES...

Page 221: ...co 2900 series andCisco 1900 series ISRs Module 1 and Module 2 are the slot port of the two modules The Channel id1 and Channel id2 variables must always have a value of 0 When two modules are configured in a HIMI connection the modules cannot send traffic to any other module except its HIMI dedicated partner See Cisco High Speed Intrachassis Module Interconnect HIMI Configuration Guide at Cisco c...

Page 222: ...ollowing example displays output from a Cisco 3945 ISR Note VLAN1 is the default when no other VLAN are listed Router show platform mgf VLAN Slots 1 ISM EHWIC 0 EHWIC 1 EHWIC 2 EHWIC 3 PVDM 0 PVDM 1 PVDM 2 PVDM 3 SM 1 SM 2 SM 3 SM 4 Viewing Module and Interface Card Status on the Router Multi gigabit Fabric MGF displays module and interface card details To show the details of the MGF use the show ...

Page 223: ...e 13844 packets sec 30 second output rate 13844 packets sec 3955600345 packets input 1596845471340 bytes 26682 overruns Received 0 broadcasts 0 multicast 3955600345 unicast 0 runts 0 giants 0 jabbers 0 input errors 0 CRC 0 fragments 0 pause input 3955738564 packets output 1596886171288 bytes 0 underruns 0 broadcast 0 multicast 3955738564 unicast 0 late collisions 0 collisions 0 deferred 0 bad byte...

Page 224: ...never output never output hang never Last clearing of show interface counters never Input queue 0 75 0 0 size max drops flushes Total output drops 0 Queueing strategy fifo Output queue 0 40 size max 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 0 packets input 0 bytes 0 no buffer Received 0 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 ...

Page 225: ... References page 242 Restrictions for Upgrading the System Image Cisco 3900 series Cisco 2900 series and Cisco 1900 series integrated services routers ISRs download images to new Advanced Capability CompactFlash CF memory cards Legacy CF will not operate in Cisco 3900 series Cisco 2900 series and Cisco 1900 series ISRs When legacy CF is inserted the following error message appears WARNING Unsuppor...

Page 226: ...OS software Your router was shipped with an image installed Note The Cisco 1941W access point runs a Cisco IOS image that is separate from the Cisco IOS image on the router At some point you may want to load a different image onto the router or the access point For example you may want to upgrade your IOS software to the latest release or you may want to use the same Cisco IOS release for all the ...

Page 227: ...e information Where Do I Download the System Image To download a system image you must have an account at Cisco com to gain access to the following websites If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear If you know the Cisco IOS release and feature set you want to download go directly to http w...

Page 228: ... startup configuration file and the system image file complete the following steps SUMMARY STEPS 1 enable 2 copy nvram startup config ftp rcp tftp 3 dir flash0 flash1 4 copy flash0 ftp rcp tftp DETAILED STEPS Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 copy nvram startup config ftp rcp tftp Example Router copy nv...

Page 229: ...EXEC mode to learn the name of the system image file and the copy flash0 tftp command in privileged EXEC mode to copy the system image to a TFTP server The router uses the default username and password Router copy flash0 tftp Source filename running config Address or name of remote host 192 0 0 1 Destination filename router confg running config 983 bytes copied in 0 048 secs 20479 bytes sec Router...

Page 230: ...S Step 1 Select the system image in the Cisco IOS Upgrade Planner at http www cisco com cgi bin Software Iosplanner Planner tool iosplanner cgi You must have an account at Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Step 2 Write down the minimum memory requirements for the image as ...

Page 231: ...he Cisco IOS release and system image to which you want to upgrade See the Information About Upgrading the System Image section on page 218 Select the system image in the Cisco IOS Upgrade Planner at http www cisco com cgi bin Software Iosplanner Planner tool iosplanner cgi You must have an account at Cisco com If you do not have an account or have forgotten your username or password click Cancel ...

Page 232: ... See the hardware installation guide for your router b If the total memory is equal to or greater than the new system image s minimum flash requirements proceed to Step 5 5 dir all flash0 6 From the displayed output of the dir all flash0 command write down the names and directory locations of the files that you can delete 7 Optional copy flash0 tftp rcp 8 Optional Repeat Step 7 for each file that ...

Page 233: ...isplayed output of the dir flash0 command compare the number of bytes total to the size of the system image to which you want to upgrade If the total memory is less than the new system image s minimum flash requirements you must upgrade your compact flash memory card See the hardware installation guide for your router If the total memory is equal to or greater than the new system image s minimum f...

Page 234: ...320 total 15680K bytes of ATA CompactFlash Read Write Step 12 From the displayed output of the dir flash0 command compare the number of bytes available to the size of the system image to which you want to upgrade If the available memory is less than the new system image s minimum flash requirements you must upgrade your compact flash memory card to a size that can accommodate both the existing fil...

Page 235: ...e port See the hardware installation guide for your router Verify that the TFTP or RCP server has IP connectivity to the router If you cannot successfully ping between the TFTP or RCP server and the router do one of the following Configure a default gateway on the router Make sure that the server and the router each have an IP address in the same network or subnet See the Determining IP Addresses ...

Page 236: ...is entered as was used in Step 4 Destination filename c2900 universalk9 mz bin Step 6 If an error message appears that says Not enough space on device do one of the following as appropriate If you are certain that all the files in flash memory should be erased enter y when prompted twice to confirm that flash memory will be erased before copying Accessing tftp 10 10 10 2 c2900 universalk9 mz bin E...

Page 237: ...face cards are not active in ROM monitor mode Therefore only a fixed port on your router can be used for TFTP download This can be either a fixed Ethernet port on the router or one of the Gigabit Ethernet ports on routers equipped with them Note You can use this command only to download files to the router You cannot use tftpdnld to get files from the router SUMMARY STEPS 1 Enter ROM monitor mode ...

Page 238: ...software will be downloaded rommon TFTP_SERVER 172 16 23 33 Step 6 Set the name and directory location to which the image file will be downloaded onto the router For example rommon TFTP_FILE archive rel22 image name Step 7 Optional Set the input port to use a Gigabit Ethernet port Usage is GE_PORT 0 1 2 For example rommon GE_PORT 0 Step 8 Optional Set the Ethernet media type Usage is TFTP_ MEDIA_T...

Page 239: ...sh to continue y n n y Entering y confirms that you want to continue with the TFTP download What to Do Next Proceed to the Loading the New System Image section on page 232 Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash Memory Because the system image is stored on an external CompactFlash memory card you can use a PC with a compact flash card reader to format the car...

Page 240: ...d into flash memory First determine whether you are in ROM monitor mode or in the Cisco IOS CLI then choose one of the following methods of loading the new system image Loading the New System Image from the Cisco IOS Software page 232 Loading the New System Image from ROM Monitor Mode page 235 Loading the New System Image from the Cisco IOS Software To load the new system image from the Cisco IOS ...

Page 241: ...t is the first file or only file listed Step 2 configure terminal Use this command to enter global configuration mode Router configure terminal Router config Step 3 no boot system Use this command to delete all entries in the bootable image list which specifies the order in which the router attempts to load the system images at the next system reload or power cycle Router config no boot system Ste...

Page 242: ...igure terminal Use this command to enter global configuration mode Router configure terminal Router config Step 10 config register 0x2102 Use this command to set the configuration register so that after the next system reload or power cycle the router loads a system image from the boot system commands in the startup configuration file Router config config register 0x2102 Step 11 exit Use this comm...

Page 243: ...ystem image file is flash0 c2900 universalk9 mz bin What to Do Next Proceed to the Saving Backup Copies of Your New System Image and Configuration section on page 237 Loading the New System Image from ROM Monitor Mode To load the new system image from ROM monitor mode follow these steps SUMMARY STEPS 1 dir flash0 partition number 2 confreg 0x2102 3 boot flash0 partition number filename 4 After the...

