Cisco 1800 Series Software Configuration Guide Cisco Systems, Inc. www.cisco.com
advertisement
Cisco 1800 Series Software Configuration
Guide
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers
are listed on the Cisco website at
www.cisco.com/go/offices.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
© 2004 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
1
Objectives
1
Audience
1
Conventions
1
Obtaining Documentation 2
Cisco.com 2
Ordering Documentation 3
Documentation Feedback
3
Obtaining Technical Assistance 3
Cisco Technical Support Website 3
Submitting a Service Request 4
Definitions of Service Request Severity
4
Obtaining Additional Publications and Information
Overview
5
1-1
Cisco 1800 Series Software Configuration Documentation
Contents
1-1
1-2
Performing Initial Configuration 1-2
Initial Configuration Using the Cisco Router and Security Device Manager
For More Information About SDM and About Your Router 1-3
Obtaining the Latest Version of SDM 1-3
Initial Configuration Using the Setup Command Facility 1-4
Initial Configuration Using the Command-Line Interface 1-6
Verifying the Initial Configuration 1-7
1-2
Using the Cisco IOS Startup Sequence 1-7
Enabling SDM on a Router Configured to Use the IOS Startup Sequence 1-9
Configuring the Router to Support Web-Based Applications, a User with Priv 15, and
Telnet/SSH 1-9
Starting SDM on a Manually Configured Router 1-9
Basic Software Configuration Using the Setup Command Facility
Contents
1-1
1-1
Platforms Supported by This Document
1-1
Cisco 1800 Series Software Configuration Guide
iii
Contents
Platform Requirements or Restrictions
1-2
Information About the Setup Command Facility
1-2
Using the Setup Command Facility to Perform Basic Configuration
1-2
Examples of Using the Setup Command Facility to Configure Interface Parameters 1-5
Fast Ethernet Interface Configuration 1-5
Gigabit Ethernet Interface Configuration 1-6
Selecting the Port for the Gigabit Ethernet Interface 1-6
1- or 2-Port Serial Interface Configuration 1-8
Asynchronous/Synchronous Serial Interface—Asynchronous Configuration 1-10
Asynchronous/Synchronous Serial Interface—Synchronous Configuration 1-11
ISDN Basic Rate Interface Configuration 1-13
ISDN BRI Line Configuration 1-16
ISDN BRI Provisioning by Switch Type 1-16
Defining ISDN Service Profile Identifiers 1-18
Channelized E1/T1 ISDN PRI Interface Configuration 1-18
E1/T1 PRI Mode 1-18
E1 Channelized Mode 1-19
T1 Channelized Mode 1-21
1-Port, 4-Wire, 56-kbps DSU/CSU Configuration 1-23
Switched Mode 1-23
Dedicated Mode 1-24
Completing the Configuration
1-24
Basic Software Configuration Using the Cisco IOS Command-Line Interface
Contents
1-1
Platforms Supported by This Document
1-1
Prerequisites for Basic Software Configuration Using the Cisco IOS CLI
Restrictions for Basic Software Configuration Using the Cisco IOS CLI
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Configuring the Router Hostname 1-3
What to Do Next 1-4
Configuring the Enable and Enable Secret Passwords 1-4
Restrictions 1-4
Troubleshooting Tips 1-5
What to Do Next 1-5
Configuring the Console Idle Privileged EXEC Timeout 1-5
Examples 1-7
What to Do Next 1-7
Configuring Fast Ethernet and Gigabit Ethernet Interfaces 1-7
Cisco 1800 Series Software Configuration Guide
iv
1-2
1-2
1-2
1-1
Contents
Examples 1-9
What to Do Next 1-9
Specifying a Default Route or Gateway of Last Resort 1-9
IP Routing 1-10
Default Routes 1-10
Default Network 1-10
Gateway of Last Resort 1-10
Examples 1-12
What to Do Next 1-12
Configuring Virtual Terminal Lines for Remote Console Access 1-13
Examples 1-14
What to Do Next 1-14
Configuring the Auxiliary Line 1-15
What to Do Next 1-16
Verifying Network Connectivity 1-16
Prerequisites 1-16
Examples 1-17
What to Do Next 1-17
Saving Your Router Configuration 1-17
What to Do Next 1-18
Saving Backup Copies of Your Configuration and System Image 1-18
Examples 1-19
Where to Go Next
1-19
Additional References 1-20
Related Documents—Basic Software Configuration 1-20
Related Documents—Additional Configuration 1-20
Technical Assistance 1-21
Secured Branch Router Configuration Example
Introduction
1-1
1-1
Before You Begin 1-2
Conventions 1-2
Components Used 1-2
Related Products 1-2
Background Theory (Optional)
1-2
Configure 1-3
Network Diagram 1-3
Configurations 1-3
Verify
1-6
Cisco 1800 Series Software Configuration Guide
v
Contents
Commands for Verifying Firewall Websense URL Filtering 1-6
Commands for Verifying Cisco IOS Firewall Authentication Proxy 1-7
Commands for Verifying Context-Based Access Control 1-8
Commands for Verifying Cisco IOS Intrusion Prevention System 1-8
Troubleshoot 1-10
Troubleshooting Procedure (Optional)
Troubleshooting Commands 1-10
Related Information
1-10
1-11
IP Communication Solution for Group Applications Configuration Example
Introduction
1-1
Prerequisites 1-2
Requirements 1-2
Components Used 1-2
Related Products 1-3
Conventions 1-3
Configure 1-4
Network Diagram 1-4
Configurations 1-5
Cisco 3845 Router 1-5
Verify 1-19
Verification Screens: Examples 1-35
Cisco CallManager Screen Examples 1-35
Cisco CME Screen Examples 1-37
Cisco Unity Express Screen Examples 1-39
Troubleshoot 1-41
Troubleshooting Reference Documents and Commands
Related Information
1-42
Easy VPN Configuration Example
Contents
Introduction
1-1
1-1
Before You Begin 1-2
Conventions 1-2
Components Used 1-3
Related Products 1-3
Configure 1-3
Configuration Tips 1-3
Network Diagram 1-4
Cisco 1800 Series Software Configuration Guide
vi
1-1
1-41
1-1
Contents
Configurations 1-5
Headquarters Office Configuration (Cisco 3845 Router) 1-5
Branch 1 Router Configuration (Cisco 1841 Router) 1-8
Branch 2 Router Configuration (Cisco 2811 Router) 1-10
Verify
1-12
Troubleshoot 1-14
Troubleshooting Commands
Related Information
1-15
1-16
Hoot and Holler over V3PN Configuration Example
Introduction
1-1
1-1
Prerequisites 1-2
Requirements 1-2
Components Used 1-2
Related Products 1-2
Conventions 1-3
Configure 1-3
Network Diagram 1-3
Configurations 1-4
Headquarters Office Configuration (Cisco 3845 Router) 1-4
Branch 1 Router Configuration (Cisco 2801 Router) 1-9
Branch 2 Router Configuration (Cisco 2811 Router) 1-14
Verify 1-17
Verify Headquarters Connectivity 1-17
Verify Remote Location Connectivity 1-27
Verifying Branch 1 Router 1-27
Verifying Branch 2 Router 1-34
Troubleshoot 1-40
Troubleshooting Commands
Related Information
1-40
1-43
Finding Feature Documentation
1-1
Using Cisco.com Feature Resources 1-1
Voice Configuration Resources 1-1
Security Configuration Resources 1-2
Dial Configuration Resources 1-2
Finding Documentation for a Specific Feature by Using Cisco Feature Navigator
1-2
Finding Documentation for All Supported Features on Your Router by Using Cisco Feature Navigator
Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release
1-4
Cisco 1800 Series Software Configuration Guide
vii
1-3
Contents
Finding Feature Documentation by Browsing Cisco IOS Release Notes
Changing the Configuration Register Settings
1-4
1-1
Platforms Supported by This Document 1-1
Platform Requirements or Restrictions 1-1
About the Configuration Register
1-2
Changing the Configuration Register Settings
Displaying the Configuration Register Settings
1-5
1-6
Configuring the Console Line Speed (Cisco IOS CLI)
Using the ROM Monitor
Contents
1-6
1-1
1-1
Platforms Supported by This Document
Prerequisites for Using the ROM Monitor
1-1
1-1
Information About the ROM Monitor 1-2
ROM Monitor Mode Command Prompt 1-2
Why Is My Router in ROM Monitor Mode? 1-2
When Would I Use the ROM Monitor? 1-2
Tips for Using ROM Monitor Commands 1-3
Accessibility 1-3
How to Use the ROM Monitor—Typical Tasks 1-3
Entering ROM Monitor Mode 1-4
Prerequisites 1-4
Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor
Mode 1-4
Setting the Configuration Register to Boot to ROM Monitor Mode 1-6
Examples 1-7
What to Do Next 1-7
Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?) 1-8
Examples 1-8
Displaying Files in a File System (dir) 1-9
Loading a System Image (boot) 1-9
Prerequisites 1-9
Examples 1-10
What to Do Next 1-14
Downloading Files over the Router Console Port (xmodem) 1-14
Prerequisites 1-14
Restrictions 1-14
What to Do Next 1-15
Modifying the Configuration Register (confreg) 1-16
Cisco 1800 Series Software Configuration Guide
viii
Contents
Prerequisites 1-16
Restrictions 1-16
Examples 1-16
Obtaining Information on USB Flash Devices 1-17
Examples 1-18
Modifying the I/O Memory (iomemset) 1-18
Examples 1-19
Recovering the System Image (tftpdnld) 1-19
Prerequisites 1-19
Restrictions 1-19
Examples 1-23
What to Do Next 1-24
Troubleshooting Crashes and Hangs (stack, context, frame, sysret, meminfo)
Router Crashes 1-24
Router Hangs 1-24
ROM Monitor Console Communication Failure 1-24
Restrictions 1-25
Examples 1-26
Troubleshooting Tips 1-28
Exiting ROM Monitor Mode 1-29
Examples 1-30
What to Do Next 1-30
1-24
Additional References 1-30
Related Documents 1-30
Technical Assistance 1-31
Using CompactFlash Memory Cards
1-1
Platforms Supported by This Document
Requirements and Restrictions
Online Insertion and Removal
1-1
1-2
1-2
How to Format CompactFlash Memory Cards 1-4
Determining the File System on a CompactFlash Memory Card 1-4
Formatting CompactFlash Memory as a Class B Flash File System 1-5
Formatting CompactFlash Memory as a Class C File System 1-5
File Operations on CompactFlash Memory Cards 1-6
Copying Files 1-6
Displaying Files 1-6
Displaying File Content 1-7
Displaying Geometry and Format Information (Class C Only)
1-7
Cisco 1800 Series Software Configuration Guide
ix
Contents
Deleting Files 1-8
Renaming Files 1-9
Directory Operations on a CompactFlash Memory Card 1-9
Entering a Directory and Determining Which Directory You Are In
Creating a New Directory 1-11
Removing a Directory 1-13
Upgrading the System Image
Contents
1-10
1-1
1-1
Platforms Supported by This Document
1-1
Restrictions for Upgrading the System Image
1-1
Information About Upgrading the System Image 1-2
Why Would I Upgrade the System Image? 1-2
Which Cisco IOS Release Is Running on My Router Now? 1-2
How Do I Choose the New Cisco IOS Release and Feature Set?
Where Do I Download the System Image? 1-2
1-2
How to Upgrade the System Image 1-3
Saving Backup Copies of Your Old System Image and Configuration 1-3
Examples 1-4
Ensuring Adequate DRAM for the New System Image 1-4
Prerequisites 1-5
What to Do Next 1-6
Ensuring Adequate Flash Memory for the New System Image 1-6
Prerequisites 1-6
Troubleshooting Tips 1-10
What to Do Next 1-10
Copying the System Image into Flash Memory 1-10
Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory 1-10
Using the ROM Monitor to Copy the System Image over a Network 1-14
Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash
Memory 1-17
Using Console Download (xmodem) in ROM Monitor to Copy the System Image into Flash
Memory 1-18
Loading the New System Image 1-20
Loading the New System Image from the Cisco IOS Software 1-20
Loading the New System Image from ROM Monitor Mode 1-23
Saving Backup Copies of Your New System Image and Configuration 1-26
Examples 1-27
Examples for Upgrading the System Image 1-28
Upgrading the System Image on the Cisco Berry Router: Example
Cisco 1800 Series Software Configuration Guide
x
1-28
Contents
Upgrading the System Image on the Cisco May Router: Example
Additional References 1-28
Related Documents and Websites
Technical Assistance 1-29
Troubleshooting Links
1-28
1-28
1-1
Cisco 1800 Series Software Configuration Guide
xi
Contents
Cisco 1800 Series Software Configuration Guide
xii
Preface
This preface describes the objectives, audience, organization, and conventions of the software
configuration documentation for your router. It contains the following sections:
•
Objectives, page 1
•
Audience, page 1
•
Conventions, page 1
•
Obtaining Documentation, page 2
•
Documentation Feedback, page 3
•
Obtaining Technical Assistance, page 3
•
Obtaining Additional Publications and Information, page 5
Objectives
These documents explains how to configure and maintain your Cisco router.
Audience
These documents are designed for the person installing, configuring, and maintaining the Cisco router,
who should be familiar with networking technology and terminology.
Conventions
These documents use the conventions listed in Table 1 to convey instructions and information.
Table 1
Command Conventions
Convention
Description
boldface font
Commands and keywords.
italic font
Variables for which you supply values.
[
Optional keywords or arguments appear in square brackets.
]
Cisco 1800 Series Software Configuration Guide
1
Preface
Obtaining Documentation
Table 1
Command Conventions
Convention
Description
{x | y | z}
A choice of required keywords appears in braces separated by vertical bars. You
must select one.
screen font
Examples of information displayed on the screen.
boldface screen
Examples of information you must enter.
font
Note
Timesaver
Tip
Caution
<
>
Nonprinting characters, for example passwords, appear in angle brackets in
contexts where italics are not available.
[
]
Default responses to system prompts appear in square brackets.
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Means the described action saves time. You can save time by performing the action described in the
paragraph.
Means the following information will help you solve a problem. The tips information might not be
troubleshooting or even an action, but could be useful information, similar to a Timesaver.
Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several
ways to obtain technical assistance and other technical resources. These sections explain how to obtain
technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/cisco/web/support/index.html
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Cisco 1800 Series Software Configuration Guide
2
Preface
Documentation Feedback
Ordering Documentation
For information on obtaining documentationsee the monthly What’s New in Cisco Product
Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
You can order Cisco documentation in these ways:
•
Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from
the Ordering tool:
http://www.cisco.com/web/ordering/root/index.html
•
Nonregistered Cisco.com users can order documentation through a local account representative by
calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in
North America, by calling 1 800 553-NETS (6387).
Documentation Feedback
For your convenience a documentation feedback form is located at the bottom of every online document.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco
Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical
Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical
Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service
contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and
resolving technical issues with Cisco products and technologies. The website is available 24 hours a day,
365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password.
If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Cisco 1800 Series Software Configuration Guide
3
Preface
Obtaining Technical Assistance
Note
Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting
a web or phone request for service. You can access the CPI tool from the Cisco Technical Support
Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product
Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product
Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID
or model name; by tree view; or for certain products, by copying and pasting show command output.
Search results show an illustration of your product with the serial number label location highlighted.
Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information.) After you describe your situation, the TAC Service Request Tool provides
recommended solutions. If your issue is not resolved using the recommended resources, your service
request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone.
(S1 or S2 service requests are those in which your production network is down or severely degraded.)
Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business
operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.
Cisco 1800 Series Software Configuration Guide
4
Preface
Obtaining Additional Publications and Information
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
•
Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit
Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•
The Cisco Products and Services Index describes the networking products offered by
Cisco Systems, as well as ordering and customer support services. Access the Products and Services
Index at this URL:
http://www.cisco.com/en/US/products/index.html
•
Cisco Press publishes a wide range of general networking, training and certification titles. Both new
and experienced users will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press at this URL:
http://www.ciscopress.com
•
Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
•
World-class networking training is available from Cisco. You can view current offerings at
this URL:
http://www.cisco.com/en/US/learning/index.html
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
5
Preface
Obtaining Additional Publications and Information
Cisco 1800 Series Software Configuration Guide
6
Overview
This documentation supports Cisco 1800 Series Integrated Services Routers (Modular), providing a
chassis in which you can install WAN interface cards (WICs), voice/WAN interface cards (VWICs) (data
mode only for the Cisco 1841 router), and high-speed WAN interface cards (HWICs.)
The Cisco 1841 router is a data-only router with two HWIC/WIC/VWIC slots, capable of supporting
single-wide HWICs and one advanced integration module (AIM) slot. It can be placed on a desktop or
wall-mounted.
Note
Although you can use VWICs in the Cisco 1841 router, they will only function in data modes. Voice
interfaces are not supported.
Note
The interface numbering and asynchronous line numbering on Cisco 1800 series routers are different
from the numbering schemes used on other Cisco modular routers. For details, see the hardware
installation documentation for your router.
Cisco 1800 Series Software Configuration Documentation
Unlike traditional documentation, wherein all of the information appears within one printed book, the
Cisco 1800 series routers software configuration documentation takes advantage of the capabilities
inherent in web-based presentation. This includes extensive hyperlinking to other information, tools, and
many other resources on Cisco.com.
Instead of chapters, each topic area can be accessed independently. At the top level, available at
“Cisco 1800 Series Software Configuration,” the main software configuration topics include:
•
Basic Software Configuration
– Basic Software Configuration Using the Setup Command Facility
– Basic Software Configuration Using the Cisco IOS Command-Line Interface
•
Finding Feature Documentation
•
Configuration Examples
•
Troubleshooting and Maintenance
Cisco Systems, Inc.
www.cisco.com
Overview
Contents
– Upgrading the System Image
– Using CompactFlash Memory Cards
– Using the ROM Monitor
– Changing the Configuration Register Settings
– Troubleshooting Links
•
Cisco 1800 Series Cards and Modules
Note
Besides the setup facility and the IOS command-line interface, a third way of configuring Cisco routers
is through the Cisco Router and Security Device Manager. Additional information about SDM features,
is available at this URL: http://www.cisco.com/go/sdm
Note
You must have an account on Cisco.com to access many of the available tools. If you do not have an
account or have forgotten your username or password, click Cancel at the login dialog box and follow
the instructions.
Contents
Following is a list of the main topics covered in the remainder of this overview:
•
Performing Initial Configuration, page 2
•
Using the Cisco IOS Startup Sequence, page 7
Performing Initial Configuration
You can configure your router by using one of the following methods:
•
Initial Configuration Using the Cisco Router and Security Device Manager, page 2
•
Initial Configuration Using the Setup Command Facility, page 4
•
Initial Configuration Using the Command-Line Interface, page 6
Initial Configuration Using the Cisco Router and Security Device Manager
Note
We recommend that you use the Cisco Router and Security Device Manager to configure your router.
Built-in verification systems and sanity checks help to ensure both correct configurations and robust
security practices.
The Cisco Router and Security Device Manager (SDM) is an easy-to-use device management tool that
allows you to configure Cisco IOS security features and network connections through an intuitive
web-based graphical user interface. You can use SDM wizards to:
•
Configure additional LAN and WAN connections
•
Create firewalls
Cisco 1800 Series Software Configuration Guide
2
Overview
Performing Initial Configuration
•
Configure Virtual Private Network (VPN) connections
•
Perform security audits
SDM also provides an advanced mode, through which you can configure advanced features, such as
Firewall Policy, Network Address Translation (NAT), VPNs, routing protocols, and other options.
For More Information About SDM and About Your Router
For additional information about SDM features, refer to the SDM online help. Additional information
about SDM is also available at this URL:
http://www.cisco.com/go/sdm
Here you can find detailed information about SDM, including an SDM FAQ, data sheet, customer
presentation, Flash demo, and links to technical documentation and product updates.
Refer to the quick start guide for your router for other procedures, such as connecting a PC to the router
console port so that you can use the CLI when you need to, and using the router LEDs to verify
installation. The quick start guide may also contain important warranty information.
Obtaining the Latest Version of SDM
SDM is regularly enhanced to provide new features. If you are already running SDM on the router, you
can update SDM automatically by clicking on the Tools menu and selecting Update SDM. SDM will
determine whether there is a more recent version available and enables you to download and install it on
the router.
If you have a supported router that does not have SDM installed, you can download the latest version of
SDM free of charge. Instructions for installing it on your router can be found at this URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm
You should consult the SDM release notes to determine if SDM is supported for the router on which you
want to install it.
If the following messages appear at the end of the startup sequence, Cisco Router and Security Device
Manager (SDM) is installed on your router:
yourname con0 is now available
Press RETURN to get started.
Tip
If these messages do not appear, SDM was not shipped with your router. If you want to use SDM, you
can download the latest version of SDM and instructions for installing it on your router from the
following URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/sdm
To obtain the SDM quick start guide, SDM release notes, and other SDM documentation, go to
http://www.cisco.com/go/sdm and click the Technical Documentation link.
For instructions on configuring your router by using SDM, refer to the Cisco Router and Security Device
Manager (SDM) Quick Start Guide that shipped with your router.
Cisco 1800 Series Software Configuration Guide
3
Overview
Performing Initial Configuration
Initial Configuration Using the Setup Command Facility
This section shows how to use the setup command facility to configure a host name for the router, set
passwords, and configure an interface for communication with the management network.
If the following messages appear at the end of the startup sequence, the setup command facility has been
invoked automatically:
--- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes/no]:
The setup command facility prompts you for basic information about your router and network, and it
creates an initial configuration file. After the configuration file is created, you can use the CLI or
Security Device Manager to perform additional configuration.
The prompts in the setup command facility vary, depending on your router model, the installed interface
modules, and the software image. The following example and the user entries (in bold) are shown as
examples only.
Note
Step 1
If you make a mistake while using the setup command facility, you can exit and run the setup command
facility again. Press Ctrl-C, and enter the setup command at the privileged EXEC mode prompt
(Router#).
To proceed using the setup command facility, enter yes:
Would you like to enter the initial configuration dialog? [yes/no]: yes
Step 2
When the following messages appear, enter yes to enter basic management setup:
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: yes
Step 3
Enter a host name for the router (this example uses Router):
Configuring global parameters:
Enter host name [Router]: Router
Step 4
Enter an enable secret password. This password is encrypted (more secure) and cannot be seen when
viewing the configuration:
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: xxxxxx
Step 5
Enter an enable password that is different from the enable secret password. This password is not
encrypted (less secure) and can be seen when viewing the configuration:
Cisco 1800 Series Software Configuration Guide
4
Overview
Performing Initial Configuration
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: xxxxxx
Step 6
Enter the virtual terminal password, which prevents unauthenticated access to the router through ports
other than the console port:
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: xxxxxx
Step 7
Respond to the following prompts as appropriate for your network:
Configure SNMP Network Management? [yes]:
Community string [public]:
A summary of the available interfaces is displayed.
Note
The interface numbering that appears depends on the type of Cisco modular router platform and on the
installed interface modules and cards.
Current interface summary
Controller Timeslots D-Channel Configurable modes Status
T1 0/0
24
23
pri/channelized
Administratively up
Any interface listed with OK? value "NO" does not have a valid configuration
Interface
FastEthernet0/0
FastEthernet0/1
Step 8
IP-Address
unassigned
unassigned
OK? Method Status
NO unset up
NO unset up
Prol
up
dow
Select one of the available interfaces for connecting the router to the management network:
Enter interface name used to connect to the
management network from the above interface summary: fastethernet0/0
Step 9
Respond to the following prompts as appropriate for your network:
Configuring interface FastEthernet0/0:
Use the 100 Base-TX (RJ-45) connector? [yes]: yes
Operate in full-duplex mode? [no]: no
Configure IP on this interface? [yes]: yes
IP address for this interface: 172.1.2.3
Subnet mask for this interface [255.255.0.0] : 255.255.0.0
Class B network is 172.1.0.0, 26 subnet bits; mask is /16
Step 10
The configuration is displayed:
The following configuration command script was created:
hostname Router
enable secret 5 $1$D5P6$PYx41/lQIASK.HcSbfO5q1
enable password xxxxxx
line vty 0 4
password xxxxxx
snmp-server community public
!
no ip routing
!
interface FastEthernet0/0
no shutdown
Cisco 1800 Series Software Configuration Guide
5
Overview
Performing Initial Configuration
speed 100
duplex half
ip address 172.1.2.3 255.255.0.0
!
interface FastEthernet0/1
shutdown
no ip address
end
Step 11
Respond to the following prompts. Select [2] to save the initial configuration.
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started! RETURN
The user prompt is displayed.
Router>
Step 12
Verify the initial configuration. See the “Verifying the Initial Configuration” section on page 7 for
verification procedures.
For more information, see the “Basic Software Configuration Using the Setup Command Facility”
section, available at this URL:
http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/b_setup.htm
l
http://www.cisco.com/en/US/docs/ios/12_3/featlist/cfun_vcg.html
Initial Configuration Using the Command-Line Interface
This section describes briefly how to display a command-line interface (CLI) prompt for configuration
using the CLI.
You can use the CLI if the following messages appear at the end of the startup sequence:
--- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes/no]:
If these messages do not appear, SDM and a default configuration file were installed on the router at the
factory. To use SDM to configure the router, see the “Initial Configuration Using the Cisco Router and
Security Device Manager” section on page 2.
Note
Be sure to save your configuration changes occasionally so that they are not lost during resets, power
cycles, or power outages. Use the copy running-config startup-config command at the privileged
EXEC mode prompt (Router#) to save the configuration to NVRAM.
Cisco 1800 Series Software Configuration Guide
6
Overview
Using the Cisco IOS Startup Sequence
Step 1
To proceed with manual configuration using the CLI, enter no when the power-up messages end.
Would you like to enter the initial configuration dialog? [yes/no]: no
Step 2
Press Return to terminate autoinstall and continue with manual configuration.
Would you like to terminate autoinstall? [yes] Return
Several messages appear, ending with a line similar to the following:
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled <date> <time> by <person>
Step 3
Press Return to display the Router> prompt.
...
flashfs[4]: Initialization complete.
Router>
Step 4
Enter privileged EXEC mode.
Router> enable
Router#
Step 5
Verify the initial configuration. See the “Verifying the Initial Configuration” section on page 7 for
verification procedures.
For more information on using the CLI for router configuration, see “Basic Software Configuration
Using the Cisco IOS Command-Line Interface” section, available at this URL:
http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/b_setup.htm
l
Verifying the Initial Configuration
To verify that the new interfaces are operating correctly, perform the following tests:
•
To verify that the interfaces are operating correctly and that the interfaces and line protocol are in
the correct state—up or down—enter the show interfaces command.
•
To display a summary status of the interfaces configured for IP, enter the show ip interface brief
command.
•
To verify that you configured the correct host name and password, enter the show configuration
command.
When you have completed and verified the initial configuration, your Cisco router is ready to configure
for specific functions.
Using the Cisco IOS Startup Sequence
This section explains how to use the IOS Startup sequence to configure your router, as an alternative to
using SDM.
Cisco 1800 Series Software Configuration Guide
7
Overview
Using the Cisco IOS Startup Sequence
Note
Because SDM uses a default configuration file, if you have used SDM to configure your router, it does
not execute the standard Cisco IOS startup sequence.
Using the Cisco IOS setup utility enables you to use TFTP or BOOTP configuration download, or use
other features available through the standard Cisco IOS startup sequence.
The configuration file shipped with your router does the following:
•
Provides an IP address for your Fast Ethernet interface, enabling an interface to your LAN
•
Enables your router’s HTTP/HTTPS server, allowing HTTP access from your LAN
•
Creates a default username (cisco) and password (cisco) with privilege level 15
•
Enables Telnet/SSM access to the router from your LAN
To erase the existing configuration and use the Cisco IOS startup sequence, perform the following steps.
Note
SDM remains installed on the router. See the “Enabling SDM on a Router Configured to Use the IOS
Startup Sequence” section on page 9 for instructions to reenable it.
Step 1
Connect the light blue console cable, included with your router, from the blue console port on your router
to a serial port on your PC. Refer to the hardware installation guide that came with your router for
instructions.
Step 2
Connect the power supply to your router, plug the power supply into a power outlet, and turn on your
router. Refer to the quick start guide that came with your router for instructions.
Step 3
Use Hyperterminal or a similar terminal emulation program on your PC, with the terminal emulation
settings of 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to your router.
Step 4
At the prompt, enter the enable command. The default configuration file does not configure an enable
password.
yourname> enable
yourname#
Step 5
Enter the erase startup-config command.
yourname# erase startup-config
Step 6
Confirm the command by pressing Enter.
Step 7
Enter the reload command.
yourname# reload
Step 8
Confirm the command by pressing Enter.
The router begins executing the standard startup sequence. If you want to use SDM to perform
subsequent configurations for the router, you must reconfigure the router manually to support web-based
applications and the Telnet and Secure Shell (SSH) protocols. You must also create a user account with
a privilege level of 15. See the “Enabling SDM on a Router Configured to Use the IOS Startup Sequence”
section on page 9 for information.
Cisco 1800 Series Software Configuration Guide
8
Overview
Using the Cisco IOS Startup Sequence
Enabling SDM on a Router Configured to Use the IOS Startup Sequence
If you erased the factory startup configuration to use the IOS startup sequence, you can still use SDM.
To do so, you must configure the router to support web-based applications, configure it with a user
account defined with privilege level 15, and then configure it to support the Telnet and SSH protocols.
These changes can be made using a telnet session or using a console connection.
Configuring the Router to Support Web-Based Applications, a User with Priv 15, and Telnet/SSH
Step 1
Enable the HTTP/HTTPS server on the router, using the following Cisco IOS commands in the global
configuration mode:
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
If the router uses an IPSec IOS image, the HTTPS server is enabled. Otherwise only the HTTP server is
enabled.
Step 2
Create a user account with privilege level 15 (enable privileges, if necessary).
Router(config)# username <username> privilege 15 password 0 <password>
Replace <username> and <password> with the username and password of your choosing.
Step 3
Configure SSH and Telnet for local login and privilege level 15:
line vty 0 4
privilege level 15
login local
transport input telnet
transport input telnet ssh
Step 4
(Optional) Enable local logging to support the log monitoring function:
Router(config)# logging buffered 51200 warning
To use SDM on a router that has received a manual configuration, see the “Starting SDM on a Manually
Configured Router” section on page 9.
Starting SDM on a Manually Configured Router
SDM is a web-based application that must be run from a PC that is connected to the router over a LAN.
If the router is configured as a DHCP server, the PC must be configured to receive an IP address
automatically. If the router is not configured as a DHCP server, you must configure the PC with a static
IP address on the same subnet as the router interface to which you are connecting the PC. For example,
if the router has the IP address 172.16.30.1, and the subnet mask is 255.255.255.248, you must configure
the PC to use a network address in the range 172.16.30.2 through 172.16.30.6, and use the same subnet
mask as the router.
Step 1
Open a web browser on the PC, and enter the IP address for the router:
https://IP-address
Cisco 1800 Series Software Configuration Guide
9
Overview
Using the Cisco IOS Startup Sequence
The https://... specifies that the Secure Socket Layer (SSL) protocol will be used for a secure
connection. You can use http://... if SSL is not available.
Step 2
Enter the username and password that you specified in Step 2 of “Configuring the Router to Support
Web-Based Applications, a User with Priv 15, and Telnet/SSH.”
To continue configuring your router, see the “Initial Configuration Using the Cisco Router and Security
Device Manager” section on page 2.
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
10
Basic Software Configuration Using the Setup
Command Facility
You can configure your router by using the Cisco Router and Security Device Manager (SDM), the
Cisco IOS setup command facility, or the Cisco IOS command-line interface (CLI).
Note
Wherever possible, we recommend that you use SDM to configure your router. For information on the
availability and use of SDM, see the quick start guide that shipped with your router.
The software configuration documentation describes how to perform configuration tasks by using the
CLI. However, this specific document describes how to perform basic configurations by using the
Cisco IOS setup command facility.
Contents
•
Platforms Supported by This Document, page 1
•
Information About the Setup Command Facility, page 2
•
Using the Setup Command Facility to Perform Basic Configuration, page 2
•
Examples of Using the Setup Command Facility to Configure Interface Parameters, page 5
•
Completing the Configuration, page 24
Platforms Supported by This Document
Use this document with the following platforms:
•
Cisco 1800 series routers
•
Cisco 2800 series routers
•
Cisco 3800 series routers
Cisco Systems, Inc.
www.cisco.com
Basic Software Configuration Using the Setup Command Facility
Information About the Setup Command Facility
Platform Requirements or Restrictions
Use this space to tell the reader if some of the content in this doc doesn’t apply to certain
platforms, or if some of the content in this doc only applies to a platform if it has a certain hardware
or software configuration.
Information About the Setup Command Facility
The setup command facility prompts you to enter the information that is needed to configure a router
quickly. The facility steps you through a basic configuration, including LAN and WAN interfaces. For
more general information about the setup command facility, see the following document:
Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2:
Part 1: Cisco IOS User Interfaces:
Using AutoInstall and Setup
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf002.htm
Using the Setup Command Facility to Perform Basic
Configuration
This section shows how to configure a hostname for the router, set passwords, and configure an interface
for communication with the management network.
Note
The messages that will be displayed will vary, depending on your router model, the installed interface
modules, and the software image. The following example and the user entries (in bold) are shown as
examples only.
Note
If you make a mistake while using the setup command facility, you can exit and run the setup command
facility again. Press Ctrl-C, and enter the setup command in privileged EXEC mode (Router#).
Step 1
Enter the setup command facility by using one of the following methods:
•
From the Cisco IOS CLI, enter the setup command in privileged EXEC mode:
Router> enable
Password: <password>
Router# setup
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]:
•
If your router reloads and does not already have a configuration file, you are prompted to enter the
setup command facility:
Would you like to enter the initial configuration dialog? [yes/no]:
Step 2
To proceed using the setup command facility, enter yes.
Cisco 1800 Series Software Configuration Guide
2
Basic Software Configuration Using the Setup Command Facility
Using the Setup Command Facility to Perform Basic Configuration
Step 3
When the following messages appear, enter yes to enter basic management setup:
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]: yes
Step 4
Enter a hostname for the router (this example uses myrouter):
Configuring global parameters:
Enter host name [Router]: myrouter
Step 5
Enter an enable secret password. This password is encrypted (for more security) and cannot be seen
when viewing the configuration.
The enable secret is a password used to protect access to
privileged EXEC and configuration modes. This password, after
entered, becomes encrypted in the configuration.
Enter enable secret: xxxxxx
Step 6
Enter an enable password that is different from the enable secret password. This password is not
encrypted (and is less secure) and can be seen when viewing the configuration.
The enable password is used when you do not specify an
enable secret password, with some older software versions, and
some boot images.
Enter enable password: xxxxxx
Step 7
Enter the virtual terminal password, which prevents unauthenticated access to the router through ports
other than the console port:
The virtual terminal password is used to protect
access to the router over a network interface.
Enter virtual terminal password: xxxxxx
Step 8
Respond to the following prompts as appropriate for your network:
Configure SNMP Network Management? [yes]:
Community string [public]:
A summary of the available interfaces is displayed.
Note
The interface numbering that appears is dependent on the type of Cisco modular router platform
and on the installed interface modules and cards.
Current interface summary
Controller Timeslots D-Channel Configurable modes Status
T1 0/0
24
23
pri/channelized
Administratively up
Any interface listed with OK? value "NO" does not have a valid configuration
Interface
FastEthernet0/0
FastEthernet0/1
Step 9
IP-Address
unassigned
unassigned
OK? Method Status
NO unset up
NO unset up
Prol
up
dow
Select one of the available interfaces for connecting the router to the management network:
Cisco 1800 Series Software Configuration Guide
3
Basic Software Configuration Using the Setup Command Facility
Using the Setup Command Facility to Perform Basic Configuration
Enter interface name used to connect to the
management network from the above interface summary: fastethernet0/0
Step 10
Respond to the following prompts as appropriate for your network:
Configuring interface FastEthernet0/0:
Use the 100 Base-TX (RJ-45) connector? [yes]: yes
Operate in full-duplex mode? [no]: no
Configure IP on this interface? [yes]: yes
IP address for this interface: 172.1.2.3
Subnet mask for this interface [255.255.0.0] : 255.255.0.0
Class B network is 172.1.0.0, 16 subnet bits; mask is /16
The configuration is displayed:
The following configuration command script was created:
hostname myrouter
enable secret 5 $1$D5P6$PYx41/lQIASK.HcSbfO5q1
enable password xxxxxx
line vty 0 4
password xxxxxx
snmp-server community public
!
no ip routing
!
interface FastEthernet0/0
no shutdown
media-type 100BaseX
half-duplex
ip address 172.1.2.3 255.255.0.0
!
interface FastEthernet0/1
shutdown
no ip address
!
end
Step 11
Respond to the following prompts. Select [2] to save the initial configuration:
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.
Enter your selection [2]: 2
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started! RETURN
The user prompt is displayed:
myrouter>
After you complete the initial configuration tasks, you can start configuring your Cisco router for
specific functions.
Cisco 1800 Series Software Configuration Guide
4
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Examples of Using the Setup Command Facility to Configure
Interface Parameters
The setup command facility prompts vary and depend on which fixed or modular interfaces are in your
router. This section provides examples that use the setup command facility to perform the following
operations:
Note
•
Fast Ethernet Interface Configuration, page 5
•
Gigabit Ethernet Interface Configuration, page 6
•
1- or 2-Port Serial Interface Configuration, page 8
•
Asynchronous/Synchronous Serial Interface—Asynchronous Configuration, page 10
•
Asynchronous/Synchronous Serial Interface—Synchronous Configuration, page 11
•
ISDN Basic Rate Interface Configuration, page 13
•
Channelized E1/T1 ISDN PRI Interface Configuration, page 18
•
1-Port, 4-Wire, 56-kbps DSU/CSU Configuration, page 23
The messages that will be displayed will vary, depending on your router model, the installed interface
modules, and the software image. The following example and the user entries (in bold) are shown as
examples only.
Fast Ethernet Interface Configuration
The following is a brief example of configuring a Fast Ethernet interface by using the setup command
facility:
Do you want to configure FastEthernet0/0 interface [yes]:
Use the 100 Base-TX (RJ-45) connector? [yes]:
Operate in full-duplex mode? [no]:
Configure IP on this interface? [no]: yes
IP address for this interface: 6.0.0.1
Number of bits in subnet field [0]:
Class A network is 6.0.0.0, 0 subnet bits, mask is /8
Configure IPX on this interface? [yes]:
IPX network number [1]:
Need to select encapsulation type
[0] sap (IEEE 802.2)
[1] snap (IEEE 802.2 SNAP)
[2] arpa (Ethernet_II)
[3] novell-ether (Novell Ethernet_802.3)
Enter the encapsulation type [2]:
Note
Cisco 1841 and Cisco 2801 routers have a hardware limitation on the Fast Ethernet ports FE0/0 and
FE0/1. In half-duplex mode, when traffic reaches or exceeds 100% capacity (equal to or greater than
5 Mbps in each direction), the interface will experience excessive collisions and reset once per second.
To avoid this problem, traffic must be limited to less than 100% of capacity.
Cisco 1800 Series Software Configuration Guide
5
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Gigabit Ethernet Interface Configuration
The following is a brief example of configuring a Gigabit Ethernet interface by using the setup command
facility:
Note
The Gigabit Ethernet interface is not supported on Cisco 1841, Cisco 2801, or Cisco 2811 routers.
Configuring interface GigabitEthernet0/0:
Configure IP on this interface? [yes]:
IP address for this interface [192.168.200.215]: 1.0.0.1
Subnet mask for this interface [255.255.255.0] : 255.0.0.0
Class A network is 1.0.0.0, 8 subnet bits; mask is /8
Note
On Cisco 3800 series routers, the port gig 0/0 supports both the small form-factor pluggable Gigabit
Ethernet Interface Converter (SFP GBIC) and RJ-45 media types. The port gig 0/1 supports only RJ-45.
To select between SFP or RJ-45 for port gig 0/0, use the media-type command. More details follow in
the “Selecting the Port for the Gigabit Ethernet Interface” section on page 6.
The following are two examples of configurations for the Gigabit Ethernet (GE) interface. The first
example shows a sample configuration for RJ-45 mode, applicable to either port gig 0/0 or port gig 0/1:
interface GigabitEthernet0/0
ip address 1.3.153.13 255.0.0.0
duplex auto
speed auto
media-type RJ-45
SFP mode (on Cisco 3800 seriers routers only) is available only on port gig 0/0:
interface GigabitEthernet0/0
ip address 1.3.153.13 255.0.0.0
duplex auto
speed auto
media-type sfp
Selecting the Port for the Gigabit Ethernet Interface
The SFP port is supported for the GE port 0 only. GE port 1 supports only RJ-45 (or copper mode)
operation.
To select SFP type for GE port 0, use the following commands from the command-line interface (CLI):
router(config)# int gigabitEthernet 0/0
router(config-if)# media-type sfp
GigabitEthernet0/0: Changing media to SFP.
Note
The SFP port can only be set to 1000-Mbps or automatic speed. Duplex can be set to full-duplex or
automatic mode. Half-duplex communication is not supported.
The following is a typical show running config command output for gig 0/0:
router# show run int gigabitEthernet 0/0
Cisco 1800 Series Software Configuration Guide
6
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Building configuration...
Current configuration : 156 bytes
!
interface GigabitEthernet0/0
no ip address
load-interval 30
shutdown
duplex auto
speed auto
media-type sfp
no cdp enable
end
Flow Control Capabilities
Both the RJ-45 (copper) and SFP (fiber) modes of operations suppot flow control. This means that during
congestion conditions, pause frames are sent to the far end by the Media Access Control (MAC)
hardware. Also, the MAC hardware will react to the pause frames received. There is no way in current
MAC hardware to track the number of pause frames received or sent.
Flow control is on by default
Currently, there is no command to turn off the flow control capability for any of the Gigabit Ethernet
ports in any of the RJ45 or SFP modes.
Speed/Duplex Settings for the Gigabit Ethernet Ports
Typically, speed and/or duplex communications are configured manually using the speed and/or duplex
CLI commands.
Note
For the SFP port, the speed settings can be set to 1000 Mbps or auto only, and duplex can be set to full
or auto only.
The following examples show the available options:
interface gigabitEthernet 0/[0-1]
router(config-if)# speed ?
10
100
1000
auto
Force 10 Mbps operation
Force 100 Mbps operation
Force 1000 Mbps operation
Enable AUTO speed configuration
router(config-if)# duplex ?
auto
full
half
Enable AUTO duplex configuration
Force full duplex operation
Force half-duplex operation
If the speed is set to 1000 Mbps, the CLI duplex options change as follows:
router(config-if)# speed 1000
router(config-if)# duplex ?
auto
full
Enable AUTO duplex configuration
Force full duplex operation
Similarly, when duplex is set to half, the supported speeds are 10 Mbps, 100 Mbps, or “auto” as shown
here:
Cisco 1800 Series Software Configuration Guide
7
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
router(config-if)# speed ?
10
100
auto
Force 10 Mbps operation
Force 100 Mbps operation
Enable AUTO speed configuration
If the media type is SFP, the available speed and duplex settings are as follows:
router(config-if)# media-type sfp
GigabitEthernet0/0: Changing media to SFP.
You may need to update the speed and duplex settings for this interface.
router(config-if)# speed ?
1000
auto
Force 1000 Mbps operation
Enable AUTO speed configuration
router(config-if)# duplex ?
auto
full
Note
Enable AUTO duplex configuration
Force full duplex operation
If the speed and duplex setting for g0/0 in SFP mode is speed=1000 and duplex=full,
autonegotiation is in forced mode and autonegotation is turned off. For all other mode settings
of speed or duplex for SFP, autonegotiation is turned on.
If speed=1000 and duplex=full modes are specified for both g0/0 and g0/1 interfaces in copper
mode (RJ-45), autonegotiation is still turned on. This is considered to be in forced mode for
speed=1000. This occurence is per the Annex 28D.5 extensions required for clause 40
(1000-BASE-T) IEEE 802.3.
When the speed and duplex modes are forced for 10/100, and full or half modes are forced for
g0/0 and g0/1 interfaces, autonegotiation is turned off. If the interfaces are not in forced mode
for 10/100 speeds, then autonegotation will be turned on.
1- or 2-Port Serial Interface Configuration
The following is a sample configuration for a 1- or 2-port serial interface:
Do you want to configure Serial0/0/0 interface? [yes]:
Some encapsulations supported are
ppp/hdlc/frame-relay/lapb/atm-dxi/smds/x25
Choose encapsulation type
[ppp]:
Note
The following sections describe the prompts for each encapsulation type. For PPP and High-Level Data
Link Control (HDLC) encapsulation, no further configuration is needed.
No serial cable seen.
Choose mode from (dce/dte) [dte]:
If no cable is plugged in to your router, you must indicate whether the interface is to be used as DTE or
DCE. If a cable is present, the setup command facility determines the DTE/DCE status. If the serial cable
is DCE, you see the following prompt:
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
Cisco 1800 Series Software Configuration Guide
8
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
0
1200, 2400, 4800, 9600, 19200, 38400
56000, 64000, 72000, 125000, 148000, 500000
800000, 1000000, 1300000, 2000000, 4000000, 8000000
Choose clock rate from above: [2000000]:
Configure IP on this interface? [yes]:
IP address for this interface: 192.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 8 subnet bits; mask is /8
Configure IPX on this interface? [no]: yes
IPX network number [8]:
Frame Relay Encapsulation
The following is a sample configuration for Frame Relay encapsulation:
The following lmi-types are available to be set,
when connected to a frame relay switch
[0] none
[1] ansi
[2] cisco
[3] q933a
Enter lmi-type [2]:
Note
The setup command facility prompts you for the data-link connection identifier (DLCI) number only if
you specify none for the Local Management Interface (LMI) type. If you accept the default or specify
another LMI type, the DLCI number is provided by the specified protocol.
Enter the DLCI number for this interface [16]:
Do you want to map a remote machine’s IP address to dlci? [yes]:
IP address for the remote interface: 192.0.0.2
Do you want to map a remote machine’s IPX address to dlci? [yes]:
IPX address for the remote interface: 40.1234.5678
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
0
1200, 2400, 4800, 9600, 19200, 38400
56000, 64000, 72000, 125000, 148000, 500000
800000, 1000000, 1300000, 2000000, 4000000, 8000000
choose speed from above: [2000000]: 1200
Configure IP on this interface? [yes]:
IP address for this interface: 192.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 8 subnet bits; mask is /8
If Internetwork Packet Exchange (IPX) is configured on the router, the setup command facility prompts
you for the IPX map:
Do you want to map a remote machine's IPX address to dlci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
Link Access Procedure, Balanced Encapsulation
The following is a sample of configuration for Link Access Procedure, Balanced (LAPB) encapsulation,
selecting either DCE or DTE mode, with DTE as the default:
lapb circuit can be either in dce/dte mode.
Cisco 1800 Series Software Configuration Guide
9
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Choose either from (dce/dte) [dte]:
X.25 Encapsulation
The following is an example of X.25 encapsulation:
x25 circuit can be either in dce/dte mode.
