manualshive.com logo in svg

Cisco 2800 Series, Руководство пользователя

Продукт серии W.E. Anderson 2800 - это высококачественное оборудование для автоматического регулирования. Установка и использование легки и просты благодаря подробным инструкциям по эксплуатации, которые можно бесплатно скачать с manualshive.com. Настройте ваше оборудование с легкостью и точностью, следуя инструкциям.

Поделиться
Скачать
background image

 

      Secured Branch Router Configuration Example

Configure

5

OL-6329-01

!---Configure the firewall interface that connects to the branch office PCs

 

!---and the Firewall Websense UFS:

 

!---Apply access lists and inspection rules to control access to the interface.

 

!---In this example, access list 116 is used to filter outbound packets, and

 

!---the inspection rule named “myfw” is used to filter inbound packets.

 

!---Enable the authentication proxy rule for dynamic, per-user authentication 

!---and authorization. See the previous “aaa authorization auth-proxy default group SJ” 

!---and “ip auth-proxy name aprule http” command entries. 

!---Apply the Cisco IPS rule to outbound traffic.

 

interface FastEthernet0/0

 ip address 192.168.1.2 255.255.255.0

 ip access-group 116 out

 ip inspect myfw in

 ip auth-proxy aprule

 ip ips ids-policy out

.

.

.

!---Configure the interface that connects to the

 

!---Cisco Secure Authentication Control Server (Cisco Secure ACS).

 

!---Apply access lists to control access to the interface.

 

!---In this example, access list 111 is used to filter inbound packets.

 

interface FastEthernet0/1

 ip address 192.168.101.2 255.255.255.0

 ip access-group 111 in

.

.

.

ip classless

!---The following command establishes a static route to the HTTP server,

 

!---which in this example has an IP address of 192.168.102.119.

 

ip route 192.168.102.0 255.255.255.0 FastEthernet0/1

!

!---Enable the HTTP server on your system.

 

!---Also, specify that the authentication method used for AAA login service

 

!---should be used for authenticating HTTP server users.

 

ip http server

ip http authentication aaa

no ip http secure-server

!

!---Configure the access list for the interface that connects to the

 

!---Cisco Secure ACS.

 

access-list 111 permit tcp host 192.168.101.119 eq tacacs host 192.168.101.2

access-list 111 permit udp host 192.168.101.119 eq tacacs host 192.168.101.2

access-list 111 permit icmp any any

access-list 111 deny   ip any any

!

!---Configure the access list for the firewall interface that connects to the

 

!---branch office PCs and the Websense URL Filtering Server (UFS).

 

access-list 116 permit tcp host 192.168.1.118 host 192.168.1.2 eq www

access-list 116 deny   tcp host 192.168.1.118 any

access-list 116 deny   udp host 192.168.1.118 any

access-list 116 deny   icmp host 192.168.1.118 any

access-list 116 permit tcp 192.168.1.0 0.0.0.255 any

access-list 116 permit udp 192.168.1.0 0.0.0.255 any

access-list 116 permit icmp 192.168.1.0 0.0.0.255 any

!

!

Содержание 2800 Series

Страница 1: ...ce page 1 Conventions page 1 Obtaining Documentation page 2 Documentation Feedback page 3 Obtaining Technical Assistance page 3 Obtaining Additional Publications and Information page 5 Objectives These documents explains how to configure and maintain your Cisco router Audience These documents are designed for the person installing configuring and maintaining the Cisco router who should be familiar...

Страница 2: ...com Cisco also provides several ways to obtain technical assistance and other technical resources These sections explain how to obtain technical information from Cisco Systems Cisco com You can access the most current Cisco documentation at this URL http www cisco com cisco web support index html Table 1 Command Conventions Convention Description boldface font Commands and keywords italic font Var...

Страница 3: ...alling Cisco Systems Corporate Headquarters California USA at 408 526 7208 or elsewhere in North America by calling 1 800 553 NETS 6387 Documentation Feedback For your convenience a documentation feedback form is located at the bottom of every online document You can submit comments by using the response card if present behind the front cover of your document or by writing to the following address...

Страница 4: ...e information before placing a service call Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information After you describe your situation the TAC Service Request Tool provides recommended solutions If your iss...

Страница 5: ...ources Cisco Marketplace provides a variety of Cisco books reference guides and logo merchandise Visit Cisco Marketplace the company store at this URL http www cisco com go marketplace The Cisco Products and Services Index describes the networking products offered by Cisco Systems as well as ordering and customer support services Access the Products and Services Index at this URL http www cisco co...

Страница 6: ...olver EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient and TransPath are r...

Страница 7: ...ed integration module AIM slots The Cisco 2811 router in addition to the features in the Cisco 2801 supports one single wide network module enhanced NME four single width or two double wide HWICs and optional inline power output of up to 160 Watts In Cisco 2821 routers in addition to the features in the Cisco 2811 the network module slot adds support for a single wide network module enhanced exten...

Страница 8: ... Software Configuration Using the Cisco IOS Command Line Interface Finding Feature Documentation Configuration Examples Troubleshooting and Maintenance Upgrading the System Image Using CompactFlash Memory Cards Using the ROM Monitor Changing the Configuration Register Settings Troubleshooting Links Note Besides the setup facility and the IOS command line interface a third way of configuring Cisco ...

Страница 9: ...irewall Policy Network Address Translation NAT VPNs routing protocols and other options For More Information About SDM and About Your Router For additional information about SDM features refer to the SDM online help Additional information about SDM is also available at this URL http www cisco com go sdm Here you can find detailed information about SDM including an SDM FAQ data sheet customer prese...

Страница 10: ...a host name for the router set passwords and configure an interface for communication with the management network If the following messages appear at the end of the startup sequence the setup command facility has been invoked automatically System Configuration Dialog At any point you may enter a question mark for help Use ctrl c to abort configuration dialog at any prompt Default settings are in s...

Страница 11: ...nable secret password This password is not encrypted less secure and can be seen when viewing the configuration The enable password is used when you do not specify an enable secret password with some older software versions and some boot images Enter enable password xxxxxx Step 6 Enter the virtual terminal password which prevents unauthenticated access to the router through ports other than the co...

Страница 12: ...ssword xxxxxx line vty 0 4 password xxxxxx snmp server community public no ip routing interface FastEthernet0 0 no shutdown speed 100 duplex half ip address 172 1 2 3 255 255 0 0 interface FastEthernet0 1 shutdown no ip address end Step 11 Respond to the following prompts Select 2 to save the initial configuration 0 Go to the IOS command prompt without saving this config 1 Return back to the setup...

Страница 13: ...r outages Use the copy running config startup config command at the privileged EXEC mode prompt Router to save the configuration to NVRAM Step 1 To proceed with manual configuration using the CLI enter no when the power up messages end Would you like to enter the initial configuration dialog yes no no Step 2 Press Return to terminate autoinstall and continue with manual configuration Would you lik...

Страница 14: ...ailable through the standard Cisco IOS startup sequence The configuration file shipped with your router does the following Provides an IP address for your Fast Ethernet interface enabling an interface to your LAN Enables your router s HTTP HTTPS server allowing HTTP access from your LAN Creates a default username cisco and password cisco with privilege level 15 Enables Telnet SSM access to the rou...

Страница 15: ...iguration to use the IOS startup sequence you can still use SDM To do so you must configure the router to support web based applications configure it with a user account defined with privilege level 15 and then configure it to support the Telnet and SSH protocols These changes can be made using a telnet session or using a console connection Configuring the Router to Support Web Based Applications ...

Страница 16: ...available Step 2 Enter the username and password that you specified in Step 2 of Configuring the Router to Support Web Based Applications a User with Priv 15 and Telnet SSH To continue configuring your router see the Initial Configuration Using the Cisco Router and Security Device Manager section on page 3 Copyright 2004 Cisco Systems Inc All rights reserved CCVP the Cisco logo and Welcome to the ...

Страница 17: ... guide that shipped with your router The software configuration documentation describes how to perform configuration tasks by using the CLI However this specific document describes how to perform basic configurations by using the Cisco IOS setup command facility Contents Platforms Supported by This Document page 1 Information About the Setup Command Facility page 2 Using the Setup Command Facility...

Страница 18: ...et passwords and configure an interface for communication with the management network Note The messages that will be displayed will vary depending on your router model the installed interface modules and the software image The following example and the user entries in bold are shown as examples only Note If you make a mistake while using the setup command facility you can exit and run the setup co...

Страница 19: ...ble password that is different from the enable secret password This password is not encrypted and is less secure and can be seen when viewing the configuration The enable password is used when you do not specify an enable secret password with some older software versions and some boot images Enter enable password xxxxxx Step 7 Enter the virtual terminal password which prevents unauthenticated acce...

Страница 20: ...guration is displayed The following configuration command script was created hostname myrouter enable secret 5 1 D5P6 PYx41 lQIASK HcSbfO5q1 enable password xxxxxx line vty 0 4 password xxxxxx snmp server community public no ip routing interface FastEthernet0 0 no shutdown media type 100BaseX half duplex ip address 172 1 2 3 255 255 0 0 interface FastEthernet0 1 shutdown no ip address end Step 11 ...

Страница 21: ...uter model the installed interface modules and the software image The following example and the user entries in bold are shown as examples only Fast Ethernet Interface Configuration The following is a brief example of configuring a Fast Ethernet interface by using the setup command facility Do you want to configure FastEthernet0 0 interface yes Use the 100 Base TX RJ 45 connector yes Operate in fu...

Страница 22: ...pe command More details follow in the Selecting the Port for the Gigabit Ethernet Interface section on page 6 The following are two examples of configurations for the Gigabit Ethernet GE interface The first example shows a sample configuration for RJ 45 mode applicable to either port gig 0 0 or port gig 0 1 interface GigabitEthernet0 0 ip address 1 3 153 13 255 0 0 0 duplex auto speed auto media t...

Страница 23: ...frames received There is no way in current MAC hardware to track the number of pause frames received or sent Flow control is on by default Currently there is no command to turn off the flow control capability for any of the Gigabit Ethernet ports in any of the RJ45 or SFP modes Speed Duplex Settings for the Gigabit Ethernet Ports Typically speed and or duplex communications are configured manually...

Страница 24: ...Enable AUTO duplex configuration full Force full duplex operation Note If the speed and duplex setting for g0 0 in SFP mode is speed 1000 and duplex full autonegotiation is in forced mode and autonegotation is turned off For all other mode settings of speed or duplex for SFP autonegotiation is turned on If speed 1000 and duplex full modes are specified for both g0 0 and g0 1 interfaces in copper m...

Страница 25: ...8 subnet bits mask is 8 Configure IPX on this interface no yes IPX network number 8 Frame Relay Encapsulation The following is a sample configuration for Frame Relay encapsulation The following lmi types are available to be set when connected to a frame relay switch 0 none 1 ansi 2 cisco 3 q933a Enter lmi type 2 Note The setup command facility prompts you for the data link connection identifier DL...

Страница 26: ...r remote x25 address 4321 Do you want to map the remote machine s x25 address to IP address yes IP address for the remote interface 192 0 0 2 Do you want to map the remote machine s x25 address to IPX address yes IPX address for the remote interface 40 1234 5678 Enter lowest 2 way channel 1 Enter highest 2 way channel 64 Enter frame window K 7 Enter Packet window W 2 Enter Packet size must be powe...

Страница 27: ...on this interface no yes IPX network number 8 Configure Vines on this interface no Configure XNS on this interface no Configure Apollo on this interface no Asynchronous Synchronous Serial Interface Synchronous Configuration The following is a sample configuration for synchronous configuration for an asynchronous synchronous serial interface Do you want to configure Serial1 0 interface yes Enter mo...

Страница 28: ...in dce mode The following clock rates are supported on the serial interface 0 1200 2400 4800 9600 19200 38400 56000 64000 72000 125000 148000 500000 800000 1000000 1300000 2000000 4000000 8000000 choose speed from above 2000000 1200 Configure IP on this interface yes IP address for this interface 192 0 0 1 Subnet mask for this interface 255 0 0 0 Class A network is 2 0 0 0 8 subnet bits mask is 8 ...

Страница 29: ...ress for the remote interface 40 1234 5678 SMDS Encapsulation The following is a sample configuration for switched multimegabit data service SMDS encapsulation Enter smds address for the local interface c141 5556 1415 We will need to map the remote smds station s address to the remote station s IP IPX address Enter smds address for the remote interface c141 5556 1414 Do you want to map the remote ...

Страница 30: ...No further configuration is needed for HDLC encapsulation Do you have service profile identifiers SPIDs assigned no y Enter SPID1 12345 Enter SPID2 12345 Note The setup command facility prompts you for the service profile identifier SPID number only if you specify basic 5ess basic ni1 or basic dms100 for the switch type Do you want to map the remote machine s IP address in dialer map yes IP addres...