Page 244: ...ce the router to load the new system image rommon boot flash0 c2900 universalk9 mz binT Step 4 After the system loads the new system image press Return a few times to display the Cisco IOS CLI prompt Step 5 enable Use this command to enable privileged EXEC mode and enter your password if prompted Router enable Password password Router Step 6 configure terminal Use this command to enter global conf...

Page 245: ...ve backup copies of the startup configuration file and the Cisco IOS software system image file on a server Tip Do not erase any existing backup copies of your configuration and system image that you saved before upgrading your system image If you encounter serious problems using your new system image or startup configuration you can quickly revert to the previous working configuration and system ...

Page 246: ...ses the default username and password Router dir flash0 System flash directory File Length Name status 1 4137888 c2900 mz 4137952 bytes used 12639264 available 16777216 total 16384K bytes of processor board System flash Read Write Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 copy nvram startup config ftp rcp tftp ...

Page 247: ...WAN Interface on the Router page 239 Secure an IP Address on the Access Point page 240 Confirm Connectivity and Settings page 240 Upgrading the IOS Image on the Access Point page 241 Define the WAN Interface on the Router To define a WAN interface to connect to a TFTP network for image download follow these steps beginning in global configuration mode SUMMARY STEPS 1 interface gigabitethernet slot...

Page 248: ...er 192 168 10 1 int vlan1 ip address 192 168 10 0 255 255 255 0 Confirm Connectivity and Settings Perform the following steps to confirm connectivity 1 Ping the external server from the router to confirm connectivity 2 Enter the service module wlan ap 0 session command to establish a session into the access point For instructions see Starting a Wireless Configuration Session section on page 247 3 ...

Page 249: ...e upgrade instructions at Cisco com using the IOS CLI http www cisco com en US docs wireless access_point 12 3_8_JA configuration guide s38mfw html wp1035609 Note If the access point enters Bootloader mode manually configure the IP address default router netmask and default gateway to upgrade the IOS image Note The IP address must be assigned to the same subnet as the VLAN1 interface on the router...

Page 250: ...m images Software Download Center http www cisco com kobayashi sw center index shtml Loading and maintaining system images http www cisco com en US docs ios fundamentals configuration guide cf_system_images html Removing inserting and upgrading compact flash memory cards Hardware installation guide for your router Connecting your PC to the router console port Hardware installation guide for your r...

Page 251: ...Cisco 1941W integrated services router and it includes an autonomous image and recovery image on the access point s flash The default mode is autonomous however the access point can be upgraded to operate in Cisco Unified Wireless mode Each mode is described below Autonomous mode Supports standalone network configurations where all configuration settings are maintained locally on the wireless devi...

Page 252: ... browser tools concurrently when configuring the wireless device If you configure the wireless device using the CLI the web browser interface may display an inaccurate interpretation of the configuration This inappropriate display of information does not necessarily mean the wireless device is not configured properly Use the interface dot11radio command in global CLI configuration to place the wir...

Page 253: ...Network In an all wireless network an access point acts as a stand alone root unit The access point is not attached to a wired LAN it functions as a hub linking all stations together The access point serves as the focal point for communications increasing the communication range of wireless users Figure 2 shows an access point in an all wireless network Figure 2 Access Point as Central Unit in All...

Page 254: ...246 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Wireless Device Overview Management Options ...

Page 255: ... Cisco Unified software See the Upgrading to Cisco Unified Software section on page 255 Note The wireless device is embedded on the router and does not have an external console port for connections To configure the wireless device use a console cable to connect a personal computer to the host router s Console serial port and follow the instruction to establish a configuration session Starting a Wi...

Page 256: ...nsole into the embedded AP Step 2 ip address subnet mask Example router config if ip address 10 21 0 20 255 255 255 0 Example router config if ip unnumbered vlan1 Specifies the interface IP address and subnet mask Note The IP address can be shared with the IP address assigned to the Cisco Integrated Services Router by using the ip unnumbered vlan1 command Step 3 no shut Example router config if no...

Page 257: ...s Device 1 Control Shift 6 x Router 2 disconnect 3 Press Enter twice Configuring Wireless Settings Note If you are configuring the autonomous wireless device for the first time start a configuration session between the router and the access point before attempting to configure basic wireless settings See the Starting a Wireless Configuration Session section on page 247 Configure the wireless devic...

Page 258: ...ult User Name Step 4 Enter the wireless device password Cisco is the default password The Summary Status page appears See the following URL for details about using the web browser configuration page http cisco com en US docs wireless access_point 12 4_10b_JA configuration guide scg12410b chap4 first html wp1103336 Cisco IOS CLI To configure the Autonomous wireless device establish a session betwee...

Page 259: ...ttp www cisco com en US docs routers access wireless software guide SecurityAuthenticationTypes html See RADIUS and TACACS Servers in a Wireless Environment at Cisco com to set up a maximum security environment http www cisco com en US docs routers access wireless software guide SecurityRadiusTacacs_1 html Configuring Access Point as Local Authenticator To provide local authentication service or b...

Page 260: ...mber of end systems either hosts or network equipment such as bridges and routers connected by a single bridging domain The bridging domain is supported on various pieces of network equipment such as LAN switches that operate bridging protocols between them with a separate group of protocols for each VLAN See Configuring Wireless VLANs at Cisco com for more about wireless VLAN architecture http ww...

Page 261: ...tion is more secure than no security However static WEP keys are vulnerable to attack If you configure this setting you should consider limiting association to the wireless device based on MAC address See Cipher Suites and WEP at Cisco com for configuration procedures http www cisco com en US docs routers access wireless software guide SecurityCipherSuitesWEP html Or If your network does not have ...

Page 262: ...tication with EAP the following warning message appears SSID CONFIG WARNING SSID If radio clients are using EAP FAST AUTH OPEN with EAP should also be configured WPA9 This option permits wireless access to users authenticated against a database through the services of an authentication server then encrypts their IP traffic with stronger algorithms than those used in WEP This setting uses encryptio...

Page 263: ...reless software guide RolesHotStandby html Upgrading to Cisco Unified Software To run the access point in Cisco Unified mode upgrade the software by following these major steps Preparing for the Upgrade page 255 Performing the Upgrade page 256 Downgrading the Software on the Access Point page 257 Recovering Software on the Access Point page 257 Software Prerequisites Cisco 1941W ISRs are eligible ...

Page 264: ...ile flash private config Enable Break yes Manual Boot yes HELPER path list NVRAM Config file buffer size 32768 Mode Button on Performing the Upgrade To upgrade to Unified software follow these steps Step 1 Issue the service module wlan ap 0 bootimage unified command to change the access point boot image to the Unified upgrade image which is also known as a recovery image Router conf terminal Route...

Page 265: ...tempting to boot but it keeps failing Why My access point is stuck in the recovery image and will not upgrade to the Unified software Why A The access point is stuck in recovery mode and you must use the service module wlan ap0 reset bootloader command to return the access point back to bootloader for manual image recovery Downgrading the Software on the Access Point Use the service module wlan ap...

Page 266: ...oint as a Local Authenticator http www cisco com en US docs routers access wireless software guide SecurityLocalAuthent html Describes how to use a wireless device in the role of an access point as a local authenticator serving as a standalone authenticator for a small wireless LAN or providing backup authentication service As a local authenticator the access point performs LEAP EAP FAST and MAC b...

Page 267: ... logging on your wireless device 1 RADIUS Remote Authentication Dial In User Service 2 TACACS Terminal Access Controller Access Control System Plus 3 WPA Wireless Protected Access 4 CCKM Cisco Centralized Key Management 5 WEP Wired Equivalent Privacy 6 AES Advanced Encryption Standard 7 MIC Message Integrity Check 8 TKIP Temporal Key Integrity Protocol 9 SSID service set identifiers 10 QoS quality...