Choose from either dce/dte [dte]:
Enter local x25 address: 1234
We will need to map the remote x.25 station’s x25 address
to the remote station’s IP/IPX address
Enter remote x25 address: 4321
Do you want to map the remote machine’s x25 address to IP address? [yes]:
IP address for the remote interface: 192.0.0.2
Do you want to map the remote machine’s x25 address to IPX address? [yes]:
IPX address for the remote interface: 40.1234.5678
Enter
Enter
Enter
Enter
Enter
lowest 2-way channel [1]:
highest 2-way channel [64]:
frame window (K) [7]:
Packet window (W) [2]:
Packet size (must be powers of 2) [128]:
ATM Data Exchange Interface Encapsulation
The following is an example of asynchronous transfer mode data exchange interface (ATM-DXI)
encapsulation:
Enter VPI number [1]:
Enter VCI number [1]:
Do you want to map the remote machine’s IP address to vpi and vci? [yes]:
IP address for the remote interface: 192.0.0.2
Do you want to map the remote machine’s IPX address to vpi and vci? [yes]:
IPX address for the remote interface: 40.1234.5678
Switched Multimegabit Data Service Encapsulation
The following is a sample configuration for switched multimegabit data service (SMDS) encapsulation:
Enter smds address for the local interface: c141.5556.1415
We will need to map the remote smds station’s address
to the remote station’s IP/IPX address
Enter smds address for the remote interface: c141.5556.1414
Do you want to map the remote machine’s smds address to IP address? [yes]:
IP address for the remote interface: 192.0.0.2
Do you want to map the remote machine’s smds address to IPX address? [yes]:
IPX address for the remote interface: 40.1234.5678
Asynchronous/Synchronous Serial Interface—Asynchronous Configuration
The following is a sample configuration for asynchronous configuration for an
asynchronous/synchronous serial interface:
Do you want to configure Serial1/1 interface? [yes]:
Enter mode (async/sync) [sync]: async
Configure IP on this interface? [yes]:
Cisco 1800 Series Software Configuration Guide
10
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Configure IP unnumbered on this interface? [no]:
IP address for this interface: 192.0.0.0
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 0 subnet bits; mask is /8
Configure LAT on this interface? [no]:
Configure AppleTalk on this interface? [no]:
Configure DECnet on this interface? [no]:
Configure CLNS on this interface? [no]:
Configure IPX on this interface? [no]: yes
IPX network number [8]:
Configure Vines on this interface? [no]:
Configure XNS on this interface? [no]:
Configure Apollo on this interface? [no]:
Asynchronous/Synchronous Serial Interface—Synchronous Configuration
The following is a sample configuration for synchronous configuration for an
asynchronous/synchronous serial interface:
Do you want to configure Serial1/0 interface? [yes]:
Enter mode (async/sync) [sync]:
Some supported encapsulations are
ppp/hdlc/frame-relay/lapb/x25/atm-dxi/smds
Choose encapsulation type [hdlc]:
Note
The following sections describe the prompts for each encapsulation type. For PPP and High-Level Data
Link Control (HDLC) encapsulation, no further configuration is needed.
No serial cable seen.
Choose mode from (dce/dte) [dte]:
If no cable is plugged in to your router, you must indicate whether the interface is to be used as DTE or
DCE. If a cable is present, the setup command facility determines the DTE/DCE status. If the serial cable
is DCE, you see the following prompt:
Configure IP on this interface? [no]: yes
Configure IP unnumbered on this interface? [no]:
IP address for this interface: 192.0.0.0
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 0 subnet bits; mask is /8
Configure LAT on this interface? [no]:
Frame Relay Encapsulation
The following is a sample configuration for Frame Relay encapsulation:
The following lmi-types are available to be set,when connected to a frame relay switch:
[0] none
[1] ansi
[2] cisco
[3] q933a
Enter lmi-type [2]:
Note
The setup command facility prompts you for the data-link connection identifier (DLCI) number only if
you specify none for the Link Management Interface (LMI) type. If you accept the default or specify
another LMI type, the DLCI number is provided by the specified protocol.
Cisco 1800 Series Software Configuration Guide
11
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Enter the DLCI number for this interface [16]:
Do you want to map a remote machine’s IP address to dlci? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map a remote machine’s IPX address to dlci? [yes]:
IPX address for the remote interface: 40.1234.5678
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
0
1200, 2400, 4800, 9600, 19200, 38400
56000, 64000, 72000, 125000, 148000, 500000
800000, 1000000, 1300000, 2000000, 4000000, 8000000
choose speed from above: [2000000]: 1200
Configure IP on this interface? [yes]:
IP address for this interface: 192.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 8 subnet bits; mask is /8
If Internetwork Packet Exchange (IPX) is configured on the router, the setup command facility prompts
you for the IPX map:
Do you want to map a remote machine's IPX address to dlci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
LAPB Encapsulation
The following is an example of configuration for LAPB encapsulation, selecting either DCE or DTE
mode, with DTE as the default:
lapb circuit can be either in dce/dte mode.
Choose either from (dce/dte) [dte]:
X.25 Encapsulation
The following is a sample configuration for X.25 encapsulation:
x25 circuit can be either in dce/dte mode.
Choose from either dce/dte [dte]:
Enter local x25 address: 1234
We will need to map the remote x.25 station’s x25 address
to the remote station’s IP/IPX address
Enter remote x25 address: 4321
Do you want to map the remote machine’s x25 address to IP address? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map the remote machine’s x25 address to IPX address? [yes]:
IPX address for the remote interface: 40.1234.5678
Enter
Enter
Enter
Enter
Enter
lowest 2-way channel [1]:
highest 2-way channel [64]:
frame window (K) [7]:
Packet window (W) [2]:
Packet size (must be powers of 2) [128]:
ATM-DXI Encapsulation
The following is a sample configuration for asynchronous transfer mode, data exchange interface
(ATM-DXI) encapsulation:
Enter VPI number [1]:
Cisco 1800 Series Software Configuration Guide
12
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Enter VCI number [1]:
Do you want to map the remote machine’s IP address to vpi and vci? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map the remote machine’s IPX address to vpi and vci? [yes]:
IPX address for the remote interface: 40.1234.5678
SMDS Encapsulation
The following is a sample configuration for switched multimegabit data service (SMDS) encapsulation:
Enter smds address for the local interface: c141.5556.1415
We will need to map the remote smds station’s address
to the remote station’s IP/IPX address
Enter smds address for the remote interface: c141.5556.1414
Do you want to map the remote machine’s smds address to IP address? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map the remote machine’s smds address to IPX address? [yes]:
IPX address for the remote interface: 40.1234.5678
ISDN Basic Rate Interface Configuration
Valid Integrated Services Digital Network (ISDN) switch types are shown in Table 1.
Table 1
ISDN Switch Types
Country
ISDN Switch Type
Description
Australia
basic-ts013
Australian TS013 switches
Europe
basic-1tr6
German 1TR6 ISDN switches
basic-nwnet3
Norwegian NET3 ISDN switches (phase 1)
basic-net3
NET3 ISDN switches (UK and others)
basic-net5
NET5 switches (UK and others)
vn2
French VN2 ISDN switches
vn3
French VN3 ISDN switches
Japan
ntt
Japanese NTT ISDN switches
New Zealand
basic-nznet3
New Zealand NET3 switches
North America
basic-5ess
AT&T basic rate switches
basic-dms100
NT DMS-100 basic rate switches
basic-ni1
National ISDN-1 switches
The following is a sample configuration for ISDN basic rate communication:
BRI interface needs isdn switch-type to be configured
Valid switch types are:
[0] none..........Only if you don't want to configure BRI.
[1] basic-1tr6....1TR6 switch type for Germany
[2] basic-5ess....AT&T 5ESS switch type for the US/Canada
[3] basic-dms100..Northern DMS-100 switch type for US/Canada
[4] basic-net3....NET3 switch type for UK and Europe
[5] basic-ni......National ISDN switch type
Cisco 1800 Series Software Configuration Guide
13
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
[6]
[7]
[8]
basic-ts013...TS013 switch type for Australia
ntt...........NTT switch type for Japan
vn3...........VN3 and VN4 switch types for France
Choose ISDN BRI Switch Type [2]:
Do you want to configure BRI0/0/0 interface? [yes]:
Some encapsulations supported are
ppp/hdlc/frame-relay/lapb/x25
Choose encapsulation type
[ppp]:
Note
The following sections describe the prompts for each encapsulation type. No further configuration is
needed for HDLC encapsulation.
Do you have service profile identifiers (SPIDs) assigned? [no]: y
Enter SPID1: 12345
Enter SPID2: 12345
Note
The setup command facility prompts you for the service profile identifier (SPID) number only if you
specify basic-5ess, basic-ni1, or basic-dms100 for the switch type.
Do you want to map the remote machine's
IP address for the remote interface:
Do you want to map the remote machine's
IPX address of the remote interface:
IP address in dialer map? [yes]:
192.0.0.1
IP address in dialer map? [yes]:
40.0060.34c6.90ed
To get to 192.0.0.1 we will need to make a phone call.
Please enter the phone number to call: 1234567890
Configure IP on this interface? [yes]:
Note
If your router has at least one configured LAN interface, you can choose to use an unnumbered IP
address on the interface.
Configure IP unnumbered on this interface? [no]: y
Assign to which interface [Ethernet0/0]:
Note
If your router does not have a configured LAN interface, you must use a numbered IP address.
IP address for this interface: 192.0.0.1
Enter the subnet mask [255.0.0.0]:
Point-to-Point Protocol Encapsulation
The following is a sample configuration for point-to-point protocol (PPP) encapsulation:
Would you like to enable multilink PPP [yes]:
Enter a username for CHAP authentication [Router]:remote_router
Enter a password for CHAP authentication: secret
Note
The password, which is used by the Challenge Handshake Authentication Protocol (CHAP)
authentication process, is case sensitive and must exactly match the password for the remote router.
Cisco 1800 Series Software Configuration Guide
14
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Frame Relay Encapsulation
The following is a sample configuration for Frame Relay encapsulation:
The following lmi-types are available to be set,
when connected to a frame relay switch
[0] none
[1] ansi
[2] cisco
[3] q933a
Enter lmi-type [2]:
Note
The setup command facility prompts you for the DLCI number only if you specify none for the LMI
type. If you accept the default or specify another LMI type, the DLCI number is provided by the specified
protocol.
Enter the DLCI number for this interface [16]:
Do you want to map a remote machine’s IP address to dlci? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map a remote machine’s IPX address to dlci? [yes]:
IPX address for the remote interface: 40.1234.5678
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
0
1200, 2400, 4800, 9600, 19200, 38400
56000, 64000, 72000, 125000, 148000, 500000
800000, 1000000, 1300000, 2000000, 4000000, 8000000
choose speed from above: [2000000]: 1200
Configure IP on this interface? [yes]:
IP address for this interface: 192.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 8 subnet bits; mask is /8
Note
If IPX is configured on the router, the setup command facility prompts you for the IPX map:
Do you want to map a remote machine's IPX address to dlci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
Link Access Procedure, Balanced Encapsulation
The following is a sample configuration for Link Access Procedure, Balanced (LAPB) encapsulation,
with DTE mode as the default:
lapb circuit can be either in dce/dte mode
Choose either from (dce/dte) [dte]:
ATM-DXI Encapsulation
The following is a sample configuration for asynchronous transfer mode data exchange interface
(ATM-DXI) encapsulation:
Enter VPI number [1]:
Enter VCI number [1]:
Do you want to map the remote machine's IP address to vpi and vci? [yes]:
IP address for the remote interface: 6.0.0.1
Do you want to map the remote machine's IPX address to vpi and vci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
Cisco 1800 Series Software Configuration Guide
15
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
SMDS Encapsulation
The following is a sample configuration for switched multimegabit data service (SMDS) encapsulation:
Enter smds address for the local interface: c141.5556.1415
We will need to map the remote smds station's address to the remote station’s IP address
Enter smds address for the remote interface: c141.5556.1414
Do you want to map the remote machine's smds address to IP address? [yes]:
IP address for the remote interface: 192.0.0.1
Do you want to map the remote machine's smds address to IP address? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
X.25 Encapsulation
The following is a sample configuration for X.25 encapsulation:
x25 circuit can be either in dce/dte mode.
Choose from either dce/dte [dte]:
Enter local x25 address: 1234
We will need to map the remote x.25 station's x25 address
to the remote station’s IP/IPX address
Do you want to map the remote machine's x25 address to IP address? [yes]:
IP address for the remote interface: 6.0.0.1
Do you want to map the remote machine's x25 address to IPX address? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
Enter remote x25 address: 4321
Enter lowest 2-way channel [1]:
Enter highest 2-way channel [64]:
Enter frame window (K) [7]:
Enter Packet window (W) [2]:
Enter Packet size (must be powers of 2) [128]:
ISDN BRI Line Configuration
Before using a router with an ISDN basic rate interface (BRI) interface, you must order a correctly
configured ISDN BRI line from your local telecommunications service provider.
The ordering process varies from provider to provider and from country to country. However, some
general guidelines apply:
•
Ask for two channels to be called by one number.
•
Ask for delivery of calling line identification, also known as Caller ID or automated number
identification (ANI).
•
If the router will be the only device attached to the ISDN BRI line, ask for point-to-point service
and a data-only line.
•
If you plan to connect another ISDN device (such as an ISDN telephone) to the ISDN BRI line
through the router, ask for point-to-multipoint service (subaddressing is required) and a
voice-and-data line.
ISDN BRI Provisioning by Switch Type
ISDN BRI provisioning refers to the types of services provided by the ISDN BRI line. Although
provisioning is performed by your ISDN BRI service provider, you must tell the provider what you want.
Table 2 lists the provisioning you that should order for the router, based on switch type.
Cisco 1800 Series Software Configuration Guide
16
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Table 2
ISDN Provisioning by Switch Type
Switch Type
Provisioning
5ESS Custom BRI
For data only
2 B channels for data.
Point to point.
Terminal type = E.
1 directory number (DN) assigned by service provider.
MiniTerm (MTERM) = 1.
Request delivery of calling line ID on Centrex lines.
Set speed for ISDN calls to 56 kbps outside local exchange.
5ESS Custom BRI
For voice and data
(Use these values only if you have an ISDN telephone connected.)
2 B channels for voice or data.
Multipoint.
Terminal type = D.
2 directory numbers assigned by service provider.
2 service profile identifiers (SPIDs) required, assigned by service provider.
MTERM = 2.
Number of call appearances = 1.
Display = No.
Ringing/idle call appearances = idle.
Autohold= no.
Onetouch = no.
Request delivery of calling line ID on Centrex lines.
Set speed for ISDN calls to 56 kbps outside local exchange.
Directory number 1 can hunt to directory number 2.
5ESS National ISDN
(NI-1) BRI
For voice and data
DMS-100 BRI
For voice and data
Terminal type = A.
2 B channels for voice and data.
2 directory numbers assigned by service provider.
2 SPIDs required; assigned by service provider.
Set speed for ISDN calls to 56 kbps outside local exchange.
Directory number 1 can hunt to directory number 2.
2 B channels for voice and data.
2 directory numbers assigned by service provider.
2 SPIDs required; assigned by service provider.
Functional signaling.
Dynamic terminal endpoint identifier (TEID) assignment.
Maximum number of keys = 64.
Release key = no, or key number = no.
Ringing indicator = no.
Electronic Key Telephone Set (EKTS) = no.
Permanent Virtual Circuit (PVC) = 2.
Request delivery of calling line ID on Centrex lines.
Set speed for ISDN calls to 56 kbps outside local exchange.
Directory number 1 can hunt to directory number 2.
Cisco 1800 Series Software Configuration Guide
17
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Defining ISDN Service Profile Identifiers
Some service providers assign service profile identifiers (SPIDs) to define the services subscribed to by
an ISDN device. If your service provider requires SPIDs, your ISDN device cannot place or receive calls
until it sends a valid SPID to the service provider when initializing the connection. A SPID is usually a
seven-digit telephone number plus some optional numbers, but service providers may use different
numbering schemes. SPIDs have significance at the local access ISDN interface only; the SPID is never
sent to remote routers.
At present, only DMS-100 and NI-1 switch types require SPIDs. Two SPIDs are assigned for the
DMS-100 switch type, one for each B channel. The AT&T 5ESS switch type may support SPIDs, but we
recommend that you set up that ISDN service without SPIDs.
If your service provider assigns you SPIDs, you must define these SPIDs on the router. To define SPIDs
and the local directory number (LDN) on the router for both ISDN BRI B channels, use the following
isdn spid command in privileged EXEC mode:
Router(config-if)# isdn spid1 spid-number [ldn]
Router(config-if)# isdn spid2 spid-number [ldn]
Note
Although the LDN is an optional parameter in the command, you may need to enter it so that the router
can answer calls made to the second directory number.
Channelized E1/T1 ISDN PRI Interface Configuration
Note
Channelized E1/T1 ISDN PRI interfaces are not supported on Cisco 1841 routers.
The following is a sample configuration for a channelized E1/T1 ISDN PRI interface:
The following ISDN switch types are available:
[0] none............If you do not want to configure ISDN
[1] primary-4ess....AT&T 4ESS switch type for US and Canada
[2] primary-5ess....AT&T 5ESS switch type for US and Canada
[3] primary-dms100..Northern Telecom switch type for US and Canada
[4] primary-net5....European switch type for NET5
[5] primary-ni......National ISDN Switch type for the U.S
[6] primary-ntt.....Japan switch type
[7] primary-ts014...Australian switch type
Choose ISDN PRI Switch Type [2]:
Configuring controller T1 1/0 in pri or channelized mode
Do you want to configure this interface controller? [no]:
Will you be using PRI on this controller? [yes]:
E1/T1 PRI Mode
The following is a sample configuration for E1/T1 PRI mode:
The following framing types are available:
esf | sf
Enter the framing type [esf]:
The following linecode types are available:
ami | b8zs
Enter the line code type [b8zs]:
Cisco 1800 Series Software Configuration Guide
18
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Enter number of time slots [24]:
Do you want to configure Serial1/0:23 interface? [yes]:
Configuring the PRI D-channel
Would you like to enable multilink PPP? [yes]:
Configure IP on this interface? [no]: y
Configure IP unnumbered on this interface? [no]: y
Assign to which interface [Ethernet0/0]:
All users dialing in through the PRI will need to be
authenticated using CHAP. The username and password are
case sensitive.
Enter more username and passwords for PPP authentication? [no]: y
Enter the username used for dial-in CHAP authentication [Router]:
Enter the PPP password of the user dialing in on PRI:
Enter more username and passwords for PPP authentication? [no]:
E1 Channelized Mode
The following is a sample configuration for E1 channelized mode:
The following framing types are available:
no-crc4 | crc4
Enter the framing type [crc4]:
The following linecode types are available:
ami | hdb3
Enter the line code type [hdb3]:
Do you want to configure Serial1/1:0 interface?: [Yes]:
Configuring the Channelized E1/T1 serial channels
Some encapsulations supported are
ppp/hdlc/frame-relay/lapb/atm-dxi/smds/x25
Choose encapsulation type
[ppp]:
Configure IP on this interface? [no]: y
Configure IP unnumbered on this interface? [no]:
IP address for this interface: 3.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 3.0.0.0, 8 subnet bits; mask is /8
Note
The following sections describe the prompts you for each encapsulation type. No further configuration
is needed for HDLC encapsulation.
PPP Encapsulation
The following is a sample configuration for PPP encapsulation:
Would you like to enable multilink PPP [yes]:
Enter a username for CHAP authentication [Router]:remote_router
Enter a password for CHAP authentication: secret
Note
The password, which is used by the Challenge Handshake Authentication Protocol (CHAP)
authentication process, is case sensitive and must exactly match the password for the remote router.
Cisco 1800 Series Software Configuration Guide
19
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Frame Relay Encapsulation
The following is a sample configuration for Frame Relay encapsulation:
The following lmi-types are available to be set,
when connected to a frame relay switch
[0] none
[1] ansi
[2] cisco
[3] q933a
Enter lmi-type [2]:
Note
The setup command facility prompts you for the data-link connection identifier (DLCI) number only if
you specify none for the LMI type. If you accept the default or specify another Local Management
Interface (LMI) type, the DLCI number is provided by the specified protocol.
Enter the DLCI number for this interface [16]:
Do you want to map a remote machine’s IP address to dlci? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map a remote machine’s IPX address to dlci? [yes]:
IPX address for the remote interface: 40.1234.5678
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
0
1200, 2400, 4800, 9600, 19200, 38400
56000, 64000, 72000, 125000, 148000, 500000
800000, 1000000, 1300000, 2000000, 4000000, 8000000
choose speed from above: [2000000]: 1200
Configure IP on this interface? [yes]:
IP address for this interface: 192.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 8 subnet bits; mask is /8
If Internetwork Packet Exchange (IPX) is configured on the router, the setup command facility prompts
you for the IPX map:
Do you want to map a remote machine's IPX address to dlci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
LAPB Encapsulation
The following is a sample configuration for Link Access Procedure, Balanced (LAPB) encapsulation:
lapb circuit can be either in dce/dte mode
Choose either from (dce/dte) [dte]:
ATM-DXI Encapsulation
The following is a sample configuration for asynchronous transfer mode data exchange interface
(ATM-DXI) encapsulation:
Enter VPI number [1]:
Enter VCI number [1]:
Do you want to map the remote machine's IP address to vpi and vci? [yes]:
IP address for the remote interface: 6.0.0.1
Do you want to map the remote machine's IPX address to vpi and vci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
Cisco 1800 Series Software Configuration Guide
20
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
SMDS Encapsulation
The following is a sample configuration for switched multimegabit data service (SMDS) encapsulation:
Enter smds address for the local interface: c141.5556.1415
We will need to map the remote smds station's address to the remote station’s IP address
Enter smds address for the remote interface: c141.5556.1414
Do you want to map the remote machine's smds address to IP address? [yes]:
IP address for the remote interface: 192.0.0.1
Do you want to map the remote machine's smds address to IP address? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
X.25 Encapsulation
The following is an example configuration for X.25 encapsulation:
x25 circuit can be either in dce/dte mode.
Choose from either dce/dte [dte]:
Enter local x25 address: 1234
We will need to map the remote x.25 station's x25 address
to the remote station’s IP/IPX address
Do you want to map the remote machine's x25 address to IP address? [yes]:
IP address for the remote interface: 6.0.0.1
Do you want to map the remote machine's x25 address to IPX address? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
Enter remote x25 address: 4321
Enter lowest 2-way channel [1]:
Enter highest 2-way channel [64]:
Enter frame window (K) [7]:
Enter Packet window (W) [2]:
Enter Packet size (must be powers of 2) [128]:
T1 Channelized Mode
The following is a sample configuration for T1 channelized mode:
The following framing types are available:
esf | sf
Enter the framing type [esf]:
The following linecode types are available:
ami | b8zs
Enter the line code type [b8zs]:
T1 is capable of being configured for channel 1-24
Enter number of time slots [24]: 3
Configure more channel groups? [no]: y
Enter number of time slots [21]: 3
Configure more channel groups? [no]: y
Enter number of time slots [18]: 3
Configure more channel groups? [no]: y
Enter number of time slots [15]:
Configure more channel groups? [no]:
Note
The following sections describe the prompts for each encapsulation type. No further configuration is
needed for High-Level Data Link Control (HDLC) encapsulation.
Cisco 1800 Series Software Configuration Guide
21
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
PPP Encapsulation
The following is a sample configuration for PPP encapsulation:
Would you like to enable multilink PPP [yes]:
Enter a remote hostname for PPP authentication [Router]:
Enter a password for PPP authentication:
Note
The password, which is used by the Challenge Handshake Authentication Protocol (CHAP)
authentication process, is case sensitive and must exactly match the password for the remote router.
Frame Relay Encapsulation
The following is a sample configuration for Frame Relay encapsulation:
The following lmi-types are available to be set,
when connected to a frame relay switch
[0] none
[1] ansi
[2] cisco
[3] q933a
Enter lmi-type [2]:
Note
The setup command facility prompts you for the data-link connection identifier (DLCI) number only if
you specify none for the LMI type. If you accept the default or specify another Local Management
Interface (LMI) type, the DLCI number is provided by the specified protocol.
Enter the DLCI number for this interface [16]:
Do you want to map a remote machine’s IP address to dlci? [yes]:
IP address for the remote interface: 2.0.0.2
Do you want to map a remote machine’s IPX address to dlci? [yes]:
IPX address for the remote interface: 40.1234.5678
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
0
1200, 2400, 4800, 9600, 19200, 38400
56000, 64000, 72000, 125000, 148000, 500000
800000, 1000000, 1300000, 2000000, 4000000, 8000000
choose speed from above: [2000000]: 1200
Configure IP on this interface? [yes]:
IP address for this interface: 192.0.0.1
Subnet mask for this interface [255.0.0.0]:
Class A network is 2.0.0.0, 8 subnet bits; mask is /8
If Internetwork Packet Exchange (IPX) is configured on the router, the setup command facility prompts
you for the IPX map:
Do you want to map a remote machine's IPX address to dlci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
LAPB Encapsulation
The following is a sample configuration for Link Access Procedure, Balanced (LAPB) encapsulation:
lapb circuit can be either in dce/dte mode
Cisco 1800 Series Software Configuration Guide
22
Basic Software Configuration Using the Setup Command Facility
Examples of Using the Setup Command Facility to Configure Interface Parameters
Choose either from (dce/dte) [dte]:
ATM-DXI Encapsulation
The following is a sample configuration for asynchronous transfer mode data exchange interface
(ATM-DXI) encapsulation:
Enter VPI number [1]:
Enter VCI number [1]:
Do you want to map the remote machine's IP address to vpi and vci? [yes]:
IP address for the remote interface: 6.0.0.1
Do you want to map the remote machine's IPX address to vpi and vci? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
SMDS Encapsulation
The following is a sample configuration for switched multimegabit data service (SMDS) encapsulation:
Enter smds address for the local interface: c141.5556.1415
We will need to map the remote smds station's address to the remote station’s IP address
Enter smds address for the remote interface: c141.5556.1414
Do you want to map the remote machine's smds address to IP address? [yes]:
IP address for the remote interface: 192.0.0.1
Do you want to map the remote machine's smds address to IP address? [yes]:
IPX address for the remote interface: 40.0060.34c6.90ed
1-Port, 4-Wire, 56-kbps DSU/CSU Configuration
The switched-56 WAN interface card is configured for dedicated or leased-line service by default, but it
can also be configured for circuit-switched service, here known as 1-port, 4-wire 56-kbps DSU/CSU
configuration. Depending on the type of data transmissions you typically use, you can configure the
switched-56 WAN interface card for either circuit-switched service or dedicated-line service.
Generally, circuit-switched service is ideal for short-duration data transmissions or as an alternative
route if a dedicated line fails. For example, circuit-switched service is ideal for sending electronic mail
messages or doing such tasks as updating inventory and ordering records from one network database to
another at the end of each day.
Dedicated service is ideal for heavy network traffic. Dedicated service is ideal if you need a constant
network connection or you need connection for more than eight hours per day.
Switched Mode
The following is a sample configuration for a switched mode interface:
Do you want to configure Serial0/0/0 interface? [yes]:
Some encapsulations supported are
ppp/hdlc/frame-relay/lapb/atm-dxi/smds/x25
Choose encapsulation type
[ppp]:
Switched 56k interface may either be in switched/Dedicated mode
Choose from either (switched/dedicated) [switched]:
The following switched carrier types are to be set when in switched mode
(at&t, sprint or other)
Choose carrier (at&t/sprint/other) [other]:
Cisco 1800 Series Software Configuration Guide
23
Basic Software Configuration Using the Setup Command Facility
Completing the Configuration
Do you want to map the remote machine's ip address in dialer map? [yes]:
IP address for the remote interface : 1.0.0.2
Do you want to map the remote machine's ipx address in dialer map? [yes]:
IPX address for the remote interface : 40.0060.34c6.90ed
Note
The setup command facility asks for only one telephone number for both IP and Internetwork Packet
Exchange (IPX) (if enabled).
Please enter the phone number to call : 1234567890
Configure IP on this interface? [yes]:
IP address for this interface: 1.0.0.1
Subnet mask for this interface [255.0.0.0] :
Class A network is 1.0.0.0, 8 subnet bits; mask is /8
Dedicated Mode
The following is a sample configuration for a dedicated mode interface:
Do you want to configure Serial0/0/0 interface? [yes]:
Some encapsulations supported are
ppp/hdlc/frame-relay/lapb/atm-dxi/smds/x25
Choose encapsulation type
[ppp]:
Switched 56k interface may either be in switched/Dedicated mode
Choose from either (switched/dedicated) [switched]: dedi
When in dds mode, the clock for sw56 module can either from line/internal.
Choose clock from (line/internal) [line]:
Note
If the internal clock is selected, speed cannot be set to “auto.” Autosensing is allowed only when the
clock source is line.
When in dds mode, the clock for the sw56 module can either be line or internal.
Choose clock from (line/internal) [line]: internal
Warning: internal can be chosen only when connected back-to-back.
Serial interface needs clock rate to be set in dce mode.
The following clock rates are supported on the serial interface.
auto, 2.4, 4.8, 9.6, 19.2, 38.4
56, 64
choose clock rate from above [56]:
Configure IP on this interface? [yes]:
IP address for this interface: 1.0.0.1
Subnet mask for this interface [255.0.0.0] :
Class A network is 1.0.0.0, 8 subnet bits; mask is /8
Completing the Configuration
When you have provided all the information requested by the setup command facility, the configuration
appears. To complete your router configuration, follow these steps:
Step 1
A setup command facility prompt asks if you want to save this configuration.
Cisco 1800 Series Software Configuration Guide
24
Basic Software Configuration Using the Setup Command Facility
Completing the Configuration
If you answer no, the configuration information you entered is not saved, and you return to the router
enable prompt (Router#). Enter setup to return to the System Configuration Dialog.
If you answer yes, the configuration is saved, and you are returned to the user EXEC prompt
(Router>).
Use this configuration? {yes/no} : yes
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started!
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
%LINK-3-UPDOWN:
Interface
Interface
Interface
Interface
Interface
Interface
Interface
Interface
Ethernet0/0, changed state to up
Ethernet0/1, changed state to up
Serial0/0/0, changed state to up
Serial0/0/1, changed state to down
Serial0/2, changed state to down
Serial1/0, changed state to up
Serial1/1, changed state to down
Serial1/2, changed state to down
<Additional messages omitted.>
Step 2
When the messages stop appearing on your screen, press Return to get the Router> prompt.
Note
If you see the next message, it means that no other AppleTalk routers were found on the network
attached to the port.
%AT-6-ONLYROUTER: Ethernet0/0: AppleTalk port enabled; no neighbors found
Step 3
The Router> prompt indicates that you are now at the command-line interface (CLI) and you have just
completed a basic router configuration. Nevertheless, this is not a complete configuration. At this point,
you have two choices:
•
Run the setup command facility again, and create another configuration.
Router> enable
Password: password
Router# setup
•
Modify the existing configuration or configure additional features by using the CLI:
Router> enable
Password: password
Router# configure terminal
Router(config)#
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
25
Basic Software Configuration Using the Setup Command Facility
Completing the Configuration
Cisco 1800 Series Software Configuration Guide
26
Basic Software Configuration Using the
Cisco IOS Command-Line Interface
This document describes how to use the Cisco IOS command-line interface (CLI) to perform a basic
software configuration for your router.
Contents
•
Platforms Supported by This Document, page 1
•
Prerequisites for Basic Software Configuration Using the Cisco IOS CLI, page 2
•
Restrictions for Basic Software Configuration Using the Cisco IOS CLI, page 2
•
How to Perform a Basic Software Configuration Using the Cisco IOS CLI, page 2
•
Where to Go Next, page 19
•
Where to Go Next, page 19
•
Additional References, page 20
Platforms Supported by This Document
Use this document with the following platforms:
•
Cisco 1800 series routers
•
Cisco 2800 series routers
•
Cisco 3800 series routers
Cisco Systems, Inc.
www.cisco.com
Basic Software Configuration Using the Cisco IOS Command-Line Interface
Prerequisites for Basic Software Configuration Using the Cisco IOS CLI
Prerequisites for Basic Software Configuration Using the
Cisco IOS CLI
Follow the instructions in the quick start guide that shipped with your router to install the chassis,
connect cables, and power up the router.
Timesaver
Before powering up the router, disconnect all WAN cables from the router to keep it from trying to run
the AutoInstall process. The router may try to run AutoInstall if you power it on while there is a WAN
connection on both ends and the router does not have a valid configuration file stored in NVRAM (for
instance, when you add a new interface). It can take several minutes for the router to determine that
AutoInstall is not connected to a remote TCP/IP host.
Restrictions for Basic Software Configuration Using the
Cisco IOS CLI
If Cisco Router and Security Device Manager (SDM) is installed on your router, we recommend that you
use Cisco SDM instead of the Cisco IOS CLI to perform the initial software configuration. To access
SDM, see the quick start guide that shipped with your router.
How to Perform a Basic Software Configuration Using the
Cisco IOS CLI
This section contains the following procedures:
•
Configuring the Router Hostname, page 3 (Optional)
•
Configuring the Enable and Enable Secret Passwords, page 4 (Required)
•
Configuring the Console Idle Privileged EXEC Timeout, page 5 (Optional)
•
Configuring Fast Ethernet and Gigabit Ethernet Interfaces, page 7 (Required)
•
Specifying a Default Route or Gateway of Last Resort, page 9 (Required)
•
Configuring Virtual Terminal Lines for Remote Console Access, page 13 (Required)
•
Configuring the Auxiliary Line, page 15 (Optional)
•
Verifying Network Connectivity, page 16 (Required)
•
Saving Your Router Configuration, page 17 (Required)
•
Saving Backup Copies of Your Configuration and System Image, page 18 (Optional)
Cisco 1800 Series Software Configuration Guide
2
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Configuring the Router Hostname
The hostname is used in CLI prompts and default configuration filenames. If you do not configure the
router hostname, the router uses the factory-assigned default hostname “Router.”
Do not expect capitalization and lowercasing to be preserved in the hostname. Uppercase and lowercase
characters are treated as identical by many Internet software applications. It may seem appropriate to
capitalize a name as you would ordinarily do, but conventions dictate that computer names appear in all
lowercase characters. For more information, see RFC 1178, Choosing a Name for Your Computer.
The name must also follow the rules for Advanced Research Projects Agency Network (ARPANET)
hostnames. They must start with a letter, end with a letter or digit, and have as interior characters only
letters, digits, and hyphens. Names must be 63 characters or fewer. For more information, see RFC 1035,
Domain Names—Implementation and Specification.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
hostname name
4.
Verify that the router prompt displays your new hostname.
5.
end
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Router# configure terminal
Step 3
hostname name
Specifies or modifies the hostname for the network server.
Example:
Router(config)# hostname myrouter
Step 4
Verify that the router prompt displays your new
hostname.
—
Example:
myrouter(config)#
Step 5
end
(Optional) Returns to privileged EXEC mode.
Example:
myrouter# end
Cisco 1800 Series Software Configuration Guide
3
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
What to Do Next
Proceed to the “Configuring the Enable and Enable Secret Passwords” section on page 4.
Configuring the Enable and Enable Secret Passwords
To provide an additional layer of security, particularly for passwords that cross the network or are stored
on a TFTP server, you can use either the enable password command or enable secret command. Both
commands accomplish the same thing—they allow you to establish an encrypted password that users
must enter to access privileged EXEC (enable) mode.
We recommend that you use the enable secret command because it uses an improved encryption
algorithm. Use the enable password command only if you boot an older image of the Cisco IOS
software or if you boot older boot ROMs that do not recognize the enable secret command.
For more information, see the “Configuring Passwords and Privileges” chapter in the Cisco IOS Security
Configuration Guide. Also see the Improving Security on Cisco Routers tech note.
Restrictions
If you configure the enable secret command, it takes precedence over the enable password command;
the two commands cannot be in effect simultaneously.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
enable password password
4.
enable secret password
5.
end
6.
enable
7.
end
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Example:
Router# configure terminal
Cisco 1800 Series Software Configuration Guide
4
Enters global configuration mode.
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Step 3
Command or Action
Purpose
enable password password
(Optional) Sets a local password to control access to various
privilege levels.
•
Example:
Router(config)# enable password pswd2
Step 4
enable secret password
Specifies an additional layer of security over the enable
password command.
•
Example:
Router(config)# enable secret greentree
Step 5
We recommend that you perform this step only if you
boot an older image of the Cisco IOS software or if you
boot older boot ROMs that do not recognize the enable
secret command.
Do not use the same password that you entered in
Step 3.
Returns to privileged EXEC mode.
end
Example:
Router(config)# end
Step 6
Enables privileged EXEC mode.
enable
•
Example:
Verify that your new enable or enable secret password
works.
Router> enable
Step 7
(Optional) Returns to privileged EXEC mode.
end
Example:
Router(config)# end
Troubleshooting Tips
If you forget the password that you configured, or if you cannot access privileged EXEC (enable) mode,
see the Password Recovery Procedures for your router, available at
http://www.cisco.com/warp/public/474.
What to Do Next
If you want to set the console interface privileged EXEC timeout to a value other than 10 minutes (the
default), proceed to the “Configuring the Console Idle Privileged EXEC Timeout” section on page 5.
If you do not wish to change the privileged EXEC timeout, proceed to the “Specifying a Default Route
or Gateway of Last Resort” section on page 9.
Configuring the Console Idle Privileged EXEC Timeout
This section describes how to configure the console line’s idle privileged EXEC timeout. By default, the
privileged EXEC command interpreter waits 10 minutes to detect user input before timing out.
When you configure the console line, you can also set communication parameters, specify autobaud
connections, and configure terminal operating parameters for the terminal that you are using. For more
information on configuring the console line, see the Cisco IOS Configuration Fundamentals and
Network Management Configuration Guide. In particular, see the “Configuring Operating
Characteristics for Terminals” and “Troubleshooting and Fault Management” chapters.
Cisco 1800 Series Software Configuration Guide
5
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
SUMMARY STEPS
Note
1.
enable
2.
configure terminal
3.
line console 0
4.
exec-timeout minutes [seconds]
5.
end
6.
show running-config
7.
exit
The exec-timeout command or any changes to the exec-command value is triggered only after you exit
from the EXEC mode and login again.
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Router# configure terminal
Step 3
line console 0
Configures the console line and starts the line configuration
command collection mode.
Example:
Router(config)# line console 0
Step 4
exec-timeout minutes [seconds]
Example:
Router(config-line)# exec-timeout 0 0
Step 5
•
The example shows how to specify no timeout.
Returns to privileged EXEC mode.
end
Example:
Router(config-line)# end
Cisco 1800 Series Software Configuration Guide
6
Sets the idle privileged EXEC timeout, which is the interval
that the privileged EXEC command interpreter waits until
user input is detected.
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Step 6
Command or Action
Purpose
show running-config
Displays the running configuration file.
•
Example:
Verify that you properly configured the idle privileged
EXEC timeout.
Router# show running-config
Step 7
Exits privileged EXEC mode.
exit
Note
Example:
For the exec-timeout command to take effect, you
must exit from the EXEC mode and login again.
Router# exit
Examples
The following example shows how to set the console idle privileged EXEC timeout to 2 minutes 30
seconds:
line console
exec-timeout 2 30
The following example shows how to set the console idle privileged EXEC timeout to 10 seconds:
line console
exec-timeout 0 10
What to Do Next
Proceed to the “Configuring Fast Ethernet and Gigabit Ethernet Interfaces” section on page 7.
Configuring Fast Ethernet and Gigabit Ethernet Interfaces
This sections shows how to assign an IP address and interface description to an Ethernet interface on
your router.
For comprehensive configuration information on Fast Ethernet and Gigabit Ethernet interfaces, see the
“Configuring LAN Interfaces” chapter of the Cisco IOS Interface and Hardware Component
Configuration Guide.
For information on interface numbering, see the quick start guide that shipped with your router.
Note
Cisco 1841 and Cisco 2801 routers have a hardware limitation on the Fast Ethernet ports FE0/0 and
FE0/1. In half-duplex mode, when traffic reaches or exceeds 100% capacity (equal to or greater than 5
Mbps in each direction), the interface will experience excessive collisions and reset once per second. To
avoid this problem, traffic must be limited to less than 100% of capacity.
SUMMARY STEPS
1.
enable
2.
show ip interface brief
3.
configure terminal
4.
interface {fastethernet | gigabitethernet} 0/port
Cisco 1800 Series Software Configuration Guide
7
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
5.
description string
6.
ip address ip-address mask
7.
no shutdown
8.
end
9.
show ip interface brief
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
show ip interface brief
Example:
Displays a brief status of the interfaces that are configured
for IP.
•
Router# show ip interface brief
Step 3
configure terminal
Learn which type of Ethernet interface is on your
router: Fast Ethernet or Gigabit Ethernet.
Enters global configuration mode.
Example:
Router# configure terminal
Step 4
interface {fastethernet | gigabitethernet}
0/port
Specifies the Ethernet interface and enters interface
configuration mode.
Note
Example:
For information on interface numbering, see the
quick start guide that shipped with your router.
Router(config)# interface fastethernet 0/1
Example:
Router(config)# interface gigabitethernet 0/0
Step 5
description string
(Optional) Adds a description to an interface configuration.
•
Example:
Router(config-if)# description FE int to 2nd
floor south wing
Step 6
ip address ip-address mask
The description helps you remember what is attached to
this interface. The description can be useful for
troubleshooting.
Sets a primary IP address for an interface.
Example:
Router(config-if)# ip address 172.16.74.3
255.255.255.0
Step 7
no shutdown
Example:
Router(config-if)# no shutdown
Cisco 1800 Series Software Configuration Guide
8
Enables an interface.
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Step 8
Command or Action
Purpose
end
Returns to privileged EXEC mode.
Example:
Router(config)# end
Step 9
Displays a brief status of the interfaces that are configured
for IP.
show ip interface brief
•
Example:
Router# show ip interface brief
Verify that the Ethernet interfaces are up and
configured correctly.
Examples
Configuring the Fast Ethernet Interface: Example
!
interface FastEthernet0/0
description FE int to HR group
ip address 172.16.3.3 255.255.255.0
duplex auto
speed auto
no shutdown
!
Sample Output for the show ip interface brief Command
Router# show ip interface brief
Interface
FastEthernet0/0
FastEthernet0/1
Router#
IP-Address
172.16.3.3
unassigned
OK? Method Status
Protocol
YES NVRAM up
up
YES NVRAM administratively down down
What to Do Next
Proceed to the “Specifying a Default Route or Gateway of Last Resort” section on page 9.
Specifying a Default Route or Gateway of Last Resort
This section describes how to specify a default route with IP routing enabled. For alternative methods of
specifying a default route, see the Configuring a Gateway of Last Resort Using IP Commands tech note.
The Cisco IOS software uses the gateway (router) of last resort if it does not have a better route for a
packet and if the destination is not a connected network. This section describes how to select a network
as a default route (a candidate route for computing the gateway of last resort). The way in which routing
protocols propagate the default route information varies for each protocol.
For comprehensive configuration information about IP routing and IP routing protocols, see the
Cisco IOS IP Configuration Guide. In particular, see the “Configuring IP Addressing” chapter and all
“Part 2: IP Routing Protocols” chapters.
Cisco 1800 Series Software Configuration Guide
9
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
IP Routing
IP routing is automatically enabled in the Cisco IOS software. If you choose to set up the router to bridge
rather than route IP datagrams, then you must disable IP routing. When IP routing is disabled, the router
will act as an IP end host for IP packets destined for or sourced by it, whether or not bridging is enabled
for those IP packets not destined for the device.
Note
This task section does not apply when IP routing is disabled. To specify a default route when IP routing
is disabled, refer to the Configuring a Gateway of Last Resort Using IP Commands tech note.
Default Routes
A router might not be able to determine the routes to all other networks. To provide complete routing
capability, the common practice is to use some routers as smart routers and give the remaining routers
default routes to the smart router. (Smart routers have routing table information for the entire
internetwork.) These default routes can be passed along dynamically, or can be configured into the
individual routers.
Most dynamic interior routing protocols include a mechanism for causing a smart router to generate
dynamic default information that is then passed along to other routers.
Default Network
If a router has an interface that is directly connected to the specified default network, the dynamic
routing protocols running on the router will generate or source a default route. In the case of RIP, the
router will advertise the pseudonetwork 0.0.0.0. In the case of IGRP, the network itself is advertised and
flagged as an exterior route.
A router that is generating the default for a network also may need a default of its own. One way a router
can generate its own default is to specify a static route to the network 0.0.0.0 through the appropriate
device.
Gateway of Last Resort
When default information is being passed along through a dynamic routing protocol, no further
configuration is required. The system periodically scans its routing table to choose the optimal default
network as its default route. In the case of RIP, there is only one choice, network 0.0.0.0. In the case of
IGRP, there might be several networks that can be candidates for the system default. The Cisco IOS
software uses both administrative distance and metric information to determine the default route
(gateway of last resort). The selected default route appears in the gateway of last resort display of the
show ip route EXEC command.
If dynamic default information is not being passed to the software, candidates for the default route are
specified with the ip default-network global configuration command. In this usage, the ip
default-network command takes an unconnected network as an argument. If this network appears in the
routing table from any source (dynamic or static), it is flagged as a candidate default route and is a
possible choice as the default route.
If the router has no interface on the default network, but does have a route to it, it considers this network
as a candidate default path. The route candidates are examined and the best one is chosen, based on
administrative distance and metric. The gateway to the best default path becomes the gateway of last
resort.
Cisco 1800 Series Software Configuration Guide
10
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip routing
4.
ip route dest-prefix mask next-hop-ip-address [admin-distance] [permanent]
5.
ip default-network network-number
or
ip route dest-prefix mask next-hop-ip-address
6.
end
7.
show ip route
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Router# configure terminal
Step 3
ip routing
Enables IP routing.
Example:
Router(config)# ip routing
Step 4
ip route dest-prefix mask next-hop-ip-address
[admin-distance] [permanent]
Establishes a static route.
Example:
Router(config)# ip route 192.168.24.0
255.255.255.0 172.28.99.2
Step 5
ip default-network network-number
or
ip route dest-prefix mask next-hop-ip-address
Example:
Selects a network as a candidate route for computing the
gateway of last resort.
Creates a static route to network 0.0.0.0 0.0.0.0 for
computing the gateway of last resort.
Router(config)# ip default-network 192.168.24.0
Example:
Router(config)# ip route 0.0.0.0 0.0.0.0
172.28.99.1
Cisco 1800 Series Software Configuration Guide
11
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Step 6
Command or Action
Purpose
end
Returns to privileged EXEC mode.
Example:
Router(config)# end
Step 7
show ip route
Displays the current routing table information.
•
Verify that the gateway of last resort is set.
Example:
Router# show ip route
Examples
Specifying a Default Route: Example
!
ip routing
!
ip route 192.168.24.0 255.255.255.0 172.28.99.2
!
ip default-network 192.168.24.0
!
Sample Output for the show ip route Command
Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is 172.28.99.2 to network 192.168.24.0
172.24.0.0 255.255.255.0 is subnetted, 1 subnets
172.24.192.0 is directly connected, FastEthernet0
172.24.0.0 255.255.0.0 [1/0] via 172.28.99.0
192.168.24.0 [1/0] via 172.28.99.2
172.16.0.0 255.255.255.0 is subnetted, 1 subnets
C
172.16.99.0 is directly connected, FastEthernet1
Router#
C
S
S*
What to Do Next
Proceed to the “Configuring Virtual Terminal Lines for Remote Console Access” section on page 13.
Cisco 1800 Series Software Configuration Guide
12
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Configuring Virtual Terminal Lines for Remote Console Access
Virtual terminal (vty) lines are used to allow remote access to the router. This section shows you how to
configure the virtual terminal lines with a password, so that only authorized users can remotely access
the router.
