Cisco Router 800 Series Software Configuration Guide
Have a look at the manual Cisco Router 800 Series Software Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
8-55 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring Weighted Fair Queuing Configuring Weighted Fair Queuing Weighted fair queuing (WFQ) is supported on the following Cisco routers: Cisco 806 Cisco 826 and 836 Cisco 827, 827H, 827-4V, 831, and 837 routers Cisco 828 WFQ has certain limitations. It is not scalable if the flow amount increases considerably, and native WFQ is not available on high-speed interfaces such as ATM interfaces. Class-based WFQ, available on Cisco IOS Plus images, overcomes these limitations. Configuring WFQ Follow the steps below to apply WFQ to the ATM interface of a Cisco router. Step 1Create a policy map for WFQ. a.In global configuration mode, enter the policy-map map-name command to construct a WFQ policy. The map name wfq could be used to specify that this is the policy map for WFQ. b.Enter class class-default to use the default class for all traffic. c.Apply WFQ to all traffic by entering the fair-queue command. d.Enter exit twice to return to global configuration mode. Step 2Apply the policy map to the router interface. a.Enter interface atm number, where number is the ATM interface number. b.Enter pvc vpi/vci to specify which PVC you are applying the policy map to. c.Enter service-policy output map-name to apply the policy to this PVC. If you named the policy map wfq, you would enter the command service-policy output wfq. Step 3Enter end to leave router configuration mode.
Chapter 8 Advanced Router Configuration Configuring Weighted Fair Queuing 8-56 Cisco 800 Series Software Configuration Guide 78-5372-06 Example Configuration The following configuration applies WFQ to PVC 0/33 on the ATM 0.1 interface. The policy map named wfq is created, and WFQ is applied to the default class referenced in that policy map. Then, wfq is referenced in the ATM 0.1 interface configuration. version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password encryption ! hostname 806-uut ! ip subnet-zero ! policy-map wfq class class-default fair-queue ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ! interface atm0.1 no ip address pvc 0/33 service-policy output wfq ! ip classless ip http server ip pim bidir-enable ! line con 0 stopbits 1 line vty 0 4 login ! scheduler max-task-time 5000 end !
8-57 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring DSL Commands Configuring DSL Commands The sections below describe the supported DSL commands. Follow the steps below to configure DSL command-line interface (CLI) commands. Configuration Example The following is a configuration example for the dsl command. interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto dsl noise-margin 0 dsl max-tone-bits 14 dsl gain-setting tx-offset 0 dsl gain-setting rx-offset 1 Enabling the DSL Training Log The DSL training log feature is available on the following Cisco routers: Cisco 826 and 836 Cisco 827, 827H, 827-4V, and 837 routers Cisco 828 By default, a DSL training log is retrieved each time the Cisco router establishes contact with the DSLAM. The training log is a record of the events that occur when the router trains, or negotiates communication parameters, with the DSLAM at the central office. However, retrieving this log adds significant Command Task Step 1dsl noise-marginSet the noise margin offset. Step 2max-tone-bitsSet the maximum bits per tone limit. Step 3gain-setting rx-offsetSet the receive gain offset. Step 4gain-setting tx-offsetSet the transmit gain offset.
Chapter 8 Advanced Router Configuration Configuring DSL Commands 8-58 Cisco 800 Series Software Configuration Guide 78-5372-06 amount of time to the training process, and retrieval is not always necessary after the router has successfully trained. You must use the dsl enable-training-log command to enable the retrieval of this log. The no form of this command disables retrieval of the DSL training log. dsl enable-training-log no dsl enable-training-log Retrieving the DSL Training Log and Then Disabling Further Retrieval of the Training Log Complete the following tasks to retrieve the training log, examine it, and then disable the router from retrieving the training log the next time it trains with the DSLAM. Step 1Configure the router to retrieve the training log. a.Enter the global configuration mode interface ATM number command, where number is the number of the ATM interface. b.Enter dsl enable-training-log to enable the retrieval of the training log. c.Enter end to leave router configuration mode. Step 2Unplug the DSL cable from the DSL socket on the back of the router, wait a few seconds, and then plug the cable back in. Step 3When the “DSL line up” message appears, issue the show dsl int atm number command, where number is the number of the ATM interface, to display the retrieved log. Step 4When you have decided that it is no longer necessary for the router to retrieve the training log, reconfigure the router to disable the retrieval of the log by completing the following tasks. a.Enter the global configuration mode interface ATM number command, where number is the number of the ATM interface. b.Enter no dsl enable-training-log to disable the retrieval of the training log. c.Enter end to leave router configuration mode.
8-59
Cisco 800 Series Software Configuration Guide
78-5372-06
Chapter 8 Advanced Router Configuration
Configuring DSL Commands
Selecting Secondary DSL Firmware
This command is available on the Cisco 827, 827H, 827-4V, and 837 routers.
The ATM interface mode dsl firmware secondary command enables you to
select the secondary DSL firmware.
dsl firmware secondary
To revert to using the primary firmware, enter the no form of this command.
no dsl firmware secondary
NoteThe router must retrain in order for the configuration changes to take effect.
To retrain the line, you can unplug the DSL cable from the DSL socket on the
back of the router and then plug the DSL cable back in again.
You can use the show dsl interface atm number command to compare firmware
versions in use before retraining the DSL line, and after retraining.
Output Example
The following example output contains show dsl interface atm command output
before the dsl secondary firmware command is added to the configuration.
827-sus2#sh dsl int atm0
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT)
ITU STD NUM: 0x01 0x01
Vendor ID: ALCB GSPN
Vendor Specific:0x0000 0x0002
Vendor Country: 0x00 0x00
Capacity Used: 66% 74%
Noise Margin: 16.5 dB 17.0 dB
Output Power: 8.0 dBm 12.0 dBm
Attenuation: 0.0 dB 4.0 dB
Defect Status: None None
Last Fail Code: None
Selftest Result:0x49
Subfunction: 0x02
Interrupts: 652 (1 spurious)
Activations: 1
SW Version: 3.8129
Chapter 8 Advanced Router Configuration
Configuring DSL Commands
8-60
Cisco 800 Series Software Configuration Guide
78-5372-06 FW Version: 0x1A04
After adding the dsl firmware secondary command to the configuration and
retraining, the show dsl interface ATM0 output shows that the software version
has changed to 3.7123.
827-sus2#sh dsl int atm0
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT)
ITU STD NUM: 0x01 0x01
Vendor ID: ALCB GSPN
Vendor Specific:0x0000 0x0002
Vendor Country: 0x00 0x00
Capacity Used: 71% 74%
Noise Margin: 18.0 dB 17.0 dB
Output Power: 7.5 dBm 12.0 dBm
Attenuation: 0.0 dB 4.0 dB
Defect Status: None None
Last Fail Code: None
Selftest Result:0x00
Subfunction: 0x02
Interrupts: 1206 (2 spurious)
Activations: 2
SW Version: 3.7123
FW Version: 0x1A04
Configuration Example
The following example shows configuration of a Cisco 827 router using
secondary DSL firmware.
827-sus2#sh run
Building configuration...
Current configuration :738 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname 827-sus2
!
ip subnet-zero
8-61 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring DNS-Based X.25 Routing no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! interface Ethernet0 ip address 192.168.5.23 255.255.255.0 no cdp enable hold-queue 100 out ! interface Virtual-Template1 ip address 2.2.3.4 255.255.255.0 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/40 encapsulation aal5mux ppp Virtual-Template1 ! dsl operating-mode itu-dmt dsl firmware secondary ===========> New CLI ! ip classless ip http server ip pim bidir-enable ! line con 0 exec-timeout 0 0 stopbits 1 line vty 0 4 login ! scheduler max-task-time 5000 end 827-sus2# Configuring DNS-Based X.25 Routing DNS-based X.25 routing is supported only on Cisco 805 routers. The x25 route disposition xot command option has been modified to include the dns pattern argument after the xot keyword, where pattern is a rewrite element that works in the same way that address substitution utilities works.
Chapter 8 Advanced Router Configuration Configuring X.25 Load Balancing 8-62 Cisco 800 Series Software Configuration Guide 78-5372-06 Configuring X.25 Load Balancing X.25 load balancing is supported only on Cisco 805 routers. The Cisco 805 router supports only the rotary method of load distribution because it has only one serial interface. The current X.25 allocation method for VCs across multiple serial lines fills one serial line to its VC capacity before utilizing the second line at all. As a result, the first serial line is frequently carrying its maximum data traffic before it runs out of VCs. Using a facility called “hunt-group” (the method for X.25 load balancing), a switch can now view a pool of X.25 lines going to the same host as one address and can assign virtual circuits (VCs) on an “idle logical channel” basis. With this feature, X.25 calls can be load-balanced among all configured outgoing interfaces to fully use and balance all managed lines. Configuring X.25 Closed User Group X.25 closed user group (CUG) is supported only on Cisco 805 routers. A CUG is a collection of DTE devices for which the network controls access between two members and between a member and a non-member. An X.25 network can support up to 10,000 CUGs (numbered between 0 and 9999), each of which can have any number of member DTE devices. An individual DTE becomes a member of a specific network CUG by subscription. The subscription data includes the local number the DTE will use to identify the network CUG (which may or may not be the same as the network number, as determined by network administration and the DTE device’s requirements), and any restriction that prohibits the DTE from placing a call within the CUG or, conversely, prohibits the network from presenting a call within the CUG to the DTE. CUGs are a network service to allow various network subscribers (DTE devices) to be segregated into private subnetworks with limited incoming or outgoing access, which means that a DTE must obtain membership from its network service (POP) for the set of CUGs it needs access to. A DTE may subscribe to none, one, or several CUGs at the same time. A DTE that does not require CUG membership for access is considered to be in the open part of the network. Each CUG typically permits subscribing users to connect to each other, but precludes connections with non-subscribing DTE devices.
8-63 Cisco 800 Series Software Configuration Guide 78-5372-06 Chapter 8 Advanced Router Configuration Configuring FTP Client Configuring FTP Client FTP client is available on all Cisco 800 series and Cisco SOHO 70 series routers except for the Cisco 801 through 804 routers. FTP is an application protocol in the Internet protocol suite. It supports file transfers among unlike hosts in diverse internetworking environments. Using FTP, you can move a file from one computer to another, even if each computer runs a different operating system and uses a different file storage format. Cisco routers that can function as FTP clients can copy files from FTP servers into Flash memory. When Cisco Router Web Setup (CRWS) software is installed on the router, it uses FTP to update the Cisco IOS image in Flash memory, and it configures the router with the FTP username and password that it requires. CautionCRWS is unable to perform automatic updates if the FTP username and password values it places in the configuration file are changed. If you need to use FTP to manually copy system images to Flash memory, see the instructions for adding an FTP username and password to the configuration file at the following URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ ffun_c/ffcprt2/fcf008.htm Configuring Authentication Proxy Authentication proxy is supported on Cisco 806 and 831 routers. The Cisco IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. Previously, user identity and related authorized access was associated with a user’s IP address, or a single security policy had to be applied to an entire user group or subnet. Now, users can be identified and authorized on the basis of their per-user policy, and access privileges tailored on an individual basis are possible, as opposed to general policy applied across multiple users.
Chapter 8 Advanced Router Configuration Configuring Port to Application Mapping 8-64 Cisco 800 Series Software Configuration Guide 78-5372-06 With the authentication proxy feature, users can log into the network or access the Internet via HTTP. Their specific access profiles are automatically retrieved and applied from a Cisco Secure ACS or other RADIUS or TACACS+ authentication server. The user profiles are active only when there is active traffic from the authenticated users. The authentication proxy is compatible with other Cisco IOS security features such as Network Address Translation (NAT), Context-based Access Control (CBAC), IP Security (IPSec) encryption, and VPN client software. For instructions on configuring authentication proxy, refer to the Cisco IOS Security Configuration Guide. Configuring Port to Application Mapping Port to Application Mapping (PAM) is supported on Cisco 806 and 831 routers. PAM allows network administrators to customize network access control for specific applications and services. PAM also supports host- or subnet-specific port mapping, which allows you to apply PAM to a single host or subnet, using standard access control lists (ACLs). Host or subnet specific port mapping is done using standard ACLs. For instructions on configuring PAM, refer to the Cisco IOS Security Configuration Guide. Configuring CBAC Audit Trails and Alerts Context-based Access Control (CBAC) audit trails and alerts are supported on Cisco 806 and 831 routers. CBAC is a security feature that enables the router to filter TCP and UDP packets, based on application-layer protocol session information, and to generate real-time alerts and audit trails. Without CBAC, filtering can only be performed based on network layer and transport layer information. Enhanced audit trail features use SYSLOG to track all network transactions; recording time stamps, source host, destination host, ports used, and the total number of transmitted bytes, for advanced, session-based reporting. Real-time alerts send SYSLOG error messages to central management consoles upon detecting suspicious activity.