Page 268: ...260 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring the Wireless Device Related Documentation ...

Page 269: ...and Enabling Short Radio Preambles page 281 Configuring Transmit and Receive Antennas page 282 Enabling and Disabling Gratuitous Probe Response page 283 Configuring the Ethernet Encapsulation Transformation Method page 285 Enabling and Disabling Public Secure Packet Forwarding page 286 Configuring the Beacon Period and the DTIM page 288 Configure RTS Threshold and Retries page 289 Configuring the ...

Page 270: ...le the radio port Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 dot11 ssid ssid Enters the SSID The SSID consists of up to 32 alphanumeric characters SSIDs are case sensitive Step 3 interface dot11radio 0 1 Enters interface configuration mode for the radio interface The 2 4 GHz and 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 11n 5 GHz radio is rad...

Page 271: ... The wireless device automatically assumes the fallback role when its Ethernet port is disabled or disconnected from the wired LAN The default fallback role for Cisco ISR wireless devices is as follows Shutdown the wireless device shuts down its radio and disassociates all client devices To set the wireless device s radio network role and fallback role follow these steps beginning in privileged EX...

Page 272: ...5 GHz radio is radio 1 Step 3 station role non root bridge wireless clients root access point ap only bridge wireless clients fallback repeater shutdown workgroup bridge multicast mode client infrastructure universal Ethernet client MAC address Sets the wireless device role Set the role to non root bridge with or without wireless clients to root access point or bridge or to workgroup bridge Note T...

Page 273: ...or receive data from the network Figure 1 Dual Radio Fallback Note This feature does not affect the fallback feature for single radio access points You can configure dual radio fallback in three ways Radio tracking Fast Ethernet tracking MAC address tracking Radio Tracking You can configure the access point to track or monitor the status of one of its radios If the tracked radio goes down or is di...

Page 274: ... data rate settings to choose the data rates that the wireless device uses for data transmission The rates are expressed in megabits per second Mb s The wireless device always attempts to transmit at the highest data rate set to basic also known as required on the browser based interface If there are obstacles or interference the wireless device steps down to the highest rate that allows data tran...

Page 275: ...r sustains a configured high data rate or the link roams to another access point with sufficient coverage if one is available The balance between the two throughput vs range is a design decision that must be made based on resources available to the wireless project the type of traffic the users will be passing the service level desired and as always the quality of the RF environment When you enter...

Page 276: ...Enter basic 1 0 basic 2 0 basic 5 5 basic 6 0 basic 9 0 basic 11 0 basic 12 0 basic 18 0 basic 24 0 basic 36 0 basic 48 0 and basic 54 0 to set these data rates to basic on the 802 11g 2 4 GHz radio Note If the client must support the basic rate that you select it cannot associate to the wireless device If you select 12 Mb s or higher for the basic data rate on the 802 11g radio 802 11b client dev...

Page 277: ...ft keying BPSK quaternary phase shift keying QPSK 16 quadrature amplitude modulation 16 QAM 64 QAM and forward error correction FEC code rate 1 2 2 3 3 4 5 6 MCS is used in the wireless device 802 11n radios which define 32 symmetrical settings 8 per spatial stream MCS 0 7 MCS 8 15 MCS 16 23 MCS 24 31 The wireless device supports MCS 0 15 High throughput clients support at least MCS 0 7 MCS is an ...

Page 278: ...Data Rates Based on MCS Settings Guard Interval and Channel Width MCS Index Guard Interval 800 ns Guard Interval 400 ns 20 MHz Channel Width Data Rate Mb s 40 MHz Channel Width Data Rate Mb s 20 MHz Channel Width Data Rate Mb s 40 MHz Channel Width Data Rate Mb s 0 6 5 13 5 7 2 9 15 1 13 27 14 4 9 30 2 19 5 40 5 21 2 3 45 3 26 54 28 8 9 60 4 39 81 43 1 3 90 5 52 109 57 5 9 120 6 58 5 121 5 65 135 ...

Page 279: ...ce When a client device associates to the wireless device the wireless device sends the maximum power level setting to the client Note Cisco AVVID documentation uses the term Dynamic Power Control DPC to refer to limiting the power level on associated client devices To specify a maximum allowed power setting on all client devices that associate to the wireless device follow these steps beginning i...

Page 280: ...ot11radio 0 1 Enters interface configuration mode for the radio interface The 2 4 GHz and 802 11g n 2 4 GHz radios are radio 0 The 5 GHz and the 802 11n 5 GHz radio is radio 1 Step 3 power client These options are available for 802 11n 2 4 GHz clients in dBm local 8 9 11 14 15 17 maximum These options are available for 802 11n 5 GHz clients in dBm local 8 11 13 14 15 maximum Sets the maximum power...

Page 281: ...nel covers 20 MHz and the bands for the channels overlap slightly For best performance use channels that are not adjacent use channels 44 and 46 for example for radios that are close to each other Caution The presence of too many access points in the same vicinity can create radio congestion that can reduce throughput A careful site survey can determine the best placement of access points for maxi...

Page 282: ...aining client devices If participating in WDS sends a DFS notification to the active WDS device that it is leaving the frequency Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 interface dot11radio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 Step 3 channel frequency least...

Page 283: ... Availability Check CAC The CAC is a 60 second scan for the presence of radar signals on the channel The following sample messages are displayed on the access point console showing the beginning and end of the CAC scan Mar 6 07 37 30 423 DOT11 6 DFS_SCAN_START DFS Scanning frequency 5500 MHz for 60 seconds Mar 6 07 37 30 385 DOT11 6 DFS_SCAN_COMPLETE DFS scan complete on frequency 5500 MHz When op...

Page 284: ...nels that are in the non occupancy period due to radar detection This example shows a line from the output for the show controller command for a channel on which DFS is enabled The indications listed in the previous paragraph are shown in bold ap show controller dot11radio1 interface Dot11Radio1 Radio model Base Address 011 9290ec0 BBlock version 0 00 Software version 6 00 0 Serial number FOCO8311...

Page 285: ... config if channel 36 ap config if Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 interface dot11radio1 dfs simulate Enters the configuration interface for the 802 11a radio Step 3 channel number dfs band 1 4 Specifies the channel to use For number enter one of the following channels 36 40 44 48 149 153 157 161 5180 5200 5220 5240 5745 5765 5785 or 5805 Enter dfs...

Page 286: ...Hz This group of frequencies is also known as the UNII 2 band 3 Specifies frequencies 5 470 to 5 725 GHz 4 Specifies frequencies 5 725 to 5 825 GHz This group of frequencies is also known as the UNII 3 band This example shows how to prevent the access point from selecting frequencies 5 150 to 5 350 GHz during DFS ap config if dfs band 1 2 block This example shows how to unblock frequencies 5 150 t...

Page 287: ...a client device used primarily in Japan could rely on world mode to adjust its channel and power settings automatically when it travels to Italy and joins a network there Cisco client devices detect whether the wireless device is using 802 11d or Cisco legacy world mode and automatically use the world mode that matches the mode used by the wireless device You can also configure world mode to be al...

Page 288: ...outdoor world mode roaming legacy Enables world mode Enter the dot11d option to enable 802 11d world mode When you enter the dot11d option you must enter a 2 character ISO country code for example the ISO country code for the United States is US You can find a list of ISO country codes at the ISO website After the country code you must enter indoor outdoor or both to indicate the placement of the ...

Page 289: ...these client devices do not associate to the wireless devices you should use short preambles You cannot configure short or long radio preambles on the 5 GHz radio To disable short radio preambles follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dot11radio 0 1 3 no preamble short 4 end 5 copy running config startup config DETAILED STEPS Short pream...