The router has five virtual terminal lines by default. However, you can create additional virtual terminal
lines as described in the chapter “Configuring Protocol Translation and Virtual Asynchronous Devices”
in the Cisco IOS Terminal Services Configuration Guide.
For more information on line passwords and password encryption, see the “Configuring Passwords and
Privileges” chapter in the Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password
Encryption Facts tech note.
If you want to secure the vty lines with an access list, see “Traffic Filtering and Virus Protection” chapter
in the Cisco IOS Security Configuration Guide.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
line vty line-number [ending-line-number]
4.
password password
5.
login
6.
end
7.
show running-config
8.
From another network device, attempt to open a Telnet session to the router.
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Router# configure terminal
Step 3
line vty line-number [ending-line-number]
Example:
Starts the line configuration command collection mode for
the virtual terminal lines (vty) for remote console access.
•
Router(config)# line vty 0 4
Note
Make sure that you configure all vty lines on your
router.
To verify the number of vty lines on your router, use
the line vty ? command.
Cisco 1800 Series Software Configuration Guide
13
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Step 4
Command or Action
Purpose
password password
Specifies a password on a line.
Example:
Router(config-line)# password guessagain
Step 5
Enables password checking at login.
login
Example:
Router(config-line)# login
Step 6
Returns to privileged EXEC mode.
end
Example:
Router(config-line)# end
Step 7
show running-config
Displays the running configuration file.
•
Example:
Verify that you properly configured the virtual terminal
lines for remote access.
Router# show running-config
Step 8
From another network device, attempt to open a Telnet Verifies that you can remotely access the router and that the
session to the router.
virtual terminal line password is correctly configured.
Example:
Router# 172.16.74.3
Password:
Examples
The following example shows how to configure virtual terminal lines with a password:
!
line vty 0 4
password guessagain
login
!
What to Do Next
After you configure the vty lines, follow these steps:
•
(Optional) To encrypt the virtual terminal line password, see the “Configuring Passwords and
Privileges” chapter in the Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password
Encryption Facts tech note.
•
(Optional) To secure the VTY lines with an access list, see “Part 3: Traffic Filtering and Firewalls”
in the Cisco IOS Security Configuration Guide.
•
To continue with the basic software configuration for your router, proceed to the “Configuring the
Auxiliary Line” section on page 15.
Cisco 1800 Series Software Configuration Guide
14
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Configuring the Auxiliary Line
This section describes how to enter line configuration mode for the auxiliary line. How you configure
the auxiliary line depends on your particular implementation of the auxiliary (AUX) port. See the
following documents for information on configuring the auxiliary line:
Configuring a Modem on the AUX Port for EXEC Dialin Connectivity, tech note
http://www.cisco.com/warp/public/471/mod-aux-exec.html
Configuring Dialout Using a Modem on the AUX Port, sample configuration
http://www.cisco.com/warp/public/471/mod-aux-dialout.html
Connecting a SLIP/PPP Device to a Router’s AUX Port, tech note
http://www.cisco.com/warp/public/701/6.html
Configuring AUX-to-AUX Port Async Backup with Dialer Watch, sample configuration
http://www.cisco.com/warp/public/471/aux-aux-watch.html
Modem-Router Connection Guide, tech note
http://www.cisco.com/warp/public/76/9.html
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
line aux 0
4.
See the tech notes and sample configurations to configure the line for your particular
implementation of the AUX port.
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Router# configure terminal
Cisco 1800 Series Software Configuration Guide
15
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Step 3
Command or Action
Purpose
line aux 0
Starts the line configuration command collection mode for
the auxiliary line.
Example:
Router(config)# line aux 0
Step 4
See the tech notes and sample configurations to
configure the line for your particular implementation
of the AUX port.
—
What to Do Next
Proceed to the “Verifying Network Connectivity” section on page 16.
Verifying Network Connectivity
This section describes how to verify network connectivity for your router.
Prerequisites
•
Complete all previous configuration tasks in this document.
•
The router must be connected to a properly configured network host.
1.
enable
2.
ping [ip-address | hostname]
3.
telnet {ip-address | hostname}
SUMMARY STEPS
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
ping [ip-address | hostname]
Diagnoses basic network connectivity.
•
Example:
To verify connectivity, ping the next hop router or
connected host for each configured interface to.
Router# ping 172.16.74.5
Step 3
telnet {ip-address | hostname}
Logs in to a host that supports Telnet.
•
Example:
Router# telnet 10.20.30.40
Cisco 1800 Series Software Configuration Guide
16
If you want to test the vty line password, perform this
step from a different network device, and use your
router’s IP address.
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
Examples
The following display shows sample output for the ping command when you ping the IP address
192.168.7.27:
Router# ping
Protocol [ip]:
Target IP address: 192.168.7.27
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms
The following display shows sample output for the ping command when you ping the IP hostname
donald:
Router# ping donald
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/3/4 ms
What to Do Next
Proceed to the “Saving Your Router Configuration” section on page 17.
Saving Your Router Configuration
This section describes how to avoid losing your configuration at the next system reload or power cycle
by saving the running configuration to the startup configuration in NVRAM.
SUMMARY STEPS
1.
enable
2.
copy running-config startup-config
Cisco 1800 Series Software Configuration Guide
17
Basic Software Configuration Using the Cisco IOS Command-Line Interface
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
copy running-config startup-config
Saves the running configuration to the startup
configuration.
Example:
Router# copy running-config startup-config
What to Do Next
Proceed to the “Saving Backup Copies of Your Configuration and System Image” section on page 18.
Saving Backup Copies of Your Configuration and System Image
To aid file recovery and minimize downtime in case of file corruption, we recommend that you save
backup copies of the startup configuration file and the Cisco IOS software system image file on a server.
For more detailed information, see the “Managing Configuration Files” chapter and the “Loading and
Maintaining System Images” chapter of the Cisco IOS Configuration Fundamentals and Network
Management Configuration Guide.
SUMMARY STEPS
1.
enable
2.
copy nvram:startup-config {ftp: | rcp: | tftp:}
3.
show flash:
4.
copy flash: {ftp: | rcp: | tftp:}
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
copy nvram:startup-config {ftp: | rcp: | tftp:}
Example:
Router# copy nvram:startup-config ftp:
Cisco 1800 Series Software Configuration Guide
18
Copies the startup configuration file to a server.
•
The configuration file copy can serve as a backup copy.
•
Enter the destination URL when prompted.
Basic Software Configuration Using the Cisco IOS Command-Line Interface
Where to Go Next
Step 3
Command or Action
Purpose
show flash:
Displays the layout and contents of a flash memory file
system.
•
Example:
Learn the name of the system image file.
Router# show flash:
Step 4
copy flash: {ftp: | rcp: | tftp:}
Copies a file from flash memory to a server.
•
Copy the system image file to a server to serve as a
backup copy.
•
Enter the filename and destination URL when
prompted.
Example:
Router# copy flash: ftp:
Examples
Copying the Startup Configuration to a TFTP Server: Example
The following example shows the startup configuration being copied to a TFTP server:
Router# copy nvram:startup-config tftp:
Remote host[]? 172.16.101.101
Name of configuration file to write [rtr2-confg]? <cr>
Write file rtr2-confg on host 172.16.101.101?[confirm] <cr>
![OK]
Copying from Flash Memory to a TFTP Server: Example
The following example shows the use of the show flash: command in privileged EXEC to learn the name
of the system image file and the use of the copy flash: tftp: privileged EXEC command to copy the
system image (c3640-2is-mz) to a TFTP server. The router uses the default username and password.
Router# show flash:
System flash directory:
File Length Name/status
1 4137888 c3640-c2is-mz
[4137952 bytes used, 12639264 available, 16777216 total]
16384K bytes of processor board System flash (Read/Write)\
Router# copy flash: tftp:
IP address of remote host [255.255.255.255]? 172.16.13.110
filename to write on tftp host? c3600-c2is-mz
writing c3640-c2is-mz !!!!...
successful ftp write.
Where to Go Next
•
When you complete the basic software configuration, consider implementing routing protocols or
access lists and other security-improving methods to protect your router. See the documents listed
in the “Related Documents—Additional Configuration” section on page 20.
•
To configure features on your router, see Finding Feature Documentation.
Cisco 1800 Series Software Configuration Guide
19
Basic Software Configuration Using the Cisco IOS Command-Line Interface
Additional References
Additional References
The following sections provide references related to basic software configuration using the
Cisco IOS CLI.
Related Documents—Basic Software Configuration
Topic
Related Document Title or Link
Chassis installation, cable connections, power-up
procedures, and interface numbering
Quick start guide for your router
Cisco Security Device Manager (SDM)
http://www.cisco.com/go/sdm
Guidelines for assigning the router hostname
RFC 1035, Domain Names—Implementation and Specification
RFC 1178, Choosing a Name for Your Computer
Access lists, passwords, and privileges
Cisco IOS Security Configuration Guide
Password recovery procedures for Cisco products
Password Recovery Procedures
Configuring the console line, managing configuration
files, and loading and maintaining system images
Cisco IOS Configuration Fundamentals and Network Management
Configuration Guide
Configuring interfaces
Cisco IOS Interface and Hardware Component Configuration Guide
IP routing and IP routing protocols
Cisco IOS IP Configuration Guide
Configuring default routes or a gateway of last resort
Configuring a Gateway of Last Resort Using IP Commands tech
note
Configuring virtual terminal lines
Cisco IOS Terminal Services Configuration Guide
Configuring the auxiliary (AUX) port
Configuring a Modem on the AUX Port for EXEC Dialin
Connectivity, tech note
Configuring Dialout Using a Modem on the AUX Port, sample
configuration
Connecting a SLIP/PPP Device to a Router’s AUX Port, tech note
Configuring AUX-to-AUX Port Async Backup with Dialer Watch,
sample configuration
Modem-Router Connection Guide, tech note
Related Documents—Additional Configuration
Topic
Related Document Title or Link
Cisco configuration settings that network
administrators should consider changing on their
routers, especially on their border routers, to improve
security
Improving Security on Cisco Routers tech note
Note
IP routing and IP routing protocols
Cisco IOS IP Configuration Guide
Access lists
Cisco IOS Security Configuration Guide
Cisco 1800 Series Software Configuration Guide
20
To view this document, you must have an account on
Cisco.com. If you do not have an account or have forgotten
your username or password, click Cancel at the login dialog
box and follow the instructions that appear.
Basic Software Configuration Using the Cisco IOS Command-Line Interface
Additional References
Technical Assistance
Description
Link
Technical Assistance Center (TAC) home page,
containing 30,000 pages of searchable technical
content, including links to products, technologies,
solutions, technical tips, and tools. Registered
Cisco.com users can log in from this page to access
even more content.
http://www.cisco.com/public/support/tac/home.shtml
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
21
Basic Software Configuration Using the Cisco IOS Command-Line Interface
Additional References
Cisco 1800 Series Software Configuration Guide
22
Secured Branch Router Configuration Example
Contents
•
Introduction, page 1
•
Before You Begin, page 2
•
Configure, page 3
•
Verify, page 6
•
Troubleshoot, page 10
•
Related Information, page 11
Introduction
This document provides a sample configuration for securing a branch router by implementing the
following features:
•
Context-Based Access Control (CBAC)—CBAC creates temporary openings in access lists at
firewall interfaces. These openings are created when specified traffic exits your internal network
through the firewall. The openings allow returning traffic (that would normally be blocked) and
additional data channels to enter your internal network back through the firewall. The traffic is
allowed back through the firewall only if the traffic is part of the same session as the original traffic
that triggered CBAC when exiting through the firewall.
•
Cisco IOS Intrusion Prevention System (IPS)—The Cisco IOS IPS feature restructures the
existing Cisco IOS Intrusion Detection System (IDS), allowing customers to choose to load the
default, built-in signatures or to load a Signature Definition File (SDF) called attack-drop.sdf onto
the router. The attack-drop.sdf file contains 118 high-fidelity Intrusion Prevention System (IPS)
signatures, providing customers with the latest available detection of security threats.
•
Cisco IOS Firewall Authentication Proxy—Authentication proxy provides dynamic, per-user
authentication and authorization, authenticating users against industry standard TACACS+ and
RADIUS authentication protocols. Per-user authentication and authorization of connections provide
more robust protection against network attacks.
Cisco Systems, Inc.
www.cisco.com
Secured Branch Router Configuration Example
Before You Begin
•
Firewall Websense URL Filtering—The Firewall Websense URL Filtering feature enables your
Cisco IOS firewall (also known as Cisco Secure Integrated Software) to interact with the Websense
URL filtering software, thereby allowing you to prevent users from accessing specified websites on
the basis of some policy. The Cisco IOS firewall works with the Websense server to know whether
a particular URL should be allowed or denied (blocked).
Before You Begin
Conventions
For more information on document conventions, see Conventions Used in Cisco Technical Tips.
Components Used
The information in this document is based on the software and hardware versions below.
Note
•
Cisco 2801 router
•
Cisco IOS Release 12.3(8)T4
•
Advanced IP Services feature set
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make
sure that you understand the potential impact of any command.
Related Products
This configuration can also be used with the following hardware:
•
Cisco 1800 series integrated services router (modular)
•
Cisco 2800 series integrated services router
•
Cisco 3800 series integrated services router
A similar configuration can also be used with a Cisco 3800 series integrated services router that is
equipped with a Cisco Content Engine network module (NM-CE-BP), which has an embedded Websense
URL filtering server (UFS).
Background Theory (Optional)
Cisco 1800 Series Software Configuration Guide
2
Secured Branch Router Configuration Example
Configure
Configure
In this section, you are presented with the information to configure the features described in this
document.
Tip
To find additional information on the commands used in this document, use the Command Lookup Tool.
You must have an account on Cisco.com. If you do not have an account or have forgotten your username
or password, click Cancel at the login dialog box and follow the instructions that appear.
Network Diagram
121239
This document uses the network setup shown in the diagram below.
Branch office
PC
192.168.1.118/24
FE 0/0
FE 0/1
192.168.1.2/24
192.168.101.2/24
Secured branch
router
Websense URL
Filtering Server (UFS)
192.168.1.116/24
Cisco Secure
Authentication
Control Server (ACS)
192.168.101.119/24
Not shown in the diagram is an HTTP server with IP address 192.168.102.119/24. The HTTP server may
be located anywhere in the network. In this case, it is on the Fast Ethernet 0/1 side of the secured branch
router.
Configurations
This document uses the configuration shown below.
router# show running-config
Building configuration...
.
.
.
!---Enable the authentication, authorization, and accounting (AAA) access control model.
aaa new-model
!
!---Identify the Cisco Secure Authentication Control Server (ACS) as a member of a
!---AAA server group. In this example, the AAA server group is called “SJ.”
aaa group server tacacs+ SJ
server 192.168.101.119
!
!---Enable AAA authentication at login and specify the authentication methods to try.
aaa authentication login default local group SJ none
!---Restrict user access to the network:
!---(a) Run authorization to determine if the user is allowed to run an EXEC shell.
!---(b) Enable authorization that applies specific security policies on a per-user basis.
!---You must use the “aaa authorization auth-proxy” command together with the
!---”ip auth-proxy <name>” command (later in this configuration). Together, these
Cisco 1800 Series Software Configuration Guide
3
Secured Branch Router Configuration Example
Configure
!---commands set up the authorization policy to be retrieved by the firewall.
aaa authorization exec default group SJ none
aaa authorization auth-proxy default group SJ
!---Make sure that the same session ID is used for each AAA accounting service type
!---within a call.
aaa session-id common
.
.
.
!---Define a set of inspection rules. In this example, the set is called “myfw.”
!---Include each protocol that you want the Cisco IOS firewall to inspect.
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
!---Reviewers, did you want to add the java-list access-list keyword and argument
!---to the following (http) command?
!---The “Firewall Websense URL Filtering” feature module makes it sound like a good idea,
!---though maybe not necessary for our beefier next-gen routers.
ip inspect name myfw http urlfilter timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw sqlnet timeout 3600
ip inspect name myfw streamworks timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw vdolive
!
!---(Optional) Set the length of time an authentication cache entry, along with its
!---associated dynamic user access control list, is managed after a period of inactivity.
ip auth-proxy inactivity-timer 120
!---Create an authentication proxy rule; in this example it is named “aprule.”
!---Set HTTP to trigger the authentication proxy.
ip auth-proxy name aprule http
!---Reviewers, where can I find info about the following command?
!---Not yet documented on Cisco.com.
ip admission inactivity-timer 120
!
!---Configure the Cisco IOS Intrusion Protection System (IPS) feature:
!---Specify the location from which the router loads the Signature Definition File (SDF).
!---(Optional) Specify the maximum number of event notifications that are placed
!---in the router's event queue.
!---Disable the audit of any signatures that your deployment scenario deems unnecessary.
!---Name the IPS rule, so that you can apply the rule to an interface.
!---Later in this example, this rule (named “ids-policy”) is applied to FE 0/0.
ip ips sdf location tftp://192.168.1.3/attack-drop.sdf
ip ips po max-events 100
ip ips signature 1107 0 disable
ip ips signature 3301 0 disable
ip ips name ids-policy
!
!---Configure the Firewall Websense URL Filtering feature:
!---(Optional) Set the maximum number of destination IP addresses that can be cached
!---into the cache table, which consists of the most recently requested IP addresses
!---and respective authorization status for each IP address.
!---Specify domains for which the firewall should permit or deny all traffic
!---without sending lookup requests to the Firewall Websense URL filtering server (UFS).
!---Specify the IP address of the Firewall Websense UFS.
ip urlfilter cache 0
ip urlfilter exclusive-domain permit www.cisco.com
ip urlfilter server vendor websense 192.168.1.116
.
.
.
Cisco 1800 Series Software Configuration Guide
4
Secured Branch Router Configuration Example
Configure
!---Configure the firewall interface that connects to the branch office PCs
!---and the Firewall Websense UFS:
!---Apply access lists and inspection rules to control access to the interface.
!---In this example, access list 116 is used to filter outbound packets, and
!---the inspection rule named “myfw” is used to filter inbound packets.
!---Enable the authentication proxy rule for dynamic, per-user authentication
!---and authorization. See the previous “aaa authorization auth-proxy default group SJ”
!---and “ip auth-proxy name aprule http” command entries.
!---Apply the Cisco IPS rule to outbound traffic.
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip access-group 116 out
ip inspect myfw in
ip auth-proxy aprule
ip ips ids-policy out
.
.
.
!---Configure the interface that connects to the
!---Cisco Secure Authentication Control Server (Cisco Secure ACS).
!---Apply access lists to control access to the interface.
!---In this example, access list 111 is used to filter inbound packets.
interface FastEthernet0/1
ip address 192.168.101.2 255.255.255.0
ip access-group 111 in
.
.
.
ip classless
!---The following command establishes a static route to the HTTP server,
!---which in this example has an IP address of 192.168.102.119.
ip route 192.168.102.0 255.255.255.0 FastEthernet0/1
!
!---Enable the HTTP server on your system.
!---Also, specify that the authentication method used for AAA login service
!---should be used for authenticating HTTP server users.
ip http server
ip http authentication aaa
no ip http secure-server
!
!---Configure the access list for the interface that connects to the
!---Cisco Secure ACS.
access-list 111 permit tcp host 192.168.101.119 eq tacacs host 192.168.101.2
access-list 111 permit udp host 192.168.101.119 eq tacacs host 192.168.101.2
access-list 111 permit icmp any any
access-list 111 deny
ip any any
!
!---Configure the access list for the firewall interface that connects to the
!---branch office PCs and the Websense URL Filtering Server (UFS).
access-list 116 permit tcp host 192.168.1.118 host 192.168.1.2 eq www
access-list 116 deny
tcp host 192.168.1.118 any
access-list 116 deny
udp host 192.168.1.118 any
access-list 116 deny
icmp host 192.168.1.118 any
access-list 116 permit tcp 192.168.1.0 0.0.0.255 any
access-list 116 permit udp 192.168.1.0 0.0.0.255 any
access-list 116 permit icmp 192.168.1.0 0.0.0.255 any
!
!
!---Specify the Cisco Secure ACS, in this case a TACACS+ server.
!---Set the authentication encryption key used for all TACACS+ communications
!---between the access server and the TACACS+ daemon. This key must match the key
!---used on the TACACS+ daemon.
tacacs-server host 192.168.101.119
tacacs-server directed-request
Cisco 1800 Series Software Configuration Guide
5
Secured Branch Router Configuration Example
Verify
tacacs-server key cisco
!
.
.
.
end
Verify
This section provides information you can use to confirm your configuration is working properly:
Tip
•
Commands for Verifying Firewall Websense URL Filtering, page 6
•
Commands for Verifying Cisco IOS Firewall Authentication Proxy, page 7
•
Commands for Verifying Context-Based Access Control, page 8
•
Commands for Verifying Cisco IOS Intrusion Prevention System, page 8
Certain show commands are supported by the Output Interpreter Tool, which allows you to view an
analysis of show command output. You must have an account on Cisco.com. If you do not have an
account or have forgotten your username or password, click Cancel at the login dialog box and follow
the instructions that appear.
Reviewers, right now this section just lists useful commands and provides sample output for each. If you
want this doc to tell the reader the order in which to execute these commands or what exactly to look for
within each output, then I’ll need someone to provide that info.
Commands for Verifying Firewall Websense URL Filtering
•
show ip urlfilter cache—Displays the maximum number of entries that can be cached into the cache
table and the number of entries and the destination IP addresses that are cached into the cache table.
Router# show ip urlfilter cache
Maximum number of cache entries: 0
Number of entries cached: 0
-------------------------------------------------------IP address
Age
Time since last hit
(In seconds)
(In seconds)
--------------------------------------------------------
•
show ip urlfilter config—Displays the configured vendor servers, including the size of the cache,
the maximum number of outstanding requests, and the allow mode state.
Router# show ip urlfilter config
Websense URL Filtering is ENABLED
Primary Websense server configurations
=========================================
Websense server IP address Or Host Name: 192.168.1.116
Websense server port: 15868
Websense retransmission time out: 6 (in seconds)
Websense number of retransmission: 2
Secondary Websense servers configurations
============================================
Other configurations
Cisco 1800 Series Software Configuration Guide
6
Secured Branch Router Configuration Example
Verify
=====================
Allow Mode: OFF
System Alert: ENABLED
Audit Trail: DISABLED
Log message on Websense server: DISABLED
Maximum number of cache entries: 0
Maximum number of packet buffers: 200
Maximum outstanding requests: 1000
•
show ip urlfilter statistics—Displays URL filtering statistics, such as the number of requests that
are sent to the Websense server, the number of responses received from the Websense server, the
number of pending requests in the system, the number of failed requests, and the number of blocked
URLs.
Router# show ip urlfilter statistics
URL filtering statistics
=========================
Current requests count: 0
Current packet buffer count(in use): 0
Current cache entry count: 0
Maxever request count: 0
Maxever packet buffer count: 0
Maxever cache entry count: 0
Total
Total
Total
Total
requests sent to URL Filter Server :13
responses received from URL Filter Server :13
requests allowed: 9
requests blocked: 4
Commands for Verifying Cisco IOS Firewall Authentication Proxy
•
show ip auth-proxy—Displays the authentication proxy entries or configuration.
Router# show ip auth-proxy cache
Authentication Proxy Cache
Client Name admin, Client IP 192.168.1.118, Port 1902, timeout 120, Time Remaining
120, state INIT
Reviewers, did you want the previous sample output to instead say “state HTTP_ESTAB”, which
would indicate successful user authentication? Right now it says “state INIT.” See the usage
guidelines in the command reference for more info.
Router# show ip auth-proxy statistics
configuration
Authentication global cache time is 120 minutes
Authentication global absolute time is 0 minutes
Authentication Proxy Watch-list is disabled
Authentication Proxy Rule Configuration
Auth-proxy name aprule
http list not specified auth-cache-time 120 minutes
Cisco 1800 Series Software Configuration Guide
7
Secured Branch Router Configuration Example
Verify
Reviewers, I couldn’t find info on Cisco.com on the statistics keyword. So if you want me to provide
a better description for each version of the show ip auth-proxy command, then I need someone to
explain how the statistics keyword affects the output. Also, please check that the previous output is
correct (e.g., is “configuration” supposed to appear by itself immediately after entering show ip
auth-proxy statistics?).
Commands for Verifying Context-Based Access Control
Reviewers, would you like to provide sample output for these commands?
•
show ip access-list—Displays the contents of current IP access lists.
•
show ip inspect session—Displays CBAC session information.
Commands for Verifying Cisco IOS Intrusion Prevention System
•
show ip ips signature—Displays Cisco IPS signature information, including which signatures are
disabled and marked for deletion.
Router# show ip ips signature
Signatures were last loaded from tftp://192.168.1.3/attack-drop.sdf
SDF release version not available
*=Marked for Deletion
MH=MinHits
TI=ThrottleInterval
WF=WantFrag
Action=(A)larm,(D)rop,(R)eset
AI=AlarmInterval
AT=AlarmThrottle
Ver=Signature Version
Trait=AlarmTraits
CT=ChokeThreshold
FA=FlipAddr
Signature Micro-Engine: SERVICE.SMTP (1 sigs)
SigID:SubID On Action Sev Trait
MH
AI
CT
TI AT FA WF Ver
----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- -- --3129:0
Y
ADR
MED
0
0
0
0
15 FA N
S59
Signature Micro-Engine: SERVICE.RPC (29 sigs)
SigID:SubID On Action Sev Trait
MH
AI
CT
TI AT FA WF Ver
----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- -- --6100:0
Y
AD
HIGH
0
0
0
100
30 FA N
1.0
6100:1
Y
ADR HIGH
0
0
0
100
30 FA N
1.0
6101:0
Y
AD
HIGH
0
0
0
100
30 FA N
1.0
6101:1
Y
ADR HIGH
0
0
0
100
30 FA N
1.0
6104:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.2
6104:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.2
6105:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.2
6105:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.2
6188:0
Y
AD
HIGH
0
0
0
100
30 FA N
S43
6189:0
Y
AD
HIGH
0
0
0
100
30 FA N
S43
6189:1
Y
ADR HIGH
0
0
0
100
30 FA N
S43
6190:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.1
6190:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.1
6191:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.1
6191:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.1
6192:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.1
6192:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.1
6193:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.2
6193:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.2
6194:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.2
6194:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.2
6195:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.2
6195:1
Y
ADR HIGH
0
0
0
100
30 FA N
2.2
Cisco 1800 Series Software Configuration Guide
8
Secured Branch Router Configuration Example
Verify
6196:0
6196:1
6197:0
6197:1
6276:0
6276:1
Y
Y
Y
Y
Y
Y
AD
ADR
ADR
AD
AD
ADR
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
100
100
100
100
100
100
30
30
30
30
30
30
FA
FA
FA
FA
FA
FA
N
N
N
N
N
N
S4
S4
S9
S9
S30
S30
Signature Micro-Engine: SERVICE.HTTP (23 sigs)
SigID:SubID On Action Sev Trait
MH
AI
CT
TI AT FA WF Ver
----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- -- --3140:3
Y
ADR HIGH
0
1
0
0
15 FA N
S80
3140:4
Y
ADR HIGH
0
1
0
0
15 FA N
S80
5045:0
Y
ADR HIGH
0
1
0
0
15 FA N
2.2
5047:0
Y
ADR HIGH
0
1
0
0
15 FA N
2.2
5055:0
Y
AD
HIGH
0
1
0
0
15 FA N
2.2
5071:0
Y
ADR HIGH
0
1
0
0
15 FA N
2.2
5081:0
Y
ADR
MED
0
1
0
0
15 FA N
2.2
5114:0
Y
ADR
MED
0
1
0
0
15 FA N
2.2
5114:1
Y
ADR
MED
0
1
0
0
15 FA N
2.2
5114:2
Y
ADR
MED
0
1
0
0
15 FA N
2.2
5126:0
Y
ADR
MED
0
1
0
0
15 FA N
S5
5159:0
Y
ADR HIGH
0
1
0
0
15 FA N
S7
5184:0
Y
ADR HIGH
0
1
0
0
15 FA N
S12
5188:0
Y
ADR HIGH
0
1
0
0
15 FA N
S12
5188:1
Y
ADR HIGH
0
1
0
0
15 FA N
S12
5188:2
Y
ADR HIGH
0
1
0
0
15 FA N
S12
5188:3
Y
ADR HIGH
0
1
0
0
15 FA N
S12
5245:0
Y
ADR
MED
0
1
0
0
15 FA N
S21
5326:0
Y
ADR HIGH
0
1
0
0
15 FA N
S30
5329:0
Y
ADR HIGH
0
1
0
0
15 FA N
1.0
5364:0
Y
ADR HIGH
0
1
0
0
15 FA N
S43
5390:0
Y
ADR
MED
0
1
0
0
15 FA N
S54
5400:0
Y
ADR HIGH
0
1
0
0
15 FA N
S71
Signature Micro-Engine: ATOMIC.TCP (42 sigs)
SigID:SubID On Action Sev Trait
MH
AI
CT
TI AT FA WF Ver
----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- -- --3038:0
Y
AD
HIGH
0
0
0
100
30 FA N Y 2.2
3039:0
Y
AD
HIGH
0
0
0
100
30 FA N Y 2.2
3040:0
Y
AD
HIGH
0
0
0
100
30 FA N N 2.2
3041:0
Y
AD
HIGH
0
0
0
100
30 FA N N 2.2
3043:0
Y
AD
HIGH
0
0
0
100
30 FA N Y 2.2
3300:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.1
9200:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9201:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9202:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9203:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9204:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9205:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9206:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9207:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9208:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9209:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9210:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9211:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9212:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9213:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9214:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9215:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9216:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9217:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9218:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9223:0
Y
AD
HIGH
0
0
0
100
30 FA N
S40
9224:0
Y
AD
MED
0
0
0
100
30 FA N
S44
Cisco 1800 Series Software Configuration Guide
9
Secured Branch Router Configuration Example
Troubleshoot
9225:0
9226:0
9227:0
9228:0
9229:0
9230:0
9231:0
9232:0
9233:0
9236:0
9237:0
9238:0
9239:0
9240:0
9241:0
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
AD
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
100
100
100
100
100
100
100
100
100
100
100
100
100
100
100
30
30
30
30
30
30
30
30
30
30
30
30
30
30
30
FA
FA
FA
FA
FA
FA
FA
FA
FA
FA
FA
FA
FA
FA
FA
N
N
N
N
N
N
N
N
N
N
N
N
N
N
N
S46
S46
S46
S46
S46
S46
S66
S69
S67
S71
S71
S71
S76
S79
S82
Signature Micro-Engine: ATOMIC.IPOPTIONS (1 sigs)
SigID:SubID On Action Sev Trait
MH
AI
CT
TI AT FA WF Ver
----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- -- --1006:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.1
Signature Micro-Engine: ATOMIC.L3.IP (4 sigs)
SigID:SubID On Action Sev Trait
MH
AI
CT
TI AT FA WF Ver
----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- -- --1102:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.1
1104:0
Y
AD
HIGH
0
0
0
100
30 FA N
2.2
1108:0
Y
AD
HIGH
0
0
0
100
30 GS N
S27
2154:0
Y
AD
HIGH
0
0
0
100
30 FA N Y 1.0
Total Active Signatures: 118
Total Inactive Signatures: 0
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
See the following documents:
•
Troubleshooting CBAC Configurations, tech note
•
Troubleshooting Authentication Proxy, tech note
Troubleshooting Procedure (Optional)
Below is troubleshooting information relevant to this configuration. For additional information on
troubleshooting, please see insert relevant links here. Follow the instructions below to troubleshoot your
configuration.
1.
2.
Troubleshooting Commands
Note
Before issuing debug commands, please see Important Information on Debug Commands.
Cisco 1800 Series Software Configuration Guide
10
Secured Branch Router Configuration Example
Related Information
•
debug ip inspect—Displays messages about Cisco IOS firewall events.
Reviewers, please send sample output if you think it will help the reader.
•
debug ip urlfilter—Enables debug information of URL filter subsystems.
Router# debug ip urlfilter detailed
Urlfilter Detailed Debugs debugging is on
Router#
*Aug 26 20:11:58.538: URLF: got cache idle timer event...
*Aug 26 20:11:58.538: URLF: cache table is about to overflow, delete idle entries
*Aug 26 20:12:00.962: URLF: creating uis 0x64EF00A0, pending request 1
*Aug 26 20:12:00.962: URLF: domain name not found in the exclusive list
*Aug 26 20:12:00.962: URLF: got an cbac queue event...
*Aug 26 20:12:00.962: URLF: websns making a lookup request.
*Aug 26 20:12:00.962: URLF: socket send successful...
*Aug 26 20:12:00.962: URLF: holding pak 0x64823210 (192.168.101.119:80) ->
192.168.1.118:1087 seq 3905567052 wnd 17238
*Aug 26 20:12:00.966: URLF: got a socket read event...
*Aug 26 20:12:00.966: URLF: socket recv (header) successful.
*Aug 26 20:12:00.966: URLF: socket recv (data) successful.
*Aug 26 20:12:00.966: URLF: websns lookup code = 1
*Aug 26 20:12:00.966: URLF: websns lookup description code = 1027
*Aug 26 20:12:00.966: URLF: websns category number = 67
*Aug 26 20:12:00.966: URLF: websns cache command = 0
*Aug 26 20:12:00.966: URLF: websns cached entry type = 0
*Aug 26 20:12:00.966: URLF: Site/URL Blocked: sis 0x64A57D50, uis 0x64EF00A0
*Aug 26 20:12:00.966: URLF: Sent Deny page with FIN to client and RST to server
*Aug 26 20:12:00.966: URLF: urlf_release_http_resp_for_url_block - Discarding the pak
0x64823210 held in resp Q (count 1 : thrld 200)
*Aug 26 20:12:00.966: URLF: deleting uis 0x64EF00A0, pending requests 0
•
debug ip auth-proxy—Displays authentication proxy activity.
Router# debug ip auth-proxy detailed
*Aug 30 23:16:07.680:
*Aug 30 23:16:07.680:
*Aug 30 23:16:07.680:
src_port 1900
*Aug 30 23:16:07.680:
*Aug 30 23:16:07.684:
*Aug 30 23:16:07.684:
*Aug 30 23:16:07.684:
src_port 1900
*Aug 30 23:16:07.684:
*Aug 30 23:16:07.684:
*Aug 30 23:16:07.684:
*Aug 30 23:16:07.684:
src_port 1900
*Aug 30 23:16:07.684:
*Aug 30 23:16:07.688:
*Aug 30 23:16:07.688:
AUTH-PROXY:proto_flag=4, dstport_index=4
SYN SEQ 24350097 LEN 0
dst_addr 192.168.102.119 src_addr 192.168.1.118 dst_port 80
AUTH-PROXY:auth_proxy_half_open_count++ 1
AUTH-PROXY:proto_flag=4, dstport_index=4
ACK 2787182962 SEQ 24350098 LEN 0
dst_addr 192.168.102.119 src_addr 192.168.1.118 dst_port 80
clientport 1900 state 0
AUTH-PROXY:proto_flag=4, dstport_index=4
PSH ACK 2787182962 SEQ 24350098 LEN 282
dst_addr 192.168.102.119 src_addr 192.168.1.118 dst_port 80
clientport 1900 state 0
AUTH-PROXY:proto_flag=4, dstport_index=4
ACK 2787184131 SEQ 24350380 LEN 0
Related Information
•
Cisco IOS Security Configuration Guide, Release 12.3:
– “Configuring Context-Based Access Control” chapter
– “Configuring Authentication Proxy” chapter
Cisco 1800 Series Software Configuration Guide
11
Secured Branch Router Configuration Example
Related Information
•
Cisco IOS Intrusion Prevention System (IPS), Cisco IOS Release 12.3(8)T feature module
•
Firewall Websense URL Filtering, Cisco IOS Releases 12.2(11)YU and 12.2(15)T feature module
•
Troubleshooting CBAC Configurations, tech note
•
Troubleshooting Authentication Proxy, tech note
•
Technical Support—Cisco Systems
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
12
IP Communication Solution for Group
Applications Configuration Example
Contents
•
Introduction, page 1
•
Prerequisites, page 2
•
Configure, page 4
•
Verify, page 19
•
Troubleshoot, page 41
•
Related Information, page 42
Introduction
This document provides a configuration example in which:
•
A small branch office uses both analog and IP phones. The small branch office implementation
addressed in this document requires IP Telephony services and may also use other full-service
branch (FSB) features of Cisco access routers. These features include Cisco Content Engines (CEs),
Voice over IP (VoIP) services and integration with back-end VoIP call control devices. The small
branch office requires a robust and integrated voice-mail solution. The integrated services routers
also support various options for WAN uplink and integrated LAN switching modules.
•
Land Mobile Radio (LMR) is used by an enterprise for several reasons which include loss prevention
(premise safety and security) and Push–to–Talk (PTT) communication for mobile workers within
range of the radio system. LMR base stations can be connected to an E&M port for integration with
an IP network and can be accessed via VoIP. The LMR feature also allows connecting walkie-talkies
to the radios using multicast.
•
Multicast is dial-plan enabled so that IP phones and public switched telephone network (PSTN)
phones can dial in to the LMR by using E.164 numbers. Traditionally, the E&M ports were used to
connect to PSTN or Hoot-and-Holler networks. The E&M ports connected to the LMR can be
multicast–to–VoIP enabled. This configuration permits desktop clients and IP-Phone clients on the
Cisco Systems, Inc.
www.cisco.com
IP Communication Solution for Group Applications Configuration Example
Prerequisites
LAN that are using XML services to directly connect to the radio via the multicast features on Cisco
IOS. The LMR can be integrated with the E&M port on the gateway; the commands on the gateway
support this router-to-radio adaptation.
•
This document provides a workaround method that bridges the multicast VoIP to unicast VoIP using
a physical T1 loopback. This is not an essential configuration. It is documented to demonstrate how
you can integrate multicast VoIP audio into standards-based VoIP call-control schemes such as
Skinny, H.323, or SIP. IP–to–IP gateway is the preferred and recommended option to use for
bridging between standards-based VoIP protocols. The VoIP-to-multicast bridge using a physical
loopback can also be used for local multi-party conferencing via Cisco CallManager Express (Cisco
CME) phones or PSTN phones.
•
Onboard DSPs are used for the voice modules on the WAN interface car (WIC) slots
•
Cisco CallManager seamlessly connects to Cisco CME over an H.323 trunk defined on the Cisco
CallManager [Release 3.3 (3) or later].
•
Cisco CME (Release 3.2) manages the local phone network. Cisco CME and Cisco Unity Express
enable users to use a gateway as though it were a PBX coupled to a voice-mail system.
•
Cisco Unity Express (with Cisco Service Engine 1.1) on the NM-CUE provides voice-mail and
auto-attendant services.
•
Cisco CME seamlessly integrates with the Cisco CallManager at the headquarters site and supports
all supplementary services.
•
Content Engine (CE) modules support web caching, video–on–demand and live-splitting
applications.
•
Cisco Access Control Network Server (ACNS) on CE (ce2636-sw-5.1.3) saves WAN bandwidth by
web-caching and splitting streaming video over unicast and multicast.
Prerequisites
Prerequisites included in this section:
•
Requirements, page 2
•
Components Used, page 2
•
Related Products, page 3
•
Conventions, page 3
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on the following software and Cisco 3845 router hardware
and software:
•
16 FastEthernet interfaces (NM-ESW-16)
•
1 serial interface
•
3 terminal lines
Cisco 1800 Series Software Configuration Guide
2
IP Communication Solution for Group Applications Configuration Example
Prerequisites
•
2 channelized T1/PRI ports
•
4 voice FXS interfaces (VIC-4FXS-DID)
•
2 voice E&M interfaces (VIC2-2E&M)
•
1 Cisco service engine (NM-CUE)
•
1 Cisco Content Engine (NM-CE-BP)
•
A VIC2-4FS in slot 0
•
A VIC2-2FXS in slot 1
•
An HWICD-9ESW with inline power card in slots 2-3 (double-wide)
•
Cisco CallManager Release 3.3(3)
•
Cisco IOS Release 12.3(11)T or later
•
Enterprise Services feature set
The information in this document reflects use of devices in a specific lab environment. All devices used
in this configuration example started with a cleared (default) configuration. If you are working with a
live network, ensure that you understand the potential effects of any command before you use it. The
configuration example presented in this document depicts a combination of features on a single branch
office router. Users of this document should review the documents listed under the“Related Information”
section on page 42.
Related Products
This configuration can also be used with any Cisco 2800 and Cisco 3800 series routers.
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Cisco 1800 Series Software Configuration Guide
3
IP Communication Solution for Group Applications Configuration Example
Configure
Configure
In this section, you are presented with the information to configure the features described in this
document.
Note
To find additional information on the commands used in this document, use the Cisco IOS Command
Lookup tool. You must have an account on Cisco.com. If you do not have an account or have forgotten
your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Configuration Tips
•
The gigabit port on the router does not provide inline power.
•
Routing should be enabled and assumed to be configured.
•
The external flash card on the integrated services routers holds the router image, VLAN database,
graphical user interface (GUI) files for Cisco CME and Cisco Unity Express. It should not be
removed during the normal operation of the router.
•
The LMR integration to the router might require radio frequency (RF)/radio skills (typically a
non-IP and proprietary implementation). The radio–to–router physical cable might not be available
off–the–shelf.
Network Diagram
This document uses the network setup shown in the following diagram.
11
1
10
IP
IP
IP
5
4
9
2
3
6
7
Cisco 1800 Series Software Configuration Guide
4
121378
8
IP Communication Solution for Group Applications Configuration Example
Configure
1
Stream encoder, original source
7
LMR (LMR integration to the router)
2
TDM
8
T1 Loopback (unicast to multicast bridge); a
workaround to integrate a multicast
audio–to–standards based VoIP
3
NM-CE multicasting and live splitting on
ACNS
9
PSTN
4
Cisco CME/Cisco Unity Express
10 Headquarters
5
Local multicast on LAN from gateway
11 Cisco CallManager
6
PC client, multicast RTP client, Media Player
(streaming)
Configurations
This example presents configuration for the Cisco 3845 router.
Cisco 3845 Router
3845-gw#show running-config
Building configuration...
Current configuration : 17622 bytes
!
!---Last configuration change at 23:07:46 PDT Wed Jul 7 2004 by cisco
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
!
hostname 3845-gw
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 $1$3do1$SDp9TOK4YaZ7XguJYD2MD1
!
!---Local Database of username and passwords for Web server and local
!---authentication
!
username cisco password 7 1511021F0725
!
clock timezone PST -8
clock summer-time PDT recurring
no network-clock-participate slot 1
no network-clock-participate slot 2
no network-clock-participate slot 3
no network-clock-participate slot 4
no network-clock-participate wic 0
no network-clock-participate wic 1
network-clock-participate wic 2
no network-clock-participate wic 3
no network-clock-participate aim 0
Cisco 1800 Series Software Configuration Guide
5
IP Communication Solution for Group Applications Configuration Example
Configure
no network-clock-participate aim 1
aaa new-model
!
!
aaa group server tacacs+ admin
server 192.x or 10.x
server 192.x or 10.x
!
aaa group server radius vpn
server 192.x or 10.x auth-port 1645 acct-port 1646
!
!---AAA configuration used for local authentication
!
aaa authentication login admin group tacacs+ enable
aaa authentication login remote group vpn
aaa authentication login NOTACACS line
aaa authentication login LOCAL local
aaa authentication login WEB none
aaa authentication ppp LOCAL local
aaa authentication dot1x default group vpn
aaa authorization console
aaa authorization exec default local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
no ip source-route
!
ip cef
!
!
!---Configure a DHCP address pool for each IP phone:
ip dhcp excluded-address 192.168.10.1 192.168.10.99
!
ip dhcp pool NONAT
network 10.1.153.0 255.255.255.248
default-router 10.1.153.1
dns-server 10.1.162.183 10.1.156.120
option 150 ip 10.1.152.9
domain-name cisco.com
!
ip dhcp pool NAT
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 10.1.162.183 1010.1.156.120
option 150 ip 10.1.152.9
domain-name cisco.com
!
ip domain name cisco.com
ip name-server 10.1.162.183
ip name-server 10.1.156.120
ip multicast-routing
ip sap cache-timeout 30
ip ssh time-out 30
ip ssh version 1
ip ids po max-events 100
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd rsh-enable
!
voice-card 0
Cisco 1800 Series Software Configuration Guide
6
IP Communication Solution for Group Applications Configuration Example
Configure
no dspfarm
!
!
!
!---Configuration to enable “H.323 to H.323” and “H.323 to SIP” calls between Cisco
!---CallManager-Cisco CME-Cisco Unity Express. The “allow connections h323 to h323” &
!---“allow-connections h323 to sip” enable an easy configuration on gateway without the
!---need for loopback-dn for incoming calls from Cisco CallManager or for call flow from
!---Cisco CallManager to SIP for Voice Mail.
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
no supplementary-service h450.2
no supplementary-service h450.3
supplementary-service h450.12 advertise-only
h323
!
!
!
!---Configuration to support LMR(Land Mobile Radio) integration through E&M port on the
!---router (similar to Hoot and Holler configuration)
!
voice class permanent 1
signal timing oos restart 50000
signal timing oos timeout disabled
signal keepalive disabled
signal sequence oos no-action
!
!
!---Two T1 ports connected back-to-back to bridge VoIP to multicast audio bridging. This
!---is required to enable dialing into multicast. Connecting the TDM T1 port back-to-back
!---offers the possibility of using E.164 number as a conference ID, or for using the
!---multicast stream for application such as Hoot and Holler.
!--!---Cisco CME offers 3-party conference calling and is the recommended method for a
!---small branch office, the following T1 loopback cable is not required for configuring
!---the conferencing features.
!--!---Cisco IOS supports audio mixing of loudest three streams. The TDM back to
!---back connection enables the bridging of 23 channels of VoIP to one or
!---more multicast connections (one side with multicast configuration and the
!---other side with VoIP configuration)
!---This method provides a way to connect the standards-based VoIP call control to
!---the multicast audio streams that do not have any associated call control.
!
controller T1 0/2/0
framing esf
linecode b8zs
ds0-group 1 timeslots 1 type e&m-immediate-start
ds0-group 2 timeslots 2 type e&m-immediate-start
ds0-group 3 timeslots 3 type e&m-immediate-start
ds0-group 4 timeslots 4 type e&m-immediate-start
ds0-group 5 timeslots 5 type e&m-immediate-start
ds0-group 6 timeslots 6 type e&m-immediate-start
!
controller T1 0/2/1
framing esf
clock source internal
linecode b8zs
ds0-group 1 timeslots 1 type e&m-immediate-start
ds0-group 2 timeslots 2 type e&m-immediate-start
ds0-group 3 timeslots 3 type e&m-immediate-start
Cisco 1800 Series Software Configuration Guide
7
IP Communication Solution for Group Applications Configuration Example
Configure
ds0-group 4 timeslots 4 type e&m-immediate-start
ds0-group 5 timeslots 5 type e&m-immediate-start
ds0-group 6 timeslots 6 type e&m-immediate-start
!
no crypto isakmp enable
!
!
!---Loopback0 used to bind H323 to the Loopback0 interface. RTP Packets
!---originate/terminate on the router using this IP address.
!
interface Loopback0
ip address 10.1.152.9 255.255.255.255
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.1.152.9
!
interface Loopback2
ip address 10.1.152.241 255.255.255.252
ip ospf network point-to-point
!
interface Loopback3
ip address 10.1.152.249 255.255.255.252
ip virtual-reassembly
ip ospf network point-to-point
!
