Вы находитесь на странице: 1из 334
Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guidehttp://www.cisco.com Tel: 408 526-4000 Fax: 800 553-NETS (6387) 408 527-0883 OL-18906-06 " id="pdf-obj-0-2" src="pdf-obj-0-2.jpg">
Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guidehttp://www.cisco.com Tel: 408 526-4000 Fax: 800 553-NETS (6387) 408 527-0883 OL-18906-06 " id="pdf-obj-0-4" src="pdf-obj-0-4.jpg">

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706

USA

Tel:

408 526-4000

Fax:

800 553-NETS (6387) 408 527-0883

OL-18906-06

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP h eader compression is an adaptati on of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISC O OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect , Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcom e to the Human Network are trademarks; Chan ging the Way We Work , Live, Play, and Lear n, Cisco Store, and Flip Gift Card are service marks; and Access Registra r, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCN P, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quoti ent, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networke rs, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the Unit ed States and certain other countries.

All other trademarks mentioned in this docu ment or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)

Any Internet Protocol (IP) addresses used in this document are not intended to be ac tual addresses. Any examples, command displ ay output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

© 2008 -2011 Cisco Systems, Inc. All rights reserved.

Preface xiii
Preface
xiii

Objective xiii Audience xiii Organization xiv Conventions xv Related Documentation

xvi

CONTENTS

Searching Cisco Documents

xvii

Obtaining Documentation and Submitting a Service Request

xvii

CHAPTER

1

Product Overview

1-1

 

General Description

1-1

Cisco 860 Series ISRs

1-1

Cisco 860 Series ISR Features

1-1

Cisco 860VAE Series ISR Features

1-2

Cisco 880 Series ISRs

1-3

Models of the Cisco 880 Series ISRs

1-3

Common Features

1-6

Voice Features

1-6

Cisco 890 Series ISRs

1-7

8-port 10/100 FE LAN Switch

1-7

802.11n Wireless LAN Option

1-7

Real-Time Clock

1-8

Security Features

1-8

Licensing

1-8

Selecting Feature Sets

1-8

CHAPTER

2

Wireless Device Overview

2-1

 

Software Modes

2-1

Management Options

2-2

Network Configuration Examples

2-2

Root Access Point

2-2

Central Unit in an All-Wireless Network

2-3

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

iii

Contents CHAPTER 3 Basic Router Configuration Interface Ports 3-2 3-1 Default Configuration 3-3 Information Needed for

Contents

CHAPTER

3

Basic Router Configuration

Interface Ports

3-2

3-1

Default Configuration

3-3

Information Needed for Configuration

3-4

Configuring Command-Line Access

3-5

Configuring Global Parameters

3-7

Configuring WAN Interfaces

3-8

Configuring a Fast Ethernet WAN Interface

3-9

Configuring the Media Type

3-10

Configuring a Gigabit Ethernet WAN Interface

Configuring a V.92 Modem Interface Configuring a VDSL2 WAN Interface

3-11

3-12

3-10

Configuring ADSL or VDSL on Cisco 860VAE and 880VA Multimode ISRs

Overview of Cisco 860VAE, 886VA, and 887VA Multimode ISRs

3-14

3-14

ADSL2/2+ Annex M Mode on Over POTS VDSL2/ADSL Multimode Annex A SKUs 3-15

Configuring Seamless Rate Adaption

3-16

Configuring UBR+

3-16

Configuring ADSL Mode

3-17

Configuring VDSL Mode

3-24

Enabling ADSL2/2+ Annex M Mode on Over POTS VDSL2/ADSL Multimode Annex A SKUs 3-30

Enabling Seamless Rate Adaption

Configuring UBR+

3-32

3-31

Configuring the Training Log Using the CLI

3-34

Configuring a G.SHDSL WAN Interface in ATM mode

3-36

Configuring a G.SHDSL WAN Interface in EFM mode

3-40

Configuring the Cellular Wireless WAN Interface

3-40

Configuring WAN Mode on Cisco 860VAE ISRs

3-52

Configuring the Fast Ethernet LAN Interfaces

3-55

Configuring the Wireless LAN Interface

3-55

Configuring a Loopback Interface

3-55

Configuring Static Routes

3-57

 

Example

3-58

Verifying Configuration

3-58

Configuring Dynamic Routes

3-58

Configuring Routing Information Protocol

3-59

Configuring Enhanced Interior Gateway Routing Protocol

3-60

   

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

iv

 

OL-18906-06

Contents 4 Configuring Security Features 4-1 CHAPTER Authentication, Authorization, and Accounting 4-1 Configuring AutoSecure 4-2 Configuring
Contents
4
Configuring Security Features
4-1
CHAPTER
Authentication, Authorization, and Accounting
4-1
Configuring AutoSecure
4-2
Configuring Access Lists
4-2
Access Groups
4-3
Configuring Cisco IOS Firewall
4-3
Configuring Cisco IOS IPS
4-4
URL Filtering
4-4
Configuring VPN
4-5
Configure a VPN over an IPSec Tunnel
4-7
Create a Cisco Easy VPN Remote Configuration
4-14
Configure a Site-to-Site GRE Tunnel
4-17
5
Configuring Backup Data Lines and Remote Management
5-1
CHAPTER
Configuring Backup Interfaces
5-2
Configuring Cellular Dial-on-Demand Routing Backup
Configuring DDR Backup Using Dialer Watch
5-3
5-4
Configuring DDR Backup Using Floating Static Route
5-5
Cellular Wireless Modem as Backup with NAT and IPsec Configuration
5-6
Configuring Dial Backup and Remote Management Through the Console or Auxiliary
Port 5-10
Example
5-13
Configuring Data Line Backup and Remote Management Through the ISDN S/T Port
5-15
Configuring ISDN Settings
5-17
Configuring Aggregator and ISDN Peer Router
5-19
Configuring Gigabit Ethernet Failover Media
5-21
6
Configuring Ethernet Switches
6-1
CHAPTER
Switch Port Numbering and Naming
6-1
Restrictions for the FE Switch
6-1
Information About Ethernet Switches
6-2

VLANs and VLAN Trunk Protocol

Inline Power

6-2

Layer 2 Ethernet Switching

6-2

6-2

802.1x Authentication

6-3

Spanning Tree Protocol

6-3

Cisco Discovery Protocol

6-3

Switched Port Analyzer

6-3

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

v

 

Contents

IGMP Snooping

6-3

Storm Control

6-4

Overview of SNMP MIBs

6-4

 

BRIDGE-MIB for Layer 2 Ethernet Switching

6-4

MAC Address Notification

6-5

How to Configure Ethernet Switches

6-6

Configuring VLANs

6-6

Configuring Layer 2 Interfaces

6-8

Configuring 802.1x Authentication

6-8

 

Configuring Spanning Tree Protocol

6-9

Configuring MAC Table Manipulation

6-9

Configuring Cisco Discovery Protocol

6-10

Configuring the Switched Port Analyzer

6-10

Configuring Power Management on the Interface

6-10

Configuring IP Multicast Layer 3 Switching

6-10

Configuring IGMP Snooping

 

6-11

Configuring Per-Port Storm Control

6-11

 