Page 290: ...tall a high gain antenna on the wireless device s left connector you should use this setting for both receive and transmit When you look at the wireless device s back panel the left antenna is on the left To select the antennas that the wireless device uses to receive and transmit data follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dot11radio 0 ...

Page 291: ...able GPR and set its parameters follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dot11radio 3 probe response gratuitous period speed 4 period Kusec 5 speed 6 0 9 0 12 0 18 0 24 0 36 0 48 0 54 0 6 end 7 copy running config startup config DETAILED STEPS Step 5 antenna transmit diversity left right Sets the transmit antenna to diversity left or right...

Page 292: ...wireless device and all associated client devices adds a few bytes to each packet to make the packets tamper proof Cisco Key Integrity Protocol CKIP Cisco s WEP key permutation technique is based on an early algorithm presented by the IEEE 802 11i security task group The standards based algorithm Temporal Key Integrity Protocol TKIP does not require Aironet extensions to be enabled World mode lega...

Page 293: ...042 Use this setting to ensure interoperability with non Cisco wireless equipment RFC1042 does not provide the interoperability advantages of 802 1H but is used by other manufacturers of wireless equipment To configure the encapsulation transformation method follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dot11radio 0 1 3 payload encapsulation sn...

Page 294: ...sing command line interface CLI commands on the wireless device you use bridge groups You can find a detailed explanation of bridge groups and instructions for implementing them in this document Cisco IOS Bridging and IBM Networking Configuration Guide Release 12 2 Click this link to browse to the Configuring Transparent Bridging chapter http www cisco com en US docs ios 12_2 ibm configuration gui...

Page 295: ...g startup config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 interface dot11radio 0 1 Enters interface configuration mode for the radio interface The 802 11g n 2 4 GHz radio is radio 0 The 802 11n 5 GHz radio is radio 1 Step 3 bridge group group port protected Enables PSPF Step 4 end Returns to privileged EXEC mode Step 5 copy running config sta...

Page 296: ...TIM The DTIM tells power save client devices that a packet is waiting for them For example if the beacon period is set at 100 its default setting and if the data beacon rate is set at 2 its default setting then the wireless device sends a beacon containing a DTIM every 200 Kmicrosecs The default beacon period is 100 and the default DTIM is 2 To configure the beacon period and the DTIM follow these...

Page 297: ...lt RTS threshold is 2347 for all access points and bridges and the default maximum RTS retries setting is 32 To configure the RTS threshold and maximum RTS retries follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 interface dot11radio 0 1 3 rts threshold value 4 rts retries value 5 end 6 copy running config startup config DETAILED STEPS Use the no form of th...

Page 298: ...d The fragmentation threshold determines the size at which packets are fragmented sent as several pieces instead of as one block Use a low setting in areas where communication is poor or where there is a great deal of radio interference The default setting is 2346 bytes To configure the fragmentation threshold follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal ...

Page 299: ...e short slot time ap config if short slot time Enter no short slot time command to disable short slot time Performing a Carrier Busy Test You can perform a carrier busy test to check the radio activity on wireless channels During the carrier busy test the wireless device drops all associations with wireless networking devices for 4 seconds while it conducts the carrier test and then displays the t...

Page 300: ...vices expands click Stream The Stream page appears Step 4 Click the tab for the radio to configure Step 5 For both CoS 5 Video and CoS 6 Voice user priorities choose Low Latency from the Packet Handling drop down menu and enter a value for maximum retries for packet discard in the corresponding field The default value for maximum retries is 3 for the Low Latency setting Figure 2 This value indicat...

Page 301: ...293 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings Configuring VoIP Packet Handling ...

Page 302: ...294 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Chapter Configuring Radio Settings Configuring VoIP Packet Handling ...

Page 303: ...ctory Default Configuration page 314 Monitoring the Wireless Device page 315 Managing the System Time and Date page 315 Configuring a System Name and Prompt page 321 Creating a Banner page 324 Configuring Wireless Device Communication Configuring Ethernet Speed and Duplex Settings page 327 Configuring the Access Point for Wireless Network Management page 328 Configuring the Access Point for Local ...

Page 304: ...nfigure terminal 2 no boot mode button 3 end DETAILED STEPS You can check the status of the mode button by executing the show boot or show boot mode button command in privileged EXEC mode The status does not appear in the running configuration The following shows typical responses to the show boot and show boot mode button commands ap show boot BOOT path list flash c1200 k9w7 mx v123_7_ja 20050430...

Page 305: ...ault username is Cisco and the default password is Cisco Usernames and passwords are case sensitive Note The characters TAB and are invalid characters for passwords Username and password pairs are stored centrally in a database on a security server For more information see the Controlling Access Point Access with RADIUS section on page 305 Protecting Access to Privileged EXEC Commands A simple way...

Page 306: ... the privileged EXEC mode To set or change a static enable password follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 enable password password 3 end 4 show running config 5 copy running config startup config Table 1 Default Passwords and Privilege Levels Privilege Level Default Setting Username and password Default username is Cisco and the default password ...

Page 307: ...le secret command because it uses an improved encryption algorithm If you configure the enable secret command it takes precedence over the enable password command the two commands cannot be in effect simultaneously Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 enable password password Defines a new password or changes an existing password for access to privilege...

Page 308: ... using a nonreversible encryption method Optional For level the range is from 0 to 15 Level 1 is normal user EXEC mode privileges The default level is 15 privileged EXEC mode privileges For password specify a string from 1 to 25 alphanumeric characters The string cannot start with a number is case sensitive and allows spaces but ignores leading spaces By default no password is defined Optional For...

Page 309: ...l use the no enable password level level command or the no enable secret level level command in global configuration mode To disable password encryption use the no service password encryption command in global configuration mode This example shows how to configure the encrypted password 1 FaD0 Xyti5Rkls3LoyxzS8 for privilege level 2 AP config enable secret level 2 5 1 FaD0 Xyti5Rkls3LoyxzS8 Config...

Page 310: ...the configure command you can assign it Level 3 security and distribute that password to a more restricted group of users This section includes this configuration information Setting the Privilege Level for a Command page 303 Logging Into and Exiting a Privilege Level page 304 Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 username name privilege level password e...

Page 311: ...he privilege level for a command For mode enter configure for global configuration mode exec for EXEC mode interface for interface configuration mode or line for line configuration mode For level the range is from 0 to 15 Level 1 is for normal user EXEC mode privileges Level 15 is the level of access permitted by the enable password For command specify the command to which you want to restrict acc...

Page 312: ...evel 14 and how to define SecretPswd14 as the password users must enter to use level 14 commands AP config privilege exec level 14 configure AP config enable password level 14 SecretPswd14 Logging Into and Exiting a Privilege Level To log in to a specified privilege level or to exit to a specified privilege level follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 enable level 2 d...

Page 313: ...fault To prevent a lapse in security you cannot configure RADIUS through a network management application When enabled RADIUS can authenticate users who are accessing the wireless device through the command line interface CLI Configuring RADIUS Login Authentication To configure AAA authentication you define a named list of authentication methods and then apply the list to various interfaces The me...

Page 314: ...the login authentication command use the default keyword followed by the methods that are to be used in default situations The default method list is automatically applied to all interfaces For list name specify a character string to name the list you are creating For method1 specify the actual method the authentication algorithm tries The additional methods of authentication are used only if the ...

Page 315: ... specific AAA service If you configure two different host entries on the same RADIUS server for the same service such as accounting the second configured host entry acts as a failover backup to the first one You use the server group server configuration command to associate a particular server with a defined group server You can either identify the server by its IP address or identify multiple hos...