Страница 31: ... to a frame relay switch 0 none 1 ansi 2 cisco 3 q933a Enter lmi type 2 Note The setup command facility prompts you for the DLCI number only if you specify none for the LMI type If you accept the default or specify another LMI type the DLCI number is provided by the specified protocol Enter the DLCI number for this interface 16 Do you want to map a remote machine s IP address to dlci yes IP addres...

Страница 32: ... SMDS encapsulation Enter smds address for the local interface c141 5556 1415 We will need to map the remote smds station s address to the remote station s IP address Enter smds address for the remote interface c141 5556 1414 Do you want to map the remote machine s smds address to IP address yes IP address for the remote interface 192 0 0 1 Do you want to map the remote machine s smds address to I...

Страница 33: ...g by Switch Type ISDN BRI provisioning refers to the types of services provided by the ISDN BRI line Although provisioning is performed by your ISDN BRI service provider you must tell the provider what you want Table 2 lists the provisioning you that should order for the router based on switch type Table 2 ISDN Provisioning by Switch Type Switch Type Provisioning 5ESS Custom BRI For data only 2 B ...

Страница 34: ...directory number LDN on the router for both ISDN BRI B channels use the following isdn spid command in privileged EXEC mode Router config if isdn spid1 spid number ldn Router config if isdn spid2 spid number ldn Note Although the LDN is an optional parameter in the command you may need to enter it so that the router can answer calls made to the second directory number 5ESS National ISDN NI 1 BRI F...

Страница 35: ...ure this interface controller no Will you be using PRI on this controller yes E1 T1 PRI Mode The following is a sample configuration for E1 T1 PRI mode The following framing types are available esf sf Enter the framing type esf The following linecode types are available ami b8zs Enter the line code type b8zs Enter number of time slots 24 Do you want to configure Serial1 0 23 interface yes Configur...

Страница 36: ...ntication Router remote_router Enter a password for CHAP authentication secret Note The password which is used by the Challenge Handshake Authentication Protocol CHAP authentication process is case sensitive and must exactly match the password for the remote router Frame Relay Encapsulation The following is a sample configuration for Frame Relay encapsulation The following lmi types are available ...

Страница 37: ...mote machine s IP address to vpi and vci yes IP address for the remote interface 6 0 0 1 Do you want to map the remote machine s IPX address to vpi and vci yes IPX address for the remote interface 40 0060 34c6 90ed SMDS Encapsulation The following is a sample configuration for switched multimegabit data service SMDS encapsulation Enter smds address for the local interface c141 5556 1415 We will ne...

Страница 38: ...annel groups no y Enter number of time slots 18 3 Configure more channel groups no y Enter number of time slots 15 Configure more channel groups no Note The following sections describe the prompts for each encapsulation type No further configuration is needed for High Level Data Link Control HDLC encapsulation PPP Encapsulation The following is a sample configuration for PPP encapsulation Would yo...

Страница 39: ...0 0 8 subnet bits mask is 8 If Internetwork Packet Exchange IPX is configured on the router the setup command facility prompts you for the IPX map Do you want to map a remote machine s IPX address to dlci yes IPX address for the remote interface 40 0060 34c6 90ed LAPB Encapsulation The following is a sample configuration for Link Access Procedure Balanced LAPB encapsulation lapb circuit can be eit...

Страница 40: ...nection or you need connection for more than eight hours per day Switched Mode The following is a sample configuration for a switched mode interface Do you want to configure Serial0 0 0 interface yes Some encapsulations supported are ppp hdlc frame relay lapb atm dxi smds x25 Choose encapsulation type ppp Switched 56k interface may either be in switched Dedicated mode Choose from either switched d...

Страница 41: ...k is 8 Completing the Configuration When you have provided all the information requested by the setup command facility the configuration appears To complete your router configuration follow these steps Step 1 A setup command facility prompt asks if you want to save this configuration If you answer no the configuration information you entered is not saved and you return to the router enable prompt ...

Страница 42: ...served CCVP the Cisco logo and Welcome to the Human Network are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn is a service mark of Cisco Systems Inc and Access Registrar Aironet Catalyst CCDA CCDP CCIE CCIP CCNA CCNP CCSP Cisco the Cisco Certified Internetwork Expert logo Cisco IOS Cisco Press Cisco Systems Cisco Systems Capital the Cisco Systems logo Cisco Unity Ent...

Страница 43: ...guration for your router Contents Platforms Supported by This Document page 1 Prerequisites for Basic Software Configuration Using the Cisco IOS CLI page 2 Restrictions for Basic Software Configuration Using the Cisco IOS CLI page 2 How to Perform a Basic Software Configuration Using the Cisco IOS CLI page 2 Where to Go Next page 19 Additional References page 19 Platforms Supported by This Documen...

Страница 44: ...asic Software Configuration Using the Cisco IOS CLI If Cisco Router and Security Device Manager SDM is installed on your router we recommend that you use Cisco SDM instead of the Cisco IOS CLI to perform the initial software configuration To access SDM see the quick start guide that shipped with your router How to Perform a Basic Software Configuration Using the Cisco IOS CLI This section contains...

Страница 45: ...me must also follow the rules for Advanced Research Projects Agency Network ARPANET hostnames They must start with a letter end with a letter or digit and have as interior characters only letters digits and hyphens Names must be 63 characters or fewer For more information see RFC 1035 Domain Names Implementation and Specification SUMMARY STEPS 1 enable 2 configure terminal 3 hostname name 4 Verify...

Страница 46: ...because it uses an improved encryption algorithm Use the enable password command only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command For more information see the Configuring Passwords and Privileges chapter in the Cisco IOS Security Configuration Guide Also see the Improving Security on Cisco Routers tech note Res...

Страница 47: ...communication parameters specify autobaud connections and configure terminal operating parameters for the terminal that you are using For more information on configuring the console line see the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide In particular see the Configuring Operating Characteristics for Terminals and Troubleshooting and Fault Management chapters S...

Страница 48: ... 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 line console 0 Example Router config line console 0 Configures the console line and starts the line configuration command collection mode Step 4 exec timeout minutes seconds Example Router config line exec t...

Страница 49: ...faces chapter of the Cisco IOS Interface and Hardware Component Configuration Guide For information on interface numbering see the quick start guide that shipped with your router Note Cisco 1841 and Cisco 2801 routers have a hardware limitation on the Fast Ethernet ports FE0 0 and FE0 1 In half duplex mode when traffic reaches or exceeds 100 capacity equal to or greater than 5 Mbps in each directi...

Страница 50: ...nfigure terminal Enters global configuration mode Step 4 interface fastethernet gigabitethernet 0 port Example Router config interface fastethernet 0 1 Example Router config interface gigabitethernet 0 0 Specifies the Ethernet interface and enters interface configuration mode Note For information on interface numbering see the quick start guide that shipped with your router Step 5 description stri...

Страница 51: ...ative methods of specifying a default route see the Configuring a Gateway of Last Resort Using IP Commands tech note The Cisco IOS software uses the gateway router of last resort if it does not have a better route for a packet and if the destination is not a connected network This section describes how to select a network as a default route a candidate route for computing the gateway of last resor...

Страница 52: ...f prompted Step 2 configure terminal Example Router configure terminal Enters global configuration mode Step 3 ip routing Example Router config ip routing Enables IP routing Step 4 ip route dest prefix mask next hop ip address admin distance permanent Example Router config ip route 192 168 24 0 255 255 255 0 172 28 99 2 Establishes a static route Step 5 ip default network network number or ip rout...

Страница 53: ...form a Basic Software Configuration Using the Cisco IOS CLI Step 6 end Example Router config end Returns to privileged EXEC mode Step 7 show ip route Example Router show ip route Displays the current routing table information Verify that the gateway of last resort is set Command or Action Purpose ...

Страница 54: ... Router What to Do Next Proceed to the Configuring Virtual Terminal Lines for Remote Console Access section on page 12 Configuring Virtual Terminal Lines for Remote Console Access Virtual terminal vty lines are used to allow remote access to the router This section shows you how to configure the virtual terminal lines with a password so that only authorized users can remotely access the router The...

Страница 55: ...ample Router configure terminal Enters global configuration mode Step 3 line vty line number ending line number Example Router config line vty 0 4 Starts the line configuration command collection mode for the virtual terminal lines vty for remote console access Make sure that you configure all vty lines on your router Note To verify the number of vty lines on your router use the line vty command S...

Страница 56: ...ine This section describes how to enter line configuration mode for the auxiliary line How you configure the auxiliary line depends on your particular implementation of the auxiliary AUX port See the following documents for information on configuring the auxiliary line Configuring a Modem on the AUX Port for EXEC Dialin Connectivity tech note http www cisco com warp public 471 mod aux exec html Co...

Страница 57: ...rticular implementation of the AUX port DETAILED STEPS What to Do Next Proceed to the Verifying Network Connectivity section on page 15 Verifying Network Connectivity This section describes how to verify network connectivity for your router Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 configure terminal Example Ro...

Страница 58: ...size 100 Timeout in seconds 2 Extended commands n Sweep range of sizes n Type escape sequence to abort Sending 5 100 byte ICMP Echos to 192 168 7 27 timeout is 2 seconds Success rate is 100 percent round trip min avg max 1 2 4 ms Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 ping ip address hostname Example Router ...

Страница 59: ...Y STEPS 1 enable 2 copy running config startup config DETAILED STEPS What to Do Next Proceed to the Saving Backup Copies of Your Configuration and System Image section on page 17 Saving Backup Copies of Your Configuration and System Image To aid file recovery and minimize downtime in case of file corruption we recommend that you save backup copies of the startup configuration file and the Cisco IO...

Страница 60: ...o learn the name of the system image file and the use of the copy flash tftp privileged EXEC command to copy the system image c3640 2is mz to a TFTP server The router uses the default username and password Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 copy nvram startup config ftp rcp tftp Example Router copy nvram...

Страница 61: ...es related to basic software configuration using the Cisco IOS CLI Related Documents Basic Software Configuration Topic Related Document Title or Link Chassis installation cable connections power up procedures and interface numbering Quick start guide for your router Cisco Security Device Manager SDM http www cisco com go sdm Guidelines for assigning the router hostname RFC 1035 Domain Names Imple...

Страница 62: ... settings that network administrators should consider changing on their routers especially on their border routers to improve security Improving Security on Cisco Routers tech note Note To view this document you must have an account on Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear IP ...

Страница 63: ... Unity Enterprise Solver EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient ...

Страница 64: ...22 Basic Software Configuration Using the Cisco IOS Command Line Interface OL 5593 01 Additional References ...

Страница 65: ... back through the firewall The traffic is allowed back through the firewall only if the traffic is part of the same session as the original traffic that triggered CBAC when exiting through the firewall Cisco IOS Intrusion Prevention System IPS The Cisco IOS IPS feature restructures the existing Cisco IOS Intrusion Detection System IDS allowing customers to choose to load the default built in signa...

Страница 66: ...this document is based on the software and hardware versions below Cisco 2801 router Cisco IOS Release 12 3 8 T4 Advanced IP Services feature set Note The information in this document was created from the devices in a specific lab environment All of the devices used in this document started with a cleared default configuration If your network is live make sure that you understand the potential imp...

Страница 67: ... anywhere in the network In this case it is on the Fast Ethernet 0 1 side of the secured branch router Configurations This document uses the configuration shown below router show running config Building configuration Enable the authentication authorization and accounting AAA access control model aaa new model Identify the Cisco Secure Authentication Control Server ACS as a member of a AAA server g...

Страница 68: ... authentication cache entry along with its associated dynamic user access control list is managed after a period of inactivity ip auth proxy inactivity timer 120 Create an authentication proxy rule in this example it is named aprule Set HTTP to trigger the authentication proxy ip auth proxy name aprule http Configure the Cisco IOS Intrusion Protection System IPS feature Specify the location from w...

Страница 69: ... 255 0 ip access group 111 in ip classless The following command establishes a static route to the HTTP server which in this example has an IP address of 192 168 102 119 ip route 192 168 102 0 255 255 255 0 FastEthernet0 1 Enable the HTTP server on your system Also specify that the authentication method used for AAA login service should be used for authenticating HTTP server users ip http server i...

Страница 70: ...nalysis of show command output You must have an account on Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Commands for Verifying Firewall Websense URL Filtering show ip urlfilter cache Displays the maximum number of entries that can be cached into the cache table and the number of entr...

Страница 71: ... count 0 Maxever packet buffer count 0 Maxever cache entry count 0 Total requests sent to URL Filter Server 13 Total responses received from URL Filter Server 13 Total requests allowed 9 Total requests blocked 4 Commands for Verifying Cisco IOS Firewall Authentication Proxy show ip auth proxy Displays the authentication proxy entries or configuration Router show ip auth proxy cache Authentication ...