!---Configuration to enable Hoot and Holler using multicast on router. The multicast
!---streaming of packets from the local router uses the VIF interface to derive the local
!---ip address and the port of the packets. This can be verified by the show command “show
!---voip rtp connection”
!
interface Vif1
ip address 10.1.153.41 255.255.255.252
ip pim sparse-dense-mode
!
!
!---WAN uplink
!
interface Serial0/0/0
ip address 10.1.152.30 255.255.255.252
ip pim sparse-dense-mode
ip nat outside
ip virtual-reassembly
no fair-queue
!
!--- Content Engine connected as a Network Module.
!
interface Content-Engine1/0
ip unnumbered Loopback3
ip pim sparse-dense-mode
service-module ip address 10.1.152.250 255.255.255.252
service-module ip default-gateway 10.1.152.249
!
!
interface FastEthernet3/0
switchport access vlan 110
switchport trunk native vlan 100
switchport mode trunk
switchport voice vlan 110
no ip address
!
interface FastEthernet3/1
switchport access vlan 100
switchport trunk native vlan 100
switchport mode trunk
Cisco 1800 Series Software Configuration Guide
8
IP Communication Solution for Group Applications Configuration Example
Configure
switchport voice vlan 110
no ip address
!
interface FastEthernet3/2
switchport access vlan 100
switchport trunk native vlan 100
switchport mode trunk
switchport voice vlan 110
no ip address
!
interface FastEthernet3/3
switchport access vlan 100
switchport trunk native vlan 100
switchport mode trunk
switchport voice vlan 110
no ip address
!
!
!---Cisco Unity Express used for local voice-mail storage
!
interface Service-Engine4/0
ip unnumbered Loopback2
service-module ip address 10.1.152.242 255.255.255.252
service-module ip default-gateway 10.1.152.241
!
!--- Data VLAN, used for the desktops at the branch
!
interface Vlan100
ip address 192.168.10.1 255.255.255.0
ip pim sparse-dense-mode
ip nat inside
ip virtual-reassembly
!
interface Vlan110
ip address 10.1.153.1 255.255.255.248
ip pim sparse-dense-mode
ip virtual-reassembly
!
!---OSPF used as the routing protocol for scenario
!
router ospf 1
router-id 10.1.152.9
log-adjacency-changes
network 10.1.152.9 0.0.0.0 area 0
network 10.1.152.10 0.0.0.0 area 0
network
network
network
network
network
10.1.152.28 0.0.0.3 area 0
10.1.152.140 0.0.0.3 area 0
10.1.152.240 0.0.0.3 area 0
10.1.152.248 0.0.0.3 area 0
10.1.153.0 0.0.0.3 area 0
!
!---Static routes defined for routing to Service-Engine and Content-Engine network Module
ip classless
ip route 10.1.152.242 255.255.255.255 Service-Engine4/0
ip route 10.1.152.250 255.255.255.255 Content-Engine1/0
!
ip http server
ip http authentication aaa login-authentication LOCAL
no ip http secure-server
ip http path flash:
!
!---PAT (Port address translation used for the Data VLAN.
ip nat inside source list 11 interface Serial0/0/0 overload
Cisco 1800 Series Software Configuration Guide
9
IP Communication Solution for Group Applications Configuration Example
Configure
!
!
access-list 11 permit 192.168.11.0 0.0.0.255
access-list 11 permit 192.168.20.0 0.0.0.255
access-list 11 permit 192.168.10.0 0.0.0.255
!
!
!---Router serves as TFTP server for Signed Image for 7960 phone on Local LAN.
!
tftp-server flash:P00306000300.bin
tftp-server flash:P00306000300.loads
tftp-server flash:P00306000300.sb2
!
control-plane
!
!
!---VoIP side of the Back-to-Back T1 used for bridging VoIP to multicast streams defined
!---by the dial-peer with “ session protocol multicast”
!
voice-port 0/2/0:1
auto-cut-through
!
voice-port 0/2/0:2
auto-cut-through
!
voice-port 0/2/0:3
auto-cut-through
!
voice-port 0/2/0:4
auto-cut-through
!
voice-port 0/2/0:3
auto-cut-through
!
voice-port 0/2/0:4
auto-cut-through
!
voice-port 0/2/0:5
auto-cut-through
!
voice-port 0/2/0:6
auto-cut-through
!
!---E&M ports connected to the LMR (Land Mobile Radio). Each radio may have a different
!---radio frequency (such as VHF or UHF)
!
voice-port 0/1/0
auto-cut-through
voice-class permanent 1
operation 4-wire
signal lmr
lmr e-lead voice
timeouts call-disconnect 3
connection trunk 20480
!
voice-port 0/1/1
auto-cut-through
voice-class permanent 1
operation 4-wire
signal lmr
lmr m-lead audio-gate-in
lmr e-lead voice
timeouts call-disconnect 3
Cisco 1800 Series Software Configuration Guide
10
IP Communication Solution for Group Applications Configuration Example
Configure
connection trunk 20481
!
!---Multicast side of the back-to-back T1 used for bridging VoIP to multicast connection
!---trunk points to the dial-peer that is used for streaming into multicast
!
voice-port 0/2/1:1
auto-cut-through
timeouts call-disconnect 3
connection trunk 20480
!
voice-port 0/2/1:2
auto-cut-through
timeouts call-disconnect 3
connection trunk 20481
!
!---Multicast side of the back-to-back T1 used for bridging VoIP to multicast connection
!---trunk points to the dial-peer that is used for streaming into multicast for local
!---conferencing. 2111 dialed from the network side is looped back to the other side of
!---the T1 that is connected to the multicast dial-peer to convert it into a multicast
!---stream. The 3-party mixing algorithm takes care of conferencing between the dialed
!---parties
!
voice-port 0/2/1:3
auto-cut-through
timeouts call-disconnect 3
connection trunk 21111
!
voice-port 0/2/1:4
auto-cut-through
timeouts call-disconnect 3
connection trunk 21111
!
voice-port 0/2/1:5
auto-cut-through
timeouts call-disconnect 3
connection trunk 21111
!
voice-port 0/2/1:6
auto-cut-through
timeouts call-disconnect 3
connection trunk 21111
voice-port 0/3/0
!
voice-port 0/3/1
!
voice-port 0/3/2
!
!---FXS ports tied to multicast Hoot and Holler
!
voice-port 0/3/3
!
!---Dial peers pointing toward the NM-CUE for auto attendant and voice mail
!
dial-peer voice 27749 voip
description Towards CUE-Auto-Attendant
destination-pattern 27749
session protocol sipv2
session target ipv4:10.1.152.242
dtmf-relay sip-notify
codec g711ulaw
no vad
!
dial-peer voice 27748 voip
description Towards CUE-Voice-Mail
Cisco 1800 Series Software Configuration Guide
11
IP Communication Solution for Group Applications Configuration Example
Configure
destination-pattern 27748
session protocol sipv2
session target ipv4:10.1.152.242
dtmf-relay sip-notify
codec g711ulaw
no vad
!
!---Dial peers for dialing out; pointing to Cisco CallManager Release 3.3(3)
!
dial-peer voice 101 voip
description CCM-IT-Cisco
destination-pattern .T
session target ipv4:10.1.148.178
dtmf-relay h245-alphanumeric
codec g711ulaw
!
dial-peer voice 9 voip
preference 1
destination-pattern 91..........
session target ipv4:10.1.148.178
!
dial-peer voice 2 voip
destination-pattern 2....
session target ipv4:10.1.148.178
!
!---Dial Peers for multicast streaming from TDM port
!
dial-peer voice 20480 voip
description VoIP to multicast bridging for LMR integration
destination-pattern 20480
voice-class permanent 1
session protocol multicast
session target ipv4:239.192.17.191:20480
codec g711ulaw
vad aggressive
!
dial-peer voice 20481 voip
description VoIP to multicast bridging for LMR integration
destination-pattern 20481
voice-class permanent 1
session protocol multicast
session target ipv4:239.192.17.192:20480
codec g711ulaw
vad aggressive
!
dial-peer voice 21111 voip
description VoIP to multicast bridging for Local Conferencing
destination-pattern 21111
voice-class permanent 1
session protocol multicast
session target ipv4:239.192.17.195:20480
dtmf-relay cisco-rtp
codec g711ulaw
vad aggressive
!---Dial Peers for the T1 physical loopback used for bridging multicast to VoIP
!---(VoIP Side)
!
dial-peer voice 1 pots
description VoIP to multicast bridging for LMR
destination-pattern 27737
port 0/2/0:1
!
dial-peer voice 3 pots
Cisco 1800 Series Software Configuration Guide
12
IP Communication Solution for Group Applications Configuration Example
Configure
description VoIP to multicast bridging for LMR
destination-pattern 4089027737
port 0/2/0:1
!
dial-peer voice 4 pots
description VoIP to multicast bridging for LMR
destination-pattern 27738
port 0/2/0:2
!
dial-peer voice 5 pots
description VoIP to multicast bridging for LMR
destination-pattern 4089027738
port 0/2/0:2
!
dial-peer voice 6 pots
description VoIP to local multicast conference bridge
destination-pattern 2111
port 0/2/0:3
!
dial-peer voice 7 pots
description VoIP to local multicast conference bridge
destination-pattern 2111
port 0/2/0:4
!
dial-peer voice 8 pots
description VoIP to local multicast conference bridge
destination-pattern 2111
port 0/2/0:5
!
dial-peer voice 9 pots
description VoIP to local multicast conference bridge
destination-pattern 2111
port 0/2/0:6
!
!
!---Dial Cisco CME Configuration with services configuration
!
!
telephony-service
fxo hook-flash
load 7910 P00403020214
load 7960-7940 P00306000300
max-ephones 27
max-dn 40
ip source-address 10.1.152.9 port 2000
auto assign 1 to 27
timeouts interdigit 5
system message Next GEN Branch Documentation
url services http://phone-xml.berbee.com/menu.xml
create cnf-files version-stamp 7960 Jun 24 2004 14:00:45
dialplan-pattern 1 408902.... extension-length 5
voicemail 27749
mwi relay
mwi expires 99999
max-conferences 8
call-forward pattern .....
web admin customer name cisco password admin
dn-webedit
time-webedit
transfer-system full-consult
transfer-pattern .....
secondary-dialtone 9
!
Cisco 1800 Series Software Configuration Guide
13
IP Communication Solution for Group Applications Configuration Example
Configure
!
ephone-dn 1 dual-line
number 27725
description Ross
name Ross
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 2 dual-line
number 27726
description Rachel
name Rachel
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 3 dual-line
number 27727
description Chandler
name Chandler
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 4 dual-line
number 27728
description Monica
name Monica
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 5 dual-line
number 27729
description Jen-Shue Shih
name Jen-Shue Shih
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 6 dual-line
number 27730
description Mike
name Mike
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 7 dual-line
number 27731
10
18
18
10
10
18
description Phoebe
name Phoebe
call-forward busy 27749
call-forward noan 27749 timeout 18
!
!
ephone-dn 8 dual-line
number 27732
description Cosmo
name Cosmo
call-forward busy 27749
call-forward noan 27749 timeout 18
Cisco 1800 Series Software Configuration Guide
14
IP Communication Solution for Group Applications Configuration Example
Configure
!
!
ephone-dn 9 dual-line
number 27733
description Jerry
name Jerry
call-forward busy 27749
call-forward noan 27749
!
!
ephone-dn 10 dual-line
number 27734
description George
name George
call-forward busy 27749
call-forward noan 27749
!
!
ephone-dn 11 dual-line
number 27735
description Frank
name Frank
call-forward busy 27749
call-forward noan 27749
!
!
ephone-dn 12 dual-line
number 27736
description Estelle
name Estelle
call-forward busy 27749
call-forward noan 27749
!
!
ephone-dn 13 dual-line
!
!
ephone-dn 14 dual-line
!
!
ephone-dn 15 dual-line
number 27739
call-forward busy 27749
call-forward noan 27749
!
!
ephone-dn 16 dual-line
number 27740
call-forward busy 27749
call-forward noan 27749
!
!
ephone-dn 17
number 27741
call-forward
call-forward
!
!
ephone-dn 18
number 27742
call-forward
call-forward
!
timeout 18
timeout 18
timeout 18
timeout 18
timeout 18
timeout 18
dual-line
busy 27749
noan 27749 timeout 18
dual-line
busy 27749
noan 27749 timeout 18
Cisco 1800 Series Software Configuration Guide
15
IP Communication Solution for Group Applications Configuration Example
Configure
!
ephone-dn 19 dual-line
number 27743
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 20 dual-line
number 27744
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 21 dual-line
number 27745
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 25
!
!
ephone-dn 27
number 27749
call-forward busy 27749
call-forward noan 27749 timeout
!
!
ephone-dn 39
number 8000.....
mwi off
!
!
ephone-dn 40
number 8001.....
mwi on
!
!
ephone 1
mac-address 0003.4713.5554
type CIPC
button 1:1
!
!
!
ephone 2
mac-address 0002.8A3E.6606
type CIPC
button 1:2
!
!
!
ephone 3
mac-address 0001.022C.88A1
type CIPC
button 1:3
!
!
!
ephone 4
mac-address 0009.6B10.494D
type CIPC
button 1:4
Cisco 1800 Series Software Configuration Guide
16
18
18
18
18
IP Communication Solution for Group Applications Configuration Example
Configure
!
!
!
ephone 5
mac-address 0002.8A4B.000B
type CIPC
button 1:5
!
!
!
ephone 6
mac-address 0009.6B53.44C6
type CIPC
button 1:6
!
!
!
ephone 7
mac-address 0009.6B30.E399
type CIPC
button 1:7
!
!
!
ephone 8
mac-address 000B.BE37.1AB1
type 7960
button 1:8
!
!
!
ephone 9
mac-address 0006.D74B.15B3
type 7960
button 1:9
!
!
!
ephone 10
mac-address 000B.5F92.5784
type 7960
button 1:10
!
!
!
ephone 11
mac-address 000C.CE3A.87FA
type 7960
button 1:11
!
!
!
ephone 12
mac-address 000C.CE35.1B23
type 7960
button 1:12
!
!
!
ephone 13
mac-address 0002.8A9B.0CE5
type CIPC
button 1:13
Cisco 1800 Series Software Configuration Guide
17
IP Communication Solution for Group Applications Configuration Example
Configure
!
!
!
ephone 14
mac-address 0003.47D8.C236
type CIPC
button 1:14
!
!
!
ephone 15
mac-address 000C.CE35.1935
type 7960
button 1:15
!
!
!
ephone 16
mac-address 0030.94C3.BE45
type 7960
button 1:16
!
!
!
ephone 17
!
!
!
ephone 18
!
!
!
ephone 19
!
!
!
ephone 20
!
!
!
ephone 21
!
!
!
line con 0
authorization exec LOCAL
stopbits 1
line aux 0
stopbits 1
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output all
line 130
no activation-character
no exec
transport preferred none
transport input all
transport output all
line 258
no activation-character
Cisco 1800 Series Software Configuration Guide
18
IP Communication Solution for Group Applications Configuration Example
Verify
no exec
transport preferred none
transport input all
transport output all
line vty 0 4
exec-timeout 0 0
password 7 04490E020D205E4107
line vty 5 8
exec-timeout 0 0
password 7 03165E0F040E334340
!
scheduler allocate 20000 1000
ntp clock-period 1079741
ntp master
ntp update-calendar
ntp server 10.68.10.80
ntp server 10.68.10.150
end
Verify
This section provides information you can use to confirm that your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which
allows you to view an analysis of show command output. In summary, use these commands:
•
show telephony-service—Shows the IP telephony services available for Cisco CallManager server
•
show ephone registered—Verifies IP phone registration occurring and lists information associated
with each registered IP phone
•
show commands for the voice gateway
– show voice port summary—Displays a summary of all voice ports
– show voip rtp connections—Displays VoIP RTP active connections
– show voip dsp—Displays DSP information
– show voice trace—Displays voice-channel configuration information for all DSP channels
– show voice call summary—Displays the call status for all voice ports
– show running-config—Displays the contents of the currently running configuration file
•
show commands for CE
– show version—Displays information about the currently loaded CE software version along
with hardware and device information
– show running-config—Displays the contents of the currently running configuration file
– show processes cpu—Displays detailed CPU utilization statistics (CPU use per process)
– show statistics wmt streamstat—Displays statistics for Windows Media Technologies (WMT)
streaming connections
– show statistics wmt all—Display all WMT statistics
•
show and service commands on Cisco CME for Cisco Unity Express
– show interface service-engine—Displays the status of the service-engine interface
– service-module service-engine 4/0 status—Displays status of Cisco Unity Express
Cisco 1800 Series Software Configuration Guide
19
IP Communication Solution for Group Applications Configuration Example
Verify
– service-module service-engine 4/0 session—Opens session with Cisco Unity Express
•
show commands for Cisco Unity Express
– show running-config—Displays the contents of the currently running configuration file
– show voicemail mailboxes—Displays summary of mailbox owners and status
– show voicemail usage—Displays snapshot of voicemail system use
– show voicemail limits—Displays system limits for voicemail system
– show ccn application—Displays details about each configured application
– show ccn trigger—Displays the parameter values for all configured triggers
Representative output for each of these commands is presented in the verification summaries that follow.
Note
Relevant display output is highlighted as appropriate.
The following is an example of output for the show telephony-service command on the Cisco CME:
CCME-CUE-SJC# show telephony-service
CONFIG (Version=3.2)
=====================
Version 3.2
Cisco CallManager Express
For on-line documentation please see:
www.cisco.com/univercd/cc/td/doc/product/access/ip_ph/ip_ks/index.htm
ip source-address 10.1.152.9 port 2000
load 7910 P00403020214
load 7960-7940 P00303020214
max-ephones 27
max-dn 40
max-conferences 8
dspfarm units 0
dspfarm transcode sessions 0
max-redirect 5
dialplan-pattern 1 408902.... extension-length 5
voicemail 27749
mwi relay
mwi expires 99999
time-format 12
date-format mm-dd-yy
timezone 0 Greenwich Standard Time
secondary-dialtone 9
url services http://phone-xml.berbee.com/menu.xml
call-forward pattern .....
transfer-pattern .....
keepalive 30
timeout interdigit 5
timeout busy 10
timeout ringing 180
caller-id name-only: enable
system message CCME2 Cisco (MCEBU) Bldg 22
web admin system name cisco password 3800
web admin customer name cisco1 password 38001
edit DN through Web: enabled.
edit TIME through web: enabled.
Log (table parameters):
max-size: 150
Cisco 1800 Series Software Configuration Guide
20
IP Communication Solution for Group Applications Configuration Example
Verify
retain-timer: 15
create cnf-files version-stamp 7960 Apr 12 2004 12:16:53
transfer-system full-consult
auto assign 1 to 27
fxo hook-flash
local directory service: enabled.
The following example illustrates output using the show ephone registered command:
CCME-CUE-SJC# show ephone registered
ephone-1 Mac:0003.4713.5554 TCP socket:[6] activeLine:0 REGISTERED
mediaActive:0 offhook:0 ringing:0 reset:0 reset_sent:0 paging 0 debug:0
IP:172.19.150.31 1649 CIPC
keepalive 10410 max_line 8
button 1: dn 1 number 27725 CH1
IDLE
CH2
IDLE
ephone-9 Mac:0006.D74B.15B3 TCP socket:[1] activeLine:0 REGISTERED
mediaActive:0 offhook:0 ringing:0 reset:0 reset_sent:0 paging 0 debug:0
IP:192.168.20.4 50475 Telecaster 7960 keepalive 39556 max_line 6
button 1: dn 9 number 27733 CH1
IDLE
CH2
IDLE
ephone-15 Mac:000C.CE35.1935 TCP socket:[3] activeLine:0 REGISTERED
mediaActive:0 offhook:0 ringing:0 reset:0 reset_sent:0 paging 0 debug:0
IP:192.168.20.2 51961 Telecaster 7960 keepalive 39556 max_line 6
button 1: dn 15 number 27739 CH1
IDLE
CH2
IDLE
The following is an example of output for the show voice port summary command on the branch office
router:
3845-gw# show voice port summary
PORT
=========
0/2/0:1
0/2/0:2
0/2/0:3
0/2/0:4
0/2/0:5
0/2/0:6
0/1/0
0/1/1
0/2/1:1
0/2/1:2
0/2/1:3
0/2/1:4
0/2/1:5
0/2/1:6
0/3/0
0/3/1
0/3/2
0/3/3
50/0/1
50/0/1
50/0/2
50/0/2
50/0/3
.
50/0/40
IN
STATUS
========
idle
idle
idle
idle
idle
idle
trunked
trunked
trunked
trunked
trunked
trunked
trunked
trunked
on-hook
on-hook
on-hook
on-hook
on-hook
on-hook
on-hook
on-hook
on-hook
CH
SIG-TYPE
ADMIN
== ============ =====
01 e&m-imd
up
02 e&m-imd
up
03 e&m-imd
up
04 e&m-imd
up
05 e&m-imd
up
06 e&m-imd
up
-- e&m-lmr
up
-- e&m-lmr
up
01 e&m-imd
up
02 e&m-imd
up
03 e&m-imd
up
04 e&m-imd
up
05 e&m-imd
up
06 e&m-imd
up
-- fxs-ls
up
-- fxs-ls
up
-- fxs-ls
up
-- fxs-ls
up
1
efxs
up
2
efxs
up
1
efxs
up
2
efxs
up
1
efxs
up
OPER
====
dorm
dorm
dorm
dorm
dorm
dorm
up
up
up
up
up
up
up
up
dorm
dorm
dorm
dorm
up
up
up
up
up
1
dorm on-hook
efxs
up
OUT
STATUS
========
idle
idle
idle
idle
idle
idle
trunked
trunked
trunked
trunked
trunked
trunked
trunked
trunked
idle
idle
idle
idle
idle
idle
idle
idle
idle
EC
==
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
y
idle
y
Cisco 1800 Series Software Configuration Guide
21
IP Communication Solution for Group Applications Configuration Example
Verify
The following is an example of output for the show voice rtp connections command on the branch office
router:
3845-gw# show voip rtp connections
VoIP RTP active connections :
No. CallId dstCallId LocalRTP
1
2
1
32414
2
4
3
28764
3
6
5
16416
4
8
7
27572
5
1754
1753
16446
6
1756
1755
31552
7
1758
1757
16454
8
1761
1760
16496
Found 8 active RTP connections
RmtRTP
20480
20480
20480
20480
20480
20480
20480
20480
LocalIP
10.1.153.42
10.1.153.42
10.1.153.42
10.1.153.42
10.1.153.42
10.1.153.42
10.1.153.42
10.1.153.42
RemoteIP
239.192.17.191
239.192.17.192
239.192.17.191
239.192.17.192
239.192.17.195
239.192.17.195
239.192.17.195
239.192.17.195
The following is an example of output for the show voip dsp command on the branch office router:
3845-gw# show voip dsp
----------------------------FLEX VOICE CARD 0 -----------------------------*DSP VOICE CHANNELS*
DSP
DSP
DSPWARE CURR BOOT
PAK
TX/RX
TYPE NUM CH CODEC
VERSION STATE STATE
RST AI VOICEPORT TS ABRT PACK COUNT
===== === == ======== ======= ===== ======= === == ========= == ==== ============
C5510 013 01 g711ulaw
4.4.1 busy idle
0 0 0/1/0
00
0
1/419970
C5510 013 02 g711ulaw
4.4.1 busy idle
0 0 0/2/1:2
02
0
15/420330
C5510 013 03 g711ulaw
4.4.1 busy idle
0 0 0/2/1:1
01
0
16/420130
C5510 013 04 g711ulaw
4.4.1 busy idle
0 0 0/1/1
01
0
0/419879
C5510 013 05 None
4.4.1 busy idle
0 0 0/2/0:3
03
0
0/14
C5510 013 06 g711ulaw
4.4.1 busy idle
0 0 0/2/1:3
03
0
1873/1655
C5510 014 01 None
4.4.1 busy idle
0 0 0/2/0:4
04
0
0/14
C5510 014 02 g711ulaw
4.4.1 busy idle
0 0 0/2/1:6
06
0
1833/5379
C5510 014 03 None
4.4.1 busy idle
0 0 0/2/0:5
05
0
0/14
C5510 014 04 None
4.4.1 busy idle
0 0 0/2/0:6
06
0
0/14
C5510 014 05 g711ulaw
4.4.1 busy idle
0 0 0/2/1:5
05
0
1424/5334
C5510 014 06 g711ulaw
4.4.1 busy idle
0 0 0/2/1:4
04
0
1402/5057
*DSP SIGNALING CHANNELS*
DSP
DSP
DSPWARE CURR BOOT
PAK
TX/RX
TYPE NUM CH CODEC
VERSION STATE STATE
RST AI VOICEPORT TS ABRT PACK COUNT
===== === == ======== ======= ===== ======= === == ========= == ==== ============
C5510 013 01 {flex}
4.4.1 alloc idle
0 0 0/1/0
02
0
34/0
C5510 013 02 {flex}
4.4.1 alloc idle
0 0 0/1/1
02
0
35/0
C5510 013 03 {flex}
4.4.1 alloc idle
0 0 0/3/1
06
0
14/0
C5510 013 04 {flex}
4.4.1 alloc idle
0 0 0/3/0
06
0
14/0
C5510 013 05 {flex}
4.4.1 alloc idle
0 0 0/3/3
02
0
14/0
C5510 013 06 {flex}
4.4.1 alloc idle
0 0 0/3/2
02
0
14/0
C5510 013 07 {flex}
4.4.1 alloc idle
0 0 0/2/0:1
01
0
4/18
C5510 013 08 {flex}
4.4.1 alloc idle
0 0 0/2/0:2
02
0
4/18
C5510 013 09 {flex}
4.4.1 alloc idle
0 0 0/2/1:1
01
0
27/23
C5510 013 10 {flex}
4.4.1 alloc idle
0 0 0/2/1:2
02
0
27/23
C5510 013 11 {flex}
4.4.1 alloc idle
0 0 0/2/0:3
03
0
454/335
C5510 013 12 {flex}
4.4.1 alloc idle
0 0 0/2/0:4
04
0
465/341
C5510 013 13 {flex}
4.4.1 alloc idle
0 0 0/2/0:5
05
0
433/315
C5510 013 14 {flex}
4.4.1 alloc idle
0 0 0/2/0:6
06
0
421/307
C5510 013 15 {flex}
4.4.1 alloc idle
0 0 0/2/1:3
03
0
3969/3831
C5510 013 16 {flex}
4.4.1 alloc idle
0 0 0/2/1:4
04
0
4050/3933
C5510 014 01 {flex}
4.4.1 alloc idle
0 0 0/2/1:5
05
0
3819/3657
C5510 014 02 {flex}
4.4.1 alloc idle
0 0 0/2/1:6
06
0
3724/3553
------------------------END OF FLEX VOICE CARD 0 ----------------------------
The following is an example of output for the show voice trace command on the branch office router:
Cisco 1800 Series Software Configuration Guide
22
IP Communication Solution for Group Applications Configuration Example
Verify
3845-gw# show voice trace 0/2/1:1
0/2/1:1 1 State Transitions: timestamp (state, event) -> (state, event) ...
42.808 (S_SETUP_INDICATED, E_CC_PROCEEDING) ->
42.808 (S_PROCEEDING, E_CC_CONNECT) ->
State Transitions: timestamp (state, event) -> (state, event) ...
42.808 (S_TRUNK_PEND, E_HTSP_EVENT_TIMER) ->
42.808 (S_TRUNK_PROC, E_HTSP_SETUP_ACK) ->
42.808 (S_TRUNK_PROC, E_HTSP_PROCEEDING) ->
42.808 (S_TRUNK_PROC, E_HTSP_VOICE_CUT_THROUGH) ->
42.808 (S_TRUNK_W_CONNECT, E_HTSP_CONNECT) ->
The following is an example of output for the show voice call summary command on the branch office
router:
3845-gw# show voice call summary
PORT
CODEC
VAD VTSP STATE
VPM STATE
============== ======== === ==================== ======================
0/2/0:1.1
- EM_ONHOOK
0/2/0:2.2
- EM_ONHOOK
0/2/0:3.3
- EM_ONHOOK
0/2/0:4.4
- EM_ONHOOK
0/2/0:5.5
- EM_ONHOOK
0/2/0:6.6
- EM_ONHOOK
0/1/0
g711ulaw y S_CONNECT
S_TRUNKED
0/1/1
g711ulaw y S_CONNECT
S_TRUNKED
0/2/1:1.1
g711ulaw y S_CONNECT
S_TRUNKED
0/2/1:2.2
g711ulaw y S_CONNECT
S_TRUNKED
0/2/1:3.3
g711ulaw y S_CONNECT
S_TRUNKED
0/2/1:4.4
g711ulaw y S_CONNECT
S_TRUNKED
0/2/1:5.5
g711ulaw y S_CONNECT
S_TRUNKED
0/2/1:6.6
g711ulaw y S_CONNECT
S_TRUNKED
0/3/0
- FXSLS_ONHOOK
0/3/1
- FXSLS_ONHOOK
0/3/2
- FXSLS_ONHOOK
0/3/3
- FXSLS_ONHOOK
50/0/1 .1
- EFXS_ONHOOK
50/0/9 .1
- EFXS_ONHOOK
50/0/9 .2
- EFXS_ONHOOK
The following is an example of output for the show version command on the CE:
sjc22-13a-rb-CE3# show version
Application and Content Networking System Software (ACNS)
Copyright (c) 1999-2003 by Cisco Systems, Inc.
Application and Content Networking System Software Release 5.1.3 (build b15 Feb
13 2004)
Version: ce2636-sw-5.1.3
Compiled 17:52:07 Feb 13 2004 by test
Compile Time Options: PP SS
System was restarted on Tue Jan 1 00:01:12 1980.
The system has been up for 16 hours, 8 seconds.
The following is an example of output for the show running-config command on the CE:
sjc22-13a-rb-CE3# show running-config
hostname sjc22-13a-rb-CE3
!
Cisco 1800 Series Software Configuration Guide
23
IP Communication Solution for Group Applications Configuration Example
Verify
http dns-cache serial-lookup
!
!
ip domain-name cisco.com
!
!
gui-server secure port 8002
!
!
interface FastEthernet external
shutdown
exit
interface FastEthernet internal
exit
!
!
primary-interface FastEthernet 0/1
!
wmt license-key 92W5SNNNSULWCXN78
wmt accept-license-agreement
wmt max-concurrent-sessions 9
wmt mms allow extension asf none nsc wma wmv mp3
wmt broadcast alias-name lanka source mms://24.6.215.172/AAA
wmt enable
!
!
multicast accept-license-agreement
!
!
ip name-server 10.68.162.183
ip name-server 10.72.156.120
!
!
wccp router-list 1 10.1.152.249
wccp web-cache router-list-num 1
wccp version 2
!
!
!
!
!
!
!
!
username admin password 1 bVmDmMMmZAPjY
username admin privilege 15
!
!
authentication login local enable primary
authentication configuration local enable primary
!
!
cdm ip 10.86.46.81
cms enable
!
!
!
End of ACNS configuration
The following is an example of output for the show processes cpu command on the CE:
sjc22-13a-rb-CE3# show processes cpu
Cisco 1800 Series Software Configuration Guide
24
IP Communication Solution for Group Applications Configuration Example
Verify
CPU usage:
Current
Peak
cpu:
96 %
100 %
CPU average usage since last reboot:
cpu: 0.03% User, 7.28% System, 1.80% User(nice), 90.90% Idle
cpu0: 0.03% User, 7.28% System, 1.80% User(nice), 90.90% Idle
-------------------------------------------------------------------PID STATE PRI User T SYS T
COMMAND
----- ----- --- ------ ------ -------------------1
S
0
744
4839 (init)
2
3
4
5
6
157
197
201
202
298
902
1494
1544
R
S
S
S
S
S
S
S
R
S
S
S
S
0
19
0
0
0
0
10
10
10
0
10
10
10
0
0
0
0
0
0
30143
0
396
0
108
2
3
0
0
0
0
0
0
3926
0
150
0
23
1
1
(keventd)
(ksoftirqd_CPU0)
(kswapd)
(bdflush)
(kupdated)
(streamd)
(nodemgr)
(syslogd)
(dataserver)
(kjournald)
(ruby_disk)
(parser_server)
(su)
The following is an example of output for the show statistics xmt streamstat command on the CE:
sjc22-13a-rb-CE3# show statistics wmt streamstat
Detailed Stream Statistics
==========================
Incoming Streams:
=================
Bandwidth in Kbps, Duration in seconds
Type Transport
Filename
LIVE MMS(TCP)
AAA
Source
RMT_MMS
Pkts_Recd Bytes_Recd Duration
Stream-Id
807995
1165556557 44531
5878
Outgoing Streams:
=================
Client-IP
Type Transport
Server-IP
Filename
10.21.96.174
LIVE HTTP
24.6.215.172
lanka
10.21.81.206
LIVE MMS(UDP)
24.6.215.172
lanka
10.21.88.96
LIVE HTTP
24.6.215.172
lanka
10.21.113.252
LIVE MMS(UDP)
24.6.215.172
lanka
10.21.116.124
LIVE HTTP
24.6.215.172
lanka
10.21.115.95
LIVE MMS(UDP)
24.6.215.172
lanka
10.21.65.223
LIVE MMS(UDP)
24.6.215.172
lanka
sjc22-13a-rb-CE3#
Source
RMT_MMS
RMT_MMS
RMT_MMS
RMT_MMS
RMT_MMS
RMT_MMS
RMT_MMS
BW
Server-IP
216
24.6.215.172
State
Pkts_sent
Stream-Id
Play
216441
13830
Play
59505
15639
Play
165227
14402
Play
596188
8644
Play
53848
15682
Play
481970
10694
Play
15883
16161
Bytes_sent
Duration BW
312540804
11946
216
85925220
3283
216
238587788
9129
216
860895472
32961
216
77756512
3033
216
695964680
26584
216
22935052
878
216
The following is an example of output for the show statistics xmt all command on the CE:
Cisco 1800 Series Software Configuration Guide
25
IP Communication Solution for Group Applications Configuration Example
Verify
sjc22-13a-rb-CE3# show statistics wmt all
Unicast Requests Statistics
===========================
Total unicast requests received: 79
------------------------------------Total
% of Total
Unicast Requests
-------------------------------------------Streaming Requests served:
Mcast nsc file Request:
Requests error:
Total
By Type of Content
-----------------Live content:
On-Demand Content:
75
0
0
94.94%
0.00%
0.00%
% of Total Streaming Requests
---------------------------------------------
75
0
100.00%
0.00%
MMSU:
MMST:
HTTP:
32
1
42
42.67%
1.33%
56.00%
Local:
Remote MMS:
Remote HTTP:
Multicast:
0
75
0
0
0.00%
100.00%
0.00%
0.00%
By Transport Protocol
---------------------
By Source of Content
--------------------
CDN-Related WMT Requests
-------------------CDN Content Hits:
0
CDN Content Misses:
0
CDN Content Live:
0
CDN Content Errors:
0
Unicast Bytes Statistics
========================
Total unicast incoming bytes: 1178064843
---------------------------------
0.00%
0.00%
0.00%
0.00%
Total
% of Total Unicast
Incoming Bytes
-------------------------------------------By Type of Content
-----------------Live content:
On-Demand Content:
1178064843
0
100.00%
0.00%
0
1178064843
0
0.00%
100.00%
0.00%
By Transport Protocol
--------------------MMSU:
MMST:
HTTP:
Unicast Bytes Statistics
Cisco 1800 Series Software Configuration Guide
26
IP Communication Solution for Group Applications Configuration Example
Verify
========================
Total unicast outgoing bytes: 4698135144
--------------------------------Total
% of Total Unicast
Outgoing Bytes
-------------------------------------------By Type of Content
-----------------Live content:
On-Demand Content:
4698135144
0
100.00%
0.00%
MMSU:
3148201513
67.01%
MMST:
HTTP:
0
1549933631
0.00%
32.99%
By Transport Protocol
---------------------
Unicast Savings Statistics
==========================
Total bytes saved: 3520070301
-------------------------Total
By Pre-positioned content:
By Live-splitting:
By Cache-hit:
% of Total Bytes
Saved
-------------------------------------------0
0.00%
3520070301
100.00%
0
0.00%
Total
% of Total
Live Outgoing Bytes
-------------------------------------------Live Splitting
-------------Incoming bytes:
Outgoing bytes:
Bytes saved:
1178064843
4698135144
3520070301
25.08%
100.00%
74.92%
Total
% of Bytes Cache
Total
-------------------------------------------Caching
------Bytes cache-miss:
Bytes cache-hit:
Bytes cache-total:
0
0
0
Bytes cache-bypassed:
0
0.00%
0.00%
0.00%
Total
% of Req Cache
Total
-------------------------------------------Cacheable requests
-----------------Req cache-miss:
Req cache-hit:
Req cache-partial-hit:
Req cache-total:
0
0
0
0
Req cache-bypassed:
81
0.00%
0.00%
0.00%
0.00%
Objects not cached
Cisco 1800 Series Software Configuration Guide
27
IP Communication Solution for Group Applications Configuration Example
Verify
-----------------Cache bypassed:
Exceed max-size:
81
0
Usage Summary
=============
Concurrent Unicast Client Sessions
---------------------------------Current:
8
Max:
8
Concurrent Active Multicast Sessions
-----------------------------------Current:
0
Max:
0
Concurrent Remote Server Sessions
--------------------------------Current:
1
Max:
1
Concurrent Unicast Bandwidth (Kbps)
----------------------------------Current: 1734.120
Max: 1734.120
Concurrent Multicast Out Bandwidth (Kbps)
----------------------------------------Current:
0.000
Max:
0.000
Concurrent Bandwidth to Remote Servers (Kbps)
--------------------------------------------Current:
216.765
Max:
216.765
Error Statistics
================
Total request errors:
0
Errors generated by this box
Reach MAX connections:
Reach MAX incoming bandwidth:
Reach MAX outgoing bandwidth:
Reach MAX incoming bit rate:
Reach MAX outgoing bit rate:
MMSU under wccp:
MMSU not allowed:
MMST not allowed:
MMSU/T not allowed:
HTTP not allowed:
1st tcp pkt error, possible port scan:
Illegal url:
No socket:
Cannot connect:
Authentication fail:
Remote server error:
Client error:
Internal error:
Local vod file not found:
Local vod file header corrupted:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Cisco 1800 Series Software Configuration Guide
28
IP Communication Solution for Group Applications Configuration Example
Verify
Local vod file data corrupted:
Unknown error:
0
0
Errors generated by remote servers
Reach MAX connections:
Reach MAX bandwidth:
Reach MAX bit rate:
Illegal url:
Invalid request:
No socket:
Cannot connect:
Conection refused:
Access deny:
Invalid stream type:
Remote server error:
Remote timeout:
Remote proxy error:
File not found:
File header corrupted:
File data corrupted:
Remote unknown error:
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Authentication Retries from Clients:
0
WMT Rule Template Statistics
================
URL Rewrite:
Connection Reset:
URL Block:
No-Auth:
No-Cache:
Selective Cache:
Allow:
0
0
0
0
0
0
0
WMT URL Filter Statistics
================
URL Allowed:
0
URL Filtered:
0
The following is an example of output for the show interface service-engine 4/0 command on the Cisco
CME for Cisco Unity Express:
3845-gw# show interface service-engine 4/0
Service-Engine4/0 is up, line protocol is up
Hardware is I82559FE, address is 000e.8335.7c30 (bia 000e.8335.7c30)
Interface is unnumbered. Using address of Loopback2 (10.1.152.241)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:14, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
138507 packets input, 21920546 bytes, 0 no buffer
Received 2237 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
Cisco 1800 Series Software Configuration Guide
29
IP Communication Solution for Group Applications Configuration Example
Verify
0 input packets with dribble condition detected
421216 packets output, 53661814 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
The following is an example of output for the service-module service-engine 4/0 status command on
the Cisco CME for Cisco Unity Express:
3845-gw# service-module service-Engine 4/0 status
Service Module is Cisco Service-Engine4/0
Service Module supports session via TTY line 258
Service Module is in Steady state
Getting status from the Service Module, please wait..
cisco service engine 1.1
The following is an example of output for the service-module service-engine 4/0 status session
command on the Cisco CME for Cisco Unity Express:
3845-gw# service-module service-engine 4/0 session
Trying 10.1.152.241, 2258 ... Open
User Access Verification
Username: cisco
Password:
se-10-32-152-242#
se-10-32-152-242#
The following is an example of output for the show running-config command on Cisco Unity Express:
se-10-32-152-242# show running-config
Generating configuration:
clock timezone America/Los_Angeles
hostname se-10-32-152-242
ip domain-name cisco.com
ip name-server 10.64.2.113 10.64.11.48
ntp server 10.1.152.241
groupname Administrators create
username
username
username
username
username
username
username
username
username
username
username
username
username
Ross create
Rachel create
Chandler create
Monica create
Jeshih create
Mike create
Phoebe create
Cosmo create
Jerry create
George create
Frank create
Estelle create
Ross phonenumber "27725"
Cisco 1800 Series Software Configuration Guide
30
IP Communication Solution for Group Applications Configuration Example
Verify
username
username
username
username
username
username
username
username
username
username
username
Rachel phonenumber "27726"
chandler phonenumber "27727"
Monica phonenumber "27728"
Jeshih phonenumber "27729"
Mike phonenumber "27730"
Phoebe phonenumber "27731"
Cosmo phonenumber "27732"
Jerry phonenumber "27733"
George phonenumber "27734"
Frank phonenumber "27735"
Estelle phonenumber "27736"
groupname Administrators member cisco
groupname Administrators privilege superuser
groupname Administrators privilege ManagePrompts
backup server url "ftp://127.0.0.1/ftp" credentials hidden "EWlTygcMhYmjazXhE/VN
XHCkplVV4KjescbDaLa4fl4WLSPFvv1rWUnfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35jwAAAAA="
ccn application autoattendant
description "autoattendant"
enabled
maxsessions 8
script "aa.aef"
parameter "MaxRetry" "3"
parameter "operExtn" "0"
parameter "welcomePrompt" "AAWelcome.wav"
end application
ccn application ciscomwiapplication
description "ciscomwiapplication"
enabled
maxsessions 8
script "setmwi.aef"
parameter "strMWI_OFF_DN" "8000"
parameter "strMWI_ON_DN" "8001"
parameter "CallControlGroupID" "0"
end application
ccn application promptmgmt
description "promptmgmt"
enabled
maxsessions 1
script "promptmgmt.aef"
end application
ccn application voicemail
description "voicemail"
enabled
maxsessions 8
script "voicebrowser.aef"
parameter "logoutUri" "http://localhost/voicemail/vxmlscripts/mbxLogout.jsp"
parameter "uri" "http://localhost/voicemail/vxmlscripts/login.vxml"
end application
ccn engine
end engine
ccn subsystem jtapi
ccm-manager address
end subsystem
ccn subsystem sip
gateway address "10.1.152.241"
Cisco 1800 Series Software Configuration Guide
31
IP Communication Solution for Group Applications Configuration Example
Verify
end subsystem
ccn trigger sip phonenumber 27748
application "autoattendant"
enabled
locale "en_US"
maxsessions 8
end trigger
ccn trigger sip phonenumber 27749
application "voicemail"
enabled
locale "en_US"
maxsessions 8
end trigger
ccn trigger sip phonenumber 27751
application "promptmgmt"
enabled
locale "en_US"
maxsessions 1
end trigger
voicemail default expiration time 30
voicemail default language en_US
voicemail default mailboxsize 3000
voicemail recording time 900
voicemail default messagesize 60
voicemail operator telephone 0
voicemail capacity time 6000
voicemail mailbox owner "Ross" size 3000
description "Ross mailbox"
end mailbox
voicemail mailbox owner "Rachel" size 3000
description "Rachel mailbox"
end mailbox
voicemail mailbox owner "Chandler" size 3000
description "Chandler mailbox"
end mailbox
voicemail mailbox owner "Monica" size 3000
description "Monica mailbox"
end mailbox
voicemail mailbox owner "Jeshih" size 3000
description "Jeshih mailbox"
end mailbox
voicemail mailbox owner "Mike" size 3000
description "Mike mailbox"
end mailbox
voicemail mailbox owner "Phoebe" size 3000
description "Phoebe mailbox"
end mailbox
voicemail mailbox owner "Cosmo" size 3000
description "Cosmo mailbox"
end mailbox
voicemail mailbox owner "Jerry" size 3000
description "Jerry mailbox"
Cisco 1800 Series Software Configuration Guide
32
IP Communication Solution for Group Applications Configuration Example
Verify
end mailbox
voicemail mailbox owner "George" size 3000
description "George mailbox"
end mailbox
voicemail mailbox owner "Frank" size 3000
description "Frank mailbox"
end mailbox
voicemail mailbox owner "Estelle" size 3000
description "Estelle mailbox"
end mailbox
end
The following is an example of output for the show voicemail mailboxes command on Cisco Unity
Express:
se-10-32-152-242# show voicemail mailboxes
OWNER
"Ross"
"Rachel"
"Chandler"
"Monica"
"Jeshih"
"Mike"
"Phoebe"
"Cosmo"
"Jerry"
"George"
"Frank"
"Estelle"
MSGS
0
0
0
3
0
0
0
0
0
0
0
0
NEW
0
0
0
3
0
0
0
0
0
0
0
0
SAVED
0
0
0
0
0
0
0
0
0
0
0
0
MSGTIME
0
0
0
142
0
0
0
0
0
0
0
0
MBXSIZE
3000
3000
3000
3000
3000
3000
3000
3000
3000
3000
3000
3000
USED
0 %
0 %
0 %
5 %
0 %
0 %
0 %
0 %
0 %
0 %
0 %
0 %
The following is an example of output for the show voicemail usage command on Cisco Unity Express:
se-10-32-152-242# show voicemail usage
personal mailboxes:
general delivery mailboxes:
orphaned mailboxes:
capacity of voicemail (minutes):
allocated capacity (minutes):
message time used (seconds):
message count:
average message length (seconds):
greeting time used (seconds):
greeting count:
average greeting length (seconds):
total time used (seconds):
total time used (minutes):
percentage used time (%):
12
0
0
6000
600.0
141
3
47.0
0
0
0.0
141
2.3499999046325684
1
The following is an example of output for the show voicemail limits command on Cisco Unity Express:
se-10-32-152-242# show voicemail limits
Default Mailbox Size (seconds):
Default Caller Message Size (seconds):
Maximum Recording Size (seconds):
Default Message Age (days):
System Capacity (minutes):
Default Prompt Language:
Operator Telephone:
3000
60
900
30
6000
en_US
0
Cisco 1800 Series Software Configuration Guide
33
IP Communication Solution for Group Applications Configuration Example
Verify
The following is an example of output for the show ccn application command on Cisco Unity Express:
se-10-32-152-242# show ccn application
Name:
Description:
Script:
ID number:
Enabled:
Maximum number of sessions:
strMWI_OFF_DN:
strMWI_ON_DN:
CallControlGroupID:
ciscomwiapplication
ciscomwiapplication
setmwi.aef
0
yes
8
8000
8001
0
Name:
Description:
Script:
ID number:
Enabled:
Maximum number of sessions:
logoutUri:
bxLogout.jsp
uri:
ogin.vxml
voicemail
voicemail
voicebrowser.aef
1
yes
8
http://localhost/voicemail/vxmlscripts/m
Name:
Description:
Script:
ID number:
Enabled:
Maximum number of sessions:
MaxRetry:
operExtn:
welcomePrompt:
Name:
Description:
Script:
ID number:
Enabled:
Maximum number of sessions:
autoattendant
autoattendant
aa.aef
2
yes
8
3
0
AAWelcome.wav
promptmgmt
promptmgmt
promptmgmt.aef
3
yes
1
http://localhost/voicemail/vxmlscripts/l
The following is an example of output for the show ccn trigger command on Cisco Unity Express:
se-10-32-152-242# show ccn trigger
Name:
Type:
Application:
Locale:
Idle Timeout:
Enabled:
Maximum number of sessions:
27749
SIP
voicemail
en_US
10000
yes
8
Name:
Type:
Application:
Locale:
Idle Timeout:
Enabled:
Maximum number of sessions:
27751
SIP
promptmgmt
en_US
10000
yes
1
Name:
Type:
27748
SIP
Cisco 1800 Series Software Configuration Guide
34
IP Communication Solution for Group Applications Configuration Example
Verify
Application:
Locale:
Idle Timeout:
Enabled:
Maximum number of sessions:
se-10-32-152-242#
autoattendant
en_US
10000
yes
8
Verification Screens: Examples
The following display screen examples depict the graphical user interface for Cisco CallManager, Cisco
CallManager Express (Cisco CME) and Cisco Unity Express for verification purposes. These screen
examples are shown for your reference are presented in the following sections:
•
Cisco CallManager Screen Examples, page 35
•
Cisco CME Screen Examples, page 37
•
Cisco Unity Express Screen Examples, page 39
Cisco CallManager Screen Examples
The screen display example below shows Cisco CallManager Release 3.3(3) trunk configuration for a
Cisco CME.