Page 316: ... is not responding or responding slowly The range is 1 to 1000 If no retransmit value is set with the radius server host command the setting of the radius server retransmit global configuration command is used Optional For key string specify the authentication and encryption key used between the wireless device and the RADIUS daemon running on the RADIUS server Note The key is a text string that m...

Page 317: ...00 acct port 2001 AP config sg radius exit Configuring RADIUS Authorization for User Privileged Access and Network Services AAA authorization limits the services that are available to a user When AAA authorization is enabled the wireless device uses information retrieved from the user s profile which is in the local user database or on the security server to configure the user session The user is ...

Page 318: ...l Access Controller Access Control System Plus TACACS For complete instructions on configuring the wireless device to support TACACS see the Configuring Radius and TACACS Servers chapter in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points TACACS provides detailed accounting information and flexible administrative control over authentication and authorization processes TACACS ...

Page 319: ...to a specific interface before any defined authentication methods are performed The only exception is the default method list which is named default The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined A method list describes the sequence and authentication methods to be used to authenticate a user You can designate one or...

Page 320: ...tuations The default method list is automatically applied to all interfaces For list name specify a character string to name the list you are creating For method1 specify the actual method the authentication algorithm tries The additional methods of authentication are used only if the previous method returns an error not if it fails Select one of these methods local Use the local username database...

Page 321: ...tion was performed by using TACACS Use the local database if authentication was not performed by using TACACS Note Authorization is bypassed for authenticated users who log in through the CLI even if authorization has been configured To specify TACACS authorization for privileged EXEC access and network services follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure termina...

Page 322: ...ctory default configuration use the service module wlan ap0 reset default config command in the router s Cisco IOS privileged EXEC mode Caution Because you may lose data use only the service module wlan ap0 reset command to recover from a shutdown or failed state Rebooting the Wireless Device To perform a graceful shutdown and reboot the wireless device use the service module wlan ap0 reload comma...

Page 323: ... mode to display the status of the wireless device and its configuration information The following is sample output for the command Service Module is Cisco wlan ap0 Service Module supports session via TTY line 2 Service Module is in Steady state Service Module reset on error is disabled Getting status from the Service Module please wait Image path flash c8xx_19xx_ap k9w7 mx acregr c8xx_19xx_ap k9w...

Page 324: ...riteria SNTP discovers a better server Configuring SNTP SNTP is disabled by default To enable SNTP on the access point use one or both of the commands listed in Table 2 in global configuration mode Enter the sntp server command once for each NTP server The NTP servers must be configured to respond to the SNTP messages from the access point If you enter both the sntp server command and the sntp bro...

Page 325: ...g that shows whether the time is authoritative believed to be accurate If the system clock has been set by a timing source such as NTP the flag is set If the time is not authoritative it is used only for display purposes Until the clock is authoritative and the authoritative flag is set the flag prevents peers from synchronizing to the clock when the peers time is invalid The symbol that precedes ...

Page 326: ...zone command in global configuration mode Configuring Summer Time Daylight Saving Time To configure summer time daylight saving time in areas where it starts and ends on a particular day of the week each year follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 clock summer time zone recurring week day month hh mm week day month hh mm offset 3 end Command Purpo...

Page 327: ...SUMMARY STEPS 1 clock summer time zone date month date year hh mm month date year hh mm offset or clock summer time zone date date month year hh mm date month year hh mm offset 2 end 3 show running config 4 copy running config startup config Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 clock summer time zone recurring week day month hh mm week day month hh mm o...

Page 328: ...date 12 October 2000 2 00 26 April 2001 2 00 Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 clock summer time zone date month date year hh mm month date year hh mm offset or clock summer time zone date date month year hh mm date month year hh mm offset Configures summer time to start on the first date and end on the second date Summer time is disabled by default ...

Page 329: ... configure the prompt by using the prompt command in global configuration mode Note For complete syntax and usage information for the commands used in this section see Cisco IOS Configuration Fundamentals Command Reference and Cisco IOS IP Addressing Services Command Reference This section contains the following configuration information Default System Name and Prompt Configuration page 321 Config...

Page 330: ...s identified as ftp cisco com To keep track of domain names IP has defined the concept of a domain name server which holds a cache or database of names mapped to IP addresses To map domain names to IP addresses you must first identify the hostnames specify the name server that is present on your network and enable the DNS This section contains the following configuration information Default DNS Co...

Page 331: ...re configured Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 ip domain name name Defines a default domain name that the software uses to complete unqualified hostnames names without a dotted decimal domain name Do not include the initial period that separates an unqualified name from the domain name At boot time no domain name is configured However if the wireles...

Page 332: ...n use the show running config command in privileged EXEC mode Note When DNS is configured on the wireless device the show running config command sometimes displays a server IP address instead of its name Creating a Banner You can configure a message of the day MOTD and a login banner The MOTD banner appears on all connected terminals at login and is useful for sending messages that affect all netw...

Page 333: ...how running config 5 copy running config startup config DETAILED STEPS To delete the MOTD banner use the no banner motd command in global configuration mode The following is example shows how to configure a MOTD banner for the wireless device The pound sign is used as the beginning and ending delimiter AP config banner motd Command Purpose Step 1 configure terminal Enters global configuration mode...

Page 334: ... appears before the login prompt appears To configure a login banner follow these steps beginning in privileged EXEC mode SUMMARY STEPS 1 configure terminal 2 banner login c message c 3 end 4 show running config 5 copy running config startup config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode Step 2 banner login c message c Specifies the login message F...

Page 335: ...boots the wireless device Note The speed and duplex settings on the wireless device Ethernet port must match the Ethernet settings on the port to which the wireless device is connected If you change the settings on the port to which the wireless device is connected change the settings on the wireless device Ethernet port to match The Ethernet speed and duplex are set to auto by default To configur...

Page 336: ...rver by configuring the wireless device to implement AAA in local mode The wireless device then handles authentication and authorization No accounting is available in this configuration Note You can configure the wireless device as a local authenticator for 802 1x enabled client devices to provide a backup for your main server or to provide authentication service on a network without a RADIUS serv...

Page 337: ... 5 aaa authorization network local Configures user AAA authorization for all network related service requests Step 6 username name privilege level password encryption type password Enters the local database and establishes a username based authentication system Repeat this command for each user For name specify the user ID as one word Spaces and quotation marks are not allowed Optional For level s...

Page 338: ...following is a configuration example for an access point configured for Admin authentication using TACACS with the authorization cache enabled Although this example is based on a TACACS server the access point could be configured for Admin authentication using RADIUS version 12 3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password encryption ...

Page 339: ... 24 0 36 0 48 0 54 0 station role root bridge group 1 bridge group 1 subscriber loop control bridge group 1 block unknown source no bridge group 1 source learning no bridge group 1 unicast flooding bridge group 1 spanning disabled interface Dot11Radio1 no ip address no ip route cache shutdown speed basic 6 0 9 0 basic 12 0 18 0 basic 24 0 36 0 48 0 54 0 station role root bridge group 1 bridge grou...

Page 340: ...to act as a DHCP server Setting up the DHCP Server page 332 Monitoring and Maintaining the DHCP Server Access Point page 334 Setting up the DHCP Server By default access points are configured to receive IP settings from a DHCP server on your network You can also configure an access point to act as a DHCP server to assign IP settings to devices on both wired and wireless LANs Note When you configur...

Page 341: ...ddresses in a DHCP address pool subnet are available for assigning to DHCP clients You must specify the IP addresses that the DHCP server should not assign to clients Optional To enter a range of excluded addresses enter the address at the low end of the range followed by the address at the high end of the range Step 3 ip dhcp pool pool_name Creates a name for the pool of IP addresses that the wir...