Страница 72: ... FA N 2 2 6105 0 Y AD HIGH 0 0 0 100 30 FA N 2 2 6105 1 Y ADR HIGH 0 0 0 100 30 FA N 2 2 6188 0 Y AD HIGH 0 0 0 100 30 FA N S43 6189 0 Y AD HIGH 0 0 0 100 30 FA N S43 6189 1 Y ADR HIGH 0 0 0 100 30 FA N S43 6190 0 Y AD HIGH 0 0 0 100 30 FA N 2 1 6190 1 Y ADR HIGH 0 0 0 100 30 FA N 2 1 6191 0 Y AD HIGH 0 0 0 100 30 FA N 2 1 6191 1 Y ADR HIGH 0 0 0 100 30 FA N 2 1 6192 0 Y AD HIGH 0 0 0 100 30 FA N ...

Страница 73: ...9202 0 Y AD HIGH 0 0 0 100 30 FA N S40 9203 0 Y AD HIGH 0 0 0 100 30 FA N S40 9204 0 Y AD HIGH 0 0 0 100 30 FA N S40 9205 0 Y AD HIGH 0 0 0 100 30 FA N S40 9206 0 Y AD HIGH 0 0 0 100 30 FA N S40 9207 0 Y AD HIGH 0 0 0 100 30 FA N S40 9208 0 Y AD HIGH 0 0 0 100 30 FA N S40 9209 0 Y AD HIGH 0 0 0 100 30 FA N S40 9210 0 Y AD HIGH 0 0 0 100 30 FA N S40 9211 0 Y AD HIGH 0 0 0 100 30 FA N S40 9212 0 Y A...

Страница 74: ...systems Router debug ip urlfilter detailed Urlfilter Detailed Debugs debugging is on Router Aug 26 20 11 58 538 URLF got cache idle timer event Aug 26 20 11 58 538 URLF cache table is about to overflow delete idle entries Aug 26 20 12 00 962 URLF creating uis 0x64EF00A0 pending request 1 Aug 26 20 12 00 962 URLF domain name not found in the exclusive list Aug 26 20 12 00 962 URLF got an cbac queue...

Страница 75: ...684 dst_addr 192 168 102 119 src_addr 192 168 1 118 dst_port 80 src_port 1900 Aug 30 23 16 07 684 clientport 1900 state 0 Aug 30 23 16 07 684 AUTH PROXY proto_flag 4 dstport_index 4 Aug 30 23 16 07 684 PSH ACK 2787182962 SEQ 24350098 LEN 282 Aug 30 23 16 07 684 dst_addr 192 168 102 119 src_addr 192 168 1 118 dst_port 80 src_port 1900 Aug 30 23 16 07 684 clientport 1900 state 0 Aug 30 23 16 07 688 ...

Страница 76: ...se Solver EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient and TransPath a...

Страница 77: ...ices The small branch office requires a robust and integrated voice mail solution The integrated services routers also support various options for WAN uplink and integrated LAN switching modules Land Mobile Radio LMR is used by an enterprise for several reasons which include loss prevention premise safety and security and Push to Talk PTT communication for mobile workers within range of the radio ...

Страница 78: ... slots Cisco CallManager seamlessly connects to Cisco CME over an H 323 trunk defined on the Cisco CallManager Release 3 3 3 or later Cisco CME Release 3 2 manages the local phone network Cisco CME and Cisco Unity Express enable users to use a gateway as though it were a PBX coupled to a voice mail system Cisco Unity Express with Cisco Service Engine 1 1 on the NM CUE provides voice mail and auto ...

Страница 79: ... reflects use of devices in a specific lab environment All devices used in this configuration example started with a cleared default configuration If you are working with a live network ensure that you understand the potential effects of any command before you use it The configuration example presented in this document depicts a combination of features on a single branch office router Users of thi...

Страница 80: ...t appear Configuration Tips The gigabit port on the router does not provide inline power Routing should be enabled and assumed to be configured The external flash card on the integrated services routers holds the router image VLAN database graphical user interface GUI files for Cisco CME and Cisco Unity Express It should not be removed during the normal operation of the router The LMR integration ...

Страница 81: ... username and passwords for Web server and local authentication username cisco password 7 1511021F0725 clock timezone PST 8 clock summer time PDT recurring no network clock participate slot 1 no network clock participate slot 2 no network clock participate slot 3 no network clock participate slot 4 no network clock participate wic 0 no network clock participate wic 1 network clock participate wic ...

Страница 82: ...onsole aaa authorization exec default local aaa authorization network groupauthor local aaa session id common ip subnet zero no ip source route ip cef Configure a DHCP address pool for each IP phone ip dhcp excluded address 192 168 10 1 192 168 10 99 ip dhcp pool NONAT network 10 1 153 0 255 255 255 248 default router 10 1 153 1 dns server 10 1 162 183 10 1 156 120 option 150 ip 10 1 152 9 domain ...

Страница 83: ...ck to back offers the possibility of using E 164 number as a conference ID or for using the multicast stream for application such as Hoot and Holler Cisco CME offers 3 party conference calling and is the recommended method for a small branch office the following T1 loopback cable is not required for configuring the conferencing features Cisco IOS supports audio mixing of loudest three streams The ...

Страница 84: ... and Holler using multicast on router The multicast streaming of packets from the local router uses the VIF interface to derive the local ip address and the port of the packets This can be verified by the show command show voip rtp connection interface Vif1 ip address 10 1 153 41 255 255 255 252 ip pim sparse dense mode WAN uplink interface Serial0 0 0 ip address 10 1 152 30 255 255 255 252 ip pim...

Страница 85: ...im sparse dense mode ip nat inside ip virtual reassembly interface Vlan110 ip address 10 1 153 1 255 255 255 248 ip pim sparse dense mode ip virtual reassembly OSPF used as the routing protocol for scenario router ospf 1 router id 10 1 152 9 log adjacency changes network 10 1 152 9 0 0 0 0 area 0 network 10 1 152 10 0 0 0 0 area 0 network 10 1 152 28 0 0 0 3 area 0 network 10 1 152 140 0 0 0 3 are...

Страница 86: ...ssion protocol multicast voice port 0 2 0 1 auto cut through voice port 0 2 0 2 auto cut through voice port 0 2 0 3 auto cut through voice port 0 2 0 4 auto cut through voice port 0 2 0 3 auto cut through voice port 0 2 0 4 auto cut through voice port 0 2 0 5 auto cut through voice port 0 2 0 6 auto cut through E M ports connected to the LMR Land Mobile Radio Each radio may have a different radio ...

Страница 87: ...the multicast dial peer to convert it into a multicast stream The 3 party mixing algorithm takes care of conferencing between the dialed parties voice port 0 2 1 3 auto cut through timeouts call disconnect 3 connection trunk 21111 voice port 0 2 1 4 auto cut through timeouts call disconnect 3 connection trunk 21111 voice port 0 2 1 5 auto cut through timeouts call disconnect 3 connection trunk 211...

Страница 88: ...IP to multicast bridging for LMR integration destination pattern 20480 voice class permanent 1 session protocol multicast session target ipv4 239 192 17 191 20480 codec g711ulaw vad aggressive dial peer voice 20481 voip description VoIP to multicast bridging for LMR integration destination pattern 20481 voice class permanent 1 session protocol multicast session target ipv4 239 192 17 192 20480 cod...

Страница 89: ...scription VoIP to local multicast conference bridge destination pattern 2111 port 0 2 0 5 dial peer voice 9 pots description VoIP to local multicast conference bridge destination pattern 2111 port 0 2 0 6 Dial Cisco CME Configuration with services configuration telephony service fxo hook flash load 7910 P00403020214 load 7960 7940 P00306000300 max ephones 27 max dn 40 ip source address 10 1 152 9 ...

Страница 90: ...an 27749 timeout 18 ephone dn 4 dual line number 27728 description Monica name Monica call forward busy 27749 call forward noan 27749 timeout 10 ephone dn 5 dual line number 27729 description Jen Shue Shih name Jen Shue Shih call forward busy 27749 call forward noan 27749 timeout 10 ephone dn 6 dual line number 27730 description Mike name Mike call forward busy 27749 call forward noan 27749 timeou...

Страница 91: ...all forward busy 27749 call forward noan 27749 timeout 18 ephone dn 12 dual line number 27736 description Estelle name Estelle call forward busy 27749 call forward noan 27749 timeout 18 ephone dn 13 dual line ephone dn 14 dual line ephone dn 15 dual line number 27739 call forward busy 27749 call forward noan 27749 timeout 18 ephone dn 16 dual line number 27740 call forward busy 27749 call forward ...

Страница 92: ... ephone dn 21 dual line number 27745 call forward busy 27749 call forward noan 27749 timeout 18 ephone dn 25 ephone dn 27 number 27749 call forward busy 27749 call forward noan 27749 timeout 18 ephone dn 39 number 8000 mwi off ephone dn 40 number 8001 mwi on ephone 1 mac address 0003 4713 5554 type CIPC button 1 1 ephone 2 mac address 0002 8A3E 6606 type CIPC button 1 2 ephone 3 mac address 0001 0...

Страница 93: ...6 ephone 7 mac address 0009 6B30 E399 type CIPC button 1 7 ephone 8 mac address 000B BE37 1AB1 type 7960 button 1 8 ephone 9 mac address 0006 D74B 15B3 type 7960 button 1 9 ephone 10 mac address 000B 5F92 5784 type 7960 button 1 10 ephone 11 mac address 000C CE3A 87FA type 7960 button 1 11 ephone 12 mac address 000C CE35 1B23 type 7960 button 1 12 ephone 13 mac address 0002 8A9B 0CE5 type CIPC but...

Страница 94: ...ne 16 mac address 0030 94C3 BE45 type 7960 button 1 16 ephone 17 ephone 18 ephone 19 ephone 20 ephone 21 line con 0 authorization exec LOCAL stopbits 1 line aux 0 stopbits 1 line 66 no activation character no exec transport preferred none transport input all transport output all line 130 no activation character no exec transport preferred none transport input all transport output all line 258 no a...

Страница 95: ...ow commands for the voice gateway show voice port summary Displays a summary of all voice ports show voip rtp connections Displays VoIP RTP active connections show voip dsp Displays DSP information show voice trace Displays voice channel configuration information for all DSP channels show voice call summary Displays the call status for all voice ports show running config Displays the contents of t...

Страница 96: ...output for the show telephony service command on the Cisco CME CCME CUE SJC show telephony service CONFIG Version 3 2 Version 3 2 Cisco CallManager Express For on line documentation please see www cisco com univercd cc td doc product access ip_ph ip_ks index htm ip source address 10 1 152 9 port 2000 load 7910 P00403020214 load 7960 7940 P00303020214 max ephones 27 max dn 40 max conferences 8 dspf...

Страница 97: ...0 2 51961 Telecaster 7960 keepalive 39556 max_line 6 button 1 dn 15 number 27739 CH1 IDLE CH2 IDLE The following is an example of output for the show voice port summary command on the branch office router 3845 gw show voice port summary IN OUT PORT CH SIG TYPE ADMIN OPER STATUS STATUS EC 0 2 0 1 01 e m imd up dorm idle idle y 0 2 0 2 02 e m imd up dorm idle idle y 0 2 0 3 03 e m imd up dorm idle i...

Страница 98: ...4 0 0 14 C5510 014 02 g711ulaw 4 4 1 busy idle 0 0 0 2 1 6 06 0 1833 5379 C5510 014 03 None 4 4 1 busy idle 0 0 0 2 0 5 05 0 0 14 C5510 014 04 None 4 4 1 busy idle 0 0 0 2 0 6 06 0 0 14 C5510 014 05 g711ulaw 4 4 1 busy idle 0 0 0 2 1 5 05 0 1424 5334 C5510 014 06 g711ulaw 4 4 1 busy idle 0 0 0 2 1 4 04 0 1402 5057 DSP SIGNALING CHANNELS DSP DSP DSPWARE CURR BOOT PAK TX RX TYPE NUM CH CODEC VERSION...

Страница 99: ...0 1 1 g711ulaw y S_CONNECT S_TRUNKED 0 2 1 1 1 g711ulaw y S_CONNECT S_TRUNKED 0 2 1 2 2 g711ulaw y S_CONNECT S_TRUNKED 0 2 1 3 3 g711ulaw y S_CONNECT S_TRUNKED 0 2 1 4 4 g711ulaw y S_CONNECT S_TRUNKED 0 2 1 5 5 g711ulaw y S_CONNECT S_TRUNKED 0 2 1 6 6 g711ulaw y S_CONNECT S_TRUNKED 0 3 0 FXSLS_ONHOOK 0 3 1 FXSLS_ONHOOK 0 3 2 FXSLS_ONHOOK 0 3 3 FXSLS_ONHOOK 50 0 1 1 EFXS_ONHOOK 50 0 9 1 EFXS_ONHOOK...