Configuring Separate Voice and Data Subnets

6-11

Managing the Switch

6-11

CHAPTER

7

Configuring Voice Functionality

7-1

 

Voice Ports

7-1

Analog and Digital Voice Port Assignments

7-2

Voice Port Configuration

Call Control Protocols

SIP

7-2

MGCP

7-3

H.323

7-3

7-2

7-2

Dial Peer Configuration

7-3

Other Voice Features

7-3

Real-Time Transport Protocols Dual Tone Multi Frequency Relay

7-3

7-4

CODECs 7-4 SCCP-Controlled Analog Ports with Supplementary Features

Fax Services

7-5

Fax Pass-Through Cisco Fax Relay

7-5

7-5

T.37 Store-and-Forward Fax

T.38 Fax Relay

7-5

7-5

7-4

Contents IGMP Snooping 6-3 Storm Control 6-4 Overview of SNMP MIBs 6-4 BRIDGE-MIB for Layer 2

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

Contents IGMP Snooping 6-3 Storm Control 6-4 Overview of SNMP MIBs 6-4 BRIDGE-MIB for Layer 2

vi

OL-18906-06

 
 

Contents

 
 

Unified Survival Remote Site Telephony

7-6

Verification of Voice Configuration

7-6

CHAPTER

8

Basic Wireless Device Configuration

8-1

 

Starting a Wireless Configuration Session

8-2

Configuring Wireless Settings

8-4

Cisco Express Setup

8-4

Cisco IOS Command Line Interface

8-5

Configuring the Access Point in Hot Standby Mode

8-9

Upgrading to Cisco Unified Software

8-9

Preparing for the Upgrade

8-9

Performing the Upgrade

8-10

Downgrading the Software on the Access Point

8-11

Recovering Software on the Access Point

8-12

Related Documentation

8-12

CHAPTER

9

Configuring Radio Settings

9-1

Enabling the Radio Interface

9-2

Configuring the Role in the Radio Network

Radio Tracking

9-5

Fast Ethernet Tracking MAC-Address Tracking Configuring Radio Data Rates

9-5

9-5

9-5

Configuring MCS Rates

9-9

Configuring Radio Transmit Power

9-10

9-2

Limiting the Power Level for Associated Client Devices

9-11

Configuring Radio Channel Settings

9-12

802.11n Channel Widths

9-13

Enabling and Disabling World Mode

9-14

Disabling and Enabling Short Radio Preambles Configuring Transmit and Receive Antennas Disabling and Enabling Aironet Extensions

9-15

9-16

9-17

Configuring the Ethernet Encapsulation Transformation Method

Enabling and Disabling Public Secure Packet Forwarding

Configuring Protected Ports

9-20

Configuring the Beacon Period and the DTIM

Configure RTS Threshold and Retries

9-22

9-21

9-19

9-18

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

 

OL-18906-06

vii

 

Contents

Configuring the Maximum Data Retries

9-23

Configuring the Fragmentation Threshold

9-23

Enabling Short Slot Time for 802.11g Radios

9-24

Performing a Carrier Busy Test Configuring VoIP Packet Handling

9-24

9-25

CHAPTER

10

Administering the Wireless Device

10-1

Disabling the Mode Button Function

10-2

Preventing Unauthorized Access to Your Access Point

10-3

Protecting Access to Privileged EXEC Commands Configuring Default Password and Privilege Level

10-3

10-4

Setting or Changing a Static Enable Password

10-4

Protecting Enable and Enable Secret Passwords with Encryption

Configuring Username and Password Pairs

10-7

Configuring Multiple Privilege Levels

10-8

10-5

Controlling Access Point Access with RADIUS

10-10

Default RADIUS Configuration

10-11

Configuring RADIUS Login Authentication

10-11

Defining AAA Server Groups

10-13

Configuring RADIUS Authorization for User Privileged Access and

Network Services

10-15

Displaying the RADIUS Configuration

10-16

Controlling Access Point Access with TACACS+

10-16

Default TACACS+ Configuration

10-17

Configuring TACACS+ Login Authentication

10-17

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 10-18

Displaying the TACACS+ Configuration

10-19

Administering the Wireless Hardware and Software

10-20

Resetting the Wireless Device to the Factory Default Configuration

Rebooting the Wireless Device Monitoring the Wireless Device

10-20

10-20

Managing the System Time and Date

10-21

Understanding Simple Network Time Protocol

Configuring SNTP

10-22

Configuring Time and Date Manually

10-22

10-21

Configuring a System Name and Prompt

10-26

Default System Name and Prompt Configuration

Configuring a System Name

10-27

10-27

10-20

 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

viii

OL-18906-06

 

Contents

Understanding DNS

10-28

Creating a Banner

10-30

Default Banner Configuration

10-30

Configuring a Message-of-the-Day Login Banner

Configuring a Login Banner

10-32

10-31

Configuring Ethernet Speed and Duplex Settings

10-33

Configuring the Access Point for Wireless Network Management

10-34

Configuring the Access Point for Local Authentication and Authorization

Configuring the Authentication Cache and Profile

10-35

Configuring the Access Point to Provide DHCP Service

Setting up the DHCP Server

10-38

10-38

Monitoring and Maintaining the DHCP Server Access Point

Configuring the Access Point for Secure Shell

Understanding SSH Configuring SSH

10-41

10-42

10-41

Configuring Client ARP Caching

10-42

Understanding Client ARP Caching

Configuring ARP Caching

10-43

10-42

10-40

10-34

Configuring Multiple VLAN and Rate Limi ting for Point-to-Multipoint Bridging

10-43

CHAPTER

11

Configuring PPP over Ethernet with NAT

11-1

 
 

Configure the Virtual Private Dialup Network Group Number

11-2

Configure Ethernet WAN Interfaces

11-3

Configure the Dialer Interface

11-5

Configure Network Address Translation

11-6

 

Configuration Example

11-9

Verifying Your Configuration

 

11-9

CHAPTER

12

Configuring PPP over ATM with NAT

12-1

 

Configure the Dialer Interface

12-2

Configure the ATM WAN Interface

12-4

Configure DSL Signaling Protocol

12-5

Configuring ADSL

12-5

Configure Network Address Translation

12-7

 

Configuration Example

12-8

Verifying Your Configuration

12-9

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

ix

 
 

Contents

 

CHAPTER

13

Configuring a LAN with DHCP and VLANs

13-1

 
 

Configure DHCP

13-2

Configuration Example

13-4

 

Verify Your DHCP Configuration

13-4

 

Configure VLANs

13-5

Assign a Switch Port to a VLAN

13-6

Verify Your VLAN Configuration

13-6

 

CHAPTER

14

Configuring a VPN Using Easy VPN and an IPSec Tunnel

14-1

 

Configure the IKE Policy

14-3

 

Configure Group Policy Information

14-5

Apply Mode Configuration to the Crypto Map

14-6

Enable Policy Lookup

14-7

Configure IPSec Transforms and Protocols

14-8

 

Configure the IPSec Crypto Method and Parameters

14-8

Apply the Crypto Map to the Physical Interface

14-10

Create an Easy VPN Remote Configuration

14-10

 

Verifying Your Easy VPN Configuration

14-12

Configuration Example

14-12

CHAPTER

15

Configuring Cisco Multimode G.SHDSL EFM/ATM

15-1

CHAPTER

16

Deployment Scenarios

16-1

 