Page 342: ...ear Commands page 335 debug Command page 335 show Commands To display information about the wireless device as DHCP server enter the commands in Table 4 in privileged EXEC mode Step 6 default router address address2 address 8 Specifies the IP address of the default router for DHCP clients on the subnet One IP address is required however you can specify up to eight addresses in one command line Ste...

Page 343: ...cify the version number the access point defaults to version 2 SSH provides more security for remote connections than Telnet by providing strong encryption when a device is authenticated The SSH feature has an SSH server and an SSH integrated client The client supports the following user authentication methods RADIUS for more information see the Controlling Access Point Access with RADIUS section ...

Page 344: ...your wireless LAN by stopping ARP requests for client devices at the wireless device Instead of forwarding ARP requests to client devices the wireless device responds to requests on behalf of associated client devices When ARP caching is disabled the wireless device forwards all ARP requests through the radio port to associated clients The client that receives the ARP request responds When ARP cac...

Page 345: ...he ability to control traffic rates on each VLAN Note A rate limiting policy can be applied only to Fast Ethernet ingress ports on non root bridges In a typical scenario multiple VLAN support permits users to set up point to multipoint bridge links with remote sites with each remote site on a separate VLAN This configuration provides the capability for separating and controlling traffic to each si...

Page 346: ...ess Device Configuring Multiple VLAN and Rate Limiting for Point to Multipoint Bridging Using the class based policing feature you can specify the rate limit and apply it to the ingress of the Ethernet interface of a non root bridge Applying the rate at the ingress of the Ethernet interface ensures that all incoming Ethernet packets conform to the configured rate ...

Page 347: ...int on Cisco 1941W Router The embedded wireless access point AP runs its own version of Cisco Internet Operating System IOS software Use Cisco Configuration Professional Express to perform the initial configuration of the access point software For information on how to configure additional wireless parameters see the Configuring the Wireless Device module in this guide Prerequisites for Initial So...

Page 348: ...f Configuration and System Image page A 16 Optional Configuring the Router Hostname The hostname is used in CLI prompts and default configuration filenames If you do not configure the router hostname the router uses the factory assigned default hostname Router Do not expect capitalization and lower casing to be preserved in the hostname Uppercase and lowercase characters are treated as identical b...

Page 349: ...n older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command For more information see the Configuring Passwords and Privileges chapter in Cisco IOS Security Configuration Guide Also see the Cisco IOS Password Encryption Facts tech note and the Improving Security on Cisco Routers tech note Restrictions If you configure the enable secret comm...

Page 350: ...able password password Example Router config enable password pswd2 Optional Sets a local password to control access to various privilege levels We recommend that you perform this step only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command Step 4 enable secret password Example Router config enable secret greentree Spe...

Page 351: ...leshooting Fault Management and Logging chapter in the Cisco IOS Network Management Configuration Guide SUMMARY STEPS 1 enable 2 configure terminal 3 line console 0 4 exec timeout minutes seconds 5 end 6 show running config DETAILED STEPS Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Rout...

Page 352: ...ce on your router For comprehensive configuration information on Gigabit Ethernet interfaces see the Configuring LAN Interfaces chapter of Cisco IOS Interface and Hardware Component Configuration Guide http www cisco com en US docs ios 12_2 interface configuration guide icflanin html For information on interface numbering see Software Configuration Guide for your router SUMMARY STEPS 1 enable 2 sh...

Page 353: ...gigabitethernet 0 0 Specifies the gigabit Ethernet interface and enters interface configuration mode Note For information on interface numbering see Software Configuration Guide Step 5 description string Example Router config if description GE int to 2nd floor south wing Optional Adds a description to an interface configuration The description helps you remember what is attached to this interface ...

Page 354: ...nd if the destination is not a connected network This section describes how to select a network as a default route a candidate route for computing the gateway of last resort The way in which routing protocols propagate the default route information varies for each protocol For comprehensive configuration information about IP routing and IP routing protocols see Cisco IOS IP Configuration Guide In ...

Page 355: ...vice Gateway of Last Resort When default information is being passed along through a dynamic routing protocol no further configuration is required The system periodically scans its routing table to choose the optimal default network as its default route In the case of RIP there is only one choice network 0 0 0 0 In the case of IGRP there might be several networks that can be candidates for the sys...

Page 356: ...ng Step 4 ip route dest prefix mask next hop ip address admin distance permanent Example Router config ip route 192 168 24 0 255 255 255 0 172 28 99 2 Establishes a static route Step 5 ip default network network number or ip route dest prefix mask next hop ip address Example Router config ip default network 192 168 24 0 Example Router config ip route 0 0 0 0 0 0 0 0 172 28 99 1 Selects a network a...

Page 357: ...68 24 0 1 0 via 172 28 99 2 172 16 0 0 255 255 255 0 is subnetted 1 subnets C 172 16 99 0 is directly connected GigaEthernet1 Router Configuring Virtual Terminal Lines for Remote Console Access Virtual terminal vty lines are used to allow remote access to the router This section shows you how to configure the virtual terminal lines with a password so that only authorized users can remotely access ...

Page 358: ...bles privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 line vty line number ending line number Example Router config line vty 0 4 Starts the line configuration command collection mode for the virtual terminal lines vty for remote console access Make sure that you configure all vty lines on your r...

Page 359: ...on of the auxiliary AUX port See the following documents for information on configuring the auxiliary line Configuring a Modem on the AUX Port for EXEC Dialin Connectivity tech note http www cisco com en US tech tk801 tk36 technologies_tech_note09186a0080094bbc shtml Configuring Dialout Using a Modem on the AUX Port sample configuration http www cisco com en US tech tk801 tk36 technologies_configu...

Page 360: ...nectivity for your router Prerequisites Complete all previous configuration tasks in this document The router must be connected to a properly configured network host SUMMARY STEPS 1 enable 2 ping ip address hostname 3 telnet ip address hostname Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Exampl...

Page 361: ...min avg max 1 2 4 ms The following display shows sample output for the ping command when you ping the IP hostname username1 Router ping username1 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 192 168 7 27 timeout is 2 seconds Success rate is 100 percent round trip min avg max 1 3 4 ms Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter ...

Page 362: ...S 1 enable 2 copy running config startup config DETAILED STEPS Saving Backup Copies of Configuration and System Image To aid file recovery and minimize downtime in case of file corruption we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server SUMMARY STEPS 1 enable 2 copy nvram startup config ftp rcp tftp 3 show flash0 fl...

Page 363: ...ter uses the default username and password Router show flash0 flash1 System flash directory File Length Name status 1 4137888 c3900 c2is mz 4137952 bytes used 12639264 available 16777216 total 16384K bytes of processor board System flash Read Write Router copy flash0 flash1 tftp IP address of remote host 255 255 255 255 172 16 13 110 Command or Action Purpose Step 1 enable Example Router enable En...

Page 364: ...Integrated Services Routers Generation 2 Software Configuration Guide Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration filename to write on tftp host c3600 c2is mz writing c3900 c2is mz successful ftp write ...

Page 365: ...and 1900 Series Integrated Services Routers Legacy CF will not operate in Cisco 3900 Series 2900 Series and 1900 Series Integrated Services Routers When legacy CF is inserted the following error message appears WARNING Unsupported compact flash detected Use of this card during normal operation can impact and severely degrade performance of the system Please use supported compact flash cards only F...

Page 366: ...n contains the following procedures Determining the File System on a CompactFlash Memory Card page B 2 Formatting CompactFlash Memory as a Class C File System page B 3 Determining the File System on a CompactFlash Memory Card To determine the file system of a CF memory card enter the show flash all command in privileged EXEC mode If geometry and format information does not appear in the output the...