Cisco 1800 Series Software Configuration Guide
35
IP Communication Solution for Group Applications Configuration Example
Verify
The screen display example below depicts media termination point (MTP) software configuration.
Cisco 1800 Series Software Configuration Guide
36
IP Communication Solution for Group Applications Configuration Example
Verify
Cisco CME Screen Examples
The screen display example below identifies Cisco CallManager extensions.
Cisco 1800 Series Software Configuration Guide
37
IP Communication Solution for Group Applications Configuration Example
Verify
The screen display example below provides details about Cisco CME phones.
Cisco 1800 Series Software Configuration Guide
38
IP Communication Solution for Group Applications Configuration Example
Verify
Cisco Unity Express Screen Examples
The screen display example below lists voice mailboxes on Cisco Unity Express user configuration.
Cisco 1800 Series Software Configuration Guide
39
IP Communication Solution for Group Applications Configuration Example
Verify
The screen display example below provides details about voice mailboxes on Cisco Unity Express.
Cisco 1800 Series Software Configuration Guide
40
IP Communication Solution for Group Applications Configuration Example
Troubleshoot
The screen display example below depicts the Group Profile-Administrator display.
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
See the following tech notes:
•
IP Security Troubleshooting - Understanding and Using debug Commands
Troubleshooting Reference Documents and Commands
The following references and command recommendations offer guidance for troubleshooting Cisco
CME-based Cisco Unity Express implementations.
Note
Before issuing debug commands, see Important Information on Debug Commands.
For troubleshooting and debugging VoIP call basics, see the following document:
•
http://www.cisco.com/warp/public/788/voip/voip_debugcalls.html
The following specific commands related to troubleshooting VoIP calls:
•
show dialplan number—This command is used to show which dial peer is reached when a
particular telephone number is dialed.
Cisco 1800 Series Software Configuration Guide
41
IP Communication Solution for Group Applications Configuration Example
Related Information
•
debug vtsp session—This command displays information to help you trace how the router interacts
with the DSP based on the signalling indications from the signalling stack and requests from the
application.
•
debug vtsp dsp—This command displays the digits as they are received by the voice port.
•
debug vtsp all—This command enables the following debug voice telephony service provider
(VTSP) commands: debug vtsp session, debug vtsp error, and debug vtsp dsp.
•
debug vpm signal—This command collects debug information only for signaling events. This
command can also be useful in resolving problems with signaling to a PBX.
•
debug voip ccapi—This command traces the execution path through the call control application
programming interface (API),, which serves as the interface between the call session application and
the underlying network-specific software. You can use the output from this command to understand
how calls are being handled by the router.
•
debug vpm port—This command is to limit the debug output to a particular port. The debug output
can be quite voluminous for a single port. A six-port chassis might create problems. Use this debug
command with any or all of the other debug modes
Related Information
For additional information about Cisco CallManager Express, go to:
•
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/index.html
For additional information about Cisco Unity Express, go to:
•
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/index.html
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
42
Easy VPN Configuration Example
This document provides a Easy VPN (EzVPN) sample configuration, using Cisco 1800 series,
Cisco 2800 series, and Cisco 3800 series routers.
Contents
•
Introduction, page 1
•
Before You Begin, page 2
•
Configure, page 3
•
Verify, page 12
•
Troubleshoot, page 14
•
Related Information, page 16
Introduction
This document provides a sample Easy VPN (or EzVPN) configuration with the following
characteristics:
•
All traffic between two client branch sites and headquarters passes through a Virtual Private
Network (VPN) of IP Security (IPSec) encrypted tunnels.
•
Techniques used include Internet Key Exchange (IKE) dead peer detection (DPD), split tunneling,
and group policy on the server with Domain Name Server (DNS) information, Windows Information
Name Service (WINS) information, domain name, and an IP address pool for clients.
•
Headquarters uses an EzVPN concentrator, a Cisco Royal series router, with an ATM interface.
•
One branch uses a Cisco 2800 series router and employs a network-mode EzVPN client with a serial
interface, while another branch uses a Cisco 1800 series router and uses client mode EzVPN with
an SHDSL interface.
•
The various show commands demonstrate configurations for the Internet Security Association Key
Management Protocol (ISAKMP) and IPSec Security Associations (SAs) on the EzVPN
concentrator, as well as IPSec client EzVPN status on the clients.
Cisco Systems, Inc.
www.cisco.com
Easy VPN Configuration Example
Before You Begin
List of Terms
ATM—Asynchronous Transfer Mode. A connection switching protocol that organizes data into 53-byte
cell units, transmitting them via digital signals. Each cell is processed asynchronously (hence the name)
relative to the transmission or arrival of other cells within a single message. Cells are also queued before
being transmitted in a multiplexing fashion. ATM can be used for many different services, including
voice, video, or data.
DNS—Domain Name Server. Maps names to Internet Protocol (IP) addresses and addresses to names.
Domain Name Servers maintain lists of domain name and IP address mappings.
DPD—Dead peer detection. An implementation of a client keepalive functionality, to check the
availability of the VPN device on the other end of an IPSec tunnel.
IKE—Internet Key Exchange. IKE establishes a shared security policy and authenticates keys for
services (such as IPSec) that require keys. Before any IPSec traffic can be passed, each
router/firewall/host must verify the identity of its peer. This can be done by manually entering preshared
keys into both hosts or can be done by a certification authority (CA) service.
IPSec—IP Security. A framework of open standards that provides data confidentiality, data integrity, and
data authentication between participating peers. IPSec provides these security services at the IP layer.
IPSec uses IKE to handle the negotiation of protocols and algorithms based on local policy and to
generate the encryption and authentication keys to be used by IPSec. IPSec can protect one or more data
flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a
host.
ISAKMP—Internet Security Association Key Management Protocol. A protocol for key exchange
encryption and authentication. ISAKMP requires at least one pair of messages to be exchanged between
two VPN-connected peers before a secure link can be established.
NETBEUI—NetBIOS extended user interface. A transport protocol associated with Microsoft-based
networks. Unlike TCP/IP, NETBEUI is not a routable network protocol.
NetBIOS—Network Basic Input/Output System. A peer-to-peer low-level networking protocol dating
back to the 1980s, NetBIOS links network operating systems with network hardware. NetBIOS is not
routable and must be encapsulated with TCP/IP to pass through routers.
SA—Security association. This is a unidirectional channel negotiated by IPSec, with a pair of SAs
required for two-way communication. SAs are used to index session keys and initialization vectors.
SHDSL—Symmetrical High-Speed Digital Subscriber Line. An implementation of DSL that operates at
equal speeds in both transmission directions, at rates from 192 kbps to 2.3 Mbps.
WINS—Windows Internet Naming Service. A service in Microsoft-based networks that translates
hostnames into IP addresses. Using NETBEUI protocol, it is also compatible with NetBIOS.
Before You Begin
The following are the requirements for using this configuration example.
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Cisco 1800 Series Software Configuration Guide
2
Easy VPN Configuration Example
Configure
Components Used
The information in this document is based on these software and hardware versions:
•
At Headquarters, a Cisco 3845 router with a Cisco CallManager cluster, and with ATM access to the
Internet
•
At Branch 1, a Cisco 1841 router with a WIC-1SHDSL interface card installed, and with DSL access
to the Internet
•
At Branch 2, a Cisco 2811 router with a serial interface connection to the Internet
•
For Cisco 1800 series routers and Cisco 2800 series routers: Cisco IOS Release 12.3(8)T4
•
For Cisco 3800 series routers: Cisco IOS Release 12.3(11)T
•
Advanced Enterprise Services feature set
The information presented in this document resulted from the use of devices in a specific lab setup and
environment. All the devices used in this document started with a cleared (default) configuration. If you
are working in a live network, ensure that you understand the potential impact of any command before
you use it.
Note
When configuring stateful failover for IPSec on the Cisco 2811 router, you may get the following
message if there is no AIM-VPN module installed:
%crypto_ha_ipsec-4-crypto_ha_not_supported_by_hw 2811
Once an AIM-VPN module is installed in the Cisco 2811 router, this error message will no longer appear.
Related Products
This configuration can also be used with the following hardware:
•
Cisco 1800 series routers
•
Cisco 2800 series routers
•
Cisco Royal series routers
Configure
This section presents the information for configuring the features described in this document.
Note
For additional information on the commands used in this document, use the Cisco IOS Command
Lookup tool. You must have an account on Cisco.com. If you do not have an account or have forgotten
your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Configuration Tips
•
Make sure that the tunnels work before you apply the crypto maps.
Cisco 1800 Series Software Configuration Guide
3
Easy VPN Configuration Example
Configure
•
Apply IPSec crypto maps to both the tunnel interface and the physical interface
Network Diagram
This document uses the network setup shown in the following illustration:
8
3
1
6
2
5
IP
7
IP
9
117861
4
IP
IP
IP
IP
IP
IP
IP
Following are the callout terms and definitions for the diagram, identified by number:
1. Headquarters location
6. DSL link from the Branch 1 router to the
Internet
2. ATM link from the Headquarters router to the
Internet
7. Serial link from the Branch 2 router to the
Internet
3. VPN tunnel through the Internet to Branch 1
8. Branch 1 location
4. VPN tunnel through the Internet to Branch 2
9. Branch 2 location
5. The Internet, represented by the cloud
The Headquarters location (callout 1) uses a Cisco 3845 router with these characteristics:
•
EzVPN server
•
ATM access to the Internet
•
Operating in a Cisco CallManager cluster
•
Public IP address: 10.32.152.26
•
Private IP address pool: 192.168.1.0/24
The Branch 1 location (callout 8) uses a Cisco 1841 router with these characteristics:
•
EzVPN client using client mode
•
DSL access to the Internet
•
WIC-1SHDSL interface card installed
•
Public IP address: 10.32.152.46
Cisco 1800 Series Software Configuration Guide
4
Easy VPN Configuration Example
Configure
•
Private IP address pool: 192.168.3.0/24
The Branch 2 location (callout 9) uses a Cisco 2811 router with these characteristics:
•
EzVPN client using network mode
•
Serial access to the Internet
•
Public IP address: 10.32.150.46
•
Private IP address pool: 192.168.3.1/24
Configurations
This example uses these configurations:
•
Headquarters Office Configuration (Cisco 3845 Router), page 5
•
Branch 1 Router Configuration (Cisco 1841 Router), page 8
•
Branch 2 Router Configuration (Cisco 2811 Router), page 10
Headquarters Office Configuration (Cisco 3845 Router)
EzVPN-Hub# show running-config
Building configuration...
Current configuration : 6824 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname EzVPN-Hub
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$t8oN$hXnGodPh8ZM/ka6k/9aO51
!
username admin secret 5 $1$cfjP$kKpB7e3pfKXfpK0RIqX/E.
username ezvpn-spoke2 secret 5 $1$vrSS$AhSPxEUnPOsSpJkGdzjXg/
username ezvpn-spoke1 secret 5 $1$VK0p$4D0YXNOtC6K7MR4/vinUL.
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login USER_AAA local
aaa authentication login USERLIST local
aaa authorization network GROUP_AAA local
aaa session-id common
ip subnet-zero
!
ip cef
no ip domain lookup
ip domain name cisco.com
Cisco 1800 Series Software Configuration Guide
5
Easy VPN Configuration Example
Configure
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
voice-card 0
no dspfarm
!
!--- IKE configuration
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 90 12
!
ip access-list extended SPLIT_T
permit ip 192.168.0.0 0.0.255.255 any
!
crypto isakmp client configuration group VPN1
acl SPLIT_T
ip access-list extended SPLIT_T
permit ip 192.168.0.0 0.0.255.255 any
key cisco123
dns 192.168.168.183 192.168.226.120
wins 192.168.179.89 192.168.2.87
domain cisco.com
pool VPN-POOL
save-password
!
!--- IPSec configuration
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac
!
crypto dynamic-map INT_MAP 1
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM-1
!
!
crypto map INT_MAP client authentication list USER_AAA
crypto map INT_MAP isakmp authorization list GROUP_AAA
crypto map INT_MAP client configuration address respond
crypto map INT_MAP 30000 ipsec-isakmp dynamic INT_MAP
!
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface ATM0/0/0
description === public interface ===
Cisco 1800 Series Software Configuration Guide
6
Easy VPN Configuration Example
Configure
ip address 10.32.152.26 255.255.255.252
ip pim sparse-dense-mode
ip ospf network point-to-point
no atm ilmi-keepalive
pvc 10/100
protocol ip 10.32.152.25 broadcast
!
crypto map INT_MAP
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet4/1
switchport access vlan 10
no ip address
!
interface FastEthernet4/2
switchport access vlan 10
no ip address
!
interface FastEthernet4/3
switchport access vlan 10
no ip address
!
interface FastEthernet4/4
switchport access vlan 10
no ip address
!
interface FastEthernet4/5
switchport access vlan 10
no ip address
!
interface FastEthernet4/6
switchport access vlan 10
no ip address
!
interface FastEthernet4/7
switchport access vlan 10
no ip address
!
interface FastEthernet4/8
switchport access vlan 10
no ip address
!
interface FastEthernet4/9
switchport access vlan 10
no ip address
!
interface FastEthernet4/10
switchport access vlan 10
no ip address
!
interface FastEthernet4/11
switchport access vlan 10
no ip address
!
interface FastEthernet4/12
switchport access vlan 10
no ip address
!
interface FastEthernet4/13
switchport access vlan 10
no ip address
Cisco 1800 Series Software Configuration Guide
7
Easy VPN Configuration Example
Configure
!
interface FastEthernet4/14
switchport access vlan 10
no ip address
!
interface FastEthernet4/15
switchport access vlan 10
no ip address
!
!-- Entries for FastEthernet 4/16 through 4/35 omitted for redundancy
!
interface GigabitEthernet4/0
no ip address
shutdown
!
interface GigabitEthernet4/1
no ip address
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
!
ip local pool VPN-POOL 10.1.1.1 10.1.1.10
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.152.25
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login authentication USERLIST
!
!
end
!
Branch 1 Router Configuration (Cisco 1841 Router)
EzVPN-Spoke-1# show running-config
Building configuration...
.
.
Current configuration : 4252 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname EzVPN-Spoke-1
Cisco 1800 Series Software Configuration Guide
8
Easy VPN Configuration Example
Configure
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 $1$b7.Q$Y2x1UXyRifSStbkH/YyrP.
!
username admin password 7 0519030B234D5C0617
memory-size iomem 20
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login USERLIST local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool PRIVATE_DHCP
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
!
no ip domain lookup
ip domain name cisco.com
ip sap cache-timeout 30
ip ssh time-out 30
ip ids po max-events 100
no ftp-server write-enable
!
!--- IPSec configuration
!
crypto ipsec client ezvpn VPN1
connect auto
group VPN1 key cisco123
mode client
peer 10.32.152.26
username ezvpn-spoke1 password cisco1
!
interface FastEthernet0/0
description === private interface ===
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn VPN1 inside
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
Cisco 1800 Series Software Configuration Guide
9
Easy VPN Configuration Example
Configure
dsl linerate AUTO
pvc 0/35
encapsulation aal5snap
!
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
description === public interface ===
ip address 10.32.152.46 255.255.255.252
ip pim sparse-dense-mode
encapsulation ppp
dialer pool 1
dialer-group 1
crypto ipsec client ezvpn VPN1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.152.45
!
ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login authentication USERLIST
!
!
end
Branch 2 Router Configuration (Cisco 2811 Router)
EzVPN-Spoke-2# show running-config
Building configuration...
.
Current configuration : 4068 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname EzVPN-Spoke-2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9BB/$KP4mHUWzUxzpuEPg5s7ow/
!
username admin password 7 10481A110C07
memory-size iomem 25
aaa new-model
!
!
aaa authentication login USERLIST local
aaa session-id common
Cisco 1800 Series Software Configuration Guide
10
Easy VPN Configuration Example
Configure
ip
!
!
ip
ip
!
ip
subnet-zero
cef
dhcp excluded-address 192.168.3.1
dhcp pool PRIVATE_DHCP
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
no ip domain lookup
ip multicast-routing
ip ids po max-events 100
!
no ftp-server write-enable
voice-card 0
no dspfarm
!
!--- IPSec configuration
!
crypto ipsec client ezvpn VPN1
connect auto
group VPN1 key cisco123
mode network-extension
peer 10.32.152.26
username ezvpn-spoke2 password cisco2
!
interface FastEthernet0/0
description === private interface ===
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn VPN1 inside
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description === public interface ===
ip address 10.32.150.46 255.255.255.252
crypto ipsec client ezvpn VPN1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.150.45
!
ip http server
no ip http secure-server
!
control-plane
!
dial-peer cor custom
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login authentication USERLIST
!
end
Cisco 1800 Series Software Configuration Guide
11
Easy VPN Configuration Example
Verify
Verify
This section provides instructions for verifying that your configuration works properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which
allows you to view an analysis of show command output. In summary:
•
show crypto engine connections active—Shows the encrypted and decrypted packets.
•
show crypto ipsec sa—Shows the phase 2 IPSec security associations for the hub.
•
show crypto ipsec client ezvpn—Shows the phase 2 IPSec security associations for the EzVPN
client.
•
show crypto isakmp sa—Shows the phase 1 ISAKMP security associations.
One of the first indications of successful IPSec negotiation is a message displayed on the Virtual Private
Network (VPN) concentrator console. Upon successful IPSec negotiation by the EzVPN clients, a
message similar to the following is displayed on the VPN concentrator console, indicating the
establishment of crypto connections to the remote EzVPN clients.
EzVPN-Hub#
*Feb 23 10:33:10.663: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP
10.32.150.46:500
Id: VPN1
*Feb 23 10:33:37.439: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP
10.32.152.46:500
Id: VPN1
.
Peer
.
Peer
The following examples show sample output for the show crypto ipsec sa and show crypto ipsec client
ezvpn commands.
The following is sample output from the show crypto ipsec sa command, performed using the
configuration on the EzVPN Hub location:
EzVPN-Hub# show crypto ipsec sa
interface: ATM0/0/0
Crypto map tag: INT_MAP, local addr. 10.32.152.26
protected vrf:
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.1.3/255.255.255.255/0/0)
current_peer: 10.32.152.46:500
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.152.46
path mtu 4470, media mtu 4470
current outbound spi: EBA2AC93
Cisco 1800 Series Software Configuration Guide
12
Easy VPN Configuration Example
Verify
inbound esp sas:
spi: 0xDBEB20(14412576)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5131, flow_id: 11, crypto map: INT_MAP
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (4570368/14331)
ike_cookies: 787F69F1 41C7488D 92A37C71 AE8FEC38
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xEBA2AC93(3953306771)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5132, flow_id: 12, crypto map: INT_MAP
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (4570368/14331)
ike_cookies: 787F69F1 41C7488D 92A37C71 AE8FEC38
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
protected vrf:
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer: 10.32.150.46:500
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.150.46
path mtu 4470, media mtu 4470
current outbound spi: 59C46762
inbound esp sas:
spi: 0xA9344358(2838774616)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5129, flow_id: 9, crypto map: INT_MAP
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (4574224/14292)
ike_cookies: A479BC19 B6199FB9 E043AE83 9DECB0E8
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
Cisco 1800 Series Software Configuration Guide
13
Easy VPN Configuration Example
Troubleshoot
outbound esp sas:
spi: 0x59C46762(1506043746)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5130, flow_id: 10, crypto map: INT_MAP
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (4574224/14292)
ike_cookies: A479BC19 B6199FB9 E043AE83 9DECB0E8
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
The following is sample output from the show crypto ipsec client ezvpn command, performed using the
configuration on the EzVPN Spoke 1 location:
EzVPN-Spoke-1#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 2
Tunnel name : VPN1
Inside interface list: FastEthernet0/0,
Outside interface: Dialer0
Current State: IPSEC_ACTIVE
Last Event: SOCKET_UP
Address: 10.1.1.3
Mask: 255.255.255.255
DNS Primary: 192.168.168.183
DNS Secondary: 192.168.226.120
NBMS/WINS Primary: 192.168.179.89
NBMS/WINS Secondary: 192.168.2.87
Default Domain: cisco.com
The following is sample output from the show crypto ipsec client ezvpn command, performed using the
configuration on the EzVPN Spoke 2 location:
EzVPN-Spoke-2#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 2
Tunnel name : VPN1
Inside interface list: FastEthernet0/0,
Outside interface: Serial0/0/0
Current State: IPSEC_ACTIVE
Last Event: SOCKET_UP
DNS Primary: 192.168.168.183
DNS Secondary: 192.168.226.120
NBMS/WINS Primary: 192.168.179.89
NBMS/WINS Secondary: 192.168.2.87
Default Domain: cisco.com
Troubleshoot
This section provides information for troubleshooting your configuration.
See the following tech note:
•
IP Security Troubleshooting - Understanding and Using debug Commands
Cisco 1800 Series Software Configuration Guide
14
Easy VPN Configuration Example
Troubleshoot
Troubleshooting Commands
Note
Before issuing debug commands, please see Important Information on Debug Commands.
The following debug commands must be running on both IPSec routers (peers). Security associations
must be cleared on both peers.
•
debug crypto engine—Displays information pertaining to the crypto engine, such as when
Cisco IOS software is performing encryption or decryption operations.
•
debug crypto ipsec—Displays the IPSec negotiations of phase 2.
•
debug crypto ipsec client ezvpn—Displays the negotiation of the EzVPN client to the VPN
concentrator.
•
debug crypto isakmp—Displays the ISAKMP negotiations of phase 1.
•
clear crypto ipsec client ezvpn—Clears an existing EzVPN connection.
•
clear crypto isakmp—Clears the security associations for phase 1.
•
clear crypto sa—Clears the security associations for phase 2.
The following is an example of output for the debug crypto ipsec client ezvpn command:
EzVPN-Spoke-1# debug crypto ipsec client ezvpn
*May 24 03:04:51.923: EZVPN(VPN1): New State: CONNECT_REQUIRED
!
!--- The following line shows the connection going down, not part of the debug output.
!
*May 24 03:04:51.923: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is DOWN. Peer
10.32.152.26:500
Id: 10.32.152.26
!
!---Debug output resumes
!
*May 24 03:04:51.927: EZVPN(VPN1): Current State: CONNECT_REQUIRED
*May 24 03:04:51.927: EZVPN(VPN1): Event: CONNECT
*May 24 03:04:51.927: EZVPN(VPN1): ezvpn_connect_request
*May 24 03:04:51.927: EZVPN(VPN1): New State: READY
*May 24 03:04:51.999: EZVPN(VPN1): Current State: READY
*May 24 03:04:51.999: EZVPN(VPN1): Event: CONN_UP
*May 24 03:04:51.999: EZVPN(VPN1): ezvpn_conn_up 7F890E16 DB923EE3 67C9C0D2 7EE723AC
*May 24 03:04:51.999: EZVPN(VPN1): No state change
*May 24 03:04:52.007: EZVPN(VPN1): Current State: READY
*May 24 03:04:52.007: EZVPN(VPN1): Event: XAUTH_REQUEST
*May 24 03:04:52.007: EZVPN(VPN1): ezvpn_xauth_request
*May 24 03:04:52.007: EZVPN(VPN1): ezvpn_parse_xauth_msg
*May 24 03:04:52.007: EZVPN: Attributes sent in xauth request message:
*May 24 03:04:52.007:
XAUTH_USER_NAME_V2(VPN1):
*May 24 03:04:52.007:
XAUTH_USER_PASSWORD_V2(VPN1):
*May 24 03:04:52.007: EZVPN(VPN1): send saved username ezvpn-spoke1 and password <omitted>
*May 24 03:04:52.007: EZVPN(VPN1): New State: XAUTH_REQ
*May 24 03:04:52.007: EZVPN(VPN1): Current State: XAUTH_REQ
*May 24 03:04:52.007: EZVPN(VPN1): Event: XAUTH_REQ_INFO_READY
*May 24 03:04:52.007: EZVPN(VPN1): ezvpn_xauth_reply
*May 24 03:04:52.007:
XAUTH_USER_NAME_V2(VPN1): ezvpn-spoke1
*May 24 03:04:52.011:
XAUTH_USER_PASSWORD_V2(VPN1): <omitted>
*May 24 03:04:52.011: EZVPN(VPN1): New State: XAUTH_REPLIED
*May 24 03:04:52.023: EZVPN(VPN1): Current State: XAUTH_REPLIED
*May 24 03:04:52.023: EZVPN(VPN1): Event: XAUTH_STATUS
*May 24 03:04:52.023: EZVPN(VPN1): New State: READY
Cisco 1800 Series Software Configuration Guide
15
Easy VPN Configuration Example
Related Information
*May 24 03:04:52.039: EZVPN(VPN1): Current State: READY
*May 24 03:04:52.039: EZVPN(VPN1): Event: MODE_CONFIG_REPLY
*May 24 03:04:52.039: EZVPN(VPN1): ezvpn_mode_config
*May 24 03:04:52.039: EZVPN(VPN1): ezvpn_parse_mode_config_msg
*May 24 03:04:52.039: EZVPN: Attributes sent in message:
*May 24 03:04:52.039:
Address: 10.1.1.4
*May 24 03:04:52.039:
DNS Primary: 192.168.168.183
*May 24 03:04:52.039:
DNS Secondary: 192.168.226.120
*May 24 03:04:52.039:
NBMS/WINS Primary: 192.168.179.89
*May 24 03:04:52.039:
NBMS/WINS Secondary: 192.168.2.87
*May 24 03:04:52.039:
Split Tunnel List: 1
*May 24 03:04:52.039:
Address
: 192.168.0.0
*May 24 03:04:52.039:
Mask
: 255.255.0.0
*May 24 03:04:52.039:
Protocol
: 0x0
*May 24 03:04:52.039:
Source Port: 0
*May 24 03:04:52.039:
Dest Port : 0
*May 24 03:04:52.039: EZVPN: Unknown/Unsupported Attr: SPLIT_DNS (0x7003)
*May 24 03:04:52.039:
Default Domain: cisco.com
*May 24 03:04:52.039:
Savepwd on
*May 24 03:04:52.039: EZVPN: Unknown/Unsupported Attr: BACKUP_SERVER (0x7009)
*May 24 03:04:52.039: EZVPN: Unknown/Unsupported Attr: APPLICATION_VERSION (0x7)
*May 24 03:04:52.039: EZVPN(VPN1): ezvpn_nat_config
*May 24 03:04:52.043: EZVPN(VPN1): New State: SS_OPEN
*May 24 03:04:52.047: EZVPN(VPN1): Current State: SS_OPEN
*May 24 03:04:52.047: EZVPN(VPN1): Event: SOCKET_READY
*May 24 03:04:52.047: EZVPN(VPN1): No state change
!
!--- The following line shows the connection coming up, not part of the debug output.
!
*May 24 03:04:52.075: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer
10.32.152.26:500
Id: 10.32.152.26
!
!---Debug output resumes
!
*May 24 03:04:52.079: EZVPN(VPN1): Current State: SS_OPEN
*May 24 03:04:52.079: EZVPN(VPN1): Event: MTU_CHANGED
*May 24 03:04:52.079: EZVPN(VPN1): No state change
*May 24 03:04:52.079: EZVPN(VPN1): Current State: SS_OPEN
*May 24 03:04:52.079: EZVPN(VPN1): Event: SOCKET_UP
*May 24 03:04:52.079: ezvpn_socket_up
*May 24 03:04:52.079: EZVPN(VPN1): New State: IPSEC_ACTIVE
Related Information
•
Cisco IOS Wide-Area Networking Configuration Guide
•
Cisco IOS Dial Technologies Configuration Guide
•
Cisco IOS Security Configuration Guide
•
Cisco IOS Interface and Hardware Component Configuration Guide
•
Cisco Technical Assistance Center
Cisco 1800 Series Software Configuration Guide
16
Easy VPN Configuration Example
Related Information
Cisco 1800 Series Software Configuration Guide
17
Easy VPN Configuration Example
Related Information
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
18
Hoot and Holler over V3PN Configuration
Example
This document provides a configuration example that illustrates a basic multicast-based voice
application over a Cisco Virtual Private Network (VPN).
Contents
•
Introduction, page 1
•
Prerequisites, page 2
•
Configure, page 3
•
Verify, page 17
•
Troubleshoot, page 40
•
Related Information, page 43
Introduction
This document provides a configuration example for Cisco Voice and Video over VPN (V3PN). The
voice application used in this example is Hoot and Holler, which is typically used in trading floor
financial institutions for communications to branch offices. The configuration scenario emphasizes
implementation of the quality of service (QoS) and VPN capabilities; the configuration has the following
characteristics:
•
All traffic between two client branch sites and headquarters passes through a VPN of IPSecencrypted tunnels.
•
This implementation of Cisco V3PN features the use of Protocol Independent Multicast (PIM) in
Sparse Mode and Auto-RP. The routing protocol used to transport traffic is Open Shortest Path First
(OSPF).
•
The techniques used include Internet Key Exchange/Dead Peer Detection (IKE/DPD), split
tunneling, and group policy on the server with Domain Name System (DNS) information, Windows
Information Name Service (WINS) information, domain name, and an IP address pool for clients.
•
Headquarters uses a Cisco Royal series router with an ATM interface.
Cisco Systems, Inc.
www.cisco.com
Hoot and Holler over V3PN Configuration Example
Prerequisites
•
One branch uses a Cisco 2800 series router and employs a serial interface, while another branch with
a Cisco 2800 Series router uses a Symmetrical High-Speed Digital Subscriber Line (SHDSL)
interface.
•
The various show commands demonstrate configurations for the Internet Security Association Key
Management Protocol (ISAKMP) and IP Security (IPSec) security associations (SA) on the
concentrator, as well as status on the clients.
Prerequisites
The following sections provide information important to understand this configuration example. Read
these sections before you continue with the configuration example:
•
Conventions
•
Requirements
•
Related Products
•
Components Used
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
•
At Headquarters, a Cisco 3845 router with a Cisco CallManager cluster, with ATM access to the
Internet
•
At Branch 1, a Cisco 2801 router with a WIC-SHDSL-V2 interface card installed, and with DSL
access to the Internet
•
At Branch 2, a Cisco 2811 router with a serial interface connection to the Internet
•
Cisco IOS Release 12.3(11)T or later releases
•
Advanced Enterprise Services feature set
The information presented in this document was created from the devices in a specific lab environment.
All of the devices used in this document started with a cleared (default) configuration. If your network
is live, make sure that you understand the potential impact of any command.
Related Products
This configuration can also be used with the following hardware and software:
•
Cisco 2800 series routers
•
Cisco Royal series routers
•
For Cisco 2800 series routers, Cisco IOS Release 12.3(8)T4 or later releases. For Cisco 3800 series
routers, Cisco IOS Release 12.3(11)T and later releases.
Cisco 1800 Series Software Configuration Guide
2
Hoot and Holler over V3PN Configuration Example
Configure
Conventions
For information on document conventions, see the Cisco Technical Tips Conventions.
Configure
In this section, you are presented with the information to configure the features described in this
document.
Note
For additional information on the commands used in this document, use the Cisco IOS Command
Lookup tool. You must have an account on Cisco.com. If you do not have an account or have forgotten
your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Configuration Tips
•
Make sure that the tunnels work before you apply the crypto maps.
•
Apply IPSec crypto maps to both the tunnel interface and the physical interface.
Network Diagram
This document uses the network setup shown in the diagram below.
8
1
6
3
IP
IP
IP
IP
IP
2
7
9
121225
5
4
IP
Cisco 1800 Series Software Configuration Guide
3
Hoot and Holler over V3PN Configuration Example
Configure
Following are the callout terms and definitions for the diagram, identified by number:
1
Headquarters location
6
2
ATM link from the Headquarters router to the 7
Internet
3
VPN tunnel through the Internet to Branch 1
8
Branch 1 location
4
The Internet, as represented by the cloud
9
Branch 2 location
5
VPN tunnel through the Internet to Branch 2
DSL link from the Branch 1 router to the
Internet
Serial link from the Branch 2 router to the
Internet
The Headquarters location (callout 1) uses a Cisco 3845 router with these characteristics:
•
ATM access to the Internet
•
Operating in a Cisco CallManager cluster
•
Public IP address: 10.32.152.26
•
Private IP address pool: 192.168.1.0/24
The Branch 1 location (callout 8) uses a Cisco 2801 router with these characteristics:
•
DSL access to the Internet
•
WIC-SHDSL-V2 interface card installed
•
Public IP address: 10.32.153.32
•
Private IP address pool: 192.168.2.0/24
The Branch 2 location (callout 9) uses a Cisco 2811 router with these characteristics:
•
Serial access to the Internet
•
Public IP address: 10.32.150.46/30
•
Private IP address pool: 192.168.3.0/24
Configurations
This document uses the following configurations:
•
Headquarters Office Configuration (Cisco 3845 Router), page 4
•
Branch 1 Router Configuration (Cisco 2801 Router), page 9
•
Branch 2 Router Configuration (Cisco 2811 Router), page 14
Headquarters Office Configuration (Cisco 3845 Router)
HUB-R1# show running-config
Building configuration...
Current configuration : 9385 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
Cisco 1800 Series Software Configuration Guide
4
Hoot and Holler over V3PN Configuration Example
Configure
service timestamps log datetime msec
service password-encryption
!
hostname HUB-R1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$t8oN$hXmGodPh8ZM/ka6k/9aO51
!
username cisco secret 5 $1$cfjP$kKpBWe3pfKXfpK0RIqX/E.
no network-clock-participate slot 1
no network-clock-participate slot 2
no network-clock-participate slot 3
no network-clock-participate slot 4
no network-clock-participate wic 0
no network-clock-participate wic 1
no network-clock-participate wic 2
no network-clock-participate wic 3
no network-clock-participate aim 0
no network-clock-participate aim 1
aaa new-model
!
!
! ENABLE AAA AND USE LOCAL AUTHENTICATION FOR VPN CONNECTIONS
!
aaa authentication login USERLIST local
aaa session-id common
ip subnet-zero
ip cef
!
! CREATE DHCP POOL FOR INTERNAL CLIENTS ON VLAN 10
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LOCAL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
no ip domain lookup
ip domain name cisco.com
! ENABLE MULTICAST ROUTING
ip multicast-routing
ip ids po max-events 100
no ftp-server write-enable
voice-card 0
no dspfarm
!
!
!
voice class permanent 1
signal timing oos timeout 65535
signal keepalive disabled
signal sequence oos no-action
!
!
controller T1 0/2/0
framing sf
linecode ami
!
controller T1 0/2/1
framing sf
linecode ami
Cisco 1800 Series Software Configuration Guide
5
Hoot and Holler over V3PN Configuration Example
Configure
! CLASSIFY DIFFERENT QOS TRAFFIC, SETTING IP PRECEDENCE AND DSCP
!
class-map match-all data
match ip precedence 2
class-map match-all control-traffic
match ip dscp af31
class-map match-all video
match ip precedence 4
class-map match-all voice
match ip dscp ef
!
!
! ALLOCATE AVAILABLE BANDWIDTH FOR EACH QOS CLASSIFICATION, DEPENDING ON EXPECTED NEED
! FOR EXAMPLE, DSCP VALUE EF (CLASS VOICE) WILL BE GIVEN 35% OF THE BANDWIDTH
!
policy-map LLQ
class control-traffic
bandwidth percent 5
class voice
priority percent 35
class video
bandwidth percent 15
class data
bandwidth percent 20
class class-default
fair-queue
!
!
! SET THE IKE POLICY TO USE 3DES
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
!SPECIFY THAT ISAKMP CLIENTS (SPOKE ROUTERS) WILL NOT NEED TO USE XAUTH (USERNAME AND
PASSWORD) WHEN CONNECTING
!
crypto isakmp key cisco address 10.32.150.46 no-xauth
crypto isakmp key cisco address 10.32.153.34 no-xauth
!
!
crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac
!
! DEFINE THE REMOTE SPOKES, THEIR IP ADDRESSES AND ANY POLICIES THAT NEED TO BE
IMPLEMENTED
crypto map INT_CM 1 ipsec-isakmp
description === Peer device = Branch-2 ===
set peer 10.32.150.46
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM_1
match address IPSEC_ACL_1
crypto map INT_CM 2 ipsec-isakmp
description === Peer device = Branch-1 ===
set peer 10.32.153.34
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM_1
match address IPSEC_ACL_2
!
!
!
Cisco 1800 Series Software Configuration Guide
6
Hoot and Holler over V3PN Configuration Example
Configure
! CREATE TUNNELS TO THE SPOKE ROUTERS. THE MTU IS LOWERED TO ALLOW THE GRE AND IP-SEC
HEADER
! PIM SD IS ENABLED SO AS TO ALLOW MULTICAST, AND THE TUNNEL SOURCE AND DESTINATION ARE
SPECIFIED
!
interface Tunnel0
description === Peer device = Branch-2 ===
bandwidth 10000
ip unnumbered Vlan10
ip mtu 1420
ip pim sparse-dense-mode
qos pre-classify
tunnel source ATM1/0
tunnel destination 10.32.150.46
crypto map INT_CM
!
interface Tunnel1
description === Peer device = Branch-1 ===
bandwidth 10000
ip unnumbered Vlan10
ip mtu 1420
ip pim sparse-dense-mode
qos pre-classify
tunnel source ATM1/0
tunnel destination 10.32.153.34
crypto map INT_CM
!
! THIS LOOPBACK INTERFACE ACTS AS THE MULTICAST RP
!
interface Loopback100
ip address 192.168.4.1 255.255.255.255
ip pim sparse-dense-mode
!
! THIS VIF INTERFACE IS USED AS THE MULTICAST SOURCE FOR THE VOICE ENDPOINT
interface Vif1
ip address 192.168.6.1 255.255.255.0
ip pim sparse-dense-mode
!
! NOT USED
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
! NOT USED
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
! INTERFACE CONNECTING TO THE PUBLIC NETWORK IN OUR SCENARIO
! ATM PVC 10/100 IS USED IN THIS EXAMPLE. THE PREVIOUSLY DEFINED LLQ QOS POLICY IS USED
HERE
interface ATM1/0
description === Public interface ===
bandwidth 155000
Cisco 1800 Series Software Configuration Guide
7
Hoot and Holler over V3PN Configuration Example
Configure
ip address 10.32.152.26 255.255.255.252
ip ospf network point-to-point
no atm ilmi-keepalive
crypto map INT_CM
pvc 10/100
protocol ip 10.32.152.25 broadcast
vbr-rt 100000 100000
service-policy output LLQ
!
! PLACE ALL SWITCHPORT INTERFACES INTO VLAN 10
!
interface FastEthernet4/0
switchport access vlan 10
no ip address
!
interface FastEthernet4/1
switchport access vlan 10
no ip address
!
! ... REDUNDANT FAST ETHERNET CONFIGURATION OMITTED.
!
interface FastEthernet4/15
switchport access vlan 10
no ip address
!
interface GigabitEthernet4/0
no ip address
shutdown
!
interface Vlan1
no ip address
!
! INTERFACE FOR CONNECTING INTERNAL HOSTS.
!
interface Vlan10
description === Private interface ===
ip address 192.168.1.1 255.255.255.0
ip pim sparse-dense-mode
!
! ENABLE ROUTING FOR ALL RELEVANT NETWORKS (INTERNAL USER SUBNET, LOOPBACK FOR RP AND VIF
FOR VOICE)
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.4.1 0.0.0.0 area 0
network 192.168.6.0 0.0.0.255 area 0
!
! DEFINE STATIC ROUTES SO THAT THE REMOTE NETWORKS STAY IN THE ROUTING TABLE, EVEN IF
CONNECTION IS LOST
! THIS PREVENTS ROUTING TABLE FLAPS
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.152.25
ip route 192.168.2.0 255.255.255.0 Null0 249
ip route 192.168.3.0 255.255.255.0 Null0 249
!
ip http server
no ip http secure-server
!
! CONFIGURE AUTOMATIC DISCOVERY OF GROUP-TO-RENDEZVOUS POINT (AUTO-RP)
!
ip pim send-rp-announce Loopback100 scope 5
ip pim send-rp-discovery Loopback100 scope 5
Cisco 1800 Series Software Configuration Guide
8
Hoot and Holler over V3PN Configuration Example
Configure
! SPECIFY TRAFFIC TO BE ENCRYPTED (HERE IT'S ALL GRE TRAFFIC)
!
ip access-list extended IPSEC_ACL_1
permit gre host 10.32.152.26 host 10.32.150.46
ip access-list extended IPSEC_ACL_2
permit gre host 10.32.152.26 host 10.32.153.34
!
!
control-plane
!
!CONFIGURE THE VOICE PORT AND LINK IT TO DIAL-PEER 100. THIS CONNECTION IS PERMANENT. THE
VOICE-CLASS WAS DEFINED EARLIER IN THE CONFIGURATION, AND ESTABLISHES AN 'ALWAYS ON'
CONNECTION
!
voice-port 0/1/0
voice-class permanent 1
timeouts call-disconnect 3
connection trunk 100
!
voice-port 0/1/1
!
!
!
!THIS DIAL-PEER CONNECTS THE VOICE PORT TO MULTICAST GROUP 239.168.1.100. g711 CODEC (64k)
IS USED, AND VAD IS ENABLED
!
dial-peer voice 100 voip
destination-pattern 100
session protocol multicast
session target ipv4:239.168.1.100:19890
codec g711ulaw
vad aggressive
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login authentication USERLIST
!
end
!
Branch 1 Router Configuration (Cisco 2801 Router)
Branch-1# show running-config
Building configuration...
Current configuration : 6300 bytes
!
! Last configuration change at 03:11:55 UTC Sat Apr 17 2004
! NVRAM config last updated at 02:03:50 UTC Sat Apr 17 2004
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
Cisco 1800 Series Software Configuration Guide
9
Hoot and Holler over V3PN Configuration Example
Configure
hostname Branch-1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 informational
enable secret 5 $1$b7.Q$Y2x1UXyRifSStbkR/YyrP.
!
username cisco password 7 0519050B234D5C0617
memory-size iomem 20
no network-clock-participate wic 1
no network-clock-participate wic 2
no network-clock-participate wic 3
no network-clock-participate wic 4
no network-clock-participate wic 5
no network-clock-participate wic 6
no network-clock-participate wic 7
no network-clock-participate wic 8
no network-clock-participate aim 0
no network-clock-participate aim 1
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login USERLIST local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool LOCAL
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
!
no ip domain lookup
ip domain name cisco.com
ip multicast-routing
ip sap cache-timeout 30
ip ssh time-out 30
ip ids po max-events 100
no ftp-server write-enable
voice-card 0
!
!
no virtual-template subinterface
!
!
!
voice class permanent 1
signal timing oos timeout 65535
signal keepalive disabled
signal sequence oos no-action
!
!
!
controller T1 3/0
framing sf
linecode ami
Cisco 1800 Series Software Configuration Guide
10
Hoot and Holler over V3PN Configuration Example
Configure
controller T1 3/1
framing sf
linecode ami
!
! CLASSIFY DIFFERENT QOS TRAFFIC, SETTING IP PRECEDENCE AND DSCP
!
class-map match-all data
match ip precedence 2
class-map match-all control-traffic
match ip dscp af31
class-map match-all video
match ip precedence 4
class-map match-all voice
match ip dscp ef
!
! ALLOCATE AVAILABLE BANDWIDTH FOR EACH QOS CLASSIFICATION, DEPENDING ON EXPECTED NEED
! FOR EXAMPLE, DSCP VALUE EF (CLASS VOICE) WILL BE GIVEN 35% OF THE BANDWIDTH
!
policy-map LLQ
class control-traffic
bandwidth percent 5
class voice
priority percent 35
class video
bandwidth percent 15
class data
bandwidth percent 20
class class-default
fair-queue
!
!
! SET THE IKE POLICY TO USE 3DES
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 10.32.152.26 no-xauth
!
!
crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac
!
! SPECIFY REMOTE PEER
!
crypto map INT_CM 1 ipsec-isakmp
description === Peer device = HUB-R1 ===
set peer 10.32.152.26
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM_1
match address IPSEC_ACL_1
!
!
! CREATE TUNNEL TO THE HUB ROUTERS. THE MTU IS LOWERED TO ALLOW THE GRE AND IPSEC HEADER
! PIM SD IS ENABLED SO AS TO ALLOW MULTICAST, AND THE TUNNEL SOURCE AND DESTINATION ARE
SPECIFIED
!
!
interface Tunnel0
description === Peer device = HUB-R1 ===
bandwidth 10000
ip unnumbered FastEthernet0/0
ip mtu 1420
ip pim sparse-dense-mode
Cisco 1800 Series Software Configuration Guide
11
Hoot and Holler over V3PN Configuration Example
Configure
qos pre-classify
tunnel source 10.32.153.34
tunnel destination 10.32.152.26
crypto map INT_CM
!
! VIF INTERFACE FOR MULTICAST SOURCE ADDRESS (USED FOR VOICE MULTICAST)
!
interface Vif1
ip address 192.168.7.1 255.255.255.0
ip pim sparse-dense-mode
!
interface FastEthernet0/0
description === Private interface ===
ip address 192.168.2.1 255.255.255.0
ip pim sparse-dense-mode
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
! DSL INTERFACE CONNECTING TO THE PUBLIC NETWORK IN OUR SCENARIO
! ATM PVC 8/35 IS USED IN THIS EXAMPLE.
!
interface ATM2/0
no ip address
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
dsl linerate AUTO
pvc 0/35
encapsulation aal5snap
!
pvc 8/35
vbr-nrt 2000 1000
encapsulation aal5mux ppp Virtual-Template1
!
!
interface FastEthernet4/0
no ip address
!
interface FastEthernet4/1
no ip address
!
interface FastEthernet4/2
no ip address
!
interface FastEthernet4/3
no ip address
!
! LOGICAL INTERFACE FOR DSL LINK. THE PREVIOUSLY DEFINED LLQ QOS POLICY IS USED HERE
! PPP MULTILINK IS ENABLED SO INTERFACE CAN SUPPORT QOS
!
interface Virtual-Template1
description === Public interface ===
ip address 10.32.153.34 255.255.255.252
service-policy output LLQ
ppp multilink
ppp multilink fragment delay 8
ppp multilink interleave
crypto map INT_CM
Cisco 1800 Series Software Configuration Guide
12
Hoot and Holler over V3PN Configuration Example
Configure
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 192.168.2.0 0.0.0.255 area 0
network 192.168.7.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.153.33
ip route 192.168.1.0 255.255.255.0 Null0 249
!
ip http server
no ip http secure-server
!
! SPECIFY TRAFFIC TO BE ENCRYPTED (HERE IT'S ALL GRE TRAFFIC)
!
ip access-list extended IPSEC_ACL_1
permit gre host 10.32.153.34 host 10.32.152.26
!
!
!
control-plane
!
!
!
! CONFIGURE THE VOICE PORT AND LINK IT TO DIAL-PEER 100. THIS CONNECTION IS PERMANENT. THE
VOICE-CLASS WAS DEFINED EARLIER IN
! THE CONFIGURATION, AND ESTABLISHES AN 'ALWAYS ON' CONNECTION
!
voice-port 1/0
voice-class permanent 1
timeouts call-disconnect 3
connection trunk 100
!
voice-port 1/1
!
voice-port 1/2
!
voice-port 1/3
!
!
!THIS DIAL-PEER CONNECTS THE VOICE PORT TO MULTICAST GROUP 239.168.1.100. g711 CODEC (64k)
IS USED, AND VAD IS ENABLED
!
dial-peer voice 100 voip
destination-pattern 100
session protocol multicast
session target ipv4:239.168.1.100:19890
codec g711ulaw
vad aggressive
!
!
!
line con 0
line aux 0
line vty 0 4
login authentication USERLIST
!
end
Cisco 1800 Series Software Configuration Guide
13
Hoot and Holler over V3PN Configuration Example
Configure
Branch 2 Router Configuration (Cisco 2811 Router)
Branch-2# show running-config
Building configuration...
Current configuration : 5041 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Branch-2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9BB/$KP4mHUWzUxzpDEPg5s7ow/
!
username cisco password 7 10481A170C07
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login USERLIST local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.3.1
!
ip dhcp pool LOCAL
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
no ip domain lookup
ip domain name cisco.com
ip multicast-routing
ip audit notify log
ip audit po max-events 100
!
no ftp-server write-enable
voice-card 0
no dspfarm
!
!
!
voice class permanent 1
signal timing oos timeout 65535
signal keepalive disabled
signal sequence oos no-action
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
Cisco 1800 Series Software Configuration Guide
14
Hoot and Holler over V3PN Configuration Example
Configure
crypto isakmp key cisco address 10.32.152.26 no-xauth
!
!
crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac
!
crypto map INT_CM 1 ipsec-isakmp
description === Peer device = HUB-R1 ===
set peer 10.32.152.26
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM_1
match address IPSEC_ACL_1
!
!
!
class-map match-all data
match ip precedence 2
class-map match-all control-traffic
match ip dscp af31
class-map match-all video
match ip precedence 4
class-map match-all voice
match ip dscp ef
!
!
policy-map LLQ
class control-traffic
bandwidth percent 5
class voice
priority percent 35
class video
bandwidth percent 15
class data
bandwidth percent 20
class class-default
fair-queue
!
!
!
interface Tunnel0
description === Peer device = HUB-R1 ===
bandwidth 10000
ip unnumbered FastEthernet0/0
ip mtu 1420
ip pim sparse-dense-mode
qos pre-classify
tunnel source Serial0/0/0
tunnel destination 10.32.152.26
crypto map INT_CM
!
interface Vif1
ip address 192.168.5.1 255.255.255.0
ip pim sparse-dense-mode
!
interface FastEthernet0/0
description === Private interface ===
ip address 192.168.3.1 255.255.255.0
ip pim sparse-dense-mode
duplex auto
speed auto
no keepalive
!
!
!
Cisco 1800 Series Software Configuration Guide
15
Hoot and Holler over V3PN Configuration Example
Configure
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/3/0
no ip address
shutdown
!
interface FastEthernet0/3/1
no ip address
shutdown
!
interface FastEthernet0/3/2
no ip address
shutdown
!
interface FastEthernet0/3/3
no ip address
shutdown
!
interface Serial0/0/0
description === Public interface ===
ip address 10.32.150.46 255.255.255.252
service-policy output LLQ
crypto map INT_CM
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
network 192.168.3.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.32.150.45
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip http server
no ip http secure-server
!
ip access-list extended IPSEC_ACL_1
permit gre host 10.32.150.46 host 10.32.152.26
!
!
!
control-plane
!
!
voice-port 0/1/0
voice-class permanent 1
timeouts call-disconnect 3
connection trunk 100
!
voice-port 0/1/1
!
!
!
dial-peer cor custom
!
!
Cisco 1800 Series Software Configuration Guide
16
Hoot and Holler over V3PN Configuration Example
Verify
dial-peer voice 100 voip
destination-pattern 100
session protocol multicast
session target ipv4:239.168.1.100:19890
codec g711ulaw
vad aggressive
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 0002000E0D4B
login authentication USERLIST
!
!
end
Verify
This section provides information you can use to confirm your configuration is working properly. The
verification process includes two parts:
•
Verify Headquarters Connectivity, page 17
•
Verify Remote Location Connectivity, page 27
Verify Headquarters Connectivity
This section provides instructions for verifying that your configuration works properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which
allows you to view an analysis of show command output.
In summary:
•
show crypto isakmp sa—Shows whether the remote routers have successfully connected.
•
show crypto ipsec sa—Shows information about each IPSec SA.
•
show ip ospf neighbor—Shows whether the router has Open Shortest Path First (OSPF) neighbors.
•
show ip route—Shows whether the remote networks and multicast subnets are accessible (assess
routing table).
•
show ip pim neighbor—After a routing table is verified, shows whether a valid Protocol
Independent Multicast (PIM) neighbor exists.
•
show ip pim rp map—Shows whether the rendezvous point (RP) (in this instance, the router) is
being correctly learned.
•
show ip mroute active—Shows whether any active multicast streams exist (in this case, voice
streams).
•
show voice trunk-conditioning supervisory—Shows whether the voice port connection is up.
•
show voip rtp connections—Presents sources and destination of a RTP voice stream.
•
show voice call summary—Shows information about a call (such as the codec being used or the
state of the phone).
Cisco 1800 Series Software Configuration Guide
17
Hoot and Holler over V3PN Configuration Example
Verify
•
show class-map—Displays the QoS marking scheme (such as voice traffic that is marked up). This
defines it as a V3PN implementation.
•
show policy-map interface atm 1/0 output—Shows how traffic has been queued on the ATM
interface. Note that different queues have different packet counts because traffic is assigned on the
basis of differentiated services code point (DCSP) and IP precedence values.
•
show crypto engine brief—Shows the VPN engine currently being run.
Representative output from each of these commands is presented in the verification summaries that
follow.
Note
Relevant display output is highlighted in bold text as appropriate.
The following is an output example for the show crypto isakmp sa command, performed using the
configuration on the Headquarters router:
HUB-R1# show crypto isakmp sa
dst
10.32.152.26
10.32.152.26
src
10.32.153.34
10.32.150.46
state
QM_IDLE
QM_IDLE
conn-id slot
29
0
31
0
The following is an output example for the show crypto ipsec sa command, performed using the
configuration on the Headquarters router:
HUB-R1# show crypto ipsec sa
interface: Tunnel0
Crypto map tag: INT_CM, local addr. 10.32.152.26
protected vrf:
local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
current_peer: 10.32.153.34:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 174918, #pkts encrypt: 174918, #pkts digest: 174918
#pkts decaps: 126855, #pkts decrypt: 126855, #pkts verify: 126855
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 66, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.153.34
path mtu 1420, media mtu 1420
current outbound spi: 69111392
inbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5213, flow_id: 93, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508969241/10148)
ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
Cisco 1800 Series Software Configuration Guide
18
Hoot and Holler over V3PN Configuration Example
Verify
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5214, flow_id: 94, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508968340/10147)
ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
protected vrf:
local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0)
current_peer: 10.32.150.46:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 168329, #pkts encrypt: 168329, #pkts digest: 168329
#pkts decaps: 127676, #pkts decrypt: 127676, #pkts verify: 127676
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 5, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.150.46
path mtu 1420, media mtu 1420
current outbound spi: D3C362F0
inbound esp sas:
spi: 0x4589EBE8(1166666728)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5219, flow_id: 99, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (528510577/14207)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
spi: 0xC172073D(3245475645)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5221, flow_id: 101, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (522107198/14206)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x2A87D473(713544819)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5220, flow_id: 100, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (528510577/14205)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
Cisco 1800 Series Software Configuration Guide
19
Hoot and Holler over V3PN Configuration Example
Verify
spi: 0xD3C362F0(3552797424)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5222, flow_id: 102, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (522107166/14204)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
interface: Tunnel1
Crypto map tag: INT_CM, local addr. 10.32.152.26
protected vrf:
local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
current_peer: 10.32.153.34:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 171877, #pkts encrypt: 171877, #pkts digest: 171877
#pkts decaps: 123829, #pkts decrypt: 123829, #pkts verify: 123829
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 66, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.153.34
path mtu 1420, media mtu 1420
current outbound spi: 69111392
inbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5213, flow_id: 93, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508970067/10208)
ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5214, flow_id: 94, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508969170/10207)
ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
protected vrf:
Cisco 1800 Series Software Configuration Guide
20
Hoot and Holler over V3PN Configuration Example
Verify
local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0)
current_peer: 10.32.150.46:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 165228, #pkts encrypt: 165228, #pkts digest: 165228
#pkts decaps: 124592, #pkts decrypt: 124592, #pkts verify: 124592
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 5, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.150.46
path mtu 1420, media mtu 1420
current outbound spi: D3C362F0
inbound esp sas:
spi: 0x4589EBE8(1166666728)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5219, flow_id: 99, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (528510577/14267)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
spi: 0xC172073D(3245475645)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5221, flow_id: 101, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (522108046/14267)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x2A87D473(713544819)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5220, flow_id: 100, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (528510577/14266)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
spi: 0xD3C362F0(3552797424)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5222, flow_id: 102, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (522108025/14266)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
Cisco 1800 Series Software Configuration Guide
21
Hoot and Holler over V3PN Configuration Example
Verify
interface: ATM1/0
Crypto map tag: INT_CM, local addr. 10.32.152.26
protected vrf:
local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
current_peer: 10.32.153.34:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 172131, #pkts encrypt: 172131, #pkts digest: 172131
#pkts decaps: 124081, #pkts decrypt: 124081, #pkts verify: 124081
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 66, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.153.34
path mtu 1420, media mtu 1420
current outbound spi: 69111392
inbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5213, flow_id: 93, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508969984/10202)
ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5214, flow_id: 94, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508969108/10202)
ike_cookies: DE2C7D5A FB6197B3 795753FB 41D07F6D
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
protected vrf:
local ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0)
current_peer: 10.32.150.46:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 165491, #pkts encrypt: 165491, #pkts digest: 165491
#pkts decaps: 124855, #pkts decrypt: 124855, #pkts verify: 124855
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 5, #recv errors 0
local crypto endpt.: 10.32.152.26, remote crypto endpt.: 10.32.150.46
path mtu 1420, media mtu 1420
current outbound spi: D3C362F0
Cisco 1800 Series Software Configuration Guide
22
Hoot and Holler over V3PN Configuration Example
Verify
inbound esp sas:
spi: 0x4589EBE8(1166666728)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5219, flow_id: 99, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (528510577/14263)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
spi: 0xC172073D(3245475645)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5221, flow_id: 101, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (522107974/14262)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x2A87D473(713544819)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5220, flow_id: 100, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (528510577/14262)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
spi: 0xD3C362F0(3552797424)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5222, flow_id: 102, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (522107953/14261)
ike_cookies: 59F8CBF0 5B2E8553 7D356DD4 F5DE05AD
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
The following is an output example for the show ip ospf neighbors command, performed using the
configuration on the Headquarters router:
HUB-R1# show ip ospf neighbor
Neighbor ID
192.168.7.1
192.168.5.1
Pri
0
0
State
FULL/
FULL/
-
Dead Time
00:00:39
00:00:36
Address
192.168.2.1
192.168.3.1
Interface
Tunnel1
Tunnel0
The following is an output example for the show ip route command, performed using the configuration
on the Headquarters router:
HUB-R1# show ip route
Cisco 1800 Series Software Configuration Guide
23
Hoot and Holler over V3PN Configuration Example
Verify
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.32.152.25 to network 0.0.0.0
C
O
C
C
O
C
O
O
S*
192.168.4.0/32 is subnetted, 1 subnets
192.168.4.1 is directly connected, Loopback100
192.168.5.0/24 [110/11] via 192.168.3.1, 00:12:48, Tunnel0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
10.32.152.24/30 is directly connected, ATM1/0
192.168.6.0/24 is directly connected, Vif1
192.168.7.0/24 [110/11] via 192.168.2.1, 00:12:48, Tunnel1
192.168.1.0/24 is directly connected, Vlan10
192.168.2.0/24 [110/11] via 192.168.2.1, 00:12:50, Tunnel1
192.168.3.0/24 [110/11] via 192.168.3.1, 00:12:50, Tunnel0
0.0.0.0/0 [1/0] via 10.32.152.25
The following is an output example for the show ip pim neighbors command, performed using the
configuration on the Headquarters router:
HUB-R1# show ip pim neighbor
PIM Neighbor Table
Neighbor
Interface
Address
192.168.3.1
Tunnel0
192.168.2.1
Tunnel1
Uptime/Expires
Ver
00:13:52/00:01:40 v2
00:13:44/00:01:18 v2
DR
Prio/Mode
1 / S
1 / S
The following is an output example for the show ip pim rp map command, performed using the
configuration on the Headquarters router:
HUB-R1# show ip pim rp map
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
This system is an RP-mapping agent (Loopback100)
Group(s) 224.0.0.0/4
RP 192.168.4.1 (?), v2v1
Info source: 192.168.4.1 (?), elected via Auto-RP
Uptime: 2d02h, expires: 00:02:25
The following is an output example for the show ip mroute active command, performed using the
configuration on the Headquarters router:
HUB-R1# show ip mroute active
Active IP Multicast Sources - sending >= 4 kbps
Group: 239.168.1.100, (?)
Source: 192.168.5.2 (?)
Rate: 0 pps/0 kbps(1sec), 0 kbps(last 0 secs), 2 kbps(life avg)
Source: 192.168.7.2 (?)
Rate: 0 pps/0 kbps(1sec), 80 kbps(last 40 secs), 2 kbps(life avg)
The following is an output example for the show voice trunk-conditioning supervisory command,
performed using the configuration on the Headquarters router:
HUB-R1# show voice trunk-conditioning supervisory
Cisco 1800 Series Software Configuration Guide
24
Hoot and Holler over V3PN Configuration Example
Verify
SLOW SCAN
0/1/0 : state : TRUNK_SC_CONNECT, voice : on, signal : on ,master
status: trunk connected
sequence oos : no-action
pattern :
timing : idle = 0, restart = 0, standby = 0, timeout = 65535
supp_all = 0, supp_voice = 0, keep_alive = 0
timer: oos_ais_timer = 0, timer = 0
The following is an output example for the show voip rtp connections command, performed using the
configuration on the Headquarters router:
HUB-R1# show voip rtp connections
VoIP RTP active connections :
No. CallId dstCallId LocalRTP RmtRTP LocalIP
1
16
15
20380
19890 192.168.6.2
Found 1 active RTP connections
RemoteIP
239.168.1.100
The following is an output example for the show voice call summary command, performed using the
configuration on the Headquarters router:
HUB-R1# show voice call summary
PORT
CODEC
============== ========
0/1/0
g711ulaw
0/1/1
-
VAD VTSP STATE
VPM STATE
=== ==================== ======================
y S_CONNECT
S_TRUNKED
- FXSLS_ONHOOK
The following is an output example for the show class-map command, performed using the
configuration on the Headquarters router:
HUB-R1# show class-map
Class Map match-all control-traffic (id 1)
Match ip dscp af31
Class Map match-any class-default (id 0)
Match any
Class Map match-all video (id 3)
Match ip precedence 4
Class Map match-all voice (id 2)
Match ip dscp ef
The following is an output example for the show policy-map interface atm 1/0 output command,
performed using the configuration on the Headquarters router:
HUB-R1# show policy-map interface atm 1/0 output
ATM1/0: VC 10/100 Service-policy output: LLQ
Class-map: control-traffic (match-all)
180010 packets, 43922248 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: ip dscp af31
Queueing
Output Queue: Conversation 265
Bandwidth 5 (%)
Bandwidth 5000 (kbps) Max Threshold 64 (packets)
Cisco 1800 Series Software Configuration Guide
25
Hoot and Holler over V3PN Configuration Example
Verify
(pkts matched/bytes matched) 89887/21932300
(depth/total drops/no-buffer drops) 0/0/0
Class-map: voice (match-all)
6485132 packets, 1893649352 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 35 (%)
Bandwidth 35000 (kbps) Burst 875000 (Bytes)
(pkts matched/bytes matched) 147/42924
(total drops/bytes drops) 48/14016
Class-map: video (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 4
Queueing
Output Queue: Conversation 266
Bandwidth 15 (%)
Bandwidth 15000 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: data (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Queueing
Output Queue: Conversation 267
Bandwidth 20 (%)
Bandwidth 20000 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
97836 packets, 15410572 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
The following is an output example for the show crypto engine brief command, performed using the
configuration on the Headquarters router:
HUB-R1# show crypto engine brief
crypto engine name:
crypto engine type:
State:
Product Name:
FW Version:
Time running:
Compression:
DES:
3 DES:
AES CBC:
AES CNTR:
Maximum buffer length:
Maximum DH index:
Cisco 1800 Series Software Configuration Guide
26
Virtual Private Network (VPN) Module
hardware
Enabled
Onboard-VPN
01100200
479742 seconds
Yes
Yes
Yes
Yes (128,192,256)
No
4096
0500
Hoot and Holler over V3PN Configuration Example
Verify
Maximum SA index:
Maximum Flow index:
Maximum RSA key size:
0500
1000
2048
crypto engine name: Cisco VPN Software Implementation
crypto engine type: software
serial number: 77C943AD
crypto engine state: installed
crypto engine in slot: N/A
Verify Remote Location Connectivity
This section provides instructions for verifying that your configuration works properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which
allows you to view an analysis of show command output.
In general, the show commands that are used to verify remote location connectivity are the same as the
commands used for the Headquarters router. See the “Verify Headquarters Connectivity” section on
page 17 for summaries of the show commands that are common to both Headquarters and branch
verification. The following commands are used for the remote locations only:
•
show policy-map interface virtual-access 4 output—Shows how traffic has been queued on the
DSL interface (Branch 1). Note that different queues have different packet counts because traffic is
assigned on the basis of DCSP and IP precedence values.
•
show policy-map interface serial 0/0/0 output—Shows how traffic has been queued on the serial
interface (Branch 2). Note that different queues have different packet counts because traffic is
assigned on the basis of DCSP and IP precedence values.
Representative output for each of these commands is presented in the verification summaries that follow.
Note
Relevant display output is highlighted in bold text.
Example output is split into two sections:
•
Verifying Branch 1 Router, page 27
•
Verifying Branch 2 Router, page 34
Verifying Branch 1 Router
The following is an output example for the show crypto isakmp sa command, performed using the
configuration on the Branch 1 router (DSL):
Branch-1# show crypto isakmp sa
dst
10.32.152.26
src
10.32.153.34
state
QM_IDLE
conn-id slot
4
0
The following is an output example for the show crypto ipsec sa command, performed using the
configuration on the Branch 1 router:
Branch-1# show crypto ipsec sa
interface: Tunnel0
Crypto map tag: INT_CM, local addr. 10.32.153.34
Cisco 1800 Series Software Configuration Guide
27
Hoot and Holler over V3PN Configuration Example
Verify
protected vrf:
local ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
current_peer: 10.32.152.26:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 78341, #pkts encrypt: 78341, #pkts digest: 78341
#pkts decaps: 118387, #pkts decrypt: 118387, #pkts verify: 118387
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 11, #recv errors 0
local crypto endpt.: 10.32.153.34, remote crypto endpt.: 10.32.152.26
path mtu 1420, media mtu 1420
current outbound spi: D5823DEF
inbound esp sas:
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508937407/10703)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508938275/10702)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
interface: Virtual-Template1
Crypto map tag: INT_CM, local addr. 10.32.153.34
protected vrf:
local ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
current_peer: 10.32.152.26:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 78380, #pkts encrypt: 78380, #pkts digest: 78380
#pkts decaps: 118426, #pkts decrypt: 118426, #pkts verify: 118426
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 11, #recv errors 0
local crypto endpt.: 10.32.153.34, remote crypto endpt.: 10.32.152.26
path mtu 1420, media mtu 1420
Cisco 1800 Series Software Configuration Guide
28
Hoot and Holler over V3PN Configuration Example
Verify
current outbound spi: D5823DEF
inbound esp sas:
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508937393/10702)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508938237/10700)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access3
Crypto map tag: INT_CM, local addr. 10.32.153.34
protected vrf:
local ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
current_peer: 10.32.152.26:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 78508, #pkts encrypt: 78508, #pkts digest: 78508
#pkts decaps: 118555, #pkts decrypt: 118555, #pkts verify: 118555
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 11, #recv errors 0
local crypto endpt.: 10.32.153.34, remote crypto endpt.: 10.32.152.26
path mtu 1420, media mtu 1420
current outbound spi: D5823DEF
inbound esp sas:
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508937361/10700)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
Cisco 1800 Series Software Configuration Guide
29
Hoot and Holler over V3PN Configuration Example
Verify
inbound pcp sas:
outbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508938204/10697)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access4
Crypto map tag: INT_CM, local addr. 10.32.153.34
protected vrf:
local ident (addr/mask/prot/port): (10.32.153.34/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
current_peer: 10.32.152.26:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 78628, #pkts encrypt: 78628, #pkts digest: 78628
#pkts decaps: 118675, #pkts decrypt: 118675, #pkts verify: 118675
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 11, #recv errors 0
local crypto endpt.: 10.32.153.34, remote crypto endpt.: 10.32.152.26
path mtu 1420, media mtu 1420
current outbound spi: D5823DEF
inbound esp sas:
spi: 0x69111392(1762726802)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508937328/10697)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD5823DEF(3582082543)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508938172/10695)
ike_cookies: 795753FB 41D07F6D DE2C7D5A FB6197B3
IV size: 8 bytes
replay detection support: Y
Cisco 1800 Series Software Configuration Guide
30
Hoot and Holler over V3PN Configuration Example
Verify
outbound ah sas:
outbound pcp sas:
The following is an output example for the show ip ospf neighbor command, performed using the
configuration on the Branch 1 router:
Branch-1# show ip ospf neighbor
Neighbor ID
192.168.1.1
Pri
0
State
FULL/
-
Dead Time
00:00:35
Address
192.168.1.1
Interface
Tunnel0
The following is an output example from the show ip route command, performed using the
configuration on the Branch 1 router:
Branch-1# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.32.153.33 to network 0.0.0.0
O
O
C
C
O
C
O
C
O
S*
192.168.4.0/32 is subnetted, 1 subnets
192.168.4.1 [110/11] via 192.168.1.1, 00:33:28, Tunnel0
192.168.5.0/24 [110/21] via 192.168.1.1, 00:33:28, Tunnel0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
10.32.153.33/32 is directly connected, Virtual-Access4
10.32.153.32/30 is directly connected, Virtual-Access3
is directly connected, Virtual-Access4
192.168.6.0/24 [110/11] via 192.168.1.1, 00:33:28, Tunnel0
192.168.7.0/24 is directly connected, Vif1
192.168.1.0/24 [110/11] via 192.168.1.1, 00:33:28, Tunnel0
192.168.2.0/24 is directly connected, FastEthernet0/0
192.168.3.0/24 [110/21] via 192.168.1.1, 00:33:28, Tunnel0
0.0.0.0/0 [1/0] via 10.32.153.33
The following is an output example for the show ip pim neighbor command, performed using the
configuration on the Branch 1 router:
Branch-1# show ip pim neighbor
PIM Neighbor Table
Neighbor
Interface
Address
192.168.1.1
Tunnel0
Uptime/Expires
Ver
00:20:59/00:01:25 v2
DR
Prio/Mode
1 / S
The following is an output example for the show ip pim rp mapping command, performed using the
configuration on the Branch 1 router:
Branch-1# show ip pim rp mapping
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
RP 192.168.4.1 (?), v2v1
Info source: 192.168.4.1 (?), elected via Auto-RP
Uptime: 00:20:28, expires: 00:02:23
Cisco 1800 Series Software Configuration Guide
31
Hoot and Holler over V3PN Configuration Example
Verify
The following is an output example for the show ip mroute active command, performed using the
configuration on the Branch 1 router:
Branch-1# show ip mroute active
Active IP Multicast Sources - sending >= 4 kbps
Group: 239.168.1.100, (?)
Source: 192.168.5.2 (?)
Rate: 0 pps/0 kbps(1sec), 80 kbps(last 10 secs), 7 kbps(life avg)
Source: 192.168.7.2 (?)
Rate: 0 pps/0 kbps(1sec), 80 kbps(last 10 secs), 7 kbps(life avg)
The following is an output example for the show voice trunk-conditioning supervisory command,
performed using the configuration on the Branch 1 router:
Branch-1# show voice trunk-conditioning supervisory
SLOW SCAN
1/0 : state : TRUNK_SC_CONNECT, voice : on, signal : on ,master
status: trunk connected
sequence oos : no-action
pattern :
timing : idle = 0, restart = 0, standby = 0, timeout = 65535
supp_all = 0, supp_voice = 0, keep_alive = 0
timer: oos_ais_timer = 0, timer = 0
The following is an output example for the show voip rtp connections command, performed using the
configuration on the Branch 1 router:
Branch-1# show voip rtp connections
VoIP RTP active connections :
No. CallId dstCallId LocalRTP RmtRTP LocalIP
1
4
3
31156
19890 192.168.7.2
Found 1 active RTP connections
RemoteIP
239.168.1.100
The following is an output example for the show voice call summary command, performed using the
configuration on the Branch 1 router:
Branch-1# show voice call summary
PORT
CODEC
============== ========
1/0
g711ulaw
1/1
1/2
1/3
-
VAD VTSP STATE
=== ====================
y S_CONNECT
- - - -
VPM STATE
======================
S_TRUNKED
FXSLS_ONHOOK
FXSLS_ONHOOK
FXSLS_ONHOOK
The following is an output example for the show class map command, performed using the
configuration on the Branch 1 router:
Branch-1# show class-map
Class Map match-all control-traffic (id 1)
Match ip dscp af31
Class Map match-any class-default (id 0)
Match any
Class Map match-all video (id 3)
Match ip precedence 4
Class Map match-all voice (id 2)
Cisco 1800 Series Software Configuration Guide
32
Hoot and Holler over V3PN Configuration Example
Verify
Match ip
dscp ef
The following is an output example for the show policy-map interface virtual-access 4 output
command, performed using the configuration on the Branch 1 router:
Branch-1 #show policy-map interface virtual-access 4 output
Virtual-Access4
Service-policy output: LLQ
Class-map: control-traffic (match-all)
45166 packets, 10659176 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af31
Queueing
Output Queue: Conversation 265
Bandwidth 5 (%)
Bandwidth 50 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: voice (match-all)
3241999 packets, 920726516 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 35 (%)
Bandwidth 350 (kbps) Burst 8750 (Bytes)
(pkts matched/bytes matched) 3217794/913852296
(total drops/bytes drops) 0/0
Class-map: video (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 4
Queueing
Output Queue: Conversation 267
Bandwidth 15 (%)
Bandwidth 150 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: data (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Queueing
Output Queue: Conversation 266
Bandwidth 20 (%)
Bandwidth 200 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
41789 packets, 6646861 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
Cisco 1800 Series Software Configuration Guide
33
Hoot and Holler over V3PN Configuration Example
Verify
The following is an output example for the show crypto engine brief command, performed using the
configuration on the Branch 1 router:
Branch-1# show crypto engine brief
crypto engine name:
crypto engine type:
State:
VPN Module in slot:
Product Name:
Software Serial #:
Device ID:
Vendor ID:
Revision No:
VSK revision:
Boot version:
DPU version:
HSP version:
Time running:
Compression:
DES:
3 DES:
AES CBC:
AES CNTR:
Maximum buffer length:
Maximum DH index:
Maximum SA index:
Maximum Flow index:
Maximum RSA key size:
Virtual Private Network (VPN) Module
hardware
Enabled
0
AIM-VPN/BPII
55AA
0014 - revision 0002
13A3
0x00140002
0
255
0
2.2(21) (ALPHA)
0 Seconds
Yes
Yes
Yes
Yes (128,192,256)
No
4096
1000
1000
2000
2048
crypto engine name:
crypto engine type:
serial number:
crypto engine state:
crypto engine in slot:
Cisco VPN Software Implementation
software
70107010
installed
N/A
Verifying Branch 2 Router
The following is an output example for the show crypto isakmp sa command, performed using the
configuration on the Branch 2 router (serial):
Branch-2# show crypto isakmp sa
dst
10.32.152.26
src
10.32.150.46
state
QM_IDLE
conn-id slot
3
0
The following is an output example for the show crypto ipsec sa command, performed using the
configuration on the Branch 2 router:
Branch-2# show crypto ipsec sa
interface: Tunnel0
Crypto map tag: INT_CM, local addr. 10.32.150.46
protected vrf:
local ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
current_peer: 10.32.152.26:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1706, #pkts encrypt: 1706, #pkts digest: 1706
#pkts decaps: 1715, #pkts decrypt: 1715, #pkts verify: 1715
#pkts compressed: 0, #pkts decompressed: 0
Cisco 1800 Series Software Configuration Guide
34
Hoot and Holler over V3PN Configuration Example
Verify
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 10, #recv errors 0
local crypto endpt.: 10.32.150.46, remote crypto endpt.: 10.32.152.26
path mtu 1420, media mtu 1420
current outbound spi: C172073D
inbound esp sas:
spi: 0x2A87D473(713544819)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508372675/14364)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
spi: 0xD3C362F0(3552797424)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5153, flow_id: 33, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (521045477/14364)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x4589EBE8(1166666728)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508372675/14364)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
spi: 0xC172073D(3245475645)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5154, flow_id: 34, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (521045458/14363)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
interface: Serial0/0/0
Crypto map tag: INT_CM, local addr. 10.32.150.46
protected vrf:
local ident (addr/mask/prot/port): (10.32.150.46/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.32.152.26/255.255.255.255/47/0)
current_peer: 10.32.152.26:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1864, #pkts encrypt: 1864, #pkts digest: 1864
Cisco 1800 Series Software Configuration Guide
35
Hoot and Holler over V3PN Configuration Example
Verify
#pkts
#pkts
#pkts
#pkts
#send
decaps: 1874, #pkts decrypt: 1874, #pkts verify: 1874
compressed: 0, #pkts decompressed: 0
not compressed: 0, #pkts compr. failed: 0
not decompressed: 0, #pkts decompress failed: 0
errors 10, #recv errors 0
local crypto endpt.: 10.32.150.46, remote crypto endpt.: 10.32.152.26
path mtu 1420, media mtu 1420
current outbound spi: C172073D
inbound esp sas:
spi: 0x2A87D473(713544819)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5151, flow_id: 31, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508372675/14361)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
spi: 0xD3C362F0(3552797424)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5153, flow_id: 33, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
Branch-2#
sa timing: remaining key lifetime (k/sec): (521045425/14360)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x4589EBE8(1166666728)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5152, flow_id: 32, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (508372675/14360)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
spi: 0xC172073D(3245475645)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 5154, flow_id: 34, crypto map: INT_CM
crypto engine type: Hardware, engine_id: 2
sa timing: remaining key lifetime (k/sec): (521045411/14359)
ike_cookies: 7D356DD4 F5DE05AD 59F8CBF0 5B2E8553
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
The following is an output example for the show ip ospf neighbor command, performed using the
configuration on the Branch 2 router:
Branch-2# show ip ospf neighbor
Neighbor ID
192.168.1.1
Pri
0
State
FULL/
Cisco 1800 Series Software Configuration Guide
36
-
Dead Time
00:00:37
Address
192.168.1.1
Interface
Tunnel0
Hoot and Holler over V3PN Configuration Example
Verify
The following is an output example for the show ip route command, performed using the configuration
on the Branch 2 router:
Branch-2# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.32.150.45 to network 0.0.0.0
O
C
C
O
O
O
O
C
S*
192.168.4.0/32 is subnetted, 1 subnets
192.168.4.1 [110/11] via 192.168.1.1, 00:31:10, Tunnel0
192.168.5.0/24 is directly connected, Vif1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
10.32.150.44/30 is directly connected, Serial0/0/0
192.168.6.0/24 [110/11] via 192.168.1.1, 00:31:10, Tunnel0
192.168.7.0/24 [110/21] via 192.168.1.1, 00:31:10, Tunnel0
192.168.1.0/24 [110/11] via 192.168.1.1, 00:31:11, Tunnel0
192.168.2.0/24 [110/21] via 192.168.1.1, 00:31:11, Tunnel0
192.168.3.0/24 is directly connected, FastEthernet0/0
0.0.0.0/0 [1/0] via 10.32.150.45
is directly connected, Serial0/0/0
The following is an output example for the show ip pim neighbor command, performed using the
configuration on the Branch 2 router:
Branch-2# show ip pim neighbor
PIM Neighbor Table
Neighbor
Interface
Address
192.168.1.1
Tunnel0
Uptime/Expires
Ver
00:31:52/00:01:26 v2
DR
Prio/Mode
1 / S
The following is an output example for the show ip pim rp mapping command, performed using the
configuration on the Branch 2 router:
Branch-2# show ip pim rp mapping
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
RP 192.168.4.1 (?), v2v1
Info source: 192.168.4.1 (?), elected via Auto-RP
Uptime: 2d03h, expires: 00:02:47
The following is an output example for the show ip mroute active command, performed using the
configuration on the Branch 2 router:
Branch-2# show ip mroute active
Active IP Multicast Sources - sending >= 4 kbps
Group: 239.168.1.100, (?)
Source: 192.168.5.2 (?)
Rate: 50 pps/80 kbps(1sec), 80 kbps(last 10 secs), 2 kbps(life avg)
Source: 192.168.7.2 (?)
Rate: 50 pps/80 kbps(1sec), 80 kbps(last 30 secs), 2 kbps(life avg)
Cisco 1800 Series Software Configuration Guide
37
Hoot and Holler over V3PN Configuration Example
Verify
The following is an output example for the show voice trunk-conditioning supervisory command,
performed using the configuration on the Branch 2 router:
Branch-2# show voice trunk-conditioning supervisory
SLOW SCAN
0/1/0 : state : TRUNK_SC_CONNECT, voice : on, signal : on ,master
status: trunk connected
sequence oos : no-action
pattern :
timing : idle = 0, restart = 0, standby = 0, timeout = 65535
supp_all = 0, supp_voice = 0, keep_alive = 0
timer: oos_ais_timer = 0, timer = 0
The following is an output example for the show voip rtp connections command, performed using the
configuration on the Branch 2 router:
Branch-2# show voip rtp connections
VoIP RTP active connections :
No. CallId dstCallId LocalRTP RmtRTP LocalIP
1
9
8
18618
19890 192.168.5.2
Found 1 active RTP connections
RemoteIP
239.168.1.100
The following is an output example for the show voice call summary command, performed using the
configuration on the Branch 2 router:
Branch-2# show voice call summary
PORT
CODEC
============== ========
0/1/0
g711ulaw
0/1/1
-
VAD VTSP STATE
VPM STATE
=== ==================== ======================
y S_CONNECT
S_TRUNKED
- FXSLS_ONHOOK
The following is an output example for the show policy-map interface serial 0/0/0 output command,
performed using the configuration on the Branch 2 router:
Branch-2# show policy-map interface serial 0/0/0 output
Serial0/0/0
Service-policy output: LLQ
Class-map: control-traffic (match-all)
50099 packets, 11823300 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af31
Queueing
Output Queue: Conversation 265
Bandwidth 5 (%)
Bandwidth 77 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 863/203668
(depth/total drops/no-buffer drops) 0/0/0
Class-map: voice (match-all)
3241968 packets, 920715872 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 35 (%)
Bandwidth 540 (kbps) Burst 13500 (Bytes)
(pkts matched/bytes matched) 13/3532
Cisco 1800 Series Software Configuration Guide
38
Hoot and Holler over V3PN Configuration Example
Verify
(total drops/bytes drops) 0/0
Class-map: video (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 4
Queueing
Output Queue: Conversation 266
Bandwidth 15 (%)
Bandwidth 231 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: data (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Queueing
Output Queue: Conversation 267
Bandwidth 20 (%)
Bandwidth 308 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
75804 packets, 9111740 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
The following is an output example for the show crypto engine brief command, performed using the
configuration on the Branch 2 router:
Branch-2# show crypto engine brief
crypto engine name:
crypto engine type:
State:
Product Name:
NetGX Middleware Version:
NetGX Firmware Version:
Time running:
Compression:
DES:
3 DES:
AES CBC:
AES CNTR:
Maximum buffer length:
Maximum DH index:
Maximum SA index:
Maximum Flow index:
Maximum RSA key size:
crypto engine name:
crypto engine type:
serial number:
crypto engine state:
crypto engine in slot:
Virtual Private Network (VPN) Module
hardware
Enabled
Onboard-VPN
v1.2.0
v2.2.0
414404 seconds
Yes
Yes
Yes
Yes (128,192,256)
No
4096
0300
0300
2400
2048
Cisco VPN Software Implementation
software
FFFFFFFF
installed
N/A
Cisco 1800 Series Software Configuration Guide
39
Hoot and Holler over V3PN Configuration Example
Troubleshoot
Troubleshoot
This section provides information you can use to confirm that your configuration is working properly.
See the following tech notes:
•
IP Security Troubleshooting - Understanding and Using debug Commands
Troubleshooting Commands
Note
Before issuing debug commands, please see Important Information on Debug Commands.
The following debug commands must be running on both IPSec routers (peers). Security associations
must be cleared on both peers.
•
debug crypto engine—Displays information pertaining to the crypto engine, such as when the
Cisco IOS software is performing encryption or decryption operations.
•
debug crypto ipsec—Displays IPSec negotiations of phase 2.
•
debug crypto isakmp—Displays ISAKMP negotiations of phase 1.
•
debug ip pim auto-rp—Displays the contents of each PIM packet used in the automatic discovery
of group-to-rendezvous point (RP) mapping as well as the actions taken on the address-to-RP
mapping database.
•
clear crypto isakmp—Clears the security associations related to phase 1.
•
clear crypto sa—Clears the security associations related to phase 2.
The following is an example of output for the debug crypto isakmp and debug crypto ipsec commands.
Relevant display output is shown in bold text, and comments are preceded by an exclamation point and
shown in italics.
router# debug crypto isakmp
router# debug crypto ipsec
Jul 29 16:06:33.619 PDT: ISAKMP (0:134217730): received packet from 10.32.150.46 dport 500
sport 500 Global (I) MM_SA_SETUP
Jul 29 16:06:33.619 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 29 16:06:33.619 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM3 New State = IKE_I_MM4
Jul 29 16:06:33.619 PDT: ISAKMP:(0:2:SW:1): processing KE payload. message ID = 0
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing NONCE payload. message ID = 0
Jul 29 16:06:33.635 PDT: ISAKMP: Looking for a matching key for 10.32.150.46 in default :
success
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):found peer pre-shared key matching 10.32.150.46
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):SKEYID state generated
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing vendor id payload
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): vendor ID is Unity
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing vendor id payload
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): vendor ID is DPD
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): processing vendor id payload
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1): speaking to another IOS box!
Jul 29 16:06:33.635 PDT: ISAKMP:received payload type 20
Jul 29 16:06:33.635 PDT: ISAKMP:received payload type 20
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
Jul 29 16:06:33.635 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM4
Jul 29 16:06:33.639 PDT: ISAKMP:(0:2:SW:1):Send initial contact
Cisco 1800 Series Software Configuration Guide
40
Hoot and Holler over V3PN Configuration Example
Troubleshoot
Jul 29 16:06:33.639 PDT: ISAKMP:(0:2:SW:1):SA is doing pre-shared key authentication using
id type ID_IPV4_ADDR
Jul 29 16:06:33.639 PDT: ISAKMP (0:134217730): ID payload
next-payload : 8
type
: 1
address
: 10.32.152.26
protocol
: 17
port
: 500
length
: 12
Jul 29 16:06:33.639 PDT: ISAKMP:(0:2:SW:1):Total payload length: 12
Jul 29 16:06:33.639 PDT: ISAKMP:(0:2:SW:1): sending packet to 10.32.150.46 my_port 500
peer_port 500 (I) MM_KEY_EXCH
Jul 29 16:06:33.639 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Jul 29 16:06:33.639 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM4 New State = IKE_I_MM5
Jul 29 16:06:33.643 PDT: ISAKMP (0:134217730): received packet from 10.32.150.46 dport 500
sport 500 Global (I) MM_KEY_EXCH
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1): processing ID payload. message ID = 0
Jul 29 16:06:33.643 PDT: ISAKMP (0:134217730): ID payload
next-payload : 8
type
: 1
address
: 10.32.150.46
protocol
: 17
port
: 500
length
: 12
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1): processing HASH payload. message ID = 0
! REMOTE PEER IS SHOWN TO BE AUTHENTICATED IN THE NEXT LINE.
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):SA authentication status:
authenticated
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):SA has been authenticated with 10.32.150.46
Jul 29 16:06:33.643 PDT: ISAKMP: Trying to insert a peer 10.32.152.26/10.32.150.46/500/,
and inserted successfully.
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM5 New State = IKE_I_MM6
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL,
IKE_PROCESS_MAIN_MODE
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM6 New State = IKE_I_MM6
Jul 29 16:06:33.643 PDT: ISAKMP (0:134217730): received packet from 10.32.150.46 dport 500
sport 500 Global (I) MM_KEY_EXCH
Jul 29 16:06:33.643 PDT: ISAKMP: set new node 2118711810 to QM_IDLE
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1): processing HASH payload. message ID =
2118711810
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1): processing DELETE payload. message ID =
2118711810
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):peer does not do paranoid keepalives.
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):deleting node 2118711810 error FALSE reason
"Informational (in) state 1"
Jul 29 16:06:33.643 PDT: IPSEC(key_engine): got a queue event with 1 kei messages
Jul 29 16:06:33.643 PDT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
! PHASE 1 IS SHOWN TO BE COMPLETED SUCCESSFULLY IN THE NEXT LINE.
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_I_MM6 New State =
IKE_P1_COMPLETE
Jul 29 16:06:33.643 PDT: ISAKMP:(0:2:SW:1):beginning Quick Mode exchange, M-ID of
159862783
Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1): sending packet to 10.32.150.46 my_port 500
peer_port 500 (I) QM_IDLE
Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Node 159862783, Input = IKE_MESG_INTERNAL,
IKE_INIT_QM
Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_QM_READY New State =
IKE_QM_I_QM1
Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
Jul 29 16:06:33.651 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_P1_COMPLETE New State =
IKE_P1_COMPLETE
Cisco 1800 Series Software Configuration Guide
41
Hoot and Holler over V3PN Configuration Example
Troubleshoot
Jul 29 16:06:33.923 PDT: ISAKMP (0:134217730): received packet from 10.32.150.46 dport 500
sport 500 Global (I) QM_IDLE
Jul 29 16:06:33.923 PDT: ISAKMP:(0:2:SW:1): processing HASH payload. message ID =
159862783
Jul 29 16:06:33.923 PDT: ISAKMP:(0:2:SW:1): processing SA payload. message ID = 159862783
Jul 29 16:06:33.923 PDT: ISAKMP:(0:2:SW:1):Checking IPSec proposal 1
Jul 29 16:06:33.923 PDT: ISAKMP: transform 1, ESP_3DES
Jul 29 16:06:33.923 PDT: ISAKMP:
attributes in transform:
Jul 29 16:06:33.923 PDT: ISAKMP:
encaps is 1 (Tunnel)
Jul 29 16:06:33.923 PDT: ISAKMP:
SA life type in seconds
Jul 29 16:06:33.923 PDT: ISAKMP:
SA life duration (basic) of 3600
Jul 29 16:06:33.923 PDT: ISAKMP:
SA life type in kilobytes
Jul 29 16:06:33.923 PDT: ISAKMP:
SA life duration (VPI) of 0x0 0x46 0x50 0x0
Jul 29 16:06:33.923 PDT: ISAKMP:
authenticator is HMAC-SHA
Jul 29 16:06:33.923 PDT: ISAKMP:
group is 1
! A PROPOSAL IS FOUND THAT IS COMPATIBLE IN THE NEXT LINE.
Jul 29 16:06:33.923 PDT: ISAKMP:(0:2:SW:1):atts are acceptable.
Jul 29 16:06:33.923 PDT: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 10.32.152.26, remote= 10.32.150.46,
local_proxy= 10.32.152.26/255.255.255.255/47/0 (type=1),
remote_proxy= 10.32.150.46/255.255.255.255/47/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x12
Jul 29 16:06:33.923 PDT: Crypto mapdb : proxy_match
src addr
: 10.32.152.26
dst addr
: 10.32.150.46
protocol
: 47
src port
: 0
dst port
: 0
Jul 29 16:06:33.923 PDT: ISAKMP:(0:2:SW:1): processing NONCE payload. message ID =
159862783
Jul 29 16:06:33.923 PDT: ISAKMP:(0:2:SW:1): processing KE payload. message ID = 159862783
Jul 29 16:06:33.931 PDT: ISAKMP:(0:2:SW:1): processing ID payload. message ID = 159862783
Jul 29 16:06:33.931 PDT: ISAKMP:(0:2:SW:1): processing ID payload. message ID = 159862783
Jul 29 16:06:33.931 PDT: ISAKMP: Locking peer struct 0x6635AA1C, IPSEC refcount 1 for for
stuff_ke
Jul 29 16:06:33.931 PDT: ISAKMP:(0:2:SW:1): Creating IPSec SAs
Jul 29 16:06:33.931 PDT:
inbound SA from 10.32.150.46 to 10.32.152.26 (f/i) 0/ 0
(proxy 10.32.150.46 to 10.32.152.26)
Jul 29 16:06:33.931 PDT:
has spi 0x1442EBFC and conn_id 0 and flags 13
Jul 29 16:06:33.931 PDT:
lifetime of 3600 seconds
Jul 29 16:06:33.931 PDT:
lifetime of 4608000 kilobytes
Jul 29 16:06:33.931 PDT:
has client flags 0x0
Jul 29 16:06:33.931 PDT:
outbound SA from 10.32.152.26 to 10.32.150.46 (f/i) 0/0
(proxy 10.32.152.26 to 10.32.150.46)
Jul 29 16:06:33.931 PDT:
has spi -2093906224 and conn_id 0 and flags 1B
Jul 29 16:06:33.931 PDT:
lifetime of 3600 seconds
Jul 29 16:06:33.931 PDT:
lifetime of 4608000 kilobytes
Jul 29 16:06:33.931 PDT:
has client flags 0x0
Jul 29 16:06:33.931 PDT: ISAKMP:(0:2:SW:1): sending packet to 10.32.150.46 my_port 500
peer_port 500 (I) QM_IDLE
Jul 29 16:06:33.935 PDT: ISAKMP:(0:2:SW:1):deleting node 159862783 error FALSE reason "No
Error"
Jul 29 16:06:33.935 PDT: ISAKMP:(0:2:SW:1):Node 159862783, Input = IKE_MESG_FROM_PEER,
IKE_QM_EXCH
! PHASE 2 IS SHOWN TO BE COMPLETED SUCCESSFULLY IN THE NEXT LINE.
Jul 29 16:06:33.935 PDT: ISAKMP:(0:2:SW:1):Old State = IKE_QM_I_QM1 New State =
IKE_QM_PHASE2_COMPLETE
Jul 29 16:06:33.935 PDT: IPSEC(key_engine): got a queue event with 2 kei messages
Jul 29 16:06:33.935 PDT: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 10.32.152.26, remote= 10.32.150.46,
local_proxy= 10.32.152.26/0.0.0.0/47/0 (type=1),
Cisco 1800 Series Software Configuration Guide
42
Hoot and Holler over V3PN Configuration Example
Related Information
remote_proxy= 10.32.150.46/0.0.0.0/47/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x1442EBFC(339930108), conn_id= 0, keysize= 0, flags= 0x13
Jul 29 16:06:33.935 PDT: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 10.32.152.26, remote= 10.32.150.46,
local_proxy= 10.32.152.26/0.0.0.0/47/0 (type=1),
remote_proxy= 10.32.150.46/0.0.0.0/47/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x833186D0(2201061072), conn_id= 0, keysize= 0, flags= 0x1B
Jul 29 16:06:33.935 PDT: Crypto mapdb : proxy_match
src addr
: 10.32.152.26
dst addr
: 10.32.150.46
protocol
: 47
src port
: 0
dst port
: 0
Jul 29 16:06:33.935 PDT: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the
same proxies and 101.253.249.204
Jul 29 16:06:33.935 PDT: IPSec: Flow_switching Allocated flow for sibling 80000003
Jul 29 16:06:33.935 PDT: IPSEC(policy_db_add_ident): src 10.32.152.26, dest 10.32.150.46,
dest_port 0
Jul 29 16:06:33.935 PDT: IPSEC(create_sa): sa created,
(sa) sa_dest= 10.32.152.26, sa_proto= 50,
sa_spi= 0x1442EBFC(339930108),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 4002
Jul 29 16:06:33.935 PDT: IPSEC(create_sa): sa created,
(sa) sa_dest= 10.32.150.46, sa_proto= 50,
sa_spi= 0x833186D0(2201061072),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 4001
Related Information
•
Cisco IOS Quality of Service Configuration Guide, Release 12.3
•
Cisco IOS Security Configuration Guide
•
Cisco IOS Voice Command Reference, Release 12.3
•
Cisco IOS Wide-Area Networking Configuration Guide
•
Cisco Technical Assistance Center
isco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
rvice marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Ce
k Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation,
olver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ
ss Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, PreRateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath
d trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
demarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relati
co and any other company. (0501R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
43
Hoot and Holler over V3PN Configuration Example
Related Information
Cisco 1800 Series Software Configuration Guide
44
Finding Feature Documentation
Note
We recommend that you use the Cisco Router and Security Device Manager (SDM) to configure your
router. To access SDM, see the quick start guide that you received with your router.
You can access Cisco IOS feature documentation in the following ways:
•
Using Cisco.com Feature Resources, page 1
•
Finding Documentation for a Specific Feature by Using Cisco Feature Navigator, page 2
•
Finding Documentation for All Supported Features on Your Router by Using Cisco Feature
Navigator, page 3
•
Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release, page 4
•
Finding Feature Documentation by Browsing Cisco IOS Release Notes, page 4
For a list of key supported features, see the data sheet and other product literature for your router.
Additional IOS-related technical documentation can be found at this URL:
http://www.cisco.com/cisco/web/support/index.html
Using Cisco.com Feature Resources
Following are links to resources available on Cisco.com for voice, security, and dial configuration.
Voice Configuration Resources
The Cisco IOS Voice Configuration Library is available at this URL:
http://www.cisco.com/en/US/docs/ios/12_3/vvf_c/cisco_ios_voice_configuration_library_glossary
/vcl.htm
Cisco Systems, Inc.
www.cisco.com
Finding Feature Documentation
Finding Documentation for a Specific Feature by Using Cisco Feature Navigator
Security Configuration Resources
The Cisco IOS Security Configuration Guide is available at this URL:
http://www.cisco.com/en/US/docs/ios/12_3/featlist/sec_vcg.html
Dial Configuration Resources
The Cisco IOS Dial Technologies Configuration Guide is available at this URL:
http://www.cisco.com/en/US/docs/ios/12_3/featlist/dial_vcg.html
Finding Documentation for a Specific Feature by Using Cisco
Feature Navigator
Cisco Feature Navigator is the best tool for finding feature documentation.
Note
Step 1
Cisco Feature Navigator does not support all platforms and software releases, such as some older
releases and some limited-lifetime releases.
Go to Cisco Feature Navigator at http://www.cisco.com/go/fn.
You must have an account on Cisco.com. If you do not have an account or have forgotten your username
or password, click Cancel at the login dialog box, and follow the instructions that appear.
Step 2
Click Search by Feature.
Step 3
Enter the feature name, and click Search.
The search results appear in the Features Available box. You may have to scroll down to see the Features
Available box.
If the Features Available box displays “None Available,” then try searching for a variation of the feature
name. You may have to scroll up to see the search field.
If the Features Available box displays your feature, proceed to Step 4.
Step 4
Click the feature name in the Features Available box.
Step 5
Click Show Description(s), which is just below the Features Available box.
Cisco Feature Navigator displays a short description of the feature and, when the feature is complex or
involves user configuration, provides a “For More Information” link.
Step 6
Click For More Information, if it is available.
Cisco Feature Navigator displays the feature documentation, usually in the form of a feature module,
which includes information on configuring, verifying, and troubleshooting the feature.
Cisco 1800 Series Software Configuration Guide
2
Finding Feature Documentation
Finding Documentation for All Supported Features on Your Router by Using Cisco Feature Navigator
Finding Documentation for All Supported Features on Your
Router by Using Cisco Feature Navigator
Cisco Feature Navigator is the best tool for finding documentation for all the features on your router.
Note
Step 1
Cisco Feature Navigator does not support all platforms and software releases, such as some older
releases and some limited-lifetime releases.
Go to Cisco Feature Navigator at http://www.cisco.com/go/fn.
You must have an account on Cisco.com. If you do not have an account or have forgotten your username
or password, click Cancel at the login dialog box, and follow the instructions that appear.
Step 2
Click Search by Release/Image Name/Product Code/Platform.
Step 3
In the drop-down menu next to “Platform,” choose your router.
Step 4
Click Continue.
Cisco Feature Navigator displays a list of features that are supported on your router. Do one of the
following, as appropriate:
•
To access documentation for a specific feature on this list, proceed to Step 5.
•
To display a list of features that are supported in a specific Cisco IOS release, use the “Major
Release” or “Release” pull-down menu to select the Cisco IOS release.
Cisco Feature Navigator displays a list of features that are supported by the selected Cisco IOS
release on your router.
To access documentation for a specific feature on this list, proceed to Step 5.
•
To display a list of features that are supported in a specific feature set, use the “Feature Set”
pull-down menu to select the feature set.
Cisco Feature Navigator displays a list of features that are supported on the selected feature set and
Cisco IOS release on your router.
Step 5
Click the feature name.
Cisco Feature Navigator displays a short description of the feature and, when the feature involves user
configuration, provides a “For More Information” link.
Step 6
Click For More Information, if it is available.
Cisco Feature Navigator displays the feature documentation, usually in the form of a feature module,
which includes information on configuring, verifying, and troubleshooting the feature.
Cisco 1800 Series Software Configuration Guide
3
Finding Feature Documentation
Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release
Finding Feature Documentation by Browsing Feature Modules
by Cisco IOS Release
If you know the specific feature name and the Cisco IOS release in which the feature was introduced,
you can browse the Cisco IOS feature modules by Cisco IOS release to find feature documentation.
Note
Feature modules are not created for all features, such as uncomplicated features that do not involve any
user configuration. To access all feature descriptions and configuration information, go to Cisco Feature
Navigator, or read the Cisco IOS release notes in addition to browsing the Cisco IOS feature modules.
Step 1
Go to http://www.cisco.com/univercd/cc/td/doc/product/software/index.htm.
Step 2
Select the appropriate release.
Step 3
Click New Feature Documentation.
Step 4
Navigate to your Cisco IOS software release.
Step 5
Select the feature module.
Finding Feature Documentation by Browsing Cisco IOS Release Notes
If you know the specific Cisco IOS release in which the feature was introduced, you can browse the
Cisco IOS release notes to find feature descriptions.
Note
Cisco IOS release notes typically include descriptions only of uncomplicated features that were
introduced in the software release, but that do not involve any user configuration. To access all feature
descriptions and configuration information, go to Cisco Feature Navigator, or read the Cisco IOS release
notes in addition to browsing the Cisco IOS feature modules.
Step 1
Go to http://www.cisco.com/univercd/cc/td/doc/product/software/index.htm.
Step 2
Select the appropriate release.
Step 3
Click Release Notes.
Step 4
Select your platform.
Step 5
Select the release notes for your Cisco IOS software release.
Step 6
Navigate to the “New and Changed Information” section. If you selected a “T” release, the section might
be called “New Features and Important Notes.”
Cisco 1800 Series Software Configuration Guide
4
Finding Feature Documentation
Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
5
Finding Feature Documentation
Finding Feature Documentation by Browsing Feature Modules by Cisco IOS Release
Cisco 1800 Series Software Configuration Guide
6
Changing the Configuration Register Settings
This document describes the 16-bit configuration register in NVRAM and includes the following
sections:
•
Platforms Supported by This Document, page 1
•
About the Configuration Register, page 2
•
Changing the Configuration Register Settings, page 5
•
Displaying the Configuration Register Settings, page 6
•
Configuring the Console Line Speed (Cisco IOS CLI), page 6
Reviewers, if you’d like me to include some config examples (especially those that reflect when
customers would typically change the config register settings), please send them to me. Thanks!
Platforms Supported by This Document
Use this document with the following platforms:
•
Cisco 1800 series routers
•
Cisco 2800 series routers
•
Cisco 3800 series routers
Platform Requirements or Restrictions
Use this space to tell the reader if some of the content in this doc doesn’t apply to certain
platforms, or if some of the content in this doc only applies to a platform if it has a certain hardware
or software configuration.
Cisco Systems, Inc.
www.cisco.com
Changing the Configuration Register Settings
About the Configuration Register
About the Configuration Register
The router has a 16-bit configuration register in NVRAM. Each bit has value 1 (on or set) or value 0 (off
or clear), and each bit setting affects the router behavior upon the next reload power cycle.
You can use the configuration register to
•
Force the router to boot into the ROM monitor (bootstrap program)
•
Select a boot source and default boot filename
•
Enable or disable the Break function
•
Control broadcast addresses
•
Recover a lost password
•
Change the console line speed
Table 1 describes the configuration register bits.
Reviewers, check the following table for accuracy. Some of the meanings aren’t as detailed as
others (especially bits 6, 7, 15). Can you send me more details on what these bits mean and what
their factory default settings are?
Table 1
Bit
Number
00–03
Configuration Register Bit Descriptions
Hexadecimal
Meaning
0x0000–0x000F Boot field. The boot field setting determines whether the router loads an
operating system and where it obtains the system image.
See Table 2 for details.
06
0x0040
Causes the system software to ignore the contents of NVRAM.
07
0x0080
Original Equipment Manufacturer (OEM) bit enabled.
08
0x0100
Controls the console Break key:
•
(Factory default) Setting bit 8 causes the processor to ignore the
console Break key.
•
Clearing bit 8 causes the processor to interpret Break as a command
to force the router into the ROM monitor mode, halting normal
operation.
Break can always be sent in the first 60 seconds while the router is
rebooting, regardless of the configuration register settings.
09
0x0200
This bit controls the system boot:
•
Setting bit 9 causes the system to use the secondary bootstrap.
•
(Factory default) Clearing bit 9 causes the system to boot from flash
memory.Reviewers, please verify that this description
is correct.
This bit is typically not modified.
Cisco 1800 Series Software Configuration Guide
2
Changing the Configuration Register Settings
About the Configuration Register
Table 1
Configuration Register Bit Descriptions (continued)
Bit
Number
Hexadecimal
Meaning
10
0x0400
Controls the host portion of the IP broadcast address:
•
Setting bit 10 causes the processer to use all zeros.
•
(Factory default) Clearing bit 10 causes the processor to use all ones.
Bit 10 interacts with bit 14, which controls the network and subnet
portions of the IP broadcast address. See Table 3 for the combined effects
of bits 10 and 14.
05, 11,
12
0x0020,
Controls the console line speed. See Table 4 for the eight available bit
0x0800, 0x1000 combinations and console line speeds.
Factory default is 9600 baud, where bits 5, 11, and 12 are all zero (clear).
Note
13
0x2000
You cannot change the console line speed configuration register
bits from the Cisco IOS command-line interface (CLI). You can,
however, change these bits from the ROM monitor (see “Using
the ROM Monitor <URL TBD>”). Or, instead of changing the
configuration register settings, you can set the console line speed
through other Cisco IOS commands (see <section to be written
and cross-referenced>)...
Determines how the router responds to a network boot failure:
•
Setting bit 13 causes the router to boot the default ROM software
after 6 unsuccessful network boot attempts.
•
(Factory default) Clearing bit 13 causes the router to indefinitely
continue network boot attempts.Reviewers, does “default
ROM software” mean the same thing as “ROM
monitor”?
14
0x4000
Controls the network and subnet portions of the IP broadcast address:
•
Setting bit 10 causes the processor to use all zeros.
•
(Factory default) Clearing bit 10 causes the processor to use all ones.
Bit 14 interacts with bit 10, which controls the host portion of the IP
broadcast address. See Table 3 for the combined effect of bits 10 and
14.Reviewers, please check the accuracy of this
description.
15
0x8000
Enables diagnostic messages and ignores the contents of NVRAM.
Cisco 1800 Series Software Configuration Guide
3
Changing the Configuration Register Settings
About the Configuration Register
Table 2 describes the boot field, which is the lowest four bits of the configuration register (bits 3, 2, 1,
and 0). The boot field setting determines whether the router loads an operating system and where the
router obtains the system image.
Table 2
Boot Field Configuration Register Bit Descriptions
Boot Field
(Bits 3, 2, 1, and 0)
0000
Meaning
At the next power cycle or reload, the router boots to the ROM monitor (bootstrap
program). To use the ROM monitor, you must use a terminal or PC that is
connected to the router console port. For information about connecting the router
to a PC or terminal, see the hardware installation guide for your router.
(0x0)
In ROM monitor mode, you must manually boot the system image or any other
image by using the boot ROM monitor command. See the section “Booting an
Image (boot)” in “Using the ROM Monitor <URL TBD>.”
0001
Boots the first image in flash memory as a system image.Reviewers, please
(0x01)
verify and clarify this description.
0010 - 1111
(0x02 - 0xF)
At the next power cycle or reload, the router sequentially processes each boot
system command in global configuration mode that is stored in the configuration
file until the system boots successfully.
If no boot system commands are stored in the configuration file, or if executing
those commands is unsuccessful, then the router attempts to boot the first image
file in flash memory.
Table 3 shows how each setting combination of bits 10 and 14 affects the IP broadcast address.
Table 3
Broadcast Address Configuration Register Bit Combinations
Bit 10
Bit 14
Broadcast Address (<net> <host>)
0
0
<ones> <ones>
1
0
<ones> <zeros>
1
1
<zeros> <zeros>
0
1
<zeros> <ones>
Reviewers, check previous table for accuracy. Any ideas on making this table more useful?
Table 4 shows the console line speed for each setting combination of bits 5, 11, and 12.
Table 4
Console Line Speed Configuration Register Bit Combinations
Bit 5
Bit 11
Bit 12
Console Line Speed
(baud)
1
1
1
115200
1
0
1
57600
1
1
0
38400
1
0
0
19200
Cisco 1800 Series Software Configuration Guide
4
Changing the Configuration Register Settings
Changing the Configuration Register Settings
Table 4
Console Line Speed Configuration Register Bit Combinations (continued)
Bit 5
Bit 11
Bit 12
Console Line Speed
(baud)
0
0
0
9600
0
1
0
4800
0
1
1
2400
0
0
1
1200
Reviewers, check previous table for accuracy.
Changing the Configuration Register Settings
You can change the configuration register settings from either the ROM monitor or the Cisco IOS CLI.
This section describes how to modify the configuration register settings from the Cisco IOS CLI. To
change the configuration register from the ROM monitor, see ” Using the ROM Monitor<<URL
TBD>>.”
To change the configuration register settings from the Cisco IOS CLI, complete the following steps:
Step 1
Connect a terminal or PC to the router console port. If you need help, see the hardware installation guide
for your router.
Step 2
Configure your terminal or terminal emulation software for 9600 baud (default), 8 data bits, no parity,
and 2 stop bits.
Step 3
Power on the router.
Step 4
If you are asked whether you would like to enter the initial dialog, answer no:
Would you like to enter the initial dialog? [yes]: no
After a few seconds, the user EXEC prompt (Router>) appears.
Step 5
Enter privileged EXEC mode by typing enable and, if prompted, enter your password:
Router> enable
Password: password
Router#
Step 6
Enter global configuration mode:
Router# configure terminal
Enter configuration commands, one per line.
Edit with DELETE, CTRL/W, and CTRL/U; end with CTRL/Z
Step 7
To change the configuration register settings, enter the config-register value command, where value is
a hexadecimal number preceded by 0x:
Router(config)# config-register 0xvalue
Note
The Cisco IOS software does not allow you to change the console speed bits directly with the
config-register command. To change the console speed from the Cisco IOS CLI, see the
“Configuring the Console Line Speed (Cisco IOS CLI)” section on page 6.
Cisco 1800 Series Software Configuration Guide
5
Changing the Configuration Register Settings
Displaying the Configuration Register Settings
Step 8
Exit global configuration mode:
Router(config)# end
Router#
Step 9
Save the configuration changes to NVRAM:
Router# copy run start
The new configuration register settings are saved to NVRAM, but they do not take effect until the next
router reload or power cycle.
Displaying the Configuration Register Settings
To display the configuration register settings that are currently in effect and the settings that will be used
at the next router reload, enter the show version command in privileged EXEC mode.
The configuration register settings are displayed in the last line of the show version command output:
Configuration register is 0x142 (will be 0x142 at next reload)
Reviewers, would you like to me replace the previous line with more of the output (including the
CLI prompt and show version command? If so, please send me sample output.
Configuring the Console Line Speed (Cisco IOS CLI)
The combined setting of bits 5, 11, and 12 determines the console line speed. You can modify these
particular configuration register bits only from the ROM monitor. See ” Using the ROM Monitor<<URL
TBD>>.”
To configure the console line speed from the Cisco IOS command-line interface, complete the following
steps:
Command or Action
Purpose
Step 1
Router> enable
Password: password
Router#
Enables privileged EXEC mode. Enter your password if
prompted.
Step 2
Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 3
Router(config)# line console 0
Router(config-line)#
Specifies the console line and enters line configuration
mode.
Step 4
Router(config-line)# speed baud
Specifies the console line speed. Possible values (in
baud): 1200, 2400, 4800, 9600, 19200, 38400, 57600,
115200.
Cisco 1800 Series Software Configuration Guide
6
Changing the Configuration Register Settings
Configuring the Console Line Speed (Cisco IOS CLI)
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
7
Changing the Configuration Register Settings
Configuring the Console Line Speed (Cisco IOS CLI)
Cisco 1800 Series Software Configuration Guide
8
Using the ROM Monitor
Many users do not use the ROM monitor at all, unless during power up or reload, the router does not find
a valid system image, the last digit of the boot field in the configuration register is 0, or you enter the
Break key sequence during the first 60 seconds after reloading the router.
This document describes how to use the ROM monitor to manually load a system image, upgrade the
system image when there are no TFTP servers or network connections, or for disaster recovery.
Contents
•
Platforms Supported by This Document, page 1
•
Prerequisites for Using the ROM Monitor, page 1
•
Information About the ROM Monitor, page 2
•
How to Use the ROM Monitor—Typical Tasks, page 3
•
Additional References, page 30
Platforms Supported by This Document
This document describes use of the ROM monitor with the following platforms:
•
Cisco 1841 series routers
•
Cisco 2800 series routers
•
Cisco 3800 series routers
Prerequisites for Using the ROM Monitor
Connect a terminal or PC to the router console port. For help, see the quick start guide or the hardware
installation guide for your router.
Cisco Systems, Inc.
www.cisco.com
Using the ROM Monitor
Information About the ROM Monitor
Information About the ROM Monitor
Before using the ROM monitor, you should understand the following concepts:
•
ROM Monitor Mode Command Prompt, page 2
•
Why Is My Router in ROM Monitor Mode?, page 2
•
When Would I Use the ROM Monitor?, page 2
•
Tips for Using ROM Monitor Commands, page 3
•
Accessibility, page 3
ROM Monitor Mode Command Prompt
The ROM monitor uses the rommon x > command prompt. The x variable begins at 1 and increments
each time you press Return or Enter in ROM monitor mode.
Why Is My Router in ROM Monitor Mode?
Your router boots to ROM monitor mode when one of the following occurs:
•
During power up or reload, the router does not find a valid system image.
•
The last digit of the boot field in the configuration register is 0 (for example, 0x100 or 0x0).
•
You enter the Break key sequence during the first 60 seconds after reloading the router.
To exit ROM monitor mode, see the “Exiting ROM Monitor Mode” section on page 29.
When Would I Use the ROM Monitor?
Many users do not use the ROM monitor at all, except in the following uncommon situations:
•
Manually loading a system image—You can load a system image without configuring the router to
attempt to load that image in future system reloads or power-cycles. This can be useful for testing a
new system image or for troubleshooting. See the “Loading a System Image (boot)” section on
page 9.
•
Upgrading the system image when there are no TFTP servers or network connections, and a direct
PC connection to the router console is the only viable option—See information about upgrading the
system image in configuration documentation for your router.
•
During troubleshooting if the router crashes and hangs—See the “Troubleshooting Crashes and
Hangs (stack, context, frame, sysret, meminfo)” section on page 24.
•
Disaster recovery—Use one of the following methods for recovering the system image or
configuration file:
– Console download (xmodem)—Use this method if the computer that is attached to your console
has a terminal emulator that supports the Xmodem Protocol. See the “Downloading Files over
the Router Console Port (xmodem)” section on page 14.
For more information about using the Xmodem protocol, see the Xmodem Console Download
Procedure Using ROMmon at the following URL:
http://www.cisco.com/warp/public/130/xmodem_generic.html
Cisco 1800 Series Software Configuration Guide
2
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
– TFTP download (tftpdnld)—Use this method if you can connect a TFTP server directly to the
fixed LAN port on your router. See the “Recovering the System Image (tftpdnld)” section on
page 19.
Note
Recovering the system image is different from upgrading the system image. You need to
recover the system image if it becomes corrupt or if it is deleted because of a disaster that
affects the memory device severely enough to require deleting all data on the memory device
in order to load a system image.
Tips for Using ROM Monitor Commands
•
ROM monitor commands are case sensitive.
•
You can halt any ROM monitor command by entering the Break key sequence (Ctrl-Break) on the
PC or terminal. The Break key sequence varies, depending on the software on your PC or terminal.
If Ctrl-Break does not work, see the Standard Break Key Sequence Combinations During Password
Recovery tech note.
•
To find out which commands are available on your router and to display command syntax options,
see the “Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?)” section
on page 8.
Accessibility
This product can be configured using the Cisco command-line interface (CLI). The CLI conforms to
accessibility code 508 because it is text based and because it relies on a keyboard for navigation. All
functions of the router can be configured and monitored through the CLI.
For a complete list of guidelines and Cisco products adherence to accessibility, see Cisco Accessibility
Products at the following URL:
http://www.cisco.com/web/about/responsibility/accessibility/products
How to Use the ROM Monitor—Typical Tasks
This section provides the following procedures:
•
Entering ROM Monitor Mode, page 4
•
Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?), page 8
•
Displaying Files in a File System (dir), page 9
•
Loading a System Image (boot), page 9
•
Downloading Files over the Router Console Port (xmodem), page 14
•
Modifying the Configuration Register (confreg), page 16
•
Obtaining Information on USB Flash Devices, page 17
•
Modifying the I/O Memory (iomemset), page 18
•
Recovering the System Image (tftpdnld), page 19
•
Troubleshooting Crashes and Hangs (stack, context, frame, sysret, meminfo), page 24
Cisco 1800 Series Software Configuration Guide
3
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
•
Note
Exiting ROM Monitor Mode, page 29
This section does not describe how to perform all possible ROM monitor tasks. Use the command help
to perform any tasks that are not described in this document. See the “Displaying Commands and
Command Syntax in ROM Monitor Mode (?, help, -?)” section on page 8.
Entering ROM Monitor Mode
This section provides two ways to enter ROM monitor mode:
•
Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor Mode,
page 4
•
Setting the Configuration Register to Boot to ROM Monitor Mode, page 6
Prerequisites
Connect a terminal or PC to the router console port. For help, see the quick start guide that shipped with
your router or see the hardware installation guide for your router.
Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor Mode
This section describes how to enter ROM monitor mode by reloading the router and entering the Break
key sequence.
SUMMARY STEPS
1.
enable
2.
reload
3.
Press Ctrl-Break.
Cisco 1800 Series Software Configuration Guide
4
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
Reloads the operating system.
reload
Example:
Router# reload
Step 3
Press Ctrl-Break.
Interrupts the router reload and enters ROM monitor mode.
•
You must perform this step within 60 seconds after you
enter the reload command.
•
The Break key sequence varies, depending on the
software on your PC or terminal. If Ctrl-Break does
not work, see the Standard Break Key Sequence
Combinations During Password Recovery tech note.
Example:
Router# send break
Examples
This section provides the following example:
Sample Output for the reload Command
Use break key sequence to enter rom monitor
Router# reload
Proceed with reload? [confirm]
*Sep 23 15:54:25.871: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload
command.
telnet> send break
*** System received an abort due to Break Key ***
signal= 0x3, code= 0x0, context= 0x431aaf40
PC = 0x4008b5dc, Cause = 0x20, Status Reg = 0x3400c102
rommon 1 >
Troubleshooting Tips
The Break key sequence varies, depending on the software on your PC or terminal. See the Standard
Break Key Sequence Combinations During Password Recovery tech note.
What to Do Next
•
Proceed to the “Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?)”
section on page 8.
•
If you use the Break key sequence to enter ROM monitor mode when the router would otherwise
have booted the system image, you can exit ROM monitor mode by doing one of the following:
– Enter the i or reset command, which restarts the booting process and loads the system image.
Cisco 1800 Series Software Configuration Guide
5
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
– Enter the cont command, which continues the booting process and loads the system image.
Setting the Configuration Register to Boot to ROM Monitor Mode
This section describes how to enter ROM monitor mode by setting the configuration register to boot to
ROM monitor mode at the next system reload or power-cycle.
Caution
Do not set the configuration register by using the config-register 0x0 command after you have set the
baud rate. To set the configuration register without affecting the baud rate, use the the current
configuration register setting by entering the show ver | inc configuration command, and then replacing
the last (rightmost) number with a 0 in the configuration register command.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
config-register 0x0
4.
exit
5.
write memory
6.
reload
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Router# configure terminal
Step 3
config-register 0x0
Changes the configuration register settings.
•
Example:
The 0x0 setting forces the router to boot to the ROM
monitor at the next system reload.
Router(config)# config-register 0x0
Step 4
Exits global configuration mode.
exit
Example:
Router(config)# exit
Cisco 1800 Series Software Configuration Guide
6
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Step 5
Command or Action
Purpose
write memory
Sets to boot the system image from flash memory.
Example:
Router# write memory
Step 6
Reloads the operating system.
reload
•
Example:
Because of the 0x0 configuration register setting, the
router boots to ROM monitor mode.
Router# reload
<output deleted>
rommon 1>
Examples
The following example shows how to set the configuration register to boot to ROM monitor mode:
Router>
Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# config-register 0x0
Router(config)# exit
Router#
*Sep 23 16:01:24.351: %SYS-5-CONFIG_I: Configured from console by console
Router# write memory
Building configuration...
[OK]
Router# reload
Proceed with reload? [confirm]
*Sep 23 16:01:41.571: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload
command.
System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
Initializing memory for ECC
.
Router platform with 262144 Kbytes of main memory
Main memory is configured to 64 bit mode with ECC enabled
Readonly ROMMON initialized
rommon 1 >
What to Do Next
Proceed to the “Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?)”
section on page 8.
Cisco 1800 Series Software Configuration Guide
7
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?)
This section describes how to display ROM monitor commands and command syntax options.
SUMMARY STEPS
1.
?
or
help
2.
command -?
DETAILED STEPS
Step 1
Command or Action
Purpose
?
Displays a summary of all available ROM monitor
commands.
or
help
Example:
rommon 1 > ?
Example:
rommon 1 > help
Step 2
Displays syntax information for a ROM monitor command.
command -?
Example:
rommon 16 > display -?
Examples
This section provides the following examples:
•
Sample Output for the ? or help ROM Monitor Command, page 8
•
Sample Output for the xmodem -? ROM Monitor Command, page 9
Sample Output for the ? or help ROM Monitor Command
rommon 1 > ?
alias
boot
break
confreg
cont
context
cookie
dev
dir
dis
dnld
frame
help
set and display aliases command
boot up an external process
set/show/clear the breakpoint
configuration register utility
continue executing a downloaded image
display the context of a loaded image
display contents of cookie PROM in hex
list the device table
list files in file system
display instruction stream
serial download a program module
print out a selected stack frame
monitor builtin command help
Cisco 1800 Series Software Configuration Guide
8
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
history
iomemset
meminfo
repeat
reset
rommon-pref
set
showmon
stack
sync
sysret
tftpdnld
unalias
unset
xmodem
monitor command history
set IO memory percent
main memory information
repeat a monitor command
system reset
select ROMMON
display the monitor variables
display currently selected ROM monitor
produce a stack trace
write monitor environment to NVRAM
print out info from last system return
tftp image download
unset an alias
unset a monitor variable
x/ymodem image download
Sample Output for the xmodem -? ROM Monitor Command
rommon 11 > xmodem -?
xmodem: illegal option -- ?
usage: xmodem [-cyrx] destination filename
-c CRC-16
-y ymodem-batch protocol
-r copy image to dram for launch
-x do not launch on download completion
For more information about using Xmodem, see the Xmodem Console Download Procedure Using
ROMmon at the following URL:
http://www.cisco.com/warp/public/130/xmodem_generic.html
Displaying Files in a File System (dir)
To display a list of the files and directories in the file system, use the dir command, as shown in the
following example:
rommon 4 > dir flash:
program load complete, entry point: 0x8000f000, size: 0xcb80
Directory of flash:
3934
14871760 -rwc2800nm-ipbase-mz.124-3
7211
1447053
-rwC2800NM_RM2.srec
rommon 5 > dir usbflash1:
program load complete, entry point: 0x8000f000, size: 0x3d240
Directory of usbflash1:
2
14871760
-rw-
c2800nm-ipbase-mz.124-3
Loading a System Image (boot)
This section describes how to load a system image by using the boot ROM monitor command.
Prerequisites
Determine the filename and location of the system image that you want to load.
Cisco 1800 Series Software Configuration Guide
9
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
SUMMARY STEPS
1.
boot
or
boot flash:[filename]
or
boot filename tftpserver
or
boot [filename]
or
boot usbflash<x>:[filename]
DETAILED STEPS
Step 1
Command or Action
Purpose
boot
In order, the examples here direct the router to:
or
•
Boot the first image in flash memory.
boot flash:[filename]
•
Boot the first image or a specified image in flash
memory.
•
Boot the specified image over the network from the
specified TFTP server (hostname or IP address).
•
Boot from the boothelper image because it does not
recognize the device ID. This form of the command is
used to boot a specified image from a network (TFTP)
server.
•
Boot the image stored on the USB flash device.
or
boot filename tftpserver
or
boot [filename]
or
boot usbflash[x]:[filename]
Note
Example:
ROMMON > boot
Example:
ROMMON > boot flash:
Example:
ROMMON > boot someimage 172.16.30.40
Example:
ROMMON > boot someimage
Platforms can boot from USB in ROM monitor with
or without a compact flash device. It is not
necessary to use a bootloader image from the
compact flash device. Partitions, such as
usbflash0:2:image_name, are not supported on USB
flash drives. The boot usbflash<x>: command will
boot the first file on the device, if it is a valid image.
You can override the default boothelper image setting by
setting the BOOTLDR Monitor environment variable to
point to another image. Any system image can be used for
this purpose.
•
Options for the boot command are -x (load image but
do not execute) and -v (verbose).
Example:
ROMMON > boot usbflash0:someimage
Examples
The following example shows how to load boot flash memory and USB boot flash memory:
rommon 7 > boot flash:[filename]
Cisco 1800 Series Software Configuration Guide
10
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
program load complete, entry point: 0x8000f000, size: 0xcb80
program load complete, entry point: 0x8000f000, size: 0xe2eb30
Self decompressing the image :
##########################################################################################
############################################################### [OK]
Smart Init is enabled
Smart init is sizing iomem
ID
MEMORY_REQ
0003E9
0X003DA000
0X0014B430
0X000021B8
0X002C29F0
0X00211000
TOTAL:
0X009FAFD8
TYPE
Router Mainboard
DSP SIMM
Onboard USB
public buffer pools
public particle pools
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 10Mb.
Using 3 percent iomem. [10Mb/256Mb]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 22-Jul-05 11:37 by hqluong
Image text-base: 0x40098478, data-base: 0x41520000
Port Statistics for unclassified packets is not turned on.
Cisco Router (revision 48.46) with 251904K/10240K bytes of memory.
Processor board ID
2 Gigabit Ethernet interfaces
2 Serial(sync/async) interfaces
2 Channelized T1/PRI ports
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
253160K bytes of USB Flash usbflash1 (Read/Write)
127104K bytes of ATA CompactFlash (Read/Write)
Press RETURN to get started!
*Sep 23 16:11:42.603: %USB_HOST_STACK-6-USB_DEVICE_CONNECTED: A Full speed USB device has
been inserted in port 1.
Cisco 1800 Series Software Configuration Guide
11
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
*Sep 23 16:11:43.011: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Sep 23 16:11:43.383: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Sep 23 16:11:43.943: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*Sep 23 16:11:43.947: %LINK-3-UPDOWN: Interface Serial0/3/1, changed state to down
*Sep 23 16:11:43.955: %USBFLASH-5-CHANGE: usbflash1 has been inserted!
*Sep 23 16:11:44.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0,
changed state to up
*Sep 23 16:11:44.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1,
changed state to down
*Sep 23 16:11:44.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed
state to down
*Sep 23 16:11:44.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/1, changed
state to down
*Sep 23 16:11:46.115: %SYS-5-CONFIG_I: Configured from memory by console
*Sep 23 16:11:46.327: %SYS-5-RESTART: System restarted -Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 22-Jul-05 11:37 by hqluong
*Sep 23 16:11:46.331: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold
start
*Sep 23 16:11:46.539: %SYS-6-BOOTTIME: Time taken to reboot after reload = 605 seconds
*Sep 23 16:11:46.735: %CONTROLLER-5-UPDOWN: Controller T1 0/2/0, changed state to down
(LOS detected)
*Sep 23 16:11:46.735: %CONTROLLER-5-UPDOWN: Controller T1 0/2/1, changed state to down
(LOS detected)
*Sep 23 16:11:48.055: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to
administratively down
*Sep 23 16:11:48.067: %LINK-5-CHANGED: Interface Serial0/3/0, changed state to
administratively down
*Sep 23 16:11:48.079: %LINK-5-CHANGED: Interface Serial0/3/1, changed state to
administratively down
Router>
rommon 1 > boot usbflash1:image
program load complete, entry point: 0x8000f000, size: 0x3d240
program load complete, entry point: 0x8000f000, size: 0xe2eb30
Self decompressing the image :
##########################################################################################
############################################################### [OK]
Smart Init is enabled
Smart init is sizing iomem
ID
MEMORY_REQ
0003E9
0X003DA000
0X0014B430
0X000021B8
0X002C29F0
0X00211000
TOTAL:
0X009FAFD8
TYPE
Router Mainboard
DSP SIMM
Onboard USB
public buffer pools
public particle pools
If any of the above Memory Requirements are
"UNKNOWN", you may be using an unsupported
configuration or there is a software problem and
system operation may be compromised.
Rounded IOMEM up to: 10Mb.
Using 3 percent iomem. [10Mb/256Mb]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Cisco 1800 Series Software Configuration Guide
12
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 22-Jul-05 11:37 by hqluong
Image text-base: 0x40098478, data-base: 0x41520000
Port Statistics for unclassified packets is not turned on.
Cisco Router (revision 48.46) with 251904K/10240K bytes of memory.
Processor board ID
2 Gigabit Ethernet interfaces
2 Serial(sync/async) interfaces
2 Channelized T1/PRI ports
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
253160K bytes of USB Flash usbflash1 (Read/Write)
127104K bytes of ATA CompactFlash (Read/Write)
Press RETURN to get started!
*Sep 23 16:19:56.611: %USB_HOST_STACK-6-USB_DEVICE_CONNECTED: A Full speed USB device has
been inserted in port 1.
*Sep 23 16:19:57.015: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Sep 23 16:19:57.391: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Sep 23 16:19:57.951: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*Sep 23 16:19:57.955: %LINK-3-UPDOWN: Interface Serial0/3/1, changed state to down
*Sep 23 16:19:57.963: %USBFLASH-5-CHANGE: usbflash1 has been inserted!
*Sep 23 16:19:58.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0,
changed state to up
*Sep 23 16:19:58.391: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1,
changed state to down
*Sep 23 16:19:58.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed
state to down
*Sep 23 16:19:58.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/1, changed
state to down
*Sep 23 16:20:00.139: %SYS-5-CONFIG_I: Configured from memory by console
*Sep 23 16:20:00.351: %SYS-5-RESTART: System restarted -Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(3), RELEASE SOFTWARE
(fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Fri 22-Jul-05 11:37 by hqluong
*Sep 23 16:20:00.355: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold
start
*Sep 23 16:20:00.567: %SYS-6-BOOTTIME: Time taken to reboot after reload =
87 seconds
*Sep 23 16:20:00.763: %CONTROLLER-5-UPDOWN: Controller T1 0/2/0, changed state to down
(LOS detected)
*Sep 23 16:20:00.763: %CONTROLLER-5-UPDOWN: Controller T1 0/2/1, changed state to down
(LOS detected)
*Sep 23 16:20:02.083: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to
administratively down
Cisco 1800 Series Software Configuration Guide
13
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
*Sep 23 16:20:02.091: %LINK-5-CHANGED: Interface Serial0/3/0, changed state to
administratively down
*Sep 23 16:20:02.103: %LINK-5-CHANGED: Interface Serial0/3/1, changed state to
administratively down
Router>
What to Do Next
If you want to configure the router to load a specified image at the next system reload or power-cycle,
see the following documents:
•
“Booting Commands” chapter of the Cisco IOS Configuration Fundamentals Command Reference
•
Cisco IOS Configuration Fundamentals and Network Management Configuration Guide
Downloading Files over the Router Console Port (xmodem)
This section describes how to download a file over the router console port by using the Xmodem
Protocol. Use the console download function when you do not have access to a TFTP server but need to
download a system image or configuration file to the router. This procedure can also be used when there
are no TFTP servers or network connections, and a direct PC connection to the router console is the only
viable option.
For more information about using Xmodem, see the Xmodem Console Download Procedure Using
ROMmon at the following URL:
http://www.cisco.com/warp/public/130/xmodem_generic.html
Prerequisites
•
Download the file to your PC. Go to the Software Center at the following URL:
http://www.cisco.com/kobayashi/sw-center/index.shtml.
•
Connect your PC to the router console port and launch a terminal emulator program. To see
examples for how to perform this task for similar routers, see the Xmodem Console Download
Procedure Using ROMmon tech note.
•
If you use a PC to download a file over the router console port at 115,200 bps, make sure that the
PC serial port uses a 16550 universal asynchronous receiver/transmitter (UART).
•
If the PC serial port does not use a 16550 UART, we recommend using a speed equal to or lower
than 38,400 bps for downloading a file over the console port.
•
Transfer using the xmodem command works only on the console port.
•
You can only download files to the router. You cannot use the xmodem command to retrieve files
from the router.
•
Because the ROM monitor console download uses the console to perform the data transfer, error
messages are displayed on the console only after the data transfer is terminated. If an error occurs
during console download, the download is terminated, and an error message is displayed. If you
changed the baud rate from the default rate, the error message is followed by a message that tells
you to restore the terminal to the baud rate that is specified in the configuration register.
Restrictions
Cisco 1800 Series Software Configuration Guide
14
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
SUMMARY STEPS
1.
xmodem [-[c][y][r][x]] destination-file-name
DETAILED STEPS
Step 1
xmodem [-[c][y][r][x]] destination-file-name
Use this command to download a file over the console port using the ROM monitor. For example:
rommon > xmodem -c c2801-is-mz.122-10a.bin
See Table 1 for xmodem command syntax descriptions.
Table 1
xmodem Command Syntax Descriptions
Keyword or Argument
Description
-c
(Optional) Performs the download using 16-bit cyclic redundancy check
(CRC) error checking to validate packets. The default setting is 8-bit CRC.
-y
(Optional) Performs the download using Ymodem protocol. The default
setting is Xmodem protocol. The protocols differ as follows:
•
The Xmodem protocol supports a 128-block transfer size, whereas the
ymodem protocol supports a 1024-block transfer size.
•
The Ymodem protocol uses 16-bit CRC error checking to validate
each packet. Depending on the device that the software is being
downloaded from, the Xmodem protocol might not support this
function.
-r
(Optional) Image is loaded into DRAM for execution. The default setting
is to load the image into flash memory.
-x
(Optional) Image is loaded into DRAM without being executed.
destination-file-name
The name of the system image file or the system configuration file. For the
router to recognize it, the name of the configuration file must be
router_confg.
What to Do Next
If you want to configure the router to load a specified image at the next system reload or power-cycle,
see the following documents:
•
“Booting Commands” chapter of the Cisco IOS Configuration Fundamentals Command Reference
•
Cisco IOS Configuration Fundamentals and Network Management Configuration Guide
Cisco 1800 Series Software Configuration Guide
15
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Modifying the Configuration Register (confreg)
This section describes how to modify the configuration register by using the confreg ROM monitor
command. You can also modify the configuration register setting from the Cisco IOS command-line
interface (CLI) by using the config-register command in global configuration mode. For more
information on the config-register command in global configuration mode and on using the confreg
command in ROM monitor mode, see the Cisco IOS Configuration Fundamentals Command Reference.
Caution
Do not set the configuration register by using the config-register 0x0 command after setting the baud
rate. To set the configuration register without affecting the baud rate, use the the current configuration
register setting by entering the show ver | inc configuration command and then replacing the last
(rightmost) number with a 0 in the configuration register command.
Prerequisites
To learn about the configuration register and the function of each of the 16 bits, see the Changing the
Configuration Register Settings document.
Restrictions
The modified configuration register value is automatically written into NVRAM, but the new value does
not take effect until you reset or power-cycle the router.
SUMMARY STEPS
1.
confreg [value]
DETAILED STEPS
Step 1
Command or Action
Purpose
confreg [value]
Changes the configuration register settings while in ROM
monitor mode.
Example:
•
Optionally, enter the new hexadecimal value for the
configuration register. The value range is from 0x0 to
0xFFFF.
•
If you do not enter the value, the router prompts for
each bit of the 16-bit configuration register.
rommon > confreg 0x2102
Examples
In the following example, the configuration register is set to boot the system image from flash memory:
rommon 3 > confreg 0x2102
In the following example, no value is entered; therefore, the system prompts for each bit in the register:
rommon 7 > confreg
Cisco 1800 Series Software Configuration Guide
16
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Configuration Summary
enabled are:
console baud: 9600
boot: the ROM Monitor
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]: y
enable "use net in IP bcast address"? y/n [n]: y
enable "load rom after netboot fails"? y/n [n]: y
enable "use all zero broadcast"? y/n [n]: y
enable "break/abort has effect"? y/n [n]: y
enable "ignore system config info"? y/n [n]: y
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400 [0]: 0
change the boot characteristics? y/n [n]: y
enter to boot:
0 = ROM Monitor
1 = the boot helper image
2-15 = boot system
[0]: 0
Configuration Summary
enabled are:
diagnostic mode
console baud: 9600
boot: the ROM Monitor
rommon 8>
Obtaining Information on USB Flash Devices
This section describes how to obtain information on USB devices that are installed in the router. For
instructions on booting from a USB flash device, see the “Loading a System Image (boot)” section on
page 9.
SUMMARY STEPS
1.
dir usbflash [x]:
2.
dev
DETAILED STEPS
Step 1
Command or Action
Purpose
dir usbflash [x]:
Displays the contents of the USB flash device, including
directories, files, permissions, and sizes.
Example:
rommon > dir usbflash1:
Step 2
dev
Example:
•
0—USB flash device inserted in port 0
•
1—USB flash device inserted in port 1
Shows the targeted USB flash devices that are inserted in
the router and the valid device names that may or may not
be currently inserted.
ROMMON > dev
Cisco 1800 Series Software Configuration Guide
17
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Examples
Sample Output for the dir usbFlash Command
rommon > dir usbflash0:
Directory of usbflash0:
2
18978364
-rw-
c3845-entbasek9-mz.124-0.5
Sample Output for the dev ROM Monitor Command
rommon 2 > dev
Devices in device table:
id
name
flash: compact flash
bootflash: boot flash
usbflash0: usbflash0
usbflash1: usbflash1
eprom: eprom
Modifying the I/O Memory (iomemset)
This section describes how to modify the I/O memory by using the memory-size iomemset command.
Note
Use the iomemset command only if it is needed for temporarily setting the I/O memory from ROM
monitor mode. Using this command improperly can adversely affect the functioning of the router.
The Cisco IOS software can override the I/O memory percentage if the memory-size iomem command
is set in the NVRAM configuration. If the Cisco IOS command is present in the NVRAM configuration,
the I/O memory percentage set in the ROM monitor with the iomemset command is used only the first
time the router is booted up. Subsequent reloads use the I/O memory percentage set by using the
memory-size iomem command that is saved in the NVRAM configuration.
If you need to set the router I/O memory permanently by using a manual method, use the memory-size
iomem Cisco IOS command. If you set the I/O memory from the Cisco IOS software, you must restart
the router for I/O memory to be set properly.
SUMMARY STEPS
1.
iomemset i/o-memory percentage
DETAILED STEPS
Command or Action
Step 1
iomemset i/o-memory percentage
Example:
rommon> iomemset 15
Cisco 1800 Series Software Configuration Guide
18
Purpose
•
Reallocates the percentage of DRAM used for I/O
memory and processor memory.
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Examples
In the following example, the percentage of DRAM used for I/O memory is set to 15:
rommon
usage:
rommon
rommon
2 > iomemset
iomemset [smartinit | 5 | 10 | 15 | 20 | 25 | 30 | 40 | 50 ]
3 >
3 > iomemset 15
Invoking this command will change the io memory percent
*****WARNING:IOS may not keep this value*****
Do you wish to continue? y/n: [n]: y
rommon 4 > meminfo
------------------------------------------------Current Memory configuration is:
Onboard SDRAM: Size = 128 MB : Start Addr = 0x10000000
-----Bank 0 128 MB
-----Bank 1
0 MB
Dimm 0: Size = 256 MB : Start Addr = 0x00000000
-----Bank 0 128 MB
-----Bank 1 128 MB
------------------------------------------------Main memory size: 384 MB in 64 bit mode.
Available main memory starts at 0xa0015000, size 393132KB
IO (packet) memory size: 10 percent of main memory.
NVRAM size: 191KB
Recovering the System Image (tftpdnld)
This section describes how to download a Cisco IOS software image from a remote TFTP server to the
router flash memory by using the tftpdnld command in ROM monitor mode.
Caution
Use the tftpdnld command only for disaster recovery because it can erase all existing data in flash
memory before it downloads a new software image to the router.
Before you can enter the tftpdnld command, you must set the ROM monitor environment variables.
Prerequisites
Connect the TFTP server to a fixed network port on your router.
Restrictions
•
LAN ports on network modules or interface cards are not active in ROM monitor mode. Therefore,
only a fixed port on your router can be used for TFTP download. This can be a fixed Ethernet port
on the router, that is either of the two Gigabit Ethernet ports on Cisco routers with those ports.
•
You can only download files to the router. You cannot use the tftpdnld command to retrieve files
from the router.
1.
IP_ADDRESS=ip_address
SUMMARY STEPS
Cisco 1800 Series Software Configuration Guide
19
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
2.
IP_SUBNET_MASK=ip_address
3.
DEFAULT_GATEWAY=ip_address
4.
TFTP_SERVER=ip_address
5.
TFTP_FILE=[directory-path/]filename
6.
FE_PORT=[0 | 1]
7.
FE_SPEED_MODE=[0 | 1 | 2 | 3 | 4 | 5]
8.
GE_PORT=[0 | 1]
9.
GE_SPEED_MODE=[0 | 1 | 2 | 3 | 4 | 5]
10. MEDIA_TYPE=[0 | 1]
11. TFTP_CHECKSUM=[0 | 1]
12. TFTP_DESTINATION=[flash: | usbflash0: | usbflash1:]
13. TFTP_MACADDR=MAC_address
14. TFTP_RETRY_COUNT=retry_times
15. TFTP_TIMEOUT=time
16. TFTP_VERBOSE=setting
17. set
18. tftpdnld [-hr]
19. y
DETAILED STEPS
Step 1
Command or Action
Purpose
IP_ADDRESS=ip_address
Sets the IP address of the router.
Example:
rommon > IP_ADDRESS=172.16.23.32
Step 2
IP_SUBNET_MASK=ip_address
Sets the subnet mask of the router.
Example:
rommon > IP_SUBNET_MASK=255.255.255.224
Step 3
DEFAULT_GATEWAY=ip_address
Sets the default gateway of the router.
Example:
rommon > DEFAULT_GATEWAY=172.16.23.40
Step 4
TFTP_SERVER=ip_address
Example:
rommon > TFTP_SERVER=172.16.23.33
Cisco 1800 Series Software Configuration Guide
20
Sets the TFTP server from which the software will be
downloaded.
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Step 5
Command or Action
Purpose
TFTP_FILE=[directory-path/]filename
Sets the name and location of the file that will be
downloaded to the router.
Example:
rommon > TFTP_FILE=archive/rel22/c2801-i-mz
Step 6
FE_PORT=[0 | 1]
(Optional) Sets the input port to use one of the Fast Ethernet
ports.
Example:
rommon > FE_PORT=0
Step 7
FE_SPEED_MODE=[0 | 1 | 2 | 3 | 4]
Example:
rommon > FE_SPEED_MODE=3
Step 8
GE_PORT=[0 | 1]
Example:
(Optional) Sets the Fast Ethernet port speed mode, with
these options:
•
0—10 Mbps, half-duplex
•
1—10 Mbps, full-duplex
•
2—100 Mbps, half-duplex
•
3—100 Mbps, full-duplex
•
4—Automatic selection (default)
(Optional) Sets the input port to use one of the Gigabit
Ethernet ports (not available on Cisco 1800 series routers,
Cisco 2801 routers, or Cisco 2811 routers).
rommon > GE_PORT=0
Step 9
GE_SPEED_MODE=[0 | 1 | 2 | 3 | 4 | 5]
Example:
rommon > GE_SPEED_MODE=3
(Optional) Sets the Gigabit Ethernet port speed mode, with
these options:
•
0—10 Mbps, half-duplex
•
1—10 Mbps, full-duplex
•
2—100 Mbps, half-duplex
•
3—100 Mbps, full-duplex
•
4—1 Gbps, full-duplex
•
5—Automatic selection (default)
(This option is not available on Cisco 1800 series routers,
Cisco 2801 routers, or Cisco 2811 routers.)
Step 10
MEDIA_TYPE=[0 | 1]
Example:
rommon > MEDIA_TYPE=1
Step 11
TFTP_CHECKSUM=[0 | 1]
Example:
rommon > TFTP_CHECKSUM=0
(Optional) Sets the Gigabit Ethernet connection media type,
RJ-45 (0) or SFP (1). Small form-factor pluggable (SFP)
mode is applicable only if GE_PORT=0 (gig 0/0); RJ-45
mode is available on both gig 0/0 and gig 0/1 (GE_PORT =
0 or 1). (This option is not available on Cisco 1800 series
routers, Cisco 2801 routers, or Cisco 2811 routers.)
(Optional) Determines whether the router performs a
checksum test on the downloaded image.
•
1—Checksum test is performed (default).
•
0—No checksum test is performed.
Cisco 1800 Series Software Configuration Guide
21
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Step 12
Command or Action
Purpose
TFTP_DESTINATION=[flash: | usbflash0: |
usbflash1:]
(Optional) Designates the targeted flash device as compact
flash or USB flash.
Example:
rommon > TFTP_DESTINATION=usbflash0:
Step 13
TFTP_MACADDR=MAC_address
•
flash:—Compact flash device (default).
•
usbflash0:—USB flash device inserted in port 0
•
usbflash1:—USB flash device inserted in port 1
(Optional) Sets the Media Access Controller (MAC)
address for this router.
Example:
rommon > TFTP_MACADDR=000e.8335.f360
Step 14
TFTP_RETRY_COUNT=retry_times
Example:
(Optional) Sets the number of times that the router attempts
Address Resolution Protocol (ARP) and TFTP download.
The default is 7.
rommon > TFTP_RETRY_COUNT=10
Step 15
TFTP_TIMEOUT=time
Example:
(Optional) Sets the amount of time, in seconds, before the
download process times out. The default is 2400 seconds
(40 minutes).
TFTP_TIMEOUT=1800
Step 16
TFTP_VERBOSE=setting
Example:
rommon > TFTP_VERBOSE=2
(Optional) Configures how the router displays file
download progress, with these options:
•
0—No progress is displayed.
•
1—Exclamation points (!!!) are displayed to indicate
file download progress. This is the default setting.
•
2—Detailed progress is displayed during the file
download process; for example:
Initializing interface.
Interface link state up.
ARPing for 1.4.0.1
ARP reply for 1.4.0.1 received.
MAC address 00:00:0c:07:ac:01
Step 17
set
Example:
rommon > set
Cisco 1800 Series Software Configuration Guide
22
Displays the ROM monitor environment variables. Verify
that you correctly configured the ROM monitor
environment variables.
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Step 18
Command or Action
Purpose
tftpdnld [-h] [-r]
Downloads the system image specified by the ROM monitor
environment variables.
Example:
rommon > tftpdnld
Step 19
•
Entering -h displays command syntax help text.
•
Entering -r downloads and boots the new software but
does not save the software to flash memory.
•
Using no option (that is, using neither -h nor -r)
downloads the specified image and saves it in flash
memory.
Confirms that you want to continue with the TFTP
download.
y
Example:
Do you wish to continue? y/n:
[n]:
y
Examples
Sample Output for Recovering the System Image (tftpdnld)
rommon
rommon
rommon
rommon
rommon
rommon
16
17
18
19
20
21
>
>
>
>
>
>
IP_ADDRESS=171.68.171.0
IP_SUBNET_MASK=255.255.254.0
DEFAULT_GATEWAY=171.68.170.3
TFTP_SERVER=171.69.1.129
TFTP_FILE=c2801-is-mz.113-2.0.3.Q
tftpdnld
IP_ADDRESS:
IP_SUBNET_MASK:
DEFAULT_GATEWAY:
TFTP_SERVER:
TFTP_FILE:
171.68.171.0
255.255.254.0
171.68.170.3
171.69.1.129
c2801-is-mz.113-2.0.3.Q
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y
Receiving c2801-is-mz.113-2.0.3.Q from 171.69.1.129 !!!!!.!!!!!!!!!!!!!!!!!!!.!!
File reception completed.
Copying file c2801-is-mz.113-2.0.3.Q to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000
rommon 22 >
Sample Output for the set ROM Monitor Command
rommon 3 > set
PS1=rommon ! >
IP_ADDRESS=172.18.16.76
IP_SUBNET_MASK=255.255.255.192
DEFAULT_GATEWAY=172.18.16.65
TFTP_SERVER=172.18.16.2
TFTP_FILE=anyname/rel22_Jan_16/c2801-i-mz
Cisco 1800 Series Software Configuration Guide
23
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
What to Do Next
If you want to configure the router to load a specified image at the next system reload or power-cycle,
see the following documents:
•
“Booting Commands” chapter of the Cisco IOS Configuration Fundamentals Command Reference
•
Cisco IOS Configuration Fundamentals and Network Management Configuration Guide
Troubleshooting Crashes and Hangs (stack, context, frame, sysret, meminfo)
This section lists and describes some ROM monitor commands that can be used to troubleshoot router
crashes and hangs.
Most ROM monitor debug commands are functional only when the router crashes or hangs. If you enter
a debug command when crash information is not available, the following error message appears:
"xxx: kernel context state is invalid, can not proceed."
The ROM monitor commands in this section are all optional and can be entered in any order.
Router Crashes
A router or system crash is a situation in which the system detects an unrecoverable error and restarts
itself. The errors that cause crashes are typically detected by processor hardware, which automatically
branches to special error-handling code in the ROM monitor. The ROM monitor identifies the error,
prints a message, saves information about the failure, and restarts the system. For detailed information
about troubleshooting crashes, see the Troubleshooting Router Crashes and Understanding
Software-forced Crashes tech notes.
Router Hangs
A router or system hang is a situation in which the system does not respond to input at the console port
or to queries sent from the network, such as Telnet and Simple Network Management Protocol (SNMP).
Router hangs occur when:
•
The console does not respond
•
Traffic does not pass through the router
Router hangs are discussed in detail in the Troubleshooting Router Hangs tech note.
ROM Monitor Console Communication Failure
Under certain misconfiguration situations, it can be impossible to establish a console connection with
the router due to a speed mismatch or other incompatibility. The most obvious symptom is erroneous
characters in the console display.
If a ROM monitor failure of this type occurs, you may need to change a jumper setting on the
motherboard so that the router can boot for troubleshooting. Procedures for accessing the motherboard
and jumper locations are described in the installation of internal components section of the hardware
installation document for your router.
The jumper to be changed is DUART DFLT, which sets the console connection data rate to 9600
regardless of user configuration. The jumper forces the data rate to a known good value.
Cisco 1800 Series Software Configuration Guide
24
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Restrictions
Do not manually reload or power-cycle the router unless reloading or power cycling is required for
troubleshooting a router crash. The system reload or power-cycle can cause important information to be
lost that is needed for determining the root cause of the problem.
SUMMARY STEPS
1.
stack
or
k
2.
context
3.
frame [number]
4.
sysret
5.
meminfo
DETAILED STEPS
Step 1
Command or Action
Purpose
stack
(Optional) Obtains a stack trace.
or
•
k
For detailed information on how to effectively use this
command in ROM monitor mode, see the
Troubleshooting Router Hangs tech note.
Example:
rommon > stack
Step 2
context
(Optional) Displays the CPU context at the time of the fault.
•
Example:
If it is available, the context from kernel mode and
process mode of a loaded image is displayed.
rommon > context
Step 3
frame [number]
(Optional) Displays an entire individual stack frame.
•
The default is 0 (zero), which is the most recent frame.
Example:
rommon > frame 4
Cisco 1800 Series Software Configuration Guide
25
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Step 4
Command or Action
Purpose
sysret
(Optional) Displays return information from the last booted
system image.
•
Example:
rommon > sysret
Step 5
The return information includes the reason for
terminating the image, a stack dump of up to eight
frames, and, if an exception is involved, the address at
which the exception occurred.
(Optional) Displays memory information, including:
meminfo [-l]
•
Main memory size, starting address, and available
range
•
Packet memory size
•
NVRAM size
Example:
rommon > meminfo
Alternatively, using the meminfo -l command provides
information on supported DRAM configurations for the
router.
Examples
This section provides the following examples:
•
Sample Output for the stack ROM Monitor Command, page 26
•
Sample Output for the context ROM Monitor Command, page 26
•
Sample Output for the frame ROM Monitor Command, page 27
•
Sample Output for the sysret ROM Monitor Command, page 28
•
Sample Output for the meminfo ROM Monitor Command, page 28
Sample Output for the stack ROM Monitor Command
rommon 6> stack
Kernel Level Stack Trace:
Initial SP = 0x642190b8, Initial PC = 0x607a0d44, RA = 0x61d839f8
Frame 0 : FP= 0x642190b8, PC= 0x607a0d44,
0 bytes
Frame 1 : FP= 0x642190b8, PC= 0x61d839f8, 24 bytes
Frame 2 : FP= 0x642190d0, PC= 0x6079b6c4, 40 bytes
Frame 3 : FP= 0x642190f8, PC= 0x6079ff70, 32 bytes
Frame 4 : FP= 0x64219118, PC= 0x6079eaec,
0 bytes
Process
Initial
Frame 0
Frame 1
Frame 2
Frame 3
Frame 4
Level Stack Trace:
SP = 0x64049cb0, Initial PC = 0x60e3b7f4, RA = 0x60e36fa8
: FP= 0x64049cb0, PC= 0x60e3b7f4, 24 bytes
: FP= 0x64049cc8, PC= 0x60e36fa8, 24 bytes
: FP= 0x64049ce0, PC= 0x607a5800, 432 bytes
: FP= 0x64049e90, PC= 0x607a8988, 56 bytes
: FP= 0x64049ec8, PC= 0x64049f14,
0 bytes
Sample Output for the context ROM Monitor Command
rommon 7> context
Kernel Level Context:
Reg
MSW
LSW
Cisco 1800 Series Software Configuration Guide
26
| Reg
MSW
LSW
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
-----zero
AT
v0
v1
a0
a1
a2
a3
t0
t1
t2
t3
t4
t5
t6
t7
HI
EPC
Stat
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
---------- ---------- | ----00000000
00000000 | s0
00000000
24100000 | s1
00000000
00000003 | s2
00000000
00000000 | s3
00000000
0000002b | s4
00000000
00000003 | s5
00000000
00000000 | s6
00000000
64219118 | s7
00000000
00070808 | t8
00000000
00000000 | t9
00000000
63e10000 | k0
00000000
34018001 | k1
ffffffff
ffff80fd | gp
ffffffff
fffffffe | sp
00000000
3401ff02 | s8
00000000
6408d464 | ra
ffffffff
e57fce22 | LO
00000000
607a0d44 | ErrPC
34018002
| Cause
Process Level Context:
Reg
MSW
LSW
------ ---------- ---------zero
: 00000000
00000000
AT
: 00000000
63e10000
v0
: 00000000
00000000
v1
: 00000000
00000440
a0
: 00000000
00000000
a1
: 00000000
00070804
a2
: 00000000
00000000
a3
: 00000000
00000000
t0
: 00000000
00000000
t1
: 00000000
64928378
t2
: 00000000
00000001
t3
: ffffffff
ffff00ff
t4
: 00000000
6079eee0
t5
: 00000000
00000001
t6
: 00000000
00000000
t7
: 00000000
6408d464
HI
: ffffffff
e57fce22
EPC
: 00000000
60e3b7f4
Stat
: 3401ff03
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reg
----s0
s1
s2
s3
s4
s5
s6
s7
t8
t9
k0
k1
gp
sp
s8
ra
LO
ErrPC
Cause
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
---------- ---------00000000
34018001
00000000
00000001
00000000
00000003
00000000
00000000
00000000
64219118
00000000
62ad0000
00000000
63e10000
00000000
63e10000
ffffffff
e7400884
00000000
00000000
00000000
00000000
00000000
63ab871c
00000000
63c1c2d8
00000000
642190b8
00000000
6429274c
00000000
61d839f8
ffffffff
ea545255
ffffffff
bfc05f2c
00000020
MSW
LSW
---------- ---------: 00000000
6401a6f4
: 00000000
00000000
: 00000000
64049cf0
: 00000000
63360000
: 00000000
63360000
: 00000000
62ad0000
: 00000000
63e10000
: 00000000
63e10000
: ffffffff
e7400884
: 00000000
00000000
: 00000000
644822e8
: 00000000
61d86d84
: 00000000
63c1c2d8
: 00000000
64049cb0
: 00000000
6429274c
: 00000000
60e36fa8
: ffffffff
ea545255
: ffffffff
ffffffff
: ffffffff
Sample Output for the frame ROM Monitor Command
rommon 6 > frame 2
Stack Frame
[0x642190d0
[0x642190d4
[0x642190d8
[0x642190dc
[0x642190e0
[0x642190e4
[0x642190e8
[0x642190ec
[0x642190f0
[0x642190f4
2, SP = 0x642190d0, Size = 40 bytes
: sp + 0x000] = 0xffffffff
: sp + 0x004] = 0xbfc05f2c
: sp + 0x008] = 0xffffffff
: sp + 0x00c] = 0xffffffff
: sp + 0x010] = 0x6401a6f4
: sp + 0x014] = 0x00000000
: sp + 0x018] = 0x64049cf0
: sp + 0x01c] = 0x63360000
: sp + 0x020] = 0x63360000
: sp + 0x024] = 0x6079ff70
Cisco 1800 Series Software Configuration Guide
27
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Sample Output for the sysret ROM Monitor Command
rommon 8> sysret
System Return Info:
count: 19, reason: user break
pc:0x801111b0, error address: 0x801111b0
Stack Trace:
FP: 0x80005ea8, PC: 0x801111b0
FP: 0x80005eb4, PC: 0x80113694
FP: 0x80005f74, PC: 0x8010eb44
FP: 0x80005f9c, PC: 0x80008118
FP: 0x80005fac, PC: 0x80008064
FP: 0x80005fc4, PC: 0xfff03d70
FP: 0x80005ffc, PC: 0x00000000
FP: 0x00000000, PC: 0x00000000
Sample Output for the meminfo ROM Monitor Command
rommon 3> meminfo
------------------------------------------------Current Memory configuration is:
Onboard SDRAM: Size = 128 MB : Start Addr = 0x10000000
-----Bank 0 128 MB
-----Bank 1
0 MB
Dimm 0: Size = 256 MB : Start Addr = 0x00000000
-----Bank 0 128 MB
-----Bank 1 128 MB
------------------------------------------------Main memory size: 384 MB in 64 bit mode.
Available main memory starts at 0xa0015000, size 393132KB
IO (packet) memory size: 10 percent of main memory.
NVRAM size: 191KB
You can also use the meminfo -l command to show the supported DRAM configurations for the router.
The following is sample output for the command:
rommon 4 > meminfo -l
The following 64 bit memory configs are supported:
------------------------------------------------Onboard SDRAM
DIMM SOCKET 0
TOTAL MEMORY
Bank 0 Bank1
Bank 0 Bank 1
-----------------------------------128 MB
0 MB
0 MB
0 MB
128 MB
128 MB
0 MB
64 MB
0 MB
192 MB
128 MB
0 MB
64 MB 64 MB
256 MB
128 MB
0 MB
128 MB
0 MB
256 MB
128 MB
0 MB
128 MB 128 MB
384 MB
128 MB
0 MB
256 MB
0 MB
384 MB
Troubleshooting Tips
See the following tech notes:
•
Troubleshooting Router Crashes
•
Understanding Software-forced Crashes
•
Troubleshooting Router Hangs
Cisco 1800 Series Software Configuration Guide
28
Using the ROM Monitor
How to Use the ROM Monitor—Typical Tasks
Exiting ROM Monitor Mode
This section describes how to exit ROM monitor mode and enter the Cisco IOS command-line interface
(CLI). The method that you use to exit ROM monitor mode depends on how your router entered ROM
monitor mode:
•
If you reload the router and enter the Break key sequence to enter ROM monitor mode when the
router would otherwise have booted the system image, you can exit ROM monitor mode by doing
either of the following:
– Enter the i command or the reset command, which restarts the booting process and loads the
system image.
– Enter the cont command, which continues the booting process and loads the system image.
•
If your router entered ROM monitor mode because it could not locate and load the system image,
perform the steps in the following procedure.
1.
dir flash: [directory]
2.
boot flash: [directory] [filename]
or
boot filename tftpserver
or
boot [filename]
SUMMARY STEPS
DETAILED STEPS
Step 1
Command or Action
Purpose
dir flash:[directory]
Displays a list of the files and directories in flash memory.
•
Locate the system image that you want the router to
load.
•
If the system image is not in flash memory, use the
second or third option in Step 2.
Example:
rommon > dir flash:
Step 2
boot flash:[directory] [filename]
or
In order, the examples here direct the router to:
•
Boot the first image or a specified image in flash
memory.
•
Boot the specified image over the network from the
specified TFTP server (hostname or IP address).
•
Boot from the boothelper image because it does not
recognize the device ID. This form of the command is
used to netboot a specified image.
boot filename tftpserver
or
boot [filename]
Example:
You can override the default boothelper image setting
by setting the BOOTLDR Monitor environment
variable to point to another image. Any system image
can be used for this purpose.
ROMMON > boot flash:myimage
Example:
ROMMON > boot someimage 172.16.30.40
Note
Example:
Options to the boot command are -x (load image but
do not execute) and -v (verbose).
ROMMON > boot
Cisco 1800 Series Software Configuration Guide
29
Using the ROM Monitor
Additional References
Examples
Sample Output for the dir flash: Command in ROM Monitor mode
rommon > dir flash:
File size
2229799 bytes (0x220627)
Checksum
0x469e
File name
c2801-j-m2.113-4T
What to Do Next
Now that you have a system image running on your router, configure the router to load the correct image
at the next system reload or power-cycle. See the following documents:
•
“Booting Commands” chapter of the Cisco IOS Configuration Fundamentals Command Reference
•
Cisco IOS Configuration Fundamentals and Network Management Configuration Guide
Additional References
The following sections provide references related to using the ROM monitor.
Related Documents
Related Topic
Document Title
Connecting your PC to the router console port
•
Quick start guide for your router
•
Hardware installation guide for your router
Break key sequence combinations for entering ROM
Standard Break Key Sequence Combinations During Password
monitor mode within the first 60 seconds of rebooting Recovery
the router
Upgrading the ROM monitor
ROM Monitor Download Procedures for Cisco 2691, Cisco, 3631,
Cisco 3725, and Cisco 3745 Routers
Note
These procedures also apply to Cisco 1841 series,
Cisco 2800 series, and Cisco 3800 series routers.
Using the boot image (Rx-boot) to recover or upgrade How to Upgrade from ROMmon Using the Boot Image
the system image
Booting and configuration register commands
Cisco IOS Configuration Fundamentals Command Reference
Loading and maintaining system images; rebooting
Cisco IOS Configuration Fundamentals and Network Management
Configuration Guide
Choosing and downloading system images
Software Center at
http://www.cisco.com/kobayashi/sw-center/index.shtml
Console download (xmodem)
Cisco 1800 Series Software Configuration Guide
30
Xmodem Console Download Procedure Using ROMmon
Using the ROM Monitor
Additional References
Related Topic
Document Title
Router crashes
Troubleshooting Router Crashes
Understanding Software-forced Crashes
Router hangs
Troubleshooting Router Hangs
Technical Assistance
Description
Link
Technical Assistance Center (TAC) home page,
containing 30,000 pages of searchable technical
content, including links to products, technologies,
solutions, technical tips, and tools. Registered
Cisco.com users can log in from this page to access
even more content.1
http://www.cisco.com/public/support/tac/home.shtml
1. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog
box and follow the instructions that appear.
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and
figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and
coincidental.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
31
Using the ROM Monitor
Additional References
Cisco 1800 Series Software Configuration Guide
32
Using CompactFlash Memory Cards
Cisco 3800 series routers, Cisco 2800 series routers, and Cisco 1800 series routers use external
CompactFlash (CF) memory cards to store the system image, some software feature data, and
configuration files. The CF memory cards use the following file systems. The file system that is
supported depends on router model:
•
Class B flash file system, also known as the low-end file system (LEFS)
•
Class C flash file system, similar to the standard DOS file system
This document contains the following sections:
•
Platforms Supported by This Document, page 1
•
Requirements and Restrictions, page 2
•
Online Insertion and Removal, page 2
•
How to Format CompactFlash Memory Cards, page 4
•
File Operations on CompactFlash Memory Cards, page 6
•
Directory Operations on a CompactFlash Memory Card, page 9
Platforms Supported by This Document
Use this document with the following platforms:
•
Cisco 1800 series routers
•
Cisco 2800 series routers
•
Cisco 3800 series routers
Cisco Systems, Inc.
www.cisco.com
Using CompactFlash Memory Cards
Requirements and Restrictions
Requirements and Restrictions
•
Cisco 3800 series routers, Cisco 2800 series routers, and Cisco 1800 series routers do not support
internal flash memory. Because the system image can be stored only on a CF memory card, you need
to have a CF memory card installed to boot the system image.
•
We recommend that you erase (Class B) or format (Class C) new CF memory cards to initialize them
with either a Class B or Class C flash file system. This ensures proper formatting and enables the
ROM monitor to recognize and boot the flash memory.
•
Only CF memory cards purchased from Cisco are supported on these platforms.
Cisco 1800 Series Routers and Cisco 2801 Routers
•
Support only the Class C flash file system.
•
Support only external CF memory cards.
•
The CF memory card file system can be formatted on a Cisco 1800 series router or Cisco 2801
router. After the file system has been formatted, files on the CF memory card can be copied to or
from any PC that is equipped with a CF memory reader. If you use a PC to format the CF memory
card, use only the Microsoft 16-bit File Allocation Table (FAT16) file system.
Cisco 3800 Series Routers and Cisco 2800 Series Routers (Except for Cisco 2801 Routers)
Note
•
Support Class B and Class C flash file systems.
•
Support only external CF memory cards.
•
If you use a PC to format the CF memory cards, you can format the cards with the Microsoft 16-bit
File Allocation Table (FAT16), Microsoft 32-bit File Allocation Table (FAT32), or Microsoft
Windows NT file system (NTFS). Alternatively, you can format the CF memory card on the router.
When formatted on the router, flash memory cards are formatted with the DOSFS file system, a
platform-independent industry-standard file system that is supported on all Cisco 3800 series routers,
Cisco 2800 series routers, and Cisco 1800 series routers.
Online Insertion and Removal
Online insertion and removal (OIR) is a feature that allows you to replace CF memory cards without
turning off the router and without affecting the operation of other interfaces. OIR of CF memory cards
provides uninterrupted operation to network users, maintains routing information, and ensures session
preservation.
Caution
The external CF memory card should not be removed if the flash memory busy “CF” LED on the router
is ON, because this indicates that the software is accessing the CF memory card. Removing the CF
memory card may disrupt the network, because some software features use the CF memory card to store
tables and other important data.
For instructions on inserting, removing, and replacing the external CF memory card, see the hardware
installation documentation that came with your router.
Cisco 1800 Series Software Configuration Guide
2
Using CompactFlash Memory Cards
Online Insertion and Removal
Steps to perform online removal, insertion, and replacement of a compact Flash memory card will be included
in the next draft.
Cisco 1800 Series Software Configuration Guide
3
Using CompactFlash Memory Cards
How to Format CompactFlash Memory Cards
How to Format CompactFlash Memory Cards
This section contains the following procedures:
•
Determining the File System on a CompactFlash Memory Card, page 4
•
Formatting CompactFlash Memory as a Class B Flash File System, page 5
•
Formatting CompactFlash Memory as a Class C File System, page 5
Determining the File System on a CompactFlash Memory Card
To determine the file system of a CF memory card, enter the show flash: all command in privileged
EXEC mode.
•
If geometry and format information does not appear in the output, the card is formatted with a
Class B flash file system.
•
If geometry and format information appears in the output, the card is formatted with a Class C flash
file system.
The following examples show sample outputs for Class B and Class C flash file systems.
External Card with Class B Flash File System: Example
The geometry and format information does not appear.
Router# show flash: all
Partition
Mode
1
Direct
Size
125184K
Used
Free
20390K
104793K
Bank-Size
State
0K
Read/Write
System Compact Flash directory:
File Length
Name/status
addr
fcksum ccksum
1
6658376 c28xx-i-mz
0x40
0xE0FF 0xE0FF
2
14221136 c2800-telcoent-mz
0x6599C8 0x5C3D 0x5C3D
[20879640 bytes used, 107308776 available, 128188416 total]
125184K bytes of ATA System Compact Flash (Read/Write)
Chip information NOT available.
External Card with Class C Flash File System: Example
The geometry and format information is displayed in this format.
Router# show flash: all
-#- --length-- -----date/time------ path
1
6658376 Mar 01 2004 04:27:46 c28xx-i-mz
25268224 bytes available (6664192 bytes used)
******** ATA Flash Card Geometry/Format Info ********
Cisco 1800 Series Software Configuration Guide
4
Copy
Using CompactFlash Memory Cards
How to Format CompactFlash Memory Cards
ATA CARD GEOMETRY
Number of Heads:
Number of Cylinders
Sectors per Cylinder
Sector Size
Total Sectors
ATA CARD FORMAT
Number of FAT Sectors
Sectors Per Cluster
Number of Clusters
Number of Data Sectors
Base Root Sector
Base FAT Sector
Base Data Sector
4
490
32
512
62720
31
8
7796
62560
155
93
187
Formatting CompactFlash Memory as a Class B Flash File System
Use the erase flash: command in privileged EXEC mode to
•
Format CF memory cards with a Class B flash file system
•
Remove the files from a CF memory card previously formatted with a Class B flash file system
Formatting CompactFlash Memory as a Class B Flash File System: Example
Router# erase flash:
Erasing the flash filesystem will remove all files! Continue? [confirm]
Current DOS File System flash card in flash: will be formatted into Low
End File System flash card! Continue? [confirm]
Erasing device...
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
...erased
Erase of flash: complete
Formatting CompactFlash Memory as a Class C File System
Use the format flash: command in privileged EXEC mode to:
•
Format CF memory cards with a Class C flash file system
•
Remove the files from a CF memory card previously formatted with a Class C flash file system
Formatting CompactFlash Memory as a Class C Flash File System: Example
Router# format flash:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "flash:". Continue? [confirm]
Enter volume ID (up to 64 chars)[default flash]:
Current Low End File System flash card in flash will be formatted into DOS
File System flash card! Continue? [confirm]
Format:Drive communication & 1st Sector Write OK...
Writing Monlib sectors ..................................................................
Monlib write complete
Cisco 1800 Series Software Configuration Guide
5
Using CompactFlash Memory Cards
File Operations on CompactFlash Memory Cards
Format:All system sectors written. OK...
Format:Total sectors in formatted partition:250592
Format:Total bytes in formatted partition:128303104
Format:Operation completed successfully.
Format of flash complete
File Operations on CompactFlash Memory Cards
File and directory operations vary according to the formatted file system—Class B or Class C.
Reviewers, please identify differences in file operations for Class B and Class C file systems.
This section describes the following file operations for external CF memory cards:
•
Copying Files, page 6
•
Displaying Files, page 6
•
Displaying File Content, page 7
•
Displaying Geometry and Format Information (Class C Only), page 7
•
Deleting Files, page 8
•
Renaming Files, page 9
Copying Files
To copy files, enter the copy command in privileged EXEC mode. To indicate a file that is stored in a
CF memory card, precede the filename with flash:.
Examples: Copying Files
In the following example, the file my-config1 on the CF memory card is copied into the startup-config
file in the system memory:
Router# copy flash:my-config1 startup-config
Destination filename [startup-config]?
[OK]
517 bytes copied in 4.188 secs (129 bytes/sec)
In the following example, the file my-config2 on the CF memory card is copied into the running-config
file in the system memory:
Router# copy flash:my-config2 running-config
Destination filename [running-config]?
709 bytes copied in 0.72 secs
Reviewers, are the previous examples representative of typical customer uses of the copy
command? If not, can you send me some example to add to these or to replace them with? For
example, should we include an example with the /erase keyword?
Displaying Files
To display a list of files on a CF memory card, enter the dir flash: command in privileged EXEC mode:
Cisco 1800 Series Software Configuration Guide
6
Using CompactFlash Memory Cards
File Operations on CompactFlash Memory Cards
Router# dir flash:
Directory of flash:/
1580 -rw6462268
Mar 06 2004 06:14:02
3 -rw6458388
Mar 01 2004 00:01:24
63930368 bytes total (51007488 bytes free)
c28xx-i-mz.3600ata
c28xx-i-mz
Displaying File Content
To display the content of a file that is stored in flash memory, enter the more flash: command in
privileged EXEC mode:
Router# more flash:c28xx-i-mz
00000000: 7F454C46
00000010: 00020061
00000020: 00000054
00000030: 00050008
00000040: 80008000
00000050: 0000011C
00000060: 80008000
00000070: 00000000
00000080: 00000001
00000090: 00000700
000000A0: 00000000
000000B0: 8000C700
000000C0: 00000000
000000D0: 00000001
000000E0: 00000020
000000F0: 00000000
00000100: 8000CAA0
00000110: 00000000
00000120: 679C4A80
00000130: AC3FC710
00000140: AC25C718
00000150: AC27C720
00000160: AC31C728
--More-- q
01020100
00000001
20000001
00000001
00628A44
0000001B
0000011C
00000008
00000002
00000000
00000029
0000481C
00000004
10000003
00000000
0000002F
00004BBC
00000008
3C018001
3C018001
3C018001
3C018001
3C018001
00000000
80008000
00340020
0000011C
00650EEC
00000001
00004000
00000000
8000C000
00000000
00000001
00000380
00000000
8000CA80
00000000
00000001
00623FA4
00000000
AC3DC70C
AC24C714
AC26C71C
AC30C724
AC32C72C
00000000
00000034
00010028
80008000
00000007
00000006
00000000
00000021
0000411C
00000004
00000003
00000000
0000002F
00004B9C
00000008
10000003
00000000
3C1C8001
3C018001
3C018001
3C018001
3C018001
3C018001
.ELF
...a
...T
....
....
....
....
....
....
....
....
..G.
....
....
...
....
..J
....
g.J.
,?G.
,%G.
,'G
,1G(
....
....
...
....
.b.D
....
....
....
....
....
...)
..H.
....
....
....
.../
..K<
....
<...
<...
<...
<...
<...
....
....
.4.
....
.e.l
....
..@.
....
..@.
....
....
....
....
..J.
....
....
.b?$
....
,=G.
,$G.
,&G.
,0G$
,2G,
....
...4
...(
....
....
....
....
...!
..A.
....
....
....
.../
..K.
....
....
....
<...
<...
<...
<...
<...
<...
Hmmm...what are the chances that the customer will want to view the contents of the image file?
Can someone send an example(s) that would be more useful to a typical customer?
Displaying Geometry and Format Information (Class C Only)
To display the geometry and format information of a CF memory card formatted with a Class C flash file
system, enter the show flash: filesys command in privileged EXEC mode:
Router# show flash: filesys
******** ATA Flash Card Geometry/Format Info ********
ATA CARD GEOMETRY
Number of Heads:
Number of Cylinders
Sectors per Cylinder
Sector Size
Total Sectors
4
490
32
512
62720
ATA CARD FORMAT
Cisco 1800 Series Software Configuration Guide
7
Using CompactFlash Memory Cards
File Operations on CompactFlash Memory Cards
Number of FAT Sectors
Sectors Per Cluster
Number of Clusters
Number of Data Sectors
Base Root Sector
Base FAT Sector
Base Data Sector
31
8
7796
62560
155
93
187
Deleting Files
To delete a file from a CF memory card, enter the delete flash: command.
If you are using a Class B flash file system, after you enter the delete flash: command, the memory space
of the deleted file remains occupied, although the deleted file cannot be recovered. To reclaim the
memory space occupied by a deleted file, enter the squeeze flash: command, in privileged EXEC mode.
Note
The squeeze flash command applies only to the Class B flash file system. This command is unnecessary
with Class C flash file systems, because unused file space is recovered automatically. Moreover, the
squeeze flash command is not supported on Cisco 1800 series routers or Cisco 2801 routers.
Note
The dir flash: command does not display deleted files and files with errors. On Class B flash file
systems, to display all files, including files with errors and deleted files whose memory space have not
been reclaimed with the squeeze flash: command, enter the dir /all flash: command or the show flash:
command in privileged EXEC mode.
Deleting a File from a CompactFlash Memory Card with a Class B Flash File System: Example
In the following example, the file c28xx-i-mz.tmp is deleted from the external CF memory card:
Router# delete flash:c28xx-i-mz.tmp
Delete filename [c28xx-i-mz.tmp]?
Delete flash:c28xx-i-mz.tmp? [confirm]
Because the file was deleted, it does not appear when you enter the dir flash: command:
Router# dir flash:
Directory of flash:/
1580 -rw6462268
Mar 06 2004 06:14:02 c28xx-i-mz.3600ata
3 -rw6458388
Mar 01 2004 00:01:24 c28xx-i-mz
63930368 bytes total (51007488 bytes free)
However, if you are using a Class B file system, because the deleted file’s memory space has not yet been
reclaimed, the deleted file is listed when you enter the show flash: command:
Router# show flash:
Flash Compact Flash directory:
File Length
Name/status
1
6458208 c28xx-i-mz.tmp [deleted]
2
6458208 c28xx-i-mz
[12916544 bytes used, 3139776 available, 16056320 total]
15680K bytes of ATA Compact Flash (Read/Write)
To reclaim the memory space of deleted files, enter the squeeze flash: command:
Cisco 1800 Series Software Configuration Guide
8
Using CompactFlash Memory Cards
Directory Operations on a CompactFlash Memory Card
Router# squeeze flash:
Squeeze operation may take a while. Continue? [confirm]
squeeze in progress...
sssssssssssssssssssssssseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Rebuild file system directory...
Squeeze complete
Reviewers, are you okay with the previous chain of examples? Would it be more helpful to the Fruit
& Good Month reader to have an example about a non-c3725 image? And perhaps we can show
the output of the commands in this order: dir flash:, delete flash:filename, dir flash:, show flash:,
squeeze flash:, show flash:.
Renaming Files
To rename a file on a CF memory card, enter the rename command in privileged EXEC mode:
Router# dir flash:
Directory of flash:/
3
1580
-rw-rw-
6458388
6462268
Mar 01 2004 00:00:58
Mar 06 2004 06:14:02
c28xx-i-mz.tmp
c28xx-i-mz.3600ata
63930368 bytes total (51007488 bytes free)
Router# rename flash:c28xx-i-mz.tmp flash:c28xx-i-mz
Destination filename [c28xx-i-mz]?
Router# dir flash:
Directory of flash:/
1580
3
-rw-rw-
6462268
6458388
Mar 06 2004 06:14:02
Mar 01 2004 00:01:24
c28xx-i-mz.3600ata
c28xx-i-mz
63930368 bytes total (51007488 bytes free)
Directory Operations on a CompactFlash Memory Card
Directory operations vary according to the formatted file system—Class B or Class C.
Reviewers, please identify differences in directory operations for Class B and Class C file systems.
The following sections describe directory operations for external CF memory cards on Cisco routers:
•
Entering a Directory and Determining Which Directory You Are In, page 10
•
Creating a New Directory, page 11
•
Removing a Directory, page 13
Cisco 1800 Series Software Configuration Guide
9
Using CompactFlash Memory Cards
Directory Operations on a CompactFlash Memory Card
Entering a Directory and Determining Which Directory You Are In
To enter a directory of a CF memory card, enter the cd command in privileged EXEC mode. The cd
command specifies or changes the default directory or file system. If you enter cd only, without
specifying a file system, the router enters the default home directory, which is flash.
Router# cd
To determine which directory you are in, enter the pwd command in privileged EXEC mode. The CLI
displays which directory or file system is specified as the default by the cd command.
Router# pwd
flash:
Cisco 1800 Series Software Configuration Guide
10
Using CompactFlash Memory Cards
Directory Operations on a CompactFlash Memory Card
To display a list of files in the directory that you are in, enter the dir command in privileged EXEC mode.
The command-line interface will display the files in the file system that was specified as the default by
the cd command.
Router# dir
Directory of flash:/
1580
3
-rw-rw-
6462268
6458388
Mar 06 2004 06:14:02
Mar 01 2004 00:01:24
c28xx-i-mz.3600ata
c28xx-i-mz
63930368 bytes total (51007488 bytes free)
Entering a Directory: Example
To enter the /config directory:
Router# cd config
To verify that you are in the /config directory:
Router# pwd
flash:/config/
Router# dir
Directory of flash:/config/
380
203
-rw-rw-
6462268
6458388
Mar 08 2004 06:14:02
Mar 03 2004 00:01:24
myconfig1
myconfig2
63930368 bytes total (51007488 bytes free)
Reviewers, please send me a more realistic output for the dir command. I tweaked an earlier
example to create this one, but I’m not sure what to do with the last line of the output, which shows
the free memory.
Creating a New Directory
To create a directory in flash memory, enter the mkdir flash: command in privileged EXEC mode.
Creating a New Directory: Example
In the following example, a new directory named “config” is created; then a new subdirectory named
“test-config” is created within the “config” directory.
Router# dir flash:
Directory of flash:/
1580
3
-rw-rw-
6462268
6458388
Mar 06 2004 06:14:02
Mar 01 2004 00:01:24
c28xx-i-mz.3600ata
c28xx-i-mz
63930368 bytes total (51007488 bytes free)
Router# mkdir flash:/config
Create directory filename [config]?
Created dir flash:/config
Router# mkdir flash:/config/test-config
Cisco 1800 Series Software Configuration Guide
11
Using CompactFlash Memory Cards
Directory Operations on a CompactFlash Memory Card
Create directory filename [/config/test-config]?
Created dir flash:/config/test-config
Cisco 1800 Series Software Configuration Guide
12
Using CompactFlash Memory Cards
Directory Operations on a CompactFlash Memory Card
Router# dir flash:
Directory of flash:/
3 -rw1580 drw-
6458208
Mar 01 2004 00:04:08 c28xx-i-mz.tmp
Mar 01 2004 23:48:36 config
0
128094208 bytes total (121626624 bytes free)
Removing a Directory
To remove a directory in flash memory, enter the rmdir flash: command in privileged EXEC mode.
Before you can remove a directory, you must remove all files and subdirectories from the directory.
Example: Removing a Directory
In the following example, the subdirectory test-config is removed.
Router# dir
Directory of flash:/config/
1581
drw-
0
Mar 01 2004 23:50:08
test-config
128094208 bytes total (121626624 bytes free)
Router# rmdir flash:/config/test-config
Remove directory filename [/config/test-config]?
Delete flash:/config/test-config? [confirm]
Removed dir flash:/config/test-config
Router# dir
Directory of flash:/config/
No files in directory
128094208 bytes total (121630720 bytes free)
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
13
Using CompactFlash Memory Cards
Directory Operations on a CompactFlash Memory Card
Cisco 1800 Series Software Configuration Guide
14
Upgrading the System Image
This document describes how to upgrade the Cisco IOS software system image on your router.
Need to replace all sample screen dumps with Fruit or Good Month series screen dumps. Also
need to test these procedures on Fruit and/or Good Month series routers.
Contents
•
Platforms Supported by This Document, page 1
•
Restrictions for Upgrading the System Image, page 1
•
Information About Upgrading the System Image, page 2
•
How to Upgrade the System Image, page 3
•
Examples for Upgrading the System Image, page 28
•
Additional References, page 28
Platforms Supported by This Document
•
Cisco 1800 series routers
•
Cisco 2800 series routers
•
Cisco 3800 series routers
Restrictions for Upgrading the System Image
•
Cisco 3800 series routers, Cisco 2800 series routers, and Cisco 1800 series routers support only
external compact flash memory cards. Internal flash memory is not supported. For more details, see
Using CompactFlash Memory Cards.
Cisco Systems, Inc.
www.cisco.com
Upgrading the System Image
Information About Upgrading the System Image
Information About Upgrading the System Image
To upgrade the system image on your router, you should understand the following concepts:
•
Why Would I Upgrade the System Image?, page 2
•
Which Cisco IOS Release Is Running on My Router Now?, page 2
•
How Do I Choose the New Cisco IOS Release and Feature Set?, page 2
•
Where Do I Download the System Image?, page 2
Why Would I Upgrade the System Image?
System images contain the Cisco IOS software. Your router already has an image on it when you receive
it. Nevertheless, you may want to load a different image onto the router at some point. For example, you
may want to upgrade your software to the latest release, or you may want to use the same Cisco IOS
release for all the routers in a network. Different system images contain different sets of Cisco IOS
features.
Which Cisco IOS Release Is Running on My Router Now?
To determine which Cisco IOS release is currently running on your system, and the filename of the
system image, enter the show version command in user EXEC or privileged EXEC mode.
How Do I Choose the New Cisco IOS Release and Feature Set?
To determine which Cisco IOS releases and feature sets support your platform and required features, go
to Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If
you do not have an account or have forgotten your username or password, click Cancel at the login
dialog box and follow the instructions that appear.
For more detailed information on choosing the new Cisco IOS release and feature set, see the How to
Choose a Cisco IOS Software Release tech note.
Where Do I Download the System Image?
You must have an account on Cisco.com to use the following websites. If you do not have an account or
have forgotten your username or password, click Cancel at the login dialog box, and follow the
instructions that appear.
If you know which Cisco IOS release and feature set you want to download, go to the Download Software
Area at http://www.cisco.com/kobayashi/sw-center/index.shtml.
If you want more information before selecting the Cisco IOS release and feature set, go to the Software
Center at http://www.cisco.com/kobayashi/sw-center/index.shtml.
Cisco 1800 Series Software Configuration Guide
2
Upgrading the System Image
How to Upgrade the System Image
How to Upgrade the System Image
This section provides information about performing the following tasks:
•
Saving Backup Copies of Your Old System Image and Configuration, page 3
•
Ensuring Adequate DRAM for the New System Image, page 4
•
Ensuring Adequate Flash Memory for the New System Image, page 6
•
Copying the System Image into Flash Memory, page 10
•
Loading the New System Image, page 20
•
Saving Backup Copies of Your New System Image and Configuration, page 26
Saving Backup Copies of Your Old System Image and Configuration
To avoid unexpected downtime if you encounter serious problems using your new system image or
startup configuration, we recommend that you save backup copies of your current startup configuration
file and Cisco IOS software system image file on a server.
For more detailed information, see the “Managing Configuration Files” chapter and the “Loading and
Maintaining System Images” chapter of the Cisco IOS Configuration