About the Deployment Scenarios

16-1

 

Enterprise Small Branch

16-2

Internet Service and IPSec VPN with 3G

16-4

SMB Applications

16-4

Enterprise Wireless Deployments with LWAPP

16-5

Enterprise Small Branch Office Deployment

16-6

CHAPTER

17

Troubleshooting

17-1

 

Getting Started

17-1

Before Contacting Cisco or Your Reseller

17-1

 

ADSL Troubleshooting

17-2

SHDSL Troubleshooting

17-2

VDSL2 Troubleshooting

17-2

   

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

x

 

OL-18906-06

 

Contents

show interfaces Troubleshooting Command

ATM Troubleshooting Commands ping atm interface Command show atm interface Command

17-5

17-5

17-6

17-3

debug atm Commands

17-7

Software Upgrade Methods

17-10

Recovering a Lost Password

17-10

Change the Configuration Register

17-11

Reset the Password and Save Your Changes 17-13 Reset the Configuration Register Value Cisco Configuration Professional
Reset the Password and Save Your Changes
17-13
Reset the Configuration Register Value
Cisco Configuration Professional Express
17-13
17-13
A
Cisco IOS Software Basic Skills
A-1
APPENDIX
Configuring the Router from a PC
Understanding Command Modes
A-1
A-2
Getting Help
A-4
Enable Secret Passwords and Enable Passwords
A-5
Entering Global Configuration Mode
A-5
Using Commands
A-6
Abbreviating Commands
A-6
Undoing Commands
A-6
Command-Line Error Messages
A-6
Saving Configuration Changes
A-7
Summary A-7
Where to Go Next
A-7
B
Concepts
B-1
APPENDIX
ADSL
B-1
SHDSL
B-2
Network Protocols
B-2
IP
B-2
Routing Protocol Options
B-2
RIP
B-3
Enhanced IGRP
B-3
PPP Authentication Protocols
B-4
PAP
B-4
CHAP
B-4
Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide
OL-18906-06
xi
 

Contents

TACACS+ B-5

Network Interfaces

B-5

Ethernet B-5 ATM for DSL

B-5

Dialer Interface

B-6

Dial Backup

B-6

Backup Interface

B-6

Floating Static Routes

B-7

Dialer Watch

B-7

NAT B-7 Easy IP (Phase 1)

B-8

Easy IP (Phase 2)

B-8

QoS

B-9

IP Precedence

B-9

PPP Fragmentation and Interleaving CBWFQ B-10 RSVP B-10

B-9

Low Latency Queuing B-10 Access Lists B-11 C ROM Monitor C-1 APPENDIX Entering the ROM Monitor
Low Latency Queuing
B-10
Access Lists
B-11
C
ROM Monitor
C-1
APPENDIX
Entering the ROM Monitor
C-1
ROM Monitor Commands
C-2
ROM Monitor Commands for 860VAE ISRs
C-3
Command Descriptions
C-3
Disaster Recovery with TFTP Download
TFTP Download Command Variables
Using the TFTP Download Command
C-4
C-4
C-5
Configuration Register
C-6
Changing the Configuration Register Manually
C-6
Changing the Configuration Register Using Prompts
C-7
Console Download
C-7
Command Description
C-8
Error Reporting
C-8
Debug Commands
C-9
Exiting the ROM Monitor
C-10
D
Common Port Assignments
D-1
APPENDIX
Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide
xii
OL-18906-06
Preface This preface describes the objectives, audience, or ganization, and conventions of this guide, and describes

Preface

Preface This preface describes the objectives, audience, or ganization, and conventions of this guide, and describes

This preface describes the objectives, audience, organization, and conventions of this guide, and describes related documents that have additional in formation. It contains the following sections:

Objective, page xiii

Audience, page xiii

Organization, page xiv

Conventions, page xv

Related Documentation, page xvi

Searching Cisco Documents, page xvii

Obtaining Documentation and Submitting a Service Request, page xvii

Objective

This guide provides an overview and explains how to configure the various features for the Cisco 860, Cisco 880, and Cisco 890 series Integrated Services Routers (ISRs). Some information may not apply to your particular router model.

For warranty, service, and support information, see the “Cisco One- Year Limited Hardware Warranty Terms” section in the Readme First for the Cisco 800 Seri es Integrated Services Routers that was shipped with your router.

Audience

This guide is intended for Cisco equipment provid ers who are technically k nowledgeable and familiar with Cisco routers and Cisco IOS software and features.

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

 

OL-18906-06

xiii

Preface

 

Organization

This guide is organized into the foll owing parts, chapters, and appendixes.

Overview/Getting Started

Product Overview

Provides a brief description of the router models and the available software features.

Wireless Device Overview

Provides an introduction to the wireless device on the router and its use in network configurations.

Basic Router Configuration

Provides procedures for configuring the basic parameters of the router.

Configuring the Router

Configuring Backup Data Lines and Remote Management

Provides procedures for configuring remote management functions and a backup data line connection.

Configuring Security Features

Provides procedures for implementing the security features that can be configured on the router.

Configuring Ethernet Switches

Provides an overview of the configuration tasks for the 4-port Fast Ethernet switch on the router.

Configuring Voice Functionality

Provides references to the procedures for voice configuration.

Configuring and Administering the Wireless Device

Basic Wireless Device Configuration

Provides procedures for initial configuration of the wireless device.

Configuring Radio Settings

Describes how to configure radio settings for the wireless device.

Administering the Wireless Device

Describes the various aspe cts of the administration of the wireless device.

Configuring Your Router for Ethernet and DSL Access

 

Configuring PPP over Ethernet with NAT

Provides an overview of Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT)s that can be configured on the Cisco 860 and Cisco 880 seri es Integrated Services Routers (ISRs).

Configuring PPP over ATM with NAT

Provides an overview of Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA) clients and network address translation (NAT) that can be configured on the Cisco 860 and Cisco 880 series Integrated Services Routers (ISRs).

Configuring a LAN with DHCP and VLANs

Describes how the routers can use the Dynamic Host Configuration Protocol (DHCP) to enable automatic assignment of IP configurations for nodes on these networks.

 
   

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

xiv

 

OL-18906-06

Preface Configuring a VPN Using Easy VPN and an IPSec Tunnel Provides an overview of the
Preface
Configuring a VPN Using Easy VPN and an
IPSec Tunnel
Provides an overview of the creation of Virtual
Private Networks (VPNs) that can be configured on
the Cisco 860 and Cisco 880 series Integrated
Services Routers (ISRs).

Additional Information

Deployment Scenarios

Shows some typical deployment scenarios for the Cisco 860, Cisco 880, and Cisco 890 series ISRs.

Troubleshooting

Provides information to help isolate problems you might encounter.

Reference Information (Appendixes)

Appendix A, “Cisco IOS Software Basic Skills”

Provides information for how to use Cisco IOS software to configure your router.

Appendix B, “Concepts”

Provides conceptual inform ation that may be useful to Internet service providers or network administrators when they configure Cisco routers.

Appendix C, “ROM Monitor”

Provides information on how to use Cisco’s ROM Monitor firmware.