Страница 100: ...ion asf none nsc wma wmv mp3 wmt broadcast alias name lanka source mms 24 6 215 172 AAA wmt enable multicast accept license agreement ip name server 10 68 162 183 ip name server 10 72 156 120 wccp router list 1 10 1 152 249 wccp web cache router list num 1 wccp version 2 username admin password 1 bVmDmMMmZAPjY username admin privilege 15 authentication login local enable primary authentication con...

Страница 101: ...s Duration in seconds Type Transport Source Pkts_Recd Bytes_Recd Duration BW Server IP Filename Stream Id LIVE MMS TCP RMT_MMS 807995 1165556557 44531 216 24 6 215 172 AAA 5878 Outgoing Streams Client IP Type Transport Source State Pkts_sent Bytes_sent Duration BW Server IP Filename Stream Id 10 21 96 174 LIVE HTTP RMT_MMS Play 216441 312540804 11946 216 24 6 215 172 lanka 13830 10 21 81 206 LIVE ...

Страница 102: ...5 100 00 On Demand Content 0 0 00 By Transport Protocol MMSU 32 42 67 MMST 1 1 33 HTTP 42 56 00 By Source of Content Local 0 0 00 Remote MMS 75 100 00 Remote HTTP 0 0 00 Multicast 0 0 00 CDN Related WMT Requests CDN Content Hits 0 0 00 CDN Content Misses 0 0 00 CDN Content Live 0 0 00 CDN Content Errors 0 0 00 Unicast Bytes Statistics Total unicast incoming bytes 1178064843 Total of Total Unicast ...

Страница 103: ...70301 Total of Total Bytes Saved By Pre positioned content 0 0 00 By Live splitting 3520070301 100 00 By Cache hit 0 0 00 Total of Total Live Outgoing Bytes Live Splitting Incoming bytes 1178064843 25 08 Outgoing bytes 4698135144 100 00 Bytes saved 3520070301 74 92 Total of Bytes Cache Total Caching Bytes cache miss 0 0 00 Bytes cache hit 0 0 00 Bytes cache total 0 0 00 Bytes cache bypassed 0 Tota...

Страница 104: ...0 Max 0 000 Concurrent Bandwidth to Remote Servers Kbps Current 216 765 Max 216 765 Error Statistics Total request errors 0 Errors generated by this box Reach MAX connections 0 Reach MAX incoming bandwidth 0 Reach MAX outgoing bandwidth 0 Reach MAX incoming bit rate 0 Reach MAX outgoing bit rate 0 MMSU under wccp 0 MMSU not allowed 0 MMST not allowed 0 MMSU T not allowed 0 HTTP not allowed 0 1st t...

Страница 105: ...output for the show interface service engine 4 0 command on the Cisco CME for Cisco Unity Express 3845 gw show interface service engine 4 0 Service Engine4 0 is up line protocol is up Hardware is I82559FE address is 000e 8335 7c30 bia 000e 8335 7c30 Interface is unnumbered Using address of Loopback2 10 1 152 241 MTU 1500 bytes BW 100000 Kbit DLY 100 usec reliability 255 255 txload 1 255 rxload 1 2...

Страница 106: ...e engine 4 0 status command on the Cisco CME for Cisco Unity Express 3845 gw service module service Engine 4 0 status Service Module is Cisco Service Engine4 0 Service Module supports session via TTY line 258 Service Module is in Steady state Getting status from the Service Module please wait cisco service engine 1 1 The following is an example of output for the service module service engine 4 0 s...

Страница 107: ...ame Rachel phonenumber 27726 username chandler phonenumber 27727 username Monica phonenumber 27728 username Jeshih phonenumber 27729 username Mike phonenumber 27730 username Phoebe phonenumber 27731 username Cosmo phonenumber 27732 username Jerry phonenumber 27733 username George phonenumber 27734 username Frank phonenumber 27735 username Estelle phonenumber 27736 groupname Administrators member c...

Страница 108: ...cn engine end engine ccn subsystem jtapi ccm manager address end subsystem ccn subsystem sip gateway address 10 1 152 241 end subsystem ccn trigger sip phonenumber 27748 application autoattendant enabled locale en_US maxsessions 8 end trigger ccn trigger sip phonenumber 27749 application voicemail enabled locale en_US maxsessions 8 end trigger ccn trigger sip phonenumber 27751 application promptmg...

Страница 109: ...00 description Cosmo mailbox end mailbox voicemail mailbox owner Jerry size 3000 description Jerry mailbox end mailbox voicemail mailbox owner George size 3000 description George mailbox end mailbox voicemail mailbox owner Frank size 3000 description Frank mailbox end mailbox voicemail mailbox owner Estelle size 3000 description Estelle mailbox end mailbox end The following is an example of output...

Страница 110: ...w voicemail limits Default Mailbox Size seconds 3000 Default Caller Message Size seconds 60 Maximum Recording Size seconds 900 Default Message Age days 30 System Capacity minutes 6000 Default Prompt Language en_US Operator Telephone 0 The following is an example of output for the show ccn application command on Cisco Unity Express se 10 32 152 242 show ccn application Name ciscomwiapplication Desc...

Страница 111: ...ype SIP Application promptmgmt Locale en_US Idle Timeout 10000 Enabled yes Maximum number of sessions 1 Name 27748 Type SIP Application autoattendant Locale en_US Idle Timeout 10000 Enabled yes Maximum number of sessions 8 se 10 32 152 242 Verification Screens Examples The following display screen examples depict the graphical user interface for Cisco CallManager Cisco CallManager Express Cisco CM...

Страница 112: ...n Solution for Group Applications Configuration Example Verify 36 OL 6574 01 Cisco CallManager Screen Examples The screen display example below shows Cisco CallManager Release 3 3 3 trunk configuration for a Cisco CME ...

Страница 113: ...IP Communication Solution for Group Applications Configuration Example Verify 37 OL 6574 01 The screen display example below depicts media termination point MTP software configuration ...

Страница 114: ...IP Communication Solution for Group Applications Configuration Example Verify 38 OL 6574 01 Cisco CME Screen Examples The screen display example below identifies Cisco CallManager extensions ...

Страница 115: ...IP Communication Solution for Group Applications Configuration Example Verify 39 OL 6574 01 The screen display example below provides details about Cisco CME phones ...

Страница 116: ...ation Solution for Group Applications Configuration Example Verify 40 OL 6574 01 Cisco Unity Express Screen Examples The screen display example below lists voice mailboxes on Cisco Unity Express user configuration ...

Страница 117: ...IP Communication Solution for Group Applications Configuration Example Verify 41 OL 6574 01 The screen display example below provides details about voice mailboxes on Cisco Unity Express ...

Страница 118: ...ing tech notes IP Security Troubleshooting Understanding and Using debug Commands Troubleshooting Reference Documents and Commands The following references and command recommendations offer guidance for troubleshooting Cisco CME based Cisco Unity Express implementations Note Before issuing debug commands see Important Information on Debug Commands For troubleshooting and debugging VoIP call basics...

Страница 119: ...and collects debug information only for signaling events This command can also be useful in resolving problems with signaling to a PBX debug voip ccapi This command traces the execution path through the call control application programming interface API which serves as the interface between the call session application and the underlying network specific software You can use the output from this c...

Страница 120: ...nity Enterprise Solver EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient an...

Страница 121: ...e Network VPN of IP Security IPSec encrypted tunnels Techniques used include Internet Key Exchange IKE dead peer detection DPD split tunneling and group policy on the server with Domain Name Server DNS information Windows Information Name Service WINS information domain name and an IP address pool for clients Headquarters uses an EzVPN concentrator a Cisco 3800 series router with an ATM interface ...

Страница 122: ...gorithms based on local policy and to generate the encryption and authentication keys to be used by IPSec IPSec can protect one or more data flows between a pair of hosts between a pair of security gateways or between a security gateway and a host ISAKMP Internet Security Association Key Management Protocol A protocol for key exchange encryption and authentication ISAKMP requires at least one pair...

Страница 123: ...rking in a live network ensure that you understand the potential impact of any command before you use it Note When configuring stateful failover for IPSec on the Cisco 2811 router you may get the following message if there is no AIM VPN module installed crypto_ha_ipsec 4 crypto_ha_not_supported_by_hw 2811 Once an AIM VPN module is installed in the Cisco 2811 router this error message will no longe...

Страница 124: ...c IP address 10 32 152 26 Private IP address pool 192 168 1 0 24 The Branch 1 location callout 8 uses a Cisco 1841 router with these characteristics EzVPN client using client mode DSL access to the Internet WIC 1SHDSL interface card installed Public IP address 10 32 152 46 117861 IP IP IP IP IP IP IP IP IP 1 2 3 4 5 7 8 9 6 1 Headquarters location 6 DSL link from the Branch 1 router to the Interne...

Страница 125: ...Easy VPN Configuration Example Configure 5 OL 6340 01 Private IP address pool 192 168 3 0 24 ...

Страница 126: ...ration Current configuration 6824 bytes version 12 3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password encryption hostname EzVPN Hub boot start marker boot end marker enable secret 5 1 t8oN hXnGodPh8ZM ka6k 9aO51 username admin secret 5 1 cfjP kKpB7e3pfKXfpK0RIqX E username ezvpn spoke2 secret 5 1 vrSS AhSPxEUnPOsSpJkGdzjXg username ezvpn s...

Страница 127: ... dynamic map INT_MAP 1 set security association lifetime kilobytes 530000000 set security association lifetime seconds 14400 set transform set TRANSFORM 1 crypto map INT_MAP client authentication list USER_AAA crypto map INT_MAP isakmp authorization list GROUP_AAA crypto map INT_MAP client configuration address respond crypto map INT_MAP 30000 ipsec isakmp dynamic INT_MAP interface GigabitEthernet...

Страница 128: ...t4 5 switchport access vlan 10 no ip address interface FastEthernet4 6 switchport access vlan 10 no ip address interface FastEthernet4 7 switchport access vlan 10 no ip address interface FastEthernet4 8 switchport access vlan 10 no ip address interface FastEthernet4 9 switchport access vlan 10 no ip address interface FastEthernet4 10 switchport access vlan 10 no ip address interface FastEthernet4 ...

Страница 129: ...p local pool VPN POOL 10 1 1 1 10 1 1 10 ip classless ip route 0 0 0 0 0 0 0 0 10 32 152 25 ip http server no ip http secure server control plane line con 0 line aux 0 line vty 0 4 login authentication USERLIST end Branch 1 Router Configuration Cisco 1841 Router EzVPN Spoke 1 show running config Building configuration Current configuration 4252 bytes version 12 3 no service pad service timestamps ...

Страница 130: ... lookup ip domain name cisco com ip sap cache timeout 30 ip ssh time out 30 ip ids po max events 100 no ftp server write enable IPSec configuration crypto ipsec client ezvpn VPN1 connect auto group VPN1 key cisco123 mode client peer 10 32 152 26 username ezvpn spoke1 password cisco1 interface FastEthernet0 0 description private interface ip address 192 168 2 1 255 255 255 0 duplex auto speed auto ...

Страница 131: ...e aux 0 line vty 0 4 login authentication USERLIST end Branch 2 Router Configuration Cisco 2811 Router EzVPN Spoke 2 show running config Building configuration Current configuration 4068 bytes version 12 3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password encryption hostname EzVPN Spoke 2 boot start marker boot end marker enable secret 5 1 ...

Страница 132: ...6 username ezvpn spoke2 password cisco2 interface FastEthernet0 0 description private interface ip address 192 168 3 1 255 255 255 0 duplex auto speed auto crypto ipsec client ezvpn VPN1 inside interface FastEthernet0 1 no ip address duplex auto speed auto shutdown interface Serial0 0 0 description public interface ip address 10 32 150 46 255 255 255 252 crypto ipsec client ezvpn VPN1 ip classless...

Страница 133: ...ishment of crypto connections to the remote EzVPN clients EzVPN Hub Feb 23 10 33 10 663 CRYPTO 5 SESSION_STATUS Crypto tunnel is UP Peer 10 32 150 46 500 Id VPN1 Feb 23 10 33 37 439 CRYPTO 5 SESSION_STATUS Crypto tunnel is UP Peer 10 32 152 46 500 Id VPN1 The following examples show sample output for the show crypto ipsec sa and show crypto ipsec client ezvpn commands The following is sample outpu...

Страница 134: ...ort Y outbound ah sas outbound pcp sas protected vrf local ident addr mask prot port 0 0 0 0 0 0 0 0 0 0 remote ident addr mask prot port 192 168 3 0 255 255 255 0 0 0 current_peer 10 32 150 46 500 PERMIT flags pkts encaps 0 pkts encrypt 0 pkts digest 0 pkts decaps 0 pkts decrypt 0 pkts verify 0 pkts compressed 0 pkts decompressed 0 pkts not compressed 0 pkts compr failed 0 pkts not decompressed 0...