Page 367: ...pact Flash Read Write Chip information NOT available External Card with Class C Flash File System Example The geometry and format information is displayed in this format Router show flash all length date time path 1 6658376 Mar 01 2004 04 27 46 c28xx i mz 25268224 bytes available 6664192 bytes used ATA Flash Card Geometry Format Info ATA CARD GEOMETRY Number of Heads 4 Number of Cylinders 490 Sect...

Page 368: ...at Total sectors in formatted partition 250592 Format Total bytes in formatted partition 128303104 Format Operation completed successfully Format of flash complete File Operations on CompactFlash Memory Cards This section describes the following file operations for external CF memory cards Copying Files page B 4 Displaying Files page B 5 Displaying File Content page B 5 Displaying Geometry and For...

Page 369: ...se flash1 in the command syntax to access CF in slot 1 Use flash0 in the command syntax to access CF in slot 0 Router more flash0 c29xx i mz 00000000 7F454C46 01020100 00000000 00000000 ELF 00000010 00020061 00000001 80008000 00000034 a 4 00000020 00000054 20000001 00340020 00010028 T 4 00000030 00050008 00000001 0000011C 80008000 00000040 80008000 00628A44 00650EEC 00000007 b D e l 00000050 00000...

Page 370: ...0 Sectors per Cylinder 32 Sector Size 512 Total Sectors 62720 ATA CARD FORMAT Number of FAT Sectors 31 Sectors Per Cluster 8 Number of Clusters 7796 Number of Data Sectors 62560 Base Root Sector 155 Base FAT Sector 93 Base Data Sector 187 Deleting Files To delete a file from a CF memory card enter the delete flash0 command Note Use flash1 in the command syntax to access CF in slot 1 Use flash0 in ...

Page 371: ...ering a Directory and Determining Which Directory You Are In To enter a directory of a CF memory card enter the cd command in privileged EXEC mode The cd command specifies or changes the default directory or file system If you enter cd only without specifying a file system the router enters the default home directory which is flash0 If you enter cd flash1 the router enters the flash1 directory Rou...

Page 372: ...0 in the command syntax to access CF in slot 0 Creating a New Directory Example In the following example a new directory named config is created then a new subdirectory named test config is created within the config directory Router dir flash0 Directory of flash0 1580 rw 6462268 Mar 06 2004 06 14 02 c2900 universalk9 mz 3600ata 3 rw 6458388 Mar 01 2004 00 01 24 c2900 universalk9 mz 63930368 bytes ...

Page 373: ...from the directory Note Use flash1 in the command syntax to access CF in slot 1 Use flash0 in the command syntax to access CF in slot 0 Example Removing a Directory In the following example the subdirectory test config is removed Router dir Directory of flash0 config 1581 drw 0 Mar 01 2004 23 50 08 test config 128094208 bytes total 121626624 bytes free Router rmdir flash0 config test config Remove...

Page 374: ...900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Appendix B Using CompactFlash Memory Cards Directory Operations on a CompactFlash Memory Card ...

Page 375: ... there are no TFTP servers or network connections Prerequisites for Using the ROM Monitor page C 1 Information About the ROM Monitor page C 1 How to Use the ROM Monitor Typical Tasks page C 3 Additional References page C 27 Prerequisites for Using the ROM Monitor Connect a terminal or PC to the router console port For help see the hardware installation guide for your router Information About the R...

Page 376: ...the system image in the configuration documentation for your router During troubleshooting if the router crashes and hangs See the Troubleshooting Crashes and Hangs stack context frame sysret meminfo section on page C 20 Disaster recovery Use one of the following methods for recovering the system image or configuration file TFTP download tftpdnld Use this method if you can connect a TFTP server di...

Page 377: ... Mode help page C 7 Displaying Files in a File System dir page C 8 Loading a System Image boot page C 8 Modifying the Configuration Register confreg page C 13 Obtaining Information on USB Flash Devices page C 14 Modifying the I O Memory iomemset page C 15 Recovering the System Image tftpdnld page C 16 Troubleshooting Crashes and Hangs stack context frame sysret meminfo page C 20 Exiting ROM Monito...

Page 378: ... 54 25 871 SYS 5 RELOAD Reload requested by console Reload Reason Reload command telnet send break System received an abort due to Break Key signal 0x3 code 0x0 context 0x431aaf40 PC 0x4008b5dc Cause 0x20 Status Reg 0x3400c102 rommon 1 Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 reload Example Router reload Reloa...

Page 379: ...ont command which continues the booting process and loads the system image Setting the Configuration Register to Boot to ROM Monitor Mode This section describes how to enter ROM monitor mode by setting the configuration register to boot to ROM monitor mode at the next system reload or power cycle For more information about the configuration register see the Changing the Configuration Register Sett...

Page 380: ... Router reload Proceed with reload confirm Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 config register 0x0 Example Router config config register 0x0 Changes the configuration register settings The 0x0 setting forces the r...

Page 381: ...latform with 2621440 Kbytes of main memory Main memory is configured to 72 72 On board DIMM0 bit mode with ECC enabled Readonly ROMMON initialized rommon 1 What to Do Next Proceed to the Displaying Commands and Command Syntax in ROM Monitor Mode help section on page C 7 Displaying Commands and Command Syntax in ROM Monitor Mode help This section describes how to display ROM monitor commands and co...

Page 382: ...ef select ROMMON set display the monitor variables showmon display currently selected ROM monitor stack produce a stack trace sync write monitor environment to NVRAM sysret print out info from last system return tftpdnld tftp image download unalias unset an alias unset unset a monitor variable xmodem x ymodem image download hwpart Read HW resources partition Displaying Files in a File System dir T...

Page 383: ...first image or a specified image in flash memory Note In IOS flash0 will be aliased onto flash Boot the specified image over the network from the specified TFTP server hostname or IP address Boot from the boothelper image because it does not recognize the device ID This form of the command is used to boot a specified image from a network TFTP server Boot the image stored on the USB flash device No...

Page 384: ... 0x03A8F000 Rounded IOMEM up to 60Mb Using 5 percent iomem 60Mb 1024Mb Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 cisco...

Page 385: ...to get started Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 0 changed state to up Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 1 changed state to down Nov 22 09 20 19 839 LINK 3 UPDOWN Interface GigabitEthernet0 2 changed state to down Nov 22 09 20 19 839 LINEPROTO 5 UPDOWN Line protocol on Interface GigabitEthernet0 0 64 changed state to down Nov 22 09 20 19 839 LI...

Page 386: ...comply with U S and local laws return this product immediately A summary of U S laws governing Cisco cryptographic products may be found at http www cisco com wwl export crypto tool stqrg html If you require further assistance please contact us by sending email to export cisco com Cisco c2911 revision 1 0 with 987136K 61440K bytes of memory Processor board ID 3 Gigabit Ethernet interfaces 1 termin...

Page 387: ...configuration register value is automatically written into NVRAM but the new value does not take effect until you reset or power cycle the router SUMMARY STEPS 1 confreg value DETAILED STEPS Examples In the following example the configuration register is set to boot the system image from flash memory rommon 3 confreg 0x2102 In the following example no value is entered therefore the system prompts ...

Page 388: ... the router For instructions on booting from a USB flash device see the Loading a System Image boot section on page C 8 SUMMARY STEPS 1 dir usbflash x 2 dev DETAILED STEPS Examples Sample Output for the dir usbFlash Command rommon dir usbflash0 program load complete entry point 0x80903000 size 0x4c400 Directory of usbflash0 2 54212244 rw c2900 universalk9 mz Sample Output for the dev ROM Monitor C...

Page 389: ...ommand is present in the NVRAM configuration the I O memory percentage set in the ROM monitor with the iomemset command is used only the first time the router is booted up Subsequent reloads use the I O memory percentage set by using the memory size iomem command that is saved in the NVRAM configuration If you need to set the router I O memory permanently by using a manual method use the memory si...