Appendix D, “Common Port Assignments”

Lists currently assigned transmission control protocol (TCP) port numbers.

Conventions

These documents use the conventions listed in Table 1 to convey instruc tions and information.

Table 1

Command Conventions

Convention

Description

boldface font

Commands and keywords.

italic font

Variables for which you supply values.

[

]

Optional keywords or arguments appear in square brackets.

{ x | y | z }

A choice of required keywords appears in braces separated by vertical bars. You must select one.

screen font

Examples of information displayed on the screen.

boldface screen

Examples of information you must enter.

font

 

<

>

Nonprinting characters, for example, pa sswords, appear in angle brackets in contexts where italics are not available.

[

]

Default responses to system prom pts appear in square brackets.

Preface Configuring a VPN Using Easy VPN and an IPSec Tunnel Provides an overview of the

Note

Means reader take note . Notes contain helpful suggestions or re ferences to additional information and material.

 

Preface

   
 
Preface Caution This symbol means reader be careful . In this situation, you might do something
Preface Caution This symbol means reader be careful . In this situation, you might do something

Caution

This symbol means reader be careful . In this situation, you might do something that could result in

 
equipment damage or loss of data.

equipment damage or loss of data.

 
Preface Caution This symbol means reader be careful . In this situation, you might do something
Preface Caution This symbol means reader be careful . In this situation, you might do something

Timesaver

Means the described action saves time . You can save time by performing the action described in the

 
paragraph.

paragraph.

 
Preface Caution This symbol means reader be careful . In this situation, you might do something
Preface Caution This symbol means reader be careful . In this situation, you might do something

Tip

Means the following information will help you solve a problem . The tips information might not be

troubleshooting or even an actio n, but could be useful information, similar to a Timesaver.

Preface Caution This symbol means reader be careful . In this situation, you might do somethingCisco 860, Cisco 880, and Cisco 890 Series Integrated Services Routers Hardware Installation Guide Regulatory Compliance and Safety Information for Cisco 800 Series and SOHO Series Routers Declarations of Conformity and Regulatory Info rmation for Cisco Access Products with 802.11n Radios Software Activation on Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 Cisco IOS Release Notes for Cisco IOS Release 12.4(15)XZ You might also need to refe r to the following documents: • • • Cisco System Manager Quick Start Guide • Cisco IOS Release 12.4 Quality of Se rvice Solutions Configuration Guide • Cisco IOS Security Configuration Guide, Release 12.4 • Cisco IOS Security Configuration Guide, Release 12.4T • Cisco IOS Security Command Reference, Release 12.4 • Cisco IOS Security Command Reference, Release 12.4T • Cisco IOS Command Reference for Cisco Aironet Ac cess Points and Bridges, versions 12.4(10b) JA and 12.3(8) JEC • Cisco Aironet 1240AG Access Point Support Documentation • Cisco 4400 Series Wireless LAN Controllers Support Documentation • LWAPP Wireless LAN Controllers • LWAPP Wireless LAN Access Points • Cisco IOS Release 12.4 Voice Port Configuration Guide • SCCP Controlled Analog (FXS) Ports with Supplementary Features in Cisco IOS Gateways Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide xvi OL-18906-06 " id="pdf-obj-15-70" src="pdf-obj-15-70.jpg">

Related Documentation

In addition to the Cisco 860, Cisco 880, and Cisco 890 Series ISR Software Configuration Guide (this document), the Cisco 860, Cisco 880, and Cisco 890 series ISR documentation set includes the following documents:

Declarations of Conformity and Regulatory Info rmation for Cisco Access Products with 802.11n Radios Software Activation on Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 Cisco IOS Release Notes for Cisco IOS Release 12.4(15)XZ You might also need to refe r to the following documents:

 

Cisco System Manager Quick Start Guide

Cisco IOS Release 12.4 Quality of Se rvice Solutions Configuration Guide

Cisco IOS Security Configuration Guide, Release 12.4

Cisco IOS Security Configuration Guide, Release 12.4T

Cisco IOS Security Command Reference, Release 12.4

Cisco IOS Security Command Reference, Release 12.4T

Cisco IOS Command Reference for Cisco Aironet Ac cess Points and Bridges, versions 12.4(10b) JA and 12.3(8) JEC

Cisco Aironet 1240AG Access Point Support Documentation

Cisco 4400 Series Wireless LAN Controllers Support Documentation

LWAPP Wireless LAN Controllers

LWAPP Wireless LAN Access Points

Cisco IOS Release 12.4 Voice Port Configuration Guide

SCCP Controlled Analog (FXS) Ports with Supplementary Features in Cisco IOS Gateways

   

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

xvi

 

OL-18906-06

Preface

   

Cisco Software Activation Conceptual Overview Cisco Software Activation Tasks and Commands

Searching Cisco Documents

To search an HTML document using a web browse r, use the Ctrl+F (Windows) or Cmd+F (Apple) sequences. In most browsers the option to search w hole words only, invoke case sensitivity, or search forward and backward are also available.

To search a PDF document in Adobe Reader, use the basic Find toolbar (Ctrl+F) or the Full Reader Search window (Shift+Ctrl+F). Use the Find toolbar to find words or phrases within one specific document. Use the Full Reader Sear ch window to search multiple PD F files simultaneously as well as change case sensitivity, and other options. Adobe Reader comes with online help with more information regarding searching PDF documents.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

 

OL-18906-06

xvii

 

Preface

 
 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

xviii

OL-18906-06

CHAPTER 1 Product Overview This chapter provides an overview of the features available for the Cisco

CHAPTER

1

Product Overview

CHAPTER 1 Product Overview This chapter provides an overview of the features available for the Cisco

This chapter provides an overview of the features available for the Cisco 860, Cisco 880, and Cisco 890 series Integrated Services Routers (ISRs ), and contains the following sections:

General Description, page 1-1

Cisco 860 Series ISRs, page 1-1

Cisco 880 Series ISRs, page 1-3

Cisco 890 Series ISRs, page 1-7

Licensing, page 1-8

General Description

The Cisco 860, Cisco 880, and Cisco 890 series ISRs provide Internet, VPN, voice, data, and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users. These routers are capable of bridging and multiprotocol routing between LAN and WAN ports, and provide advanced features such as antivirus protection. In addition, the Cisco 860W, Cisco 880W, and Cisco 890W series ISRs incorporate an 802.11n wirele ss LAN option that allows the ISR to act as a wireless access point.

Cisco 860 Series ISRs

This section contains the following topics:

Cisco 860 Series ISR Features, page 1-1

Cisco 860VAE Series ISR Features, page 1-2

Cisco 860 Series ISR Features

The Cisco 860 series ISRs are fixed-configuration data rout ers that provide either a 10/100 Fast Ethernet (FE) or an ADSL2 over POTs WAN connection.

The following features are supported on all Cisco 860 series ISRs:

4-port 10/100 FE LAN Switch, page 1-2

Security Features, page 1-2

802.11n Wireless LAN Option, page 1-2

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

1-1

 

Chapter 1

Product Overview

 

Cisco 860 Series ISRs

4-port 10/100 FE LAN Switch

This switch provides four ports for connecting to 10/100BASE-T (10/100 Mbps) Fast Ethernet (FE) LANs or access points.