Страница 135: ...er0 Current State IPSEC_ACTIVE Last Event SOCKET_UP Address 10 1 1 3 Mask 255 255 255 255 DNS Primary 192 168 168 183 DNS Secondary 192 168 226 120 NBMS WINS Primary 192 168 179 89 NBMS WINS Secondary 192 168 2 87 Default Domain cisco com The following is sample output from the show crypto ipsec client ezvpn command performed using the configuration on the EzVPN Spoke 2 location EzVPN Spoke 2 show...

Страница 136: ... 26 Debug output resumes May 24 03 04 51 927 EZVPN VPN1 Current State CONNECT_REQUIRED May 24 03 04 51 927 EZVPN VPN1 Event CONNECT May 24 03 04 51 927 EZVPN VPN1 ezvpn_connect_request May 24 03 04 51 927 EZVPN VPN1 New State READY May 24 03 04 51 999 EZVPN VPN1 Current State READY May 24 03 04 51 999 EZVPN VPN1 Event CONN_UP May 24 03 04 51 999 EZVPN VPN1 ezvpn_conn_up 7F890E16 DB923EE3 67C9C0D2 ...

Страница 137: ...nknown Unsupported Attr BACKUP_SERVER 0x7009 May 24 03 04 52 039 EZVPN Unknown Unsupported Attr APPLICATION_VERSION 0x7 May 24 03 04 52 039 EZVPN VPN1 ezvpn_nat_config May 24 03 04 52 043 EZVPN VPN1 New State SS_OPEN May 24 03 04 52 047 EZVPN VPN1 Current State SS_OPEN May 24 03 04 52 047 EZVPN VPN1 Event SOCKET_READY May 24 03 04 52 047 EZVPN VPN1 No state change The following line shows the conn...

Страница 138: ...Easy VPN Configuration Example Related Information 18 OL 6340 01 ...

Страница 139: ...er EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient and TransPath are regi...

Страница 140: ...Easy VPN Configuration Example Related Information 20 OL 6340 01 ...

Страница 141: ...rading floor financial institutions for communications to branch offices The configuration scenario emphasizes implementation of the quality of service QoS and VPN capabilities the configuration has the following characteristics All traffic between two client branch sites and headquarters passes through a VPN of IPSec encrypted tunnels This implementation of Cisco V3 PN features the use of Protoco...

Страница 142: ...n in this document is based on these software and hardware versions At Headquarters a Cisco 3845 router with a Cisco CallManager cluster with ATM access to the Internet At Branch 1 a Cisco 2801 router with a WIC SHDSL V2 interface card installed and with DSL access to the Internet At Branch 2 a Cisco 2811 router with a serial interface connection to the Internet Cisco IOS Release 12 3 11 T or late...

Страница 143: ...ed in this document use the Cisco IOS Command Lookup tool You must have an account on Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Configuration Tips Make sure that the tunnels work before you apply the crypto maps Apply IPSec crypto maps to both the tunnel interface and the physical...

Страница 144: ... access to the Internet Public IP address 10 32 150 46 30 Private IP address pool 192 168 3 0 24 Configurations This document uses the following configurations Headquarters Office Configuration Cisco 3845 Router page 4 Branch 1 Router Configuration Cisco 2801 Router page 9 Branch 2 Router Configuration Cisco 2811 Router page 14 Headquarters Office Configuration Cisco 3845 Router HUB R1 show runnin...

Страница 145: ...ic 3 no network clock participate aim 0 no network clock participate aim 1 aaa new model ENABLE AAA AND USE LOCAL AUTHENTICATION FOR VPN CONNECTIONS aaa authentication login USERLIST local aaa session id common ip subnet zero ip cef CREATE DHCP POOL FOR INTERNAL CLIENTS ON VLAN 10 ip dhcp excluded address 192 168 1 1 ip dhcp pool LOCAL network 192 168 1 0 255 255 255 0 default router 192 168 1 1 n...

Страница 146: ...p policy 10 encr 3des authentication pre share group 2 SPECIFY THAT ISAKMP CLIENTS SPOKE ROUTERS WILL NOT NEED TO USE XAUTH USERNAME AND PASSWORD WHEN CONNECTING crypto isakmp key cisco address 10 32 150 46 no xauth crypto isakmp key cisco address 10 32 153 34 no xauth crypto ipsec transform set TRANSFORM_1 esp 3des esp sha hmac DEFINE THE REMOTE SPOKES THEIR IP ADDRESSES AND ANY POLICIES THAT NEE...

Страница 147: ...y tunnel source ATM1 0 tunnel destination 10 32 153 34 crypto map INT_CM THIS LOOPBACK INTERFACE ACTS AS THE MULTICAST RP interface Loopback100 ip address 192 168 4 1 255 255 255 255 ip pim sparse dense mode THIS VIF INTERFACE IS USED AS THE MULTICAST SOURCE FOR THE VOICE ENDPOINT interface Vif1 ip address 192 168 6 1 255 255 255 0 ip pim sparse dense mode NOT USED interface GigabitEthernet0 0 no ...

Страница 148: ...CE FOR CONNECTING INTERNAL HOSTS interface Vlan10 description Private interface ip address 192 168 1 1 255 255 255 0 ip pim sparse dense mode ENABLE ROUTING FOR ALL RELEVANT NETWORKS INTERNAL USER SUBNET LOOPBACK FOR RP AND VIF FOR VOICE router ospf 1 log adjacency changes network 192 168 1 0 0 0 0 255 area 0 network 192 168 4 1 0 0 0 0 area 0 network 192 168 6 0 0 0 0 255 area 0 DEFINE STATIC ROU...

Страница 149: ...3 connection trunk 100 voice port 0 1 1 THIS DIAL PEER CONNECTS THE VOICE PORT TO MULTICAST GROUP 239 168 1 100 g711 CODEC 64k IS USED AND VAD IS ENABLED dial peer voice 100 voip destination pattern 100 session protocol multicast session target ipv4 239 168 1 100 19890 codec g711ulaw vad aggressive line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login authentication USERLIST end Branch 1 ...

Страница 150: ...ticipate wic 8 no network clock participate aim 0 no network clock participate aim 1 mmi polling interval 60 no mmi auto configure no mmi pvc mmi snmp timeout 180 aaa new model aaa authentication login USERLIST local aaa session id common ip subnet zero ip cef ip dhcp excluded address 192 168 2 1 ip dhcp pool LOCAL network 192 168 2 0 255 255 255 0 default router 192 168 2 1 no ip domain lookup ip...

Страница 151: ...ass data bandwidth percent 20 class class default fair queue SET THE IKE POLICY TO USE 3DES crypto isakmp policy 10 encr 3des authentication pre share group 2 crypto isakmp key cisco address 10 32 152 26 no xauth crypto ipsec transform set TRANSFORM_1 esp 3des esp sha hmac SPECIFY REMOTE PEER crypto map INT_CM 1 ipsec isakmp description Peer device HUB R1 set peer 10 32 152 26 set security associa...

Страница 152: ...O ATM PVC 8 35 IS USED IN THIS EXAMPLE interface ATM2 0 no ip address no atm ilmi keepalive dsl equipment type CPE dsl operating mode GSHDSL symmetric annex A dsl linerate AUTO pvc 0 35 encapsulation aal5snap pvc 8 35 vbr nrt 2000 1000 encapsulation aal5mux ppp Virtual Template1 interface FastEthernet4 0 no ip address interface FastEthernet4 1 no ip address interface FastEthernet4 2 no ip address ...

Страница 153: ...host 10 32 152 26 control plane CONFIGURE THE VOICE PORT AND LINK IT TO DIAL PEER 100 THIS CONNECTION IS PERMANENT THE VOICE CLASS WAS DEFINED EARLIER IN THE CONFIGURATION AND ESTABLISHES AN ALWAYS ON CONNECTION voice port 1 0 voice class permanent 1 timeouts call disconnect 3 connection trunk 100 voice port 1 1 voice port 1 2 voice port 1 3 THIS DIAL PEER CONNECTS THE VOICE PORT TO MULTICAST GROU...

Страница 154: ... memory size iomem 25 mmi polling interval 60 no mmi auto configure no mmi pvc mmi snmp timeout 180 aaa new model aaa authentication login USERLIST local aaa session id common ip subnet zero ip cef ip dhcp excluded address 192 168 3 1 ip dhcp pool LOCAL network 192 168 3 0 255 255 255 0 default router 192 168 3 1 no ip domain lookup ip domain name cisco com ip multicast routing ip audit notify log...

Страница 155: ...1 class map match all video match ip precedence 4 class map match all voice match ip dscp ef policy map LLQ class control traffic bandwidth percent 5 class voice priority percent 35 class video bandwidth percent 15 class data bandwidth percent 20 class class default fair queue interface Tunnel0 description Peer device HUB R1 bandwidth 10000 ip unnumbered FastEthernet0 0 ip mtu 1420 ip pim sparse d...

Страница 156: ...0 description Public interface ip address 10 32 150 46 255 255 255 252 service policy output LLQ crypto map INT_CM interface Vlan1 no ip address router ospf 1 log adjacency changes network 192 168 3 0 0 0 0 255 area 0 network 192 168 5 0 0 0 0 255 area 0 ip classless ip route 0 0 0 0 0 0 0 0 10 32 150 45 ip route 0 0 0 0 0 0 0 0 Serial0 0 0 ip http server no ip http secure server ip access list ex...

Страница 157: ...l registered customers only which allows you to view an analysis of show command output In summary show crypto isakmp sa Shows whether the remote routers have successfully connected show crypto ipsec sa Shows information about each IPSec SA show ip ospf neighbor Shows whether the router has Open Shortest Path First OSPF neighbors show ip route Shows whether the remote networks and multicast subnet...

Страница 158: ...4 QM_IDLE 29 0 10 32 152 26 10 32 150 46 QM_IDLE 31 0 The following is an output example for the show crypto ipsec sa command performed using the configuration on the Headquarters router HUB R1 show crypto ipsec sa interface Tunnel0 Crypto map tag INT_CM local addr 10 32 152 26 protected vrf local ident addr mask prot port 10 32 152 26 255 255 255 255 47 0 remote ident addr mask prot port 10 32 15...

Страница 159: ...ress failed 0 send errors 5 recv errors 0 local crypto endpt 10 32 152 26 remote crypto endpt 10 32 150 46 path mtu 1420 media mtu 1420 current outbound spi D3C362F0 inbound esp sas spi 0x4589EBE8 1166666728 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5219 flow_id 99 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 528510577...

Страница 160: ...caps 123829 pkts decrypt 123829 pkts verify 123829 pkts compressed 0 pkts decompressed 0 pkts not compressed 0 pkts compr failed 0 pkts not decompressed 0 pkts decompress failed 0 send errors 66 recv errors 0 local crypto endpt 10 32 152 26 remote crypto endpt 10 32 153 34 path mtu 1420 media mtu 1420 current outbound spi 69111392 inbound esp sas spi 0xD5823DEF 3582082543 transform esp 3des esp sh...

Страница 161: ...510577 14267 ike_cookies 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD IV size 8 bytes replay detection support Y spi 0xC172073D 3245475645 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5221 flow_id 101 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 522108046 14267 ike_cookies 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD IV size 8 bytes replay...

Страница 162: ...3 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 508969984 10202 ike_cookies DE2C7D5A FB6197B3 795753FB 41D07F6D IV size 8 bytes replay detection support Y inbound ah sas inbound pcp sas outbound esp sas spi 0x69111392 1762726802 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5214 flow_id 94 crypto map INT_CM crypto engine ty...

Страница 163: ...support Y inbound ah sas inbound pcp sas outbound esp sas spi 0x2A87D473 713544819 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5220 flow_id 100 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 528510577 14262 ike_cookies 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD IV size 8 bytes replay detection support Y spi 0xD3C362F0 3552797424 ...

Страница 164: ... O 192 168 2 0 24 110 11 via 192 168 2 1 00 12 50 Tunnel1 O 192 168 3 0 24 110 11 via 192 168 3 1 00 12 50 Tunnel0 S 0 0 0 0 0 1 0 via 10 32 152 25 The following is an output example for the show ip pim neighbors command performed using the configuration on the Headquarters router HUB R1 show ip pim neighbor PIM Neighbor Table Neighbor Interface Uptime Expires Ver DR Address Prio Mode 192 168 3 1 ...

Страница 165: ...Found 1 active RTP connections The following is an output example for the show voice call summary command performed using the configuration on the Headquarters router HUB R1 show voice call summary PORT CODEC VAD VTSP STATE VPM STATE 0 1 0 g711ulaw y S_CONNECT S_TRUNKED 0 1 1 FXSLS_ONHOOK The following is an output example for the show class map command performed using the configuration on the Hea...

Страница 166: ...old 64 packets pkts matched bytes matched 0 0 depth total drops no buffer drops 0 0 0 Class map data match all 0 packets 0 bytes 5 minute offered rate 0 bps drop rate 0 bps Match ip precedence 2 Queueing Output Queue Conversation 267 Bandwidth 20 Bandwidth 20000 kbps Max Threshold 64 packets pkts matched bytes matched 0 0 depth total drops no buffer drops 0 0 0 Class map class default match any 97...