Page 390: ...memory size 10 percent of main memory NVRAM size 191KB Recovering the System Image tftpdnld This section describes how to download a Cisco IOS software image from a remote TFTP server to the router flash memory by using the tftpdnld command in ROM monitor mode Caution Use the tftpdnld command only for disaster recovery because it can erase all existing data in flash memory before it downloads a ne...

Page 391: ...lash0 flash1 usbflash0 usbflash1 11 TFTP_MACADDR MAC_address 12 TFTP_RETRY_COUNT retry_times 13 TFTP_TIMEOUT time 14 TFTP_VERBOSE setting 15 set 16 tftpdnld h r 17 y DETAILED STEPS Command or Action Purpose Step 1 IP_ADDRESS ip_address Example rommon IP_ADDRESS 172 16 23 32 Sets the IP address of the router Step 2 IP_SUBNET_MASK ip_address Example rommon IP_SUBNET_MASK 255 255 255 224 Sets the sub...

Page 392: ...P 1 Small form factor pluggable SFP mode is applicable only if GE_PORT 0 gig 0 0 RJ 45 mode is available on both gig 0 0 and gig 0 1 GE_PORT 0 or 1 The default is 0 Step 9 TFTP_CHECKSUM 0 1 Example rommon TFTP_CHECKSUM 0 Optional Determines whether the router performs a checksum test on the downloaded image 1 Checksum test is performed default 0 No checksum test is performed Step 10 TFTP_DESTINATI...

Page 393: ...ess is displayed 1 Exclamation points are displayed to indicate file download progress This is the default setting 2 Detailed progress is displayed during the file download process for example Initializing interface Interface link state up ARPing for 1 4 0 1 ARP reply for 1 4 0 1 received MAC address 00 00 0c 07 ac 01 Step 16 set Example rommon set Displays the ROM monitor environment variables Ve...

Page 394: ... mz 113 2 0 3 Q to flash Erasing flash at 0x607c0000 program flash location 0x60440000 rommon 22 Sample Output for the set ROM Monitor Command rommon 3 set PS1 rommon IP_ADDRESS 172 18 16 76 IP_SUBNET_MASK 255 255 255 192 DEFAULT_GATEWAY 172 18 16 65 TFTP_SERVER 172 18 16 2 TFTP_FILE anyname rel22_Jan_16 c2801 i mz What to Do Next If you want to configure the router to load a specified image at th...

Page 395: ...ough the router Router hangs are discussed in detail in the Troubleshooting Router Hangs tech note ROM Monitor Console Communication Failure Under certain mis configuration situations it can be impossible to establish a console connection with the router due to a speed mismatch or other incompatibility The most obvious symptom is erroneous characters in the console display If a ROM monitor failure...

Page 396: ... the Troubleshooting Router Hangs tech note Step 2 context Example rommon context Optional Displays the CPU context at the time of the fault If it is available the context from kernel mode and process mode of a loaded image is displayed Step 3 frame number Example rommon frame 4 Optional Displays an entire individual stack frame The default is 0 zero which is the most recent frame Step 4 sysret Ex...

Page 397: ...00 00000003 s2 00000000 00000003 v1 00000000 00000000 s3 00000000 00000000 a0 00000000 0000002b s4 00000000 64219118 a1 00000000 00000003 s5 00000000 62ad0000 a2 00000000 00000000 s6 00000000 63e10000 a3 00000000 64219118 s7 00000000 63e10000 t0 00000000 00070808 t8 ffffffff e7400884 t1 00000000 00000000 t9 00000000 00000000 t2 00000000 63e10000 k0 00000000 00000000 t3 00000000 34018001 k1 0000000...

Page 398: ...0000 0x642190f0 sp 0x020 0x63360000 0x642190f4 sp 0x024 0x6079ff70 Sample Output for the sysret ROM Monitor Command rommon 8 sysret System Return Info count 19 reason user break pc 0x801111b0 error address 0x801111b0 Stack Trace FP 0x80005ea8 PC 0x801111b0 FP 0x80005eb4 PC 0x80113694 FP 0x80005f74 PC 0x8010eb44 FP 0x80005f9c PC 0x80008118 FP 0x80005fac PC 0x80008064 FP 0x80005fc4 PC 0xfff03d70 FP ...

Page 399: ...iting ROM Monitor Mode This section describes how to exit ROM monitor mode and enter the Cisco IOS command line interface CLI The method that you use to exit ROM monitor mode depends on how your router entered ROM monitor mode If you reload the router and enter the Break key sequence to enter ROM monitor mode when the router would otherwise have booted the system image you can exit ROM monitor mod...

Page 400: ...in flash memory Locate the system image that you want the router to load If the system image is not in flash memory use the second or third option in Step 2 Step 2 boot flash0 directory filename or boot filename tftpserver or boot filename Example ROMMON boot flash0 myimage Example ROMMON boot someimage 172 16 30 40 Example ROMMON boot In order the examples here direct the router to Boot the first...

Page 401: ...ge How to Upgrade from ROMmon Using the Boot Image Booting and configuration register commands Cisco IOS Configuration Fundamentals Command Reference Loading and maintaining system images rebooting Cisco IOS Configuration Fundamentals Configuration Guide Choosing and downloading system images Software Center at http www cisco com kobayashi sw center index shtml Router crashes Troubleshooting Route...

Page 402: ...C 28 Cisco 3900 Series Cisco 2900 Series and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Appendix C Using ROM Monitor Additional References ...

Page 403: ...iguration register in NVRAM Each bit has value 1 on or set or value 0 off or clear and each bit setting affects the router behavior upon the next reload power cycle You can use the configuration register to Force the router to boot into the ROM monitor bootstrap program Select a boot source and default boot filename Enable or disable the Break function Control broadcast addresses Recover a lost pa...

Page 404: ...f bits 10 and 14 05 11 12 0x0020 0x0800 0x1000 Controls the console line speed See Table D 4 for the eight available bit combinations and console line speeds Factory default is 9600 baud where bits 5 11 and 12 are all zero clear Note You cannot change the console line speed configuration register bits from the Cisco IOS CLI2 You can however change these bits from the ROM monitor Or instead of chan...

Page 405: ...at is connected to the router console port For information about connecting the router to a PC or terminal see the hardware installation guide for your router In ROM monitor mode you must manually boot the system image or any other image by using the boot ROM monitor command 0001 0x01 Boots the first image in flash memory as a system image 0010 1111 0x02 0xF At the next power cycle or reload the r...

Page 406: ... Power on the router Step 4 If you are asked whether you would like to enter the initial dialog answer no Would you like to enter the initial dialog yes no After a few seconds the user EXEC prompt Router appears Step 5 Enter privileged EXEC mode by typing enable and if prompted enter your password Router enable Password password Router Step 6 Enter global configuration mode Router configure termin...

Page 407: ...gister settings are displayed in the last line of the show version command output Configuration register is 0x142 will be 0x142 at next reload Configuring the Console Line Speed Cisco IOS CLI The combined setting of bits 5 11 and 12 determines the console line speed You can modify these particular configuration register bits only from the ROM monitor To change the configuration register using the ...

Page 408: ...Settings Configuring the Console Line Speed Cisco IOS CLI Step 3 line console 0 Example Router config line console 0 Router config line Specifies the console line and enters line configuration mode Step 4 speed baud Example Router config line speed baud Specifies the console line speed Possible values in baud 1200 2400 4800 9600 19200 38400 57600 115200 Command or Action Purpose ...

Search results

Summary of Contents for 1941

Reviews:

Related manuals for 1941

Brands by name

Popular brands

Cisco 1941, Configuration Manual

Search results

Summary of Contents for 1941

Reviews:

Related manuals for 1941

Brands by name

Popular brands