Security Features

The Cisco 860 platforms provide the fo llowing security features:

IPsec

Firewall

802.11n Wireless LAN Option

The Cisco 861W ISR has an integrated 802.11b/g/n single radio module for wireless LAN connectivity. With this module, the router can then act as an access poin t in the local infrastructure.

Cisco 860VAE Series ISR Features

The following features are supporte d on Cisco 860VAE series ISRs:

WAN Interfaces, page 1-2

IOS Images, page 1-3

WAN Interfaces

Table 1-1 describes the WAN interfaces includ ed in Cisco 860VAE series routers.

Table 1-1

WAN Interfaces of the Cisco 860VAE Series ISRs

   

Model

Interfaces

866VAE

867VAE

866VAE-K9

867VAE-K9

  • 4 FE 1 switch ports

x

x

x

x

  • 1 GE 2 switch port

x

x

  • 1 GE WAN port

x

x

x

x

  • 1 VDSL/ADSL over POTS port

x

x

  • 1 VDSL/ADSL over ISDN port

x

x

  • 1. FE = Fast Ethernet

  • 2. GE = Gigabit Ethernet

Chapter 1 Product Overview Cisco 860 Series ISRs 4-port 10/100 FE LAN Switch This switch provides

Note

Chapter 1 Product Overview Cisco 860 Series ISRs 4-port 10/100 FE LAN Switch This switch provides

The Cisco 866VAE, 867VAE, 866VAE-K9, and 867VAE-K9 routers each have two WAN ports. Only

one of the two ports can be active at any given time.

Chapter 1 Product Overview Cisco 860 Series ISRs 4-port 10/100 FE LAN Switch This switch provides
 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

1-2

OL-18906-06

Chapter 1

Product Overview

 

Cisco 880 Series ISRs

 

IOS Images

Table 1-2 describes the IOS images included in Cisco 860VAE series routers.

Table 1-2

IOS Images of the Cisco 860VAE Series ISRs

   

Model

IOS Image

866VAE

867VAE

866VAE-K9

867VAE-K9

c860vae-ipbasek9-mz

x

x

c860vae-advsecurityk9-mz

x

x

c860vae-advsecurityk9_npe-mz

x

x

Cisco 880 Series ISRs

The Cisco 880 series ISRs are a family of fixed-configuration data and voice routers as described in the following sections:

Models of the Cisco 880 Series ISRs, page 1-3

Common Features, page 1-6

Voice Features, page 1-6

Models of the Cisco 880 Series ISRs

The Cisco 880 series ISRs have data and voice capabi lities. Each router has on e WAN port. In addition, routers supporting voice have either FXS (Foreign Exchange Station) or BRI voice ports. Data or voice backup ports are also avai lable on most of the routers. The Ci sco 880G routers come with a commercial third-generation (3G) wireless interface card that provides cellular backup . 802.11b/g/n option is available on all models.

Table 1-3 gives the port configurations of the Cisco 880 series data routers.

Table 1-3

Port Configurations of the Cisco 880 Series Data ISRs

   

Backup

Data

Data

 

Model

WAN Port

ISDN

3G

881

and 881W

FE

881-V

FE

881G and 881GW

FE

x

886

and 886W

ADSL2oPOTS

x

886G and 886GW

ADSL2oPOTS

x

887

and 887W

ADSL2oPOTS

x

887G and 887GW

ADSL2oPOTS

x

887-VA-V

VDSL2oPOTS

x

x

887V and 887VW

VDSL2oPOTS

x

 

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

1-3

 

Chapter 1

Product Overview

 

Cisco 880 Series ISRs

Table 1-3

Port Configurations of the Cisco 880 Series Data ISRs (continued)

   

Backup

Data

Data

Model

WAN Port

ISDN

3G

887VG and

VDSL2oPOTS

x

887VGW

888 and 888W

G.SHDSL

x

888G and 888GW

G.SHDSL

x

888E and 888EW

EFM over

x

G.SHDSL

C888EA-K9

Multimode

x

Table 1-4 gives the port configurations of the Cisco 880 series voice routers.

Table 1-4

Port Configurations of the Cisco 880 Series Voice ISRs

     

Backup

FXS Voice

PSTN

PSTN

Model

WAN Port

Ports

FXO

BRI

C881SRST and C881SRSTW

FE

4

x

C888SRST and C888SRSTW

G.SHDSL

4

x

C888ESRST and C888ERSTW

EFM over

4

4

G.SHDSL

Table 1-5 gives the port configurations of the Cisco 881-V, Cisco887VA-V and Cisco 887VA-V-W routers.

Table 1-5

Port Configurations of the Cisco 880 Series Data and Voice ISRs

 
         

Backup

PSTN

Data

FXS Voice

PSTN

WLA

FXO

(ISDN

Model

WAN Port

Ports

BRI

N

)

C881-V

FE

4

 

  • 2 —

1

 

C887VA-V

VDSL2/ADSL2

4

 
  • 2 —

 

x

C887VA-V-W

VDSL2/ADSL2

4

 
  • 2 —

x

 

x

The Cisco 887 VA-V and Cisco 881-V routers give you the flexibility to use the FXS or BRI voice ports (The Cisco 881-V router also supports a backup FX0 port), but the number of concurrent calls that the router supports is limited by the codec complexity configuration. The router supports less calls when the codec complexity setting is configured for high complexity. Table 1-6 shows the number of concurrent calls that is supported on the router for each codec complexity setting. Config uring the codec complexity setting to support secure calls do es not affect the numbers below.

 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

1-4

OL-18906-06

Chapter 1

Product Overview

 
 

Cisco 880 Series ISRs

 
 

Table 1-6

Number of Concurrent Calls Supported

 
 

Flexible

Medium

 

Complexity

Complexity

High Complexity

 

C881-V

9

  • 8 6

 

C887VA-V

8

  • 8 6

 

C887VA-V-W

8

  • 8 6

 
 
 

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

1-5

 

Chapter 1

Product Overview

 

Cisco 880 Series ISRs

Common Features

Cisco 880 series ISRs support the following features:

4-port 10/100 FE LAN Switch, page 1-6

802.11n Wireless LAN Option, page 1-6

Real-Time Clock, page 1-6

Security Features, page 1-6

4-port 10/100 FE LAN Switch

This switch provides four ports for connecting to 10/100BASE-T FE LANs, access points, or IP phones. In addition, an upgrade is available that gives Power over Ethernet (PoE) on two of the ports to provide power to access points or phones.

802.11n Wireless LAN Option

The Cisco 880W series ISRs have an integrated 802.11b/g/n single radio module for wireless LAN connectivity. With this module, the router can act as an access point in the local infrastructure.

Real-Time Clock

A real-time clock (RTC) provides date and time when the system is powered on. The RTC is used to verify the validity of the Certificat ion Authority stored on the router.

