Cisco Router 800 Series Software Configuration Guide
Have a look at the manual Cisco Router 800 Series Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
8-45
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8 Advanced Router Configuration
Configuring ATM OAM F5 Continuity Check Support
oam-pvc manage cc segment direction source
!
end
The following configuration example activates CC over the segment and causes
the router to function as the sink.
interface ATM0
ip address 10.0.0.3 255.255.255.0
pvc 0/33
oam-pvc manage cc segment direction sink
!
end
The following configuration example activates CC over the segment and causes
the router to function both as the source of CC cells and as the sink:
interface ATM0
ip address 10.0.0.3 255.255.255.0
pvc 0/33
oam-pvc manage cc segment direction both
!
end
The following configuration example deactivates segment CC:
interface ATM0
ip address 10.0.0.3 255.255.255.0
pvc 0/33
no oam-pvc manage cc
!
end
Configuring CC Activation and Deactivation Request Frequency
The following command sets the frequency at which CC activation and
deactivation requests are sent to the router at the other end of the segment.
oam retry cc activation-count number deactivation-count number retry-frequency seconds
The no form of this command removes these settings.
no oam retry cc activation-count number deactivation-count number retry-frequency seconds
Chapter 8 Advanced Router Configuration
Configuring ATM OAM F5 Continuity Check Support
8-46
Cisco 800 Series Software Configuration Guide
78-5372-06
Configuration Example
The following configuration example sets the CC activation and deactivation
counts, as well as the retry frequency:
interface ATM0
ip address 10.0.0.3 255.255.255.0
pvc 0/33
oam-pvc manage cc segment direction source
retry activation-count 10 deactivation-count 10 retry-frequency 3
!
end
Disabling CC Support on the VC
The following command disables CC support on the virtual circuit (VC) under
which the command has been entered. A PVC on which CC support has been
disabled will deny CC activation requests.
oam-pvc manage cc deny
The no form of this command reenables CC support on the VC.
no oam-pvc manage cc deny
Configuration Example
The following configuration example denies segment CC:
interface ATM0
ip address 10.0.0.3 255.255.255.0
pvc 0/33
oam-pvc manage cc deny
!
end
8-47 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring ATM OAM F5 Continuity Check Support Configuring Continuity Checking Debugging Use the following command to see the results of continuity checking. debug atm oam cc interface atm number The no form of this command disables continuity checking debugging. no debug atm oam cc interface atm number Configuring Generation of End-to-End F5 OAM Loopback Cells Follow the steps below to configure generation of an end-to-end F5 OAM loopback cell, beginning in global configuration mode. The following example enables OAM management on an ATM PVC. The PVC is assigned the name router A and the VPI and VCI are assigned 0 and 32, respectively. OAM management is enabled with a frequency of 3 seconds between OAM cell transmissions. interface atm 2/0 pvc routerA 0/32 oam-pvc manage 3 oam retry 5 5 10 Command Task Step 1interface atm 0 Enter configuration mode for the ATM interface. Step 2pvc routerA vpi/vci Assign PVC to the name router A with the vpi and vci values. Step 3oam-pvc manage 3Enable OAM management with a frequency of 3 seconds between OAM cell transmissions. Step 4oam retry 5 5 10Configure the up count, down count, and retry frequency.
Chapter 8 Advanced Router Configuration Configuring ATM OAM F5 Continuity Check Support 8-48 Cisco 800 Series Software Configuration Guide 78-5372-06 Example Output The following example output of the debug atm oam cc command records activity beginning with the entering of the oam-pvc manage cc command, and ending with the entering of the no oam-pvc manage cc command. The ATM 0 interface is specified, and the “both” segment direction is specified. The output shows an activation request sent and confirmed, a series of CC cells sent by the routers on each end of the segment, and a deactivation request and confirmation. router#debug atm oam cc interface atm0 Generic ATM: ATM OAM CC cells debugging is on router# 00:15:05: CC ACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:5 00:15:05: CC ACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:5 00:15:06: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 00:15:07: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:08: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:09: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:10: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:11: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:12: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:13: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:14: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:15: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:16: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:17: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:18: CC CELL (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:19: CC CELL (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:1 OAM Func:4 00:15:19: CC DEACTIVATE MSG (ATM0) I:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:6 00:15:19: CC DEACTIVATE CONFIRM MSG (ATM0) O:VCD#1 VC 1/40 OAM Cell Type:4 OAM Type:8 OAM Func:1 Direction:3 CTag:6 The following table describes significant fields. Field Description 00:15:05 Time stamp. CC ACTIVATE MSG (ATM0)Message type and interface. 0Source.