Страница 167: ...mmon to both Headquarters and branch verification The following commands are used for the remote locations only show policy map interface virtual access 4 output Shows how traffic has been queued on the DSL interface Branch 1 Note that different queues have different packet counts because traffic is assigned on the basis of DCSP and IP precedence values show policy map interface serial 0 0 0 outpu...

Страница 168: ...nd spi D5823DEF inbound esp sas spi 0x69111392 1762726802 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5151 flow_id 31 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 508937407 10703 ike_cookies 795753FB 41D07F6D DE2C7D5A FB6197B3 IV size 8 bytes replay detection support Y inbound ah sas inbound pcp sas outbound esp sas spi ...

Страница 169: ...e settings Tunnel slot 0 conn id 5152 flow_id 32 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 508938237 10700 ike_cookies 795753FB 41D07F6D DE2C7D5A FB6197B3 IV size 8 bytes replay detection support Y outbound ah sas outbound pcp sas interface Virtual Access3 Crypto map tag INT_CM local addr 10 32 153 34 protected vrf local ident addr mask prot p...

Страница 170: ...mask prot port 10 32 153 34 255 255 255 255 47 0 remote ident addr mask prot port 10 32 152 26 255 255 255 255 47 0 current_peer 10 32 152 26 500 PERMIT flags origin_is_acl pkts encaps 78628 pkts encrypt 78628 pkts digest 78628 pkts decaps 118675 pkts decrypt 118675 pkts verify 118675 pkts compressed 0 pkts decompressed 0 pkts not compressed 0 pkts compr failed 0 pkts not decompressed 0 pkts decom...

Страница 171: ...r area candidate default U per user static route o ODR P periodic downloaded static route Gateway of last resort is 10 32 153 33 to network 0 0 0 0 192 168 4 0 32 is subnetted 1 subnets O 192 168 4 1 110 11 via 192 168 1 1 00 33 28 Tunnel0 O 192 168 5 0 24 110 21 via 192 168 1 1 00 33 28 Tunnel0 10 0 0 0 8 is variably subnetted 3 subnets 2 masks C 10 32 153 33 32 is directly connected Virtual Acce...

Страница 172: ...C_CONNECT voice on signal on master status trunk connected sequence oos no action pattern timing idle 0 restart 0 standby 0 timeout 65535 supp_all 0 supp_voice 0 keep_alive 0 timer oos_ais_timer 0 timer 0 The following is an output example for the show voip rtp connections command performed using the configuration on the Branch 1 router Branch 1 show voip rtp connections VoIP RTP active connection...

Страница 173: ... 0 0 depth total drops no buffer drops 0 0 0 Class map voice match all 3241999 packets 920726516 bytes 5 minute offered rate 0 bps drop rate 0 bps Match ip dscp ef Queueing Strict Priority Output Queue Conversation 264 Bandwidth 35 Bandwidth 350 kbps Burst 8750 Bytes pkts matched bytes matched 3217794 913852296 total drops bytes drops 0 0 Class map video match all 0 packets 0 bytes 5 minute offere...

Страница 174: ...55 DPU version 0 HSP version 2 2 21 ALPHA Time running 0 Seconds Compression Yes DES Yes 3 DES Yes AES CBC Yes 128 192 256 AES CNTR No Maximum buffer length 4096 Maximum DH index 1000 Maximum SA index 1000 Maximum Flow index 2000 Maximum RSA key size 2048 crypto engine name Cisco VPN Software Implementation crypto engine type software serial number 70107010 crypto engine state installed crypto eng...

Страница 175: ... F5DE05AD 59F8CBF0 5B2E8553 IV size 8 bytes replay detection support Y spi 0xD3C362F0 3552797424 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5153 flow_id 33 crypto map INT_CM crypto engine type Hardware engine_id 2 sa timing remaining key lifetime k sec 521045477 14364 ike_cookies 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553 IV size 8 bytes replay detection support Y inbound ah sa...

Страница 176: ...75 14361 ike_cookies 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553 IV size 8 bytes replay detection support Y spi 0xD3C362F0 3552797424 transform esp 3des esp sha hmac in use settings Tunnel slot 0 conn id 5153 flow_id 33 crypto map INT_CM crypto engine type Hardware engine_id 2 Branch 2 sa timing remaining key lifetime k sec 521045425 14360 ike_cookies 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553 IV size 8 bytes re...

Страница 177: ... 0 0 0 8 is variably subnetted 2 subnets 2 masks C 10 32 150 44 30 is directly connected Serial0 0 0 O 192 168 6 0 24 110 11 via 192 168 1 1 00 31 10 Tunnel0 O 192 168 7 0 24 110 21 via 192 168 1 1 00 31 10 Tunnel0 O 192 168 1 0 24 110 11 via 192 168 1 1 00 31 11 Tunnel0 O 192 168 2 0 24 110 21 via 192 168 1 1 00 31 11 Tunnel0 C 192 168 3 0 24 is directly connected FastEthernet0 0 S 0 0 0 0 0 1 0 ...

Страница 178: ...IP RTP active connections No CallId dstCallId LocalRTP RmtRTP LocalIP RemoteIP 1 9 8 18618 19890 192 168 5 2 239 168 1 100 Found 1 active RTP connections The following is an output example for the show voice call summary command performed using the configuration on the Branch 2 router Branch 2 show voice call summary PORT CODEC VAD VTSP STATE VPM STATE 0 1 0 g711ulaw y S_CONNECT S_TRUNKED 0 1 1 FX...

Страница 179: ...08 kbps Max Threshold 64 packets pkts matched bytes matched 0 0 depth total drops no buffer drops 0 0 0 Class map class default match any 75804 packets 9111740 bytes 5 minute offered rate 0 bps drop rate 0 bps Match any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 256 total queued total drops no buffer drops 0 0 0 The following is an output example for the show crypto engine b...

Страница 180: ...ken on the address to RP mapping database clear crypto isakmp Clears the security associations related to phase 1 clear crypto sa Clears the security associations related to phase 2 The following is an example of output for the debug crypto isakmp and debug crypto ipsec commands Relevant display output is shown in bold text and comments are preceded by an exclamation point and shown in italics rou...

Страница 181: ...AKMP 0 2 SW 1 processing HASH payload message ID 0 REMOTE PEER IS SHOWN TO BE AUTHENTICATED IN THE NEXT LINE Jul 29 16 06 33 643 PDT ISAKMP 0 2 SW 1 SA authentication status authenticated Jul 29 16 06 33 643 PDT ISAKMP 0 2 SW 1 SA has been authenticated with 10 32 150 46 Jul 29 16 06 33 643 PDT ISAKMP Trying to insert a peer 10 32 152 26 10 32 150 46 500 and inserted successfully Jul 29 16 06 33 6...

Страница 182: ...sal part 1 key eng msg INBOUND local 10 32 152 26 remote 10 32 150 46 local_proxy 10 32 152 26 255 255 255 255 47 0 type 1 remote_proxy 10 32 150 46 255 255 255 255 47 0 type 1 protocol ESP transform esp 3des esp sha hmac Tunnel lifedur 0s and 0kb spi 0x0 0 conn_id 0 keysize 0 flags 0x12 Jul 29 16 06 33 923 PDT Crypto mapdb proxy_match src addr 10 32 152 26 dst addr 10 32 150 46 protocol 47 src po...

Страница 183: ...1 protocol ESP transform esp 3des esp sha hmac Tunnel lifedur 3600s and 4608000kb spi 0x833186D0 2201061072 conn_id 0 keysize 0 flags 0x1B Jul 29 16 06 33 935 PDT Crypto mapdb proxy_match src addr 10 32 152 26 dst addr 10 32 150 46 protocol 47 src port 0 dst port 0 Jul 29 16 06 33 935 PDT IPSEC crypto_ipsec_sa_find_ident_head reconnecting with the same proxies and 101 253 249 204 Jul 29 16 06 33 9...

Страница 184: ...he Internet Generation olver EtherChannel EtherFast EtherSwitch Fast Step FormShare GigaDrive GigaStack HomeLink Internet Quotient IOS IP TV iQ Expertise the iQ ss Scorecard LightStream Linksys MeetingPlace MGX the Networkers logo Networking Academy Network Registrar Packet PIX Post Routing Pre RateMUX ScriptShare SlideCast SMARTnet StrataView Plus SwitchProbe TeleRouter The Fastest Way to Increas...

Страница 185: ...upported Features on Your Router by Using Cisco Feature Navigator page 3 Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release page 4 Finding Feature Documentation by Browsing Cisco IOS Release Notes page 4 For a list of key supported features see the data sheet and other product literature for your router Additional IOS related technical documentation can be found at this...

Страница 186: ... have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear Step 2 Click Search by Feature Step 3 Enter the feature name and click Search The search results appear in the Features Available box You may have to scroll down to see the Features Available box If the Features Available box displays None Available then try searching for a variat...

Страница 187: ...uter Do one of the following as appropriate To access documentation for a specific feature on this list proceed to Step 5 To display a list of features that are supported in a specific Cisco IOS release use the Major Release or Release pull down menu to select the Cisco IOS release Cisco Feature Navigator displays a list of features that are supported by the selected Cisco IOS release on your rout...

Страница 188: ...ation Step 4 Navigate to your Cisco IOS software release Step 5 Select the feature module Finding Feature Documentation by Browsing Cisco IOS Release Notes If you know the specific Cisco IOS release in which the feature was introduced you can browse the Cisco IOS release notes to find feature descriptions Note Cisco IOS release notes typically include descriptions only of uncomplicated features th...

Страница 189: ...5 Finding Feature Documentation OL 5994 01 Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release ...

Страница 190: ...o Cisco Unity Enterprise Solver EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Qu...

Страница 191: ...Console Line Speed Cisco IOS CLI page 5 Platforms Supported by This Document Use this document with the following platforms Cisco 1800 series routers Cisco 2800 series routers Cisco 3800 series routers About the Configuration Register The router has a 16 bit configuration register in NVRAM Each bit has value 1 on or set or value 0 off or clear and each bit setting affects the router behavior upon ...

Страница 192: ...bit 9 causes the system to boot from flash memory This bit is typically not modified 10 0x0400 Controls the host portion of the IP broadcast address Setting bit 10 causes the processer to use all zeros Factory default Clearing bit 10 causes the processor to use all ones Bit 10 interacts with bit 14 which controls the network and subnet portions of the IP broadcast address See Table 3 for the combi...

Страница 193: ...ble 2 Boot Field Configuration Register Bit Descriptions Boot Field Bits 3 2 1 and 0 Meaning 0000 0x0 At the next power cycle or reload the router boots to the ROM monitor bootstrap program To use the ROM monitor you must use a terminal or PC that is connected to the router console port For information about connecting the router to a PC or terminal see the hardware installation guide for your rou...

Страница 194: ...efault 8 data bits no parity and 2 stop bits Step 3 Power on the router Step 4 If you are asked whether you would like to enter the initial dialog answer no Would you like to enter the initial dialog yes no After a few seconds the user EXEC prompt Router appears Step 5 Enter privileged EXEC mode by typing enable and if prompted enter your password Router enable Password password Router Step 6 Ente...

Страница 195: ... version command in privileged EXEC mode The configuration register settings are displayed in the last line of the show version command output Configuration register is 0x142 will be 0x142 at next reload Configuring the Console Line Speed Cisco IOS CLI The combined setting of bits 5 11 and 12 determines the console line speed You can modify these particular configuration register bits only from th...

Страница 196: ...Unity Enterprise Solver EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient a...

Страница 197: ... a system image upgrade the system image when there are no TFTP servers or network connections or for disaster recovery Contents Platforms Supported by This Document page 1 Prerequisites for Using the ROM Monitor page 1 Information About the ROM Monitor page 2 How to Use the ROM Monitor Typical Tasks page 3 Additional References page 31 Platforms Supported by This Document This document describes ...

Страница 198: ...all except in the following uncommon situations Manually loading a system image You can load a system image without configuring the router to attempt to load that image in future system reloads or power cycles This can be useful for testing a new system image or for troubleshooting See the Loading a System Image boot section on page 10 Upgrading the system image when there are no TFTP servers or n...

Страница 199: ...play command syntax options see the Displaying Commands and Command Syntax in ROM Monitor Mode help section on page 8 Accessibility This product can be configured using the Cisco command line interface CLI The CLI conforms to accessibility code 508 because it is text based and because it relies on a keyboard for navigation All functions of the router can be configured and monitored through the CLI...

Страница 200: ...ing ROM Monitor Mode page 29 Note This section does not describe how to perform all possible ROM monitor tasks Use the command help to perform any tasks that are not described in this document See the Displaying Commands and Command Syntax in ROM Monitor Mode help section on page 8 ...