Security Features

The Cisco 880 platforms provide the fo llowing security features:

Intrusion Prevention System (IPS)

Dynamic Multipoint VPN (DMVPN)

IPsec

Quality of service (QoS)

Firewall

URL filtering

Voice Features

The Cisco 880 voice and data platforms (C880SRST, C880SRSTW, C881-V, C887 VA-V, and C887VA-V-W) support the following voice features:

 

Signaling protocols: Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), and H323

Real-time transfer protocol (RTP), Cisco RTP (c RTP), and secure RTP (SRTP) for these signaling protocols

Fax passthrough, Cisco fax relay, T37 fax store-and-forward, and T.38 fax relay (including T.38 gateway-controlled MGCP fax relay)

   

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

1-6

 

OL-18906-06

Chapter 1

Product Overview

 
 

Cisco 890 Series ISRs

 
 

Dual tone multifrequency (DTMF) Relay—OOB and RFC2833 Silence suppression/comfort noise

G.711 (a-law and u-law), G.729A, G.729AB, G.729, G.729B, G.726

Support of SRST failover to a Foreign Exchange Office (FXO) or BRI backup port connected to PSTN in case of WAN failure on C880SRST and C880SRSTW.

Support for SRST and CME requires user license, but only a 5-user license is supported on C881-V, C887VA-V, and C887VA-V-W routers.

Direct inward dialing (DID) on FXS

Cisco 890 Series ISRs

The Cisco 890 series ISRs are fixed-configuration data ro uters. These routers have a Gigabit Ethernet WAN port and data backup ports.

Table 1-7 gives the port configurations for the Cisco 890 Series ISRs.

Table 1-7

Port Configurations of the Cisco 890 Series ISRs

   

Data Backup

Model

WAN Port

FE

V.92

ISDN

891

and 891W

GE

x

x

892

and 892W

GE

x

x

892F and 892F-W

GE 1 or SFP 2

x

x

  • 1. GE copper port.

  • 2. SFP port supports GE with fiber. For a complete list of SFPs supported, see the Cisco 892F ISR data sheet on Cisco.com.

The following features are supported:

8-port 10/100 FE LAN Switch, page 1-7

802.11n Wireless LAN Option, page 1-7

Real-Time Clock, page 1-8

Security Features, page 1-8

8-port 10/100 FE LAN Switch

This switch provides eight ports for connecting to 10/100BASE-T FE LANs, access points, or IP phones. In addition, an upgrade is availabl e that gives PoE on four of the ports to provide power to access points or phones.

802.11n Wireless LAN Option

The Cisco 890W series ISRs have integr ated 802.11b/g/n and 802.11a/n dual radio modules for wireless LAN connectivity. With these module s, the router can act as an acce ss point in the local infrastructure.

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

1-7

 

Chapter 1

Product Overview

 

Licensing

Real-Time Clock

A real-time clock (RTC) provides date and time when the system is powered on. The RTC is used to verify the validity of the Certificat ion Authority stored on the router.

Security Features

The Cisco 890 platforms provide the fo llowing security features:

Intrusion Prevention System (IPS)

Dynamic Multipoint VPN (DMVPN)

IPsec

Quality of service (QoS)

Firewall

URL filtering

Licensing

The Cisco 860, Cisco 880, and Cisco 890 ISRs ship with licensed software installed. Software features may be upgraded and the software licenses may be managed through Cisco Licensing Manager. See Software Activation On Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 for details.

When you order a new router, you specify the softwa re image and feature set that you want. The image and feature set are installed on your router before you receive it, so you do not need to purchase a software license. The router stores the so ftware license file on the flash memory.

Chapter 1 Product Overview Licensing Real-Time Clock A real-time clock (RTC) provides date and time whenSoftware Activation On Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 for details. When you order a new router, you specify the softwa re image and feature set that you want. The image and feature set are installed on your router before you receive it, so you do not need to purchase a software license. The router stores the so ftware license file on the flash memory. Note The Cisco 860VAE does not require licenses. Selecting Feature Sets Some feature sets are bundled and offered with a so ftware license that is installed on the hardware platforms. For a list of features availa ble with a software license on the Cisco 860, Cisco 880, and Cisco 890 platforms, see Cisco 860 Data Sheet , Cisco 880 Data Sheet , and Cisco 890 Data Sheet . See Cisco IOS Software Activation Tasks and Commands for details about how to activate and manage the software licenses. Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide 1-8 OL-18906-06 " id="pdf-obj-25-73" src="pdf-obj-25-73.jpg">

Note

Chapter 1 Product Overview Licensing Real-Time Clock A real-time clock (RTC) provides date and time whenSoftware Activation On Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 for details. When you order a new router, you specify the softwa re image and feature set that you want. The image and feature set are installed on your router before you receive it, so you do not need to purchase a software license. The router stores the so ftware license file on the flash memory. Note The Cisco 860VAE does not require licenses. Selecting Feature Sets Some feature sets are bundled and offered with a so ftware license that is installed on the hardware platforms. For a list of features availa ble with a software license on the Cisco 860, Cisco 880, and Cisco 890 platforms, see Cisco 860 Data Sheet , Cisco 880 Data Sheet , and Cisco 890 Data Sheet . See Cisco IOS Software Activation Tasks and Commands for details about how to activate and manage the software licenses. Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide 1-8 OL-18906-06 " id="pdf-obj-25-78" src="pdf-obj-25-78.jpg">

The Cisco 860VAE does not require licenses.

Chapter 1 Product Overview Licensing Real-Time Clock A real-time clock (RTC) provides date and time whenSoftware Activation On Cisco Integrated Services Routers and Cisco Integrated Service Routers G2 for details. When you order a new router, you specify the softwa re image and feature set that you want. The image and feature set are installed on your router before you receive it, so you do not need to purchase a software license. The router stores the so ftware license file on the flash memory. Note The Cisco 860VAE does not require licenses. Selecting Feature Sets Some feature sets are bundled and offered with a so ftware license that is installed on the hardware platforms. For a list of features availa ble with a software license on the Cisco 860, Cisco 880, and Cisco 890 platforms, see Cisco 860 Data Sheet , Cisco 880 Data Sheet , and Cisco 890 Data Sheet . See Cisco IOS Software Activation Tasks and Commands for details about how to activate and manage the software licenses. Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide 1-8 OL-18906-06 " id="pdf-obj-25-82" src="pdf-obj-25-82.jpg">

Selecting Feature Sets

Some feature sets are bundled and offered with a so ftware license that is installed on the hardware platforms. For a list of features availa ble with a software license on the Cisco 860, Cisco 880, and Cisco 890 platforms, see Cisco 860 Data Sheet , Cisco 880 Data Sheet , and Cisco 890 Data Sheet . See Cisco IOS Software Activation Tasks and Commands for details about how to activate and manage the software licenses.

 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

1-8

OL-18906-06

CHAPTER 2 Wireless Device Overview Wireless devices (commonly configured as access points ) provide a secure,

CHAPTER

2

Wireless Device Overview

CHAPTER 2 Wireless Device Overview Wireless devices (commonly configured as access points ) provide a secure,

Wireless devices (commonly configured as access points ) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. When configured as an access point, the wire less device serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network. In large installations, wireless users within radio range of an access point can roam throughout a facility while maintaining seamless, uninterrupted access to the network.

With a management system based on Cisco IOS software, wireless devices are Wi-Fi CERTIFIED™, 802.11a-compliant, 802.11b-compliant, 802.11g- compliant, and 802.11n-compliant wireless LAN transceivers.

Software Modes

The access point is shipped with an autonomous imag e and recovery image on the access point’s flash. The default mode is autonomous; ho wever, the access point can be upgr aded to operate in Cisco Unified Wireless mode.