8-49 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring RADIUS Support Configuring RADIUS Support RADIUS is supported on the following Cisco routers: Cisco 806 Cisco 826 and 836 Cisco 827, 827H, 827-4V, 831, and 837 Cisco 828 RADIUS enables you to secure your network against unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for the router to use RADIUS client features. For instructions on configuring RADIUS, refer to the Cisco 806 Router Software Configuration Guide and to the Cisco IOS Security Configuration Guide. Configuring Cisco Easy VPN Client The Cisco Easy VPN Client feature is supported on the following Cisco routers: Cisco 806 Cisco 826 and 836 Cisco 827, 827H, 827-4V, 831, and 837 Cisco 828 1Sink. VC 1/40 Virtual circuit identifier. Direction:3 Indication of the direction in which the cells are traveling. 1 indicates local router operates as a sink. 2 indicates local router operates as a source. 3 indicates both routers operate as source and sink. Field Description
Chapter 8 Advanced Router Configuration Configuring Cisco Easy VPN Client 8-50 Cisco 800 Series Software Configuration Guide 78-5372-06 The Cisco Easy VPN client feature supports two modes of operation: Client—Specifies that Network Address Translation/Port Address Translation (NAT/PAT) be done, so that the PCs and other hosts at the client end of the VPN tunnel form a private network that does not use any IP addresses in the destination server’s IP address space. Network Extension—Specifies that the PCs and other hosts at the client end of the VPN tunnel should be given IP addresses in the destination enterprise network’s IP address space, so that they form one logical network. Both modes of operation also optionally support split tunneling, which allows secure access to corporate resources through the VPN tunnel while also allowing Internet access through a connection to an ISP or other service (thereby eliminating the corporate network from the path for Web access). This configuration is enabled by a simple access list implemented on the IPSec server. NoteCisco 800 series routers are supported as IPSec clients of VPN 3000 concentrators. Support for other IPSec servers will be available in a future release. Be sure to refer to the Cisco IOS release notes for the current release to determine if there are any other limitations on the use of Cisco Easy VPN Client. The release note Cisco EZVPN Client for the Cisco uBR905/uBR925 Cable Access Routers provides instructions for configuring the DHCP server pool and the Easy VPN client profile required for implementing Easy VPN. The release note also provides configuration examples for the IPSec server and descriptions of commands for managing Easy VPN. Configuration Example This section provides a client mode configuration example for the Cisco 827 router. The following example configures a Cisco 827 router as an IPSec client, using the Cisco Easy VPN feature in the client mode of operation. This example shows the following components of the Cisco Easy VPN client configuration: DHCP server pool—The ip dhcp pool command creates a pool of IP addresses to be assigned to the PCs connected to the router’s Ethernet 1 interface. The pool assigns addresses in the class C private address space
8-51 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring Cisco Easy VPN Client (192.168.100.0) and configures each PC so that its default route is 192.168.100.1, which is the IP address assigned to the router’s Ethernet interface. EzVPN client configuration—The first crypto ipsec client ezvpn hw-client command (global configuration mode) creates an EzVPN client configuration named hw-client. This configuration specifies a group name of hw-client-groupname and a shared key value of hw-client-password, and it sets the peer destination to the IP address 188.185.0.5 (which is the address assigned to the interface connected to the Internet on the destination peer router). The EzVPN configuration is configured for the default operations mode client. NoteIf DNS is also configured on the router, the peer option also supports a host name instead of an IP address. The second crypto ipsec client ezvpn hw-client command (ATM 0 interface configuration mode) assigns the EzVPN client configuration to the ATM 0 interface, so that all traffic received and transmitted on that interface is sent through the VPN tunnel. The following is an example output of the show running-config command: Current configuration :1040 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname c827-18 ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip dhcp excluded-address 192.168.100.1 ! ip dhcp pool CLIENT import all network 192.168.100.0 255.255.255.0 default-router 192.168.100.1
