Cisco Router 860, 880 Series User Manual
Have a look at the manual Cisco Router 860, 880 Series User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
CH A P T E R 18-1 Cisco 860 and Cisco 880 Series Integrated Services Routers Software Configuration Guide OL-xxxxx-xx 18 Deployment Scenarios In the following sections, this chapter describes and shows some typical deployment scenarios for the Cisco 860 series and 880 series Intergrated Services Routers (ISRs): About the Deployment Scenarios, page 18-1 Enterprise Small Branch, page 18-2 Internet Service and IPSec VPN with 3G, page 18-3 SMB Applications, page 18-4 Enterprise Wireless Deployments with LWAPP, page 18-5 About the Deployment Scenarios This chapter identifies and describes the features and functions of typical deployment scenarios. It provides a high-level overview of each scenario and provides pointers to information about new functions. Major new features of the Cisco 860 series and 880 series ISRs include the following: 3G wireless data connectivity backup (some Cisco 880 series ISRs) Voice capabilities (some Cisco 880 series ISRs) One embedded wireless device (optional) Power over Ethernet (all Cisco 880 series ISRs) 3G Wireless Backup Some Cisco 880 series ISRs have 3G wireless data backup capability. See Chapter 5, “Configuring Backup Data Lines and Remote Management” for details. Voice Some Cisco 880 series ISRs contain voice capabilities. Refer to the Cisco IOS Voice Configuration Library for details. Embedded Wireless Device Cisco 860 and 880 series ISRs can contain an optional wireless device. It is a separate embedded processor that runs its own version of the Cisco IOS software and is capable of being configured as a WLAN access point.. See Chapter 2, “Wireless Device Overview” for a description of this device.
18-2 Cisco 860 and Cisco 880 Series Integrated Services Routers Software Configuration Guide OL-xxxxx-xx Chapter 18 Deployment Scenarios Enterprise Small Branch Power Over Ethernet All Cisco 880 Series ISRs contain Power Over Ethernet (PoE) capabilities. See the Cisco 860 and Cisco 880 Series Integrated Services Router Hardware Installation Guide for details. Enterprise Small Branch Figure 18-1 shows an Enterprise Small Branch deployment that uses the following technologies and features: Group Encrypted Transport VPN (GETVPN) for highly scalable secure branch connectivity Cisco IOS firewall (FW) policies that secure the front line of network connectivity and provide network and application layer protection to the enterprise network Voice and multicast applications Quality of service (QoS) prioritizes critical applications and ensures timely delivery of latency- sensitive and mission-critical applications Figure 18-1 Enterprise Small Branch 211964 Branch 2 Private WAN Branch 1Group Member Group Member881 IP Group Member Group Member Key ServerKey Server Branch 3 881 IP Corporate
18-3 Cisco 860 and Cisco 880 Series Integrated Services Routers Software Configuration Guide OL-xxxxx-xx Chapter 18 Deployment Scenarios Internet Service and IPSec VPN with 3G Internet Service and IPSec VPN with 3G Figure 18-2 shows a remote office deployment thats uses 3G wireless technology for both backup and primary applications to communicate to their enterprise data center. Besides providiing direct Internet access employing Network Address Translation (NAT), Cisco 880 series ISRs can provide tunneled Virtual Private Network (VPN) service using IP Security and Generic Routing Encapsulation (IPSec+GRE) for secure and private communication over the public Internet. Figure 18-2 Internet Service and IPSec VPN with 3G Direct Internet AccessNATed LAN Enterprise VPNTunneled VPN (IPsec GRE) over the internetEnterprise VPNEnterprise Data Center BTS 881GBSC/RNC Mobile Packet Core Internet 240977
18-4 Cisco 860 and Cisco 880 Series Integrated Services Routers Software Configuration Guide OL-xxxxx-xx Chapter 18 Deployment Scenarios SMB Applications SMB Applications Figure 18-3 shows a small-to medium-size business deployment (SMB) that uses the following technologies and features at each branch office: Easy VPN with Virtual Tunnel Interface (VTI) to simplify secure VPN for remote offices and teleworkers. Deep packet inspection firewall for security. Firewalls provide the first level of access checking. They work with other security technologies, including intrusion prevention, encryption, and endpoint security, to provide a well-rounded defense-in-depth enterprise security system. Inline Intrusion Prevention Systems (IPS) protection provides additional security, and is a core facet of the Cisco Self-Defending Network, Cisco IOS IPS helps enable the network to defend itself with the intelligence to accurately classify, identify, and stop or block malicious or damaging traffic in real time. QoS provides timely delivery of latency-sensitive and mission-critical applications. ISDN connectivity backup provides network redundancy in the event that the primary service provider link fails. Support for existing analog voice and fax capabilities. Figure 18-3 Small-to Medium-Size Business Service Provider Network Local Server(s)IPSec VPN IAD88F IAD88F Optional ISDN Backup Network Internet IP Centrex 211962
18-5 Cisco 860 and Cisco 880 Series Integrated Services Routers Software Configuration Guide OL-xxxxx-xx Chapter 18 Deployment Scenarios Enterprise Wireless Deployments with LWAPP Enterprise Wireless Deployments with LWAPP Figure 18-4 shows an Enterprise wireless LAN deployment using Lightweight Access Point Protocol (LWAPP) and the following technologies and features: Broadband Internet access and VPN connection to a central site. Hybrid Remote Edge Access Point (H-REAP) provides wireless LAN services to remote and branch offices without using a wireless LAN controller at each location. With HREAP, organizations can bridge traffic locally, tunnel traffic over the WAN, or tunnel traffic over LWAPP on a per Service Set Identifier (SSID). Dynamic RF management with Cisco Wireless Control System (WCS). The ability to mix and match embedded access points with external access points. Figure 18-4 Wireless LAN with LWAPP 88x Router with HREAP AP 861861 802.11n Broadband access Controller LWAPP Tunnel Internet 211963 AAAAAA
18-6 Cisco 860 and Cisco 880 Series Integrated Services Routers Software Configuration Guide OL-xxxxx-xx Chapter 18 Deployment Scenarios Enterprise Wireless Deployments with LWAPP
CH A P T E R 19-1 Book Title OL-xxxxx-xx 19 Troubleshooting Use the information in this chapter to help isolate problems you might encounter or to rule out the router as the source of a problem. This chapter contains the following sections: Getting Started, page 19-1 Before Contacting Cisco or Your Reseller, page 19-1 ADSL Troubleshooting, page 19-2 SHDSL Troubleshooting, page 19-2 ATM Troubleshooting Commands, page 19-2 Software Upgrade Methods, page 19-9 Recovering a Lost Password, page 19-9 Managing Your Router with SDM, page 19-13 Getting Started Before troubleshooting a software problem, you must connect a terminal or PC to the router by using the light-blue console port. (For information on making this connection, see the documentation listed in the “Related Documentation” section on page xviii.) With a connected terminal or PC, you can view status messages from the router and enter commands to troubleshoot a problem. You can also remotely access the interface (Ethernet, ADSL, or telephone) by using Telnet. The Telnet option assumes that the interface is up and running. Before Contacting Cisco or Your Reseller If you cannot locate the source of a problem, contact your local reseller for advice. Before you call, you should have the following information ready: Chassis type and serial number Maintenance agreement or warranty information Type of software and version number Date you received the hardware Brief description of the problem Brief description of the steps you have taken to isolate the problem
19-2 Book Title OL-xxxxx-xx Chapter 19 Troubleshooting ADSL Troubleshooting ADSL Troubleshooting If you experience trouble with the ADSL connection, verify the following: The ADSL line is connected and is using pins 3 and 4. For more information on the ADSL connection, see the hardware guide for your router. The ADSL CD LED is on. If it is not on, the router may not be connected to the DSL access multiplexer (DSLAM). For more information on the ADSL LEDs, see the hardware installation guide specific for your router. The correct Asynchronous Transfer Mode (ATM) virtual path identifier/virtual circuit identifier (VPI/VCI) is being used. The DSLAM supports discrete multi-tone (DMT) Issue 2. The ADSL cable that you connect to the Cisco router must be 10BASE-T Category 5, unshielded twisted-pair (UTP) cable. Using regular telephone cable can introduce line errors. SHDSL Troubleshooting Symmetrical high-data-rate digital subscriber line (SHDSL) is available on the Cisco 888 routers. If you experience trouble with the SHDSL connection, verify the following: The SHDSL line is connected and using pins 3 and 4. For more information on the G.SHDSL connection, see the hardware guide for your router. The G.SHDSL LED is on. If it is not on, the router may not be connected to the DSL access multiplexer (DSLAM). For more information on the G.SHDSL LED, see the hardware installation guide specific for your router. The correct asynchronous transfer mode (ATM) virtual path identifier/virtual circuit identifier (VPI/VCI) is being used. The DSLAM supports the G.SHDSL signaling protocol. Use the show controllers dsl 0 command in EXEC mode to view an SHDSL configuration. ATM Troubleshooting Commands Use the following commands to troubleshoot your ATM interface. ping atm interface Command show interface Command show atm interface Command debug atm Commands
19-3
Book Title
OL-xxxxx-xx
Chapter 19 Troubleshooting
ATM Troubleshooting Commands
ping atm interface Command
Use the ping atm interface command to determine whether a particular PVC is in use. The PVC does
not need to be configured on the router to use this command.
Example 19-1 shows the use of this
command to determine whether PVC 8/35 is in use.
Example 19-1 Determining If a PVC Is in Use
Router# ping atm interface atm 0 8 35 seg-loopback
Type escape sequence to abort.
Sending 5, 53-byte segment OAM echoes, timeout is 2 seconds:
!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 148/148/148 ms
This command sends five OAM F5 loopback packets to the DSLAM (segment OAM packets). If the PVC
is configured at the DSLAM, the ping is successful.
To test whether the PVC is being used at the aggregator, enter the following command:
Router# ping atm interface atm 0 8 35 end-loopback
Type escape sequence to abort.Sending 5, 53-byte end-to-end OAM echoes, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 400/401/404 ms
This command sends end-to-end OAM F5 packets, which are echoed back by the aggregator.
show interface Command
Use the show interface command to display the status of all physical ports (Ethernet and ATM) and
logical interfaces on the router.
Ta b l e 19-1 describes messages in the command output.
Example 19-2 Viewing Status of Selected Interfaces
Router# show interface atm 0
ATM0 is up, line protocol is up Hardware is PQUICC_SAR (with Alcatel ADSL Module)
Internet address is 14.0.0.16/8
MTU 1500 bytes, sub MTU 1500, BW 640 Kbit, DLY 80 usec, reliability 40/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported Encapsulation(s):AAL5, PVC mode
10 maximum active VCs, 1 current VCCs
VC idle disconnect time:300 seconds Last input 01:16:31, output 01:16:31, output hang never
Last clearing of show interface counters never
Input queue:0/75/0 (size/max/drops); Total output drops:0 Queueing strategy:Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec 512 packets input, 59780 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 1024 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
19-4
Book Title
OL-xxxxx-xx
Chapter 19 Troubleshooting
ATM Troubleshooting Commands
426 packets output, 46282 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
Router# show interface fastethernet 0
Ethernet0 is up, line protocol is up
Hardware is PQUICC Ethernet, address is 0000.Oc13.a4db (bia0010.9181.1281)
Internet address is 170.1.4.101/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255., txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Router# show interface dialer 1
Dialer 1 is up, line protocol is up Hardware is Dialer interface
Internet address is 1.1.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec, reliability255/255. txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)DTR is pulsed for 5 seconds on reset
LCP Closed
Ta b l e 19-1 describes possible command output for the show interface command.
Ta b l e 19-1 show interface Command Output Description
Output Cause
For ATM Interfaces
ATM 0 is up, line protocol is upThe ATM line is up and operating correctly.
ATM 0 is down, line protocol is down The ATM interface has been disabled with the
shutdown command.
or
The ATM line is down, possibly because the
ADSL cable is disconnected or because the
wrong type of cable is connected to the ATM
port.
AT M 0 .n is up, line protocol is up The specified ATM subinterface is up and operating
correctly.
AT M 0 .n is administratively down, line protocol
is downThe specified ATM subinterface has been disabled
with the shutdown command.
AT M 0 .n is down, line protocol is downThe specified ATM subinterface is down, possibly
because the ATM line has been disconnected (by the
service provider).
For Fast Ethernet Interfaces
Fast Ethernet n is up, line protocol is upThe specified Fast Ethernet interface is connected to
the network and operating correctly.
Fast Ethernet n is up, line protocol is downThe specified Fast Ethernet interface has been
correctly configured and enabled, but the Ethernet
cable might be disconnected from the LAN.