Each mode is described below:

Autonomous modesupports standalone network configurations, where all configuration settings are maintained locally on the wireless device. Each autonomous device can load its starting configuration independently, and still operate in a cohesive fashion on the network.

Cisco Unified Wireless mode— operates in conjunction with a Cisco Unified Wireless LAN controller, where all configuratio n information is maintained with in the controller. In the Cisco Unified Wireless LAN architecture, wireless devi ces operate in the lightweight mode using Leightweight Access Point Protocol (LWAPP), (as opposed to autonomous mode). The lightweight access point, or wi reless device, has no configurat ion until it associates to a controller. The configuration on the wireless device can be modifi ed by the controller only when the networking is up and running. The controller manages the wireless device configuration, firmware, and control transactions such as 802.1x authentication. All wireless traffic is tunneled through the controller.

See Why Migrate to a Cisco Unified Wireless Network? on Cisco.com for more information about this network ar chitecture design.

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

2-1

 

Chapter 2

Wireless Device Overview

 

Management Options

Management Options

The wireless device runs its own version of Cisco IO S software that is separate from the Cisco IOS software operating on the router. You can configure and monitor the access point with several different tools:

Cisco IOS software CLI

Simple Network Management Protocol (SNMP)

Chapter 2 Wireless Device Overview Management Options Management Options The wireless device runs its own versionWeb-browser interface Note Avoid using the CLI and the web-browser tools concurrently. If you configure the wireless device using the CLI, the web-browser interface ma y display an inaccurate interpretation of the configuration. Use the interface dot11radio command from global configuration mode to place the wireless device into the radio configuration mode. Network Configuration Examples Set up the access point role in any of these commo n wireless network config urations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as bridges and workgr oup bridges. These roles require specific configurations, as defined in the following examples. • Root Access Point, page 2 • Central Unit in an All-Wireless Network, page 3 Root Access Point An access point connected directly to a wired LAN pr ovides a connection point for wireless users. If more than one access point is connec ted to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) th rough another access point. The roaming process is seamless and transp arent to the user. Figure 2-1 shows access points acting as root units on a wired LAN. Figure 2-1 Access Points as Root Units on a Wired LAN Access point Access point 135445 Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide 2-2 OL-18906-06 " id="pdf-obj-27-35" src="pdf-obj-27-35.jpg">
Chapter 2 Wireless Device Overview Management Options Management Options The wireless device runs its own versionWeb-browser interface Note Avoid using the CLI and the web-browser tools concurrently. If you configure the wireless device using the CLI, the web-browser interface ma y display an inaccurate interpretation of the configuration. Use the interface dot11radio command from global configuration mode to place the wireless device into the radio configuration mode. Network Configuration Examples Set up the access point role in any of these commo n wireless network config urations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as bridges and workgr oup bridges. These roles require specific configurations, as defined in the following examples. • Root Access Point, page 2 • Central Unit in an All-Wireless Network, page 3 Root Access Point An access point connected directly to a wired LAN pr ovides a connection point for wireless users. If more than one access point is connec ted to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) th rough another access point. The roaming process is seamless and transp arent to the user. Figure 2-1 shows access points acting as root units on a wired LAN. Figure 2-1 Access Points as Root Units on a Wired LAN Access point Access point 135445 Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide 2-2 OL-18906-06 " id="pdf-obj-27-38" src="pdf-obj-27-38.jpg">

Note

Avoid using the CLI and the web-browser tools concurrently. If you configure the wireless device using the CLI, the web-browser interface ma y display an inaccurate interpretation of the

configuration.

Chapter 2 Wireless Device Overview Management Options Management Options The wireless device runs its own versionWeb-browser interface Note Avoid using the CLI and the web-browser tools concurrently. If you configure the wireless device using the CLI, the web-browser interface ma y display an inaccurate interpretation of the configuration. Use the interface dot11radio command from global configuration mode to place the wireless device into the radio configuration mode. Network Configuration Examples Set up the access point role in any of these commo n wireless network config urations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as bridges and workgr oup bridges. These roles require specific configurations, as defined in the following examples. • Root Access Point, page 2 • Central Unit in an All-Wireless Network, page 3 Root Access Point An access point connected directly to a wired LAN pr ovides a connection point for wireless users. If more than one access point is connec ted to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) th rough another access point. The roaming process is seamless and transp arent to the user. Figure 2-1 shows access points acting as root units on a wired LAN. Figure 2-1 Access Points as Root Units on a Wired LAN Access point Access point 135445 Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide 2-2 OL-18906-06 " id="pdf-obj-27-48" src="pdf-obj-27-48.jpg">

Use the interface dot11radio command from global configuration mode to place the wireless device into the radio configuration mode.

Network Configuration Examples

Set up the access point role in any of these commo n wireless network config urations. The access point default configuration is as a root unit connected to a wired LAN or as the central unit in an all-wireless network. Access points can also be configured as bridges and workgr oup bridges. These roles require specific configurations, as defined in the following examples.

Root Access Point, page 2

Central Unit in an All-Wireless Network, page 3

Root Access Point

An access point connected directly to a wired LAN pr ovides a connection point for wireless users. If more than one access point is connec ted to the LAN, users can roam from one area of a facility to another without losing their connection to the network. As users move out of range of one access point, they automatically connect to the network (associate) th rough another access point. The roaming process is seamless and transp arent to the user. Figure 2-1 shows access points acting as root units on a wired LAN.

Figure 2-1

Access Points as Root Units on a Wired LAN

Access point Access point 135445
Access point
Access point
135445
 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

2-2

OL-18906-06

Chapter 2

Wireless Device Overview

 

Network Configuration Examples

 

Central Unit in an All-Wireless Network

In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functi ons as a hub linking all stations to gether. The access point serves as the focal point for commu nications, increasing the communication range of wireless users. Figure 2-2 shows an access point in an all-wireless network.

Figure 2-2

Access Point as Central Unit in All-Wireless Network

Access point Access point 135445
Access point
Access point
135445

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

2-3

 

Chapter 2

Wireless Device Overview

 

Network Configuration Examples

 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

2-4

OL-18906-06

CHAPTER 3 Basic Router Configuration This chapter provides procedures for configuring th e basic parameters of

CHAPTER

3

Basic Router Configuration

CHAPTER 3 Basic Router Configuration This chapter provides procedures for configuring th e basic parameters of

This chapter provides procedures for configuring th e basic parameters of your Cisco router, including global parameter settings, routing protocols, interf aces, and command-line access. It also describes the default configuration on startup.

Interface Ports, page 3-2

Default Configuration, page 3-3

Information Needed fo r Configuration, page 3-4

Configuring Command-Line Access, page 3-5

Configuring Global Parameters, page 3-7

Configuring WAN Interfaces, page 3-8

Configuring the Fast Ethe rnet LAN Interfaces, page 3-55

Configuring the Wireless LAN Interface, page 3-55

Configuring a Loopback Interface, page 3-55

Configuring Static Routes, page 3-57

Configuring Dynamic Routes, page 3-58

CHAPTER 3 Basic Router Configuration This chapter provides procedures for configuring th e basic parameters of

Note

Individual router models may not support every featur e described in this guide. Features that are not

supported by a particular router are indicated wh enever possible.