Chapter 8 Advanced Router Configuration Configuring Dial-on-Demand Routing for PPPoE Client 8-52 Cisco 800 Series Software Configuration Guide 78-5372-06 ! ip ssh time-out 120 ip ssh authentication-retries 3 ! crypto ipsec client ezvpn hw-client group hw-client-groupname key hw-client-password mode client peer 188.185.0.5 ! interface Ethernet0 ip address 192.168.100.1 255.255.255.0 hold-queue 100 out ! interface ATM0 ip address 192.168.101.18 255.255.255.0 no atm ilmi-keepalive protocol ip 192.168.101.19 broadcast encapsulation aal5snap ! dsl operating-mode auto crypto ipsec client ezvpn hw-client ! ip classless ip route 0.0.0.0 0.0.0.0 ATM0 ip route 50.0.0.0 255.0.0.0 40.0.0.19 ip http server ip pim bidir-enable ! line con 0 stopbits 1 line vty 0 4 login ! Configuring Dial-on-Demand Routing for PPPoE Client Dial-on-demand routing (DDR) for PPPoE client is supported on the following Cisco routers: Cisco 806 Cisco 826 and 836 Cisco 827, 827H, 827-4V, 831, and 837
8-53 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring Dial-on-Demand Routing for PPPoE Client Cisco SOHO 77, SOHO 77H, SOHO 78, SOHO 91, SOHO 96, and SOHO 97 Cisco 828 DDR for the PPPoE client provides flexibility for subscribers whose ISP charges are based on the amount of time that they are connected to the network (non-flat-rate services). With the DDR for PPPoE client feature, you can designate a type of traffic as traffic of interest. You can then configure the router so that it will bring up the PPPoE connection when any traffic of interest arrives from the LAN interface and so that it will bring down the connection when the dialer idle timer expires. DDR is configured in Ethernet 1 configuration mode, using the pppoe-client dial-pool-number command with the dial-on demand keyword. The syntax is shown below. pppoe-client dial-pool-number number [dial-on-demand] Configuring DDR for a PPPoE Client Follow the steps below to configure DDR for a PPPoE client, beginning in global configuration mode: Step 1Enable VPDN. a.In global configuration mode, enter the vpdn enable command. b.Enter no vpdn logging command to disable vpdn logging. Step 2Configure a virtual private dial-up network (VPDN) group. a.Enter the global configuration mode vpdn-group number command, to enter vpdn group configuration mode. b.Enter request-dialin to specify the dial-in dialing mode. Step 3Configure the Ethernet 1 interface. a.Enter interface Ethernet 1 to enter Ethernet 1 interface configuration mode. b.Enter pppoe enable to enable PPPoE for this interface. c.Activate DDR and create a dial pool by entering pppoe-client dial-pool-number number dial-on-demand. The number value must match the vpdn group number.
Chapter 8 Advanced Router Configuration Configuring Dial-on-Demand Routing for PPPoE Client 8-54 Cisco 800 Series Software Configuration Guide 78-5372-06 Step 4Configure the dialer interface. a.Enter interface dialer 1 to enter dialer interface configuration mode. b.Enter ip address negotiated to indicate that the ip address will be negotiated with the DHCP server. c.Specify the maximum transmission unit size by entering ip mtu 1492. d.Set the encapsulation type by entering encapsulation ppp. e.Enter the dialer pool number command to associate the dialer interface with the dialer pool created for the Ethernet 1 interface. f.Set the idle timer interval by entering dialer idle-timeout 180 either. The either keyword specifies that either inbound or outbound traffic can reset the idle timer. NoteA value of 0 specifies that the timer will never expire and that the connection will always be up. g. Enter dialer hold-queue 100 to set the queue to a size that will hold packets of interest before the connection is established. h.Enter dialer-group 1 to specify the dialer list that defines traffic of interest. i.Leave Dialer 1 interface configuration mode by entering exit. Step 5In the global configuration mode, enter the dialer-list 1 protocol ip permit command to define IP traffic as the traffic of interest. Step 6Create a static route for the Dialer 1 interface by entering the ip route 0.0.0.0 0.0.0.0 dialer 1 permanent command. Step 7Enter end to leave configuration mode.