Страница 201: ...and Enter ROM Monitor Mode This section describes how to enter ROM monitor mode by reloading the router and entering the Break key sequence SUMMARY STEPS 1 enable 2 reload 3 Press Ctrl Break DETAILED STEPS Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 reload Example Router reload Reloads the operating system Step 3...

Страница 202: ...section on page 8 If you use the Break key sequence to enter ROM monitor mode when the router would otherwise have booted the system image you can exit ROM monitor mode by doing one of the following Enter the i or reset command which restarts the booting process and loads the system image Enter the cont command which continues the booting process and loads the system image Setting the Configuratio...

Страница 203: ...nters global configuration mode Step 3 config register 0x0 Example Router config config register 0x0 Changes the configuration register settings The 0x0 setting forces the router to boot to the ROM monitor at the next system reload Step 4 exit Example Router config exit Exits global configuration mode Step 5 write memory Example Router write memory Sets to boot the system image from flash memory S...

Страница 204: ...Sep 23 16 01 41 571 SYS 5 RELOAD Reload requested by console Reload Reason Reload command System Bootstrap Version 12 4 13r T RELEASE SOFTWARE fc1 Technical Support http www cisco com techsupport Copyright c 2006 by cisco Systems Inc Initializing memory for ECC Router platform with 262144 Kbytes of main memory Main memory is configured to 64 bit mode with ECC enabled Readonly ROMMON initialized ro...

Страница 205: ...s in file system dis display instruction stream dnld serial download a program module frame print out a selected stack frame help monitor builtin command help history monitor command history iomemset set IO memory percent meminfo main memory information repeat repeat a monitor command reset system reset rommon pref select ROMMON set display the monitor variables showmon display currently selected ...

Страница 206: ...display a list of the files and directories in the file system use the dir command as shown in the following example rommon 4 dir flash program load complete entry point 0x8000f000 size 0xcb80 Directory of flash 3934 14871760 rw c2800nm ipbase mz 124 3 7211 1447053 rw C2800NM_RM2 srec rommon 5 dir usbflash1 program load complete entry point 0x8000f000 size 0x3d240 Directory of usbflash1 2 14871760...

Страница 207: ...lash0 someimage In order the examples here direct the router to Boot the first image in flash memory Boot the first image or a specified image in flash memory Boot the specified image over the network from the specified TFTP server hostname or IP address Boot from the boothelper image because it does not recognize the device ID This form of the command is used to boot a specified image from a netw...

Страница 208: ...t Ethernet interfaces 2 Serial sync async interfaces 2 Channelized T1 PRI ports DRAM configuration is 64 bits wide with parity enabled 239K bytes of non volatile configuration memory 253160K bytes of USB Flash usbflash1 Read Write 127104K bytes of ATA CompactFlash Read Write Press RETURN to get started Sep 23 16 11 42 603 USB_HOST_STACK 6 USB_DEVICE_CONNECTED A Full speed USB device has been inser...

Страница 209: ...complete entry point 0x8000f000 size 0x3d240 program load complete entry point 0x8000f000 size 0xe2eb30 Self decompressing the image OK Smart Init is enabled Smart init is sizing iomem ID MEMORY_REQ TYPE 0003E9 0X003DA000 Router Mainboard 0X0014B430 DSP SIMM 0X000021B8 Onboard USB 0X002C29F0 public buffer pools 0X00211000 public particle pools TOTAL 0X009FAFD8 If any of the above Memory Requiremen...

Страница 210: ... 58 951 LINEPROTO 5 UPDOWN Line protocol on Interface Serial0 3 0 changed state to down Sep 23 16 19 58 955 LINEPROTO 5 UPDOWN Line protocol on Interface Serial0 3 1 changed state to down Sep 23 16 20 00 139 SYS 5 CONFIG_I Configured from memory by console Sep 23 16 20 00 351 SYS 5 RESTART System restarted Cisco IOS Software 2800 Software C2800NM IPBASE M Version 12 4 3 RELEASE SOFTWARE fc2 Techni...

Страница 211: ...tions If you use a PC to download a file over the router console port at 115 200 bps make sure that the PC serial port uses a 16550 universal asynchronous receiver transmitter UART If the PC serial port does not use a 16550 UART we recommend using a speed equal to or lower than 38 400 bps for downloading a file over the console port Transfer using the xmodem command works only on the console port ...

Страница 212: ...tion register without affecting the baud rate use the the current configuration register setting by entering the show ver inc configuration command and then replacing the last rightmost number with a 0 in the configuration register command Table 1 xmodem Command Syntax Descriptions Keyword or Argument Description c Optional Performs the download using 16 bit cyclic redundancy check CRC error check...

Страница 213: ...freg Configuration Summary enabled are console baud 9600 boot the ROM Monitor do you wish to change the configuration y n n y enable diagnostic mode y n n y enable use net in IP bcast address y n n y enable load rom after netboot fails y n n y enable use all zero broadcast y n n y enable break abort has effect y n n y enable ignore system config info y n n y change console baud rate y n n y enter ...

Страница 214: ...le Output for the dir usbFlash Command rommon dir usbflash0 Directory of usbflash0 2 18978364 rw c3845 entbasek9 mz 124 0 5 Sample Output for the dev ROM Monitor Command rommon 2 dev Devices in device table id name flash compact flash bootflash boot flash usbflash0 usbflash0 Command or Action Purpose Step 1 dir usbflash x Example rommon dir usbflash1 Displays the contents of the USB flash device i...

Страница 215: ...centage set by using the memory size iomem command that is saved in the NVRAM configuration If you need to set the router I O memory permanently by using a manual method use the memory size iomem Cisco IOS command If you set the I O memory from the Cisco IOS software you must restart the router for I O memory to be set properly SUMMARY STEPS 1 iomemset i o memory percentage DETAILED STEPS Examples...

Страница 216: ...can enter the tftpdnld command you must set the ROM monitor environment variables Prerequisites Connect the TFTP server to a fixed network port on your router Restrictions LAN ports on network modules or interface cards are not active in ROM monitor mode Therefore only a fixed port on your router can be used for TFTP download This can be a fixed Ethernet port on the router that is either of the tw...

Страница 217: ...T_GATEWAY 172 16 23 40 Sets the default gateway of the router Step 4 TFTP_SERVER ip_address Example rommon TFTP_SERVER 172 16 23 33 Sets the TFTP server from which the software will be downloaded Step 5 TFTP_FILE directory path filename Example rommon TFTP_FILE archive rel22 c2801 i mz Sets the name and location of the file that will be downloaded to the router Step 6 FE_PORT 0 1 Example rommon FE...

Страница 218: ...ot available on Cisco 1800 series routers Cisco 2801 routers or Cisco 2811 routers Step 11 TFTP_CHECKSUM 0 1 Example rommon TFTP_CHECKSUM 0 Optional Determines whether the router performs a checksum test on the downloaded image 1 Checksum test is performed default 0 No checksum test is performed Step 12 TFTP_DESTINATION flash usbflash0 usbflash1 Example rommon TFTP_DESTINATION usbflash0 Optional D...

Страница 219: ...0 No progress is displayed 1 Exclamation points are displayed to indicate file download progress This is the default setting 2 Detailed progress is displayed during the file download process for example Initializing interface Interface link state up ARPing for 1 4 0 1 ARP reply for 1 4 0 1 received MAC address 00 00 0c 07 ac 01 Step 17 set Example rommon set Displays the ROM monitor environment va...

Страница 220: ...ot router crashes and hangs Most ROM monitor debug commands are functional only when the router crashes or hangs If you enter a debug command when crash information is not available the following error message appears xxx kernel context state is invalid can not proceed The ROM monitor commands in this section are all optional and can be entered in any order Router Crashes A router or system crash ...

Страница 221: ...ocument for your router The jumper to be changed is DUART DFLT which sets the console connection data rate to 9600 regardless of user configuration The jumper forces the data rate to a known good value Restrictions Do not manually reload or power cycle the router unless reloading or power cycling is required for troubleshooting a router crash The system reload or power cycle can cause important in...

Страница 222: ...n entire individual stack frame The default is 0 zero which is the most recent frame Step 4 sysret Example rommon sysret Optional Displays return information from the last booted system image The return information includes the reason for terminating the image a stack dump of up to eight frames and if an exception is involved the address at which the exception occurred Step 5 meminfo l Example rom...

Страница 223: ...00 00000000 a0 00000000 0000002b s4 00000000 64219118 a1 00000000 00000003 s5 00000000 62ad0000 a2 00000000 00000000 s6 00000000 63e10000 a3 00000000 64219118 s7 00000000 63e10000 t0 00000000 00070808 t8 ffffffff e7400884 t1 00000000 00000000 t9 00000000 00000000 t2 00000000 63e10000 k0 00000000 00000000 t3 00000000 34018001 k1 00000000 63ab871c t4 ffffffff ffff80fd gp 00000000 63c1c2d8 t5 fffffff...

Страница 224: ...c 0x63360000 0x642190f0 sp 0x020 0x63360000 0x642190f4 sp 0x024 0x6079ff70 Sample Output for the sysret ROM Monitor Command rommon 8 sysret System Return Info count 19 reason user break pc 0x801111b0 error address 0x801111b0 Stack Trace FP 0x80005ea8 PC 0x801111b0 FP 0x80005eb4 PC 0x80113694 FP 0x80005f74 PC 0x8010eb44 FP 0x80005f9c PC 0x80008118 FP 0x80005fac PC 0x80008064 FP 0x80005fc4 PC 0xfff0...

Страница 225: ... Hangs Exiting ROM Monitor Mode This section describes how to exit ROM monitor mode and enter the Cisco IOS command line interface CLI The method that you use to exit ROM monitor mode depends on how your router entered ROM monitor mode If you reload the router and enter the Break key sequence to enter ROM monitor mode when the router would otherwise have booted the system image you can exit ROM mo...

Страница 226: ...in flash memory Locate the system image that you want the router to load If the system image is not in flash memory use the second or third option in Step 2 Step 2 boot flash directory filename or boot filename tftpserver or boot filename Example ROMMON boot flash myimage Example ROMMON boot someimage 172 16 30 40 Example ROMMON boot In order the examples here direct the router to Boot the first i...

Страница 227: ...631 Cisco 3725 and Cisco 3745 Routers Note These procedures also apply to Cisco 1841 series Cisco 2800 series and Cisco 3800 series routers Using the boot image Rx boot to recover or upgrade the system image How to Upgrade from ROMmon Using the Boot Image Booting and configuration register commands Cisco IOS Configuration Fundamentals Command Reference Loading and maintaining system images rebooti...

Страница 228: ...tml CCVP the Cisco logo and Welcome to the Human Network are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn is a service mark of Cisco Systems Inc and Access Registrar Aironet Catalyst CCDA CCDP CCIE CCIP CCNA CCNP CCSP Cisco the Cisco Certified Internetwork Expert logo Cisco IOS Cisco Press Cisco Systems Cisco Systems Capital the Cisco Systems logo Cisco Unity Enterp...

Страница 229: ... supported depends on router model Class B flash file system also known as the low end file system LEFS Class C flash file system similar to the standard DOS file system This document contains the following sections Platforms Supported by This Document page 1 Requirements and Restrictions page 2 Online Insertion and Removal page 2 How to Format CompactFlash Memory Cards page 3 File Operations on C...

Страница 230: ...outers Support Class B and Class C flash file systems Support only external CF memory cards If you use a PC to format the CF memory cards you can format the cards with the Microsoft 16 bit File Allocation Table FAT16 Microsoft 32 bit File Allocation Table FAT32 or Microsoft Windows NT file system NTFS Alternatively you can format the CF memory card on the router Note When formatted on the router f...

Страница 231: ... with a Class C flash file system The following examples show sample outputs for Class B and Class C flash file systems External Card with Class B Flash File System Example The geometry and format information does not appear Router show flash all Partition Size Used Free Bank Size State Copy Mode 1 125184K 20390K 104793K 0K Read Write Direct System Compact Flash directory File Length Name status a...

Страница 232: ...eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee...

Страница 233: ...he copy command in privileged EXEC mode To indicate a file that is stored in a CF memory card precede the filename with flash Examples Copying Files In the following example the file my config1 on the CF memory card is copied into the startup config file in the system memory Router copy flash my config1 startup config Destination filename startup config OK 517 bytes copied in 4 188 secs 129 bytes ...

Страница 234: ...0000D0 00000001 10000003 8000CA80 00004B9C J K 000000E0 00000020 00000000 00000000 00000008 000000F0 00000000 0000002F 00000001 10000003 00000100 8000CAA0 00004BBC 00623FA4 00000000 J K b 00000110 00000000 00000008 00000000 3C1C8001 00000120 679C4A80 3C018001 AC3DC70C 3C018001 g J G 00000130 AC3FC710 3C018001 AC24C714 3C018001 G G 00000140 AC25C718 3C018001 AC26C71C 3C018001 G G 00000150 AC27C720 ...

Страница 235: ...mand in privileged EXEC mode Deleting a File from a CompactFlash Memory Card with a Class B Flash File System Example In the following example the file c28xx i mz tmp is deleted from the external CF memory card Router delete flash c28xx i mz tmp Delete filename c28xx i mz tmp Delete flash c28xx i mz tmp confirm Because the file was deleted it does not appear when you enter the dir flash command Ro...

Страница 236: ...Flash Memory Card Directory operations vary according to the formatted file system Class B or Class C The following sections describe directory operations for external CF memory cards on Cisco routers Entering a Directory and Determining Which Directory You Are In page 8 Creating a New Directory page 9 Removing a Directory page 10 Entering a Directory and Determining Which Directory You Are In To ...

Страница 237: ...uter dir Directory of flash config 380 rw 6462268 Mar 08 2004 06 14 02 myconfig1 203 rw 6458388 Mar 03 2004 00 01 24 myconfig2 63930368 bytes total 51007488 bytes free Creating a New Directory To create a directory in flash memory enter the mkdir flash command in privileged EXEC mode Creating a New Directory Example In the following example a new directory named config is created then a new subdir...

Страница 238: ...4 Cisco Systems Inc All rights reserved CCVP the Cisco logo and Welcome to the Human Network are trademarks of Cisco Systems Inc Changing the Way We Work Live Play and Learn is a service mark of Cisco Systems Inc and Access Registrar Aironet Catalyst CCDA CCDP CCIE CCIP CCNA CCNP CCSP Cisco the Cisco Certified Internetwork Expert logo Cisco IOS Cisco Press Cisco Systems Cisco Systems Capital the C...

Страница 239: ...grading the System Image page 1 Information About Upgrading the System Image page 2 How to Upgrade the System Image page 3 Additional References page 24 Platforms Supported by This Document Cisco 1800 series routers Cisco 2800 series routers Cisco 3800 series routers Restrictions for Upgrading the System Image Cisco 3800 series routers Cisco 2800 series routers and Cisco 1800 series routers suppor...

Страница 240: ...e of the system image enter the show version command in user EXEC or privileged EXEC mode How Do I Choose the New Cisco IOS Release and Feature Set To determine which Cisco IOS releases and feature sets support your platform and required features go to Cisco Feature Navigator at http www cisco com go fn You must have an account on Cisco com If you do not have an account or have forgotten your user...

Страница 241: ... you save backup copies of your current startup configuration file and Cisco IOS software system image file on a server For more detailed information see the Managing Configuration Files chapter and the Loading and Maintaining System Images chapter of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide To save backup copies of the startup configuration file and the ...

Страница 242: ... The router uses the default username and password Router dir flash System flash directory File Length Name status 1 4137888 c2800 image mz 4137952 bytes used 12639264 available 16777216 total 16384K bytes of processor board System flash Read Write Router copy flash tftp IP address of remote host 255 255 255 255 192 0 0 1 filename to write on tftp host c2800 image mz writing c2800 image mz success...

Страница 243: ...st upgrade your DRAM See the hardware installation guide for your router DETAILED STEPS Step 1 Select the system image in the Download Software Area at the following URL http www cisco com kobayashi sw center index shtml You must have an account on Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions th...

Страница 244: ...y requirements you must upgrade your DRAM See the hardware installation guide for your router What to Do Next Proceed to the Ensuring Adequate Flash Memory for the New System Image section on page 6 Ensuring Adequate Flash Memory for the New System Image This section describes how to check whether your router has enough flash memory to upgrade to the new system image and if necessary how to proper...

Страница 245: ...an the new system image s minimum flash requirements proceed to Step 6 6 dir all flash 7 From the displayed output of the dir all flash command write down the names and directory locations of the files that you can delete 8 Optional copy flash tftp rcp 9 Optional Repeat Step 8 for each file that you identified in Step 7 10 delete flash directory path filename 11 Repeat Step 10 for each file that y...

Страница 246: ...tmp deleted 2 6458208 c38xx i mz 12916544 bytes used 3139776 available 16056320 total 15680K bytes of ATA CompactFlash Read Write Step 4 From the displayed output of the dir flash command compare the number of bytes available to the minimum flash requirements for the new system image If the available memory is equal to or greater than the new system image s minimum flash requirements proceed to th...

Страница 247: ...the file from flash memory When prompted enter the filename and the server s hostname or IP address Router copy flash tftp Step 9 Optional Repeat Step 8 for each file that you identified in Step 7 Step 10 delete flash directory path filename Use this command to delete a file in flash memory Router delete flash c38xx i mz tmp Delete filename c38xx i mz tmp cr Delete flash c38xx i mz tmp confirm cr ...

Страница 248: ...ge 10 Using the ROM Monitor to Copy the System Image over a Network page 12 Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash Memory page 15 Using Console Download xmodem in ROM Monitor to Copy the System Image into Flash Memory page 16 Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory This section describes how to use TFTP or Remote Copy Pr...

Страница 249: ...r the filename as you want it to appear on the router 6 If an error message appears that says Not enough space on device do one of the following as appropriate If you are certain that all the files in flash memory should be erased enter y twice when prompted to erase flash before copying If you are not certain that all files in flash memory should be erased press Ctrl Z and follow the instructions...

Страница 250: ... confirm that flash memory will be erased before copying Accessing tftp 10 10 10 2 c2600 i mz 121 14 bin Erase flash before copying confirm y Erasing the flash filesystem will remove all files Continue confirm y Erasing device eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee If you are not certain that all the files in flash memory should be erased press Ctrl Z and follow the instructions in...

Страница 251: ...ss configuration variable 4 Set the DEFAULT_GATEWAY ip_address configuration variable 5 Set the TFTP_SERVER ip_address configuration variable 6 Set the TFTP_FILE directory path filename configuration variable 7 Optional Set the GE_PORT 0 1 configuration variable 8 Optional Set the MEDIA_TYPE 0 1 configuration variable 9 Optional Set the TFTP_CHECKSUM 0 1 configuration variable 10 Optional Set the ...

Страница 252: ... Protocol ARP and TFTP download The default is 7 attempts For example rommon TFTP_RETRY_COUNT 10 Step 11 Optional Set the amount of time in seconds before the download process times out The default is 2400 seconds 40 minutes The following example shows 1800 seconds 30 minutes TFTP_TIMEOUT 1800 Step 12 Optional Configure how the router will display the file download progress Usage is TFTP_VERBOSE 0...

Страница 253: ... the compact flash memory card slot on the router chassis For help with locating the slot and instructions for removing and inserting the card see the hardware installation guide for your router Caution Removing the compact flash memory card may disrupt the network because some software features use the compact flash memory card to store tables and other important data SUMMARY STEPS 1 Remove the c...

Страница 254: ...ns If you use a PC to download a Cisco IOS image over the router console port at 115 200 bps make sure that the PC serial port uses a 16550 universal asynchronous receiver transmitter UART If the PC serial port does not use a 16550 UART we recommend using a speed of 38 400 bps or lower when downloading a Cisco IOS image over the console port The xmodem transfer works only on the console port You c...

Страница 255: ...e new system image from the Cisco IOS software Table 1 xmodem Command Syntax Descriptions Keyword or Argument Description c Optional Performs the download using 16 bit cyclic redundancy check CRC error checking to validate packets The default is 8 bit CRC y Optional Performs the download using ymodem protocol The default is xmodem protocol The protocols differ as follows The xmodem protocol suppor...

Страница 256: ...it 12 copy run start 13 reload 14 When prompted to save the system configuration enter no 15 When prompted to confirm the reload enter y 16 show version DETAILED STEPS Step 1 dir flash Use this command to display a list of all files and directories in flash memory Router dir flash Directory of flash 3 rw 6458388 Mar 01 1993 00 00 58 c38xx i mz tmp 1580 rw 6462268 Mar 06 1993 06 14 02 c38xx i mz 28...

Страница 257: ...any backup system images Step 6 exit Use this command to exit global configuration mode Router config exit Router Step 7 show version Use this command to display the configuration register setting Router show version Cisco Internetwork Operating System Software Configuration register is 0x0 Router Step 8 If the last digit in the configuration register is 0 or 1 proceed to Step 9 However if the las...

Страница 258: ... Router show version 00 22 25 SYS 5 CONFIG_I Configured from console by console Cisco Internetwork Operating System Software System returned to ROM by reload System image file is flash c2600 i mz 121 14 bin What to Do Next Proceed to the Saving Backup Copies of Your New System Image and Configuration section on page 22 Loading the New System Image from ROM Monitor Mode This section describes how t...

Страница 259: ...he boot system commands in the startup configuration file rommon confreg 0x2102 Step 3 boot flash partition number filename Use this command to force the router to load the new system image rommon boot flash C2600 j m2 113 4T Step 4 After the system loads the new system image press Return a few times to display the Cisco IOS CLI prompt Step 5 enable Use this command to enable privileged EXEC mode ...

Страница 260: ...ecovery and to minimize downtime in the event of file corruption we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server Tip Do not erase any existing backup copies of your configuration and system image that you saved before upgrading your system image If you encounter serious problems using your new system image or start...

Страница 261: ...lash directory File Length Name status 1 4137888 c2800 image mz 4137952 bytes used 12639264 available 16777216 total 16384K bytes of processor board System flash Read Write Command or Action Purpose Step 1 enable Example Router enable Enables privileged EXEC mode Enter your password if prompted Step 2 copy nvram startup config ftp rcp tftp Example Router copy nvram startup config ftp Copies the st...

Страница 262: ...i sw center index shtml1 Choosing and downloading system images Software Center at http www cisco com kobayashi sw center index shtml Loading and maintaining system images Cisco IOS Configuration Fundamentals and Network Management Configuration Guide Using external compact flash memory cards Using Compact Flash Memory Cards Removing inserting and upgrading compact flash memory cards hardware inst...

Страница 263: ... including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content 1 1 You must have an account on Cisco com If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions that appear http www cisco com public support tac home shtml ...

Страница 264: ...r EtherChannel EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient and TransPath are regis...

Страница 265: ...ization on Cisco Routers Technical Assistance Center TAC Website You must have an account on Cisco com to access the following tools If you do not have an account or have forgotten your username or password click Cancel at the login dialog box and follow the instructions TAC Case Collection Troubleshooting Assistant Error Message Decoder Research and resolve error messages Output Interpreter Gener...

Страница 266: ... EtherFast EtherSwitch Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone IP TV iQ Expertise the iQ logo iQ Net Readiness Scorecard iQuick Study LightStream Linksys MeetingPlace MGX Networkers Networking Academy Network Registrar PIX ProConnect ScriptShare SMARTnet StackWise The Fastest Way to Increase Your Internet Quotient and TransPath are registered trademar...

Отзывы:

Нет отзывов

Похожие инструкции для 2800 Series

3Com PathBuilder S200 Series Manual preview
PathBuilder S200 Series
Бренд: 3Com Страницы: 31
3Com OfficeConnect 3C855 Frequently Asked Questions preview
OfficeConnect 3C855
Бренд: 3Com Страницы: 3
3Com OfficeConnect 3C855 Using preview
OfficeConnect 3C855
Бренд: 3Com Страницы: 4
Vega BS Series User Manual preview
BS Series
Бренд: Vega Страницы: 39
Farfisa AGORA IPV11AGL Quick Starting Manual preview
AGORA IPV11AGL
Бренд: Farfisa Страницы: 12
Dispel Wicket User Manual preview
Wicket
Бренд: Dispel Страницы: 17
Top Global MB6000 Series User Manual preview
MB6000 Series
Бренд: Top Global Страницы: 75
RTA 460PBSA-N70PB Product User Manual preview
460PBSA-N70PB
Бренд: RTA Страницы: 88
XLOCK G3 Ethernnet Instruction Manual preview
G3 Ethernnet
Бренд: XLOCK Страницы: 2
BURG WATCHER TSE 5001 Assembly And User'S Manual preview
TSE 5001
Бренд: BURG WATCHER Страницы: 21
Nokia M1122 Administrator'S Manual preview
M1122
Бренд: Nokia Страницы: 107
Intermatic ET9500 Installation Instructions Manual preview
ET9500
Бренд: Intermatic Страницы: 6
Digicom VoiceGATE 8D5499 User Manual preview
VoiceGATE 8D5499
Бренд: Digicom Страницы: 29
Four-Faith F8L10GW-L User Manual preview
F8L10GW-L
Бренд: Four-Faith Страницы: 32
ZyXEL Communications 400 User Manual preview
400
Бренд: ZyXEL Communications Страницы: 68
NexLink IOP-1 Instruction Manual preview
IOP-1
Бренд: NexLink Страницы: 24
IDTECK iPass IP100R Manual preview
iPass IP100R
Бренд: IDTECK Страницы: 71
Zte ZXV10 Installation Manual preview
ZXV10
Бренд: Zte Страницы: 28

Бренды по названию

Популярные бренды

Загрузить еще бренды