CHAPTER 3 Basic Router Configuration This chapter provides procedures for configuring th e basic parameters of

This chapter includes configuration exampl es and verification steps, as available.

For complete information on how to access global configuration mode see Entering Global Configuration Mode, page A-5 .

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

3-1

 

Chapter 3

Basic Router Configuration

 

Interface Ports

Interface Ports

Table 3-1 lists the interfaces that are s upported for each router and thei r associated port labels on the equipment.

Table 3-1

Supported Interfaces and Associated Port Labels by Cisco Router

Router

Interface

Port Label

LAN Ports

Cisco 860, Cisco 880,

Fast Ethernet LAN

LAN, FE0–FE3

and Cisco 890 series

Wireless LAN

(no label)

Cisco 866VAE, 867VAE

Ethernet LAN

LAN, FE0-FE3

Cisco 866VAE-K9,

Ethernet LAN

LAN, GE0, FE0-FE3

867VAE-K9

WAN Ports

Cisco 861, 861W, 881, 881W, 881G, 881GW,

Fast Ethernet WAN

WAN, FE4

881-V

Cisco 867, 867W

ADSL2oPOTS WAN

ADSLoPOTS

Cisco 886, 886W, 886G,

ADSL2oISDN WAN

ADSLoPOTS

886GW

Cisco 887, 887W

ADSL2oPOTS WAN

ADSLoPOTS

Cisco 887V, Cisco887VW, 887VG,

VDSL2oPOTS WAN

VDSLoPOTS

887VGW

Cisco 867VA, 887VA, 887VA-M, 887VA-V,

VDSL/ADSLoPOTS WAN

VDSL/ADSLoPOTS

887VA-V-W

Cisco 888, 888W

G.SHDSL WAN

G.SHDSL

Cisco 891, 892

Fast Ethernet WAN

FE8

Gigabit Ethernet WAN

WAN GE 0

Cisco 866VAE, 867VAE

Gigabit Ethernet WAN

WAN GE0

Cisco 866VAE-K9,

Gigabit Ethernet WAN

WAN GE1

867VAE-K9

Cisco 866VAE,

VDSL/ADSLoISDN WAN

VDSL/ADSL OVER ISDN

866VAE-K9

Cisco 867VAE,

VDSL/ADSLoPOTS WAN

VDSL/ADSL OVER POTS

867VAE-K9

 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

3-2

OL-18906-06

Chapter 3

Basic Router Configuration

 

Default Configuration

 

Default Configuration

When you first boot up your Cisco router, some basi c configuration has already been performed. All of the LAN and WAN interfaces have b een created, console and vty ports are configured, and the inside interface for Network Address Translat ion (NAT) has been assigned. Use the show running-config command to view the initial conf iguration, as shown in the following example, for a Cisco 881W.

Router# show running-config

User Access Verification

Password:

Router> en Password:

Router# show running-config Building configuration ...

Current configuration : 986 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$g4y5$NxDeM.0hON6YA51bcfGvN1 enable password ciscocisco ! no aaa new-model ! ! ! ! no ip routing no ip cef ! ! ! ! ! multilink bundle-name authe ! ! archive log config hidekeys

! ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 shutdown

!

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

3-3

 

Chapter 3

Basic Router Configuration

 

Information Needed for Configuration

interface FastEthernet2 shutdown

! interface FastEthernet3 shutdown

! interface FastEthernet4 ip address 10.1.1.1 255.255.255.0 no ip route-cache duplex auto speed auto

! interface Vlan1 no ip address no ip route-cache shutdown

! interface wlan-ap0 description Service Module interface to manage the embedded AP ip unnumbered Vlan1 no cdp enable arp timeout 0

! ip route 0.0.0.0 0.0.0.0 10.1.1.1 ! ! no ip http server no ip http secure-server ! ! ! ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 password cisco login transport input telnet ssh

! scheduler max-task-time 5000

!

webvpn cef

end

Router#

Information Needed for Configuration

Gather the following information, depending on your planned network scenario, before configuring your network:

If you are setting up an Internet connection, gather the following information:

PPP client name that is a ssigned as your login name

 

Cisco 860 Series, Cisco 880 Series, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

3-4

OL-18906-06

Chapter 3

Basic Router Configuration

 
 

Configuring Command-Line Access

 
 

PPP authentication type: Challenge Handshake Au thentication Protocol (CHAP) or Password Authentication Protocol (PAP)

PPP password to access your ISP account

DNS server IP address and default gateways

If you are setting up a connection to a corporate network, you and the network administrator must generate and share the following informatio n for the WAN interf aces of the routers:

PPP authentication type: CHAP or PAP

PPP client name to access the router

PPP password to access the router

If you are setting up IP routing:

Generate the addressing scheme for your IP network.

Determine the IP routing para meter information, including IP address and ATM permanent virtual circuits (PVCs). These PVC parameters are typically virtual path identifier (VPI), virtual circuit identifier (VCI), and traffic-shaping parameters.

Determine the number of PVCs that your service provider has given you, along with their VPIs and VCIs.

For each PVC, determine the ty pe of AAL5 encapsulation supported. It can be one of the following:

AAL5SNAP—This can be either routed RFC 1483 or bridged RFC 1483. For routed RFC 1483, the service provider must provide you with a static IP address. For bridged RFC 1483, you may use DHCP to obtain your IP address, or you may obtain a static IP address from your service provider.

AAL5MUX PPP—With this type of encapsulatio n, you need to determine the PPP-related configuration items.

If you plan to connect over an ADSL or G.SHDSL line:

Order the appropriate line from your public telephone service provider.

For ADSL lines—Ensure that the ADSL signalin g type is DMT (also known as ANSI T1.413) or DMT Issue 2.

For G.SHDSL lines—Verify that the G.SHDSL lin e conforms to the ITU G.991.2 standard and supports Annex A (North America) or Annex B (Europe).

After collecting the appropriate info rmation, perform a full configuration on your router beginning with the tasks in “Configuring Command-Line Access” section on page 3-5 .

If you plan to:

Configuring Command-Line Access

To configure parameters to control access to the router, perform the following steps, beginning in global configuration mode:

Cisco 860 Series, Cisco 880 Seri es, and Cisco 890 Series Integrated Services Routers Software Configuration Guide

   

OL-18906-06

3-5

 

Chapter 3

Basic Router Configuration

 

Configuring Command-Line Access

SUMMARY STEPS

  • 1. line [ aux | console | tty | vty ] line-number

  • 2. password password

  • 3. login

  • 4. exec-timeout minutes [ seconds]

  • 5. line [ aux | console | tty | vty ] line-number

  • 6. password password

  • 7. login

  • 8. end

DETAILED STEPS

 

Command

Purpose

 

Step 1

line [ aux | console | tty | vty ] line-number

Enters line configuration mode and specifies the type of line.

 

Example:

This example specifies a console terminal for

Router(config)# line console 0 Router(config-line)#

access.

 

Step 2

password password

Specifies a unique password for the console

 

Example:

terminal line.

Router(config)# password 5dr4Hepw3 Router(config-line)#

 

Step 3

login

Enables password checking at terminal session

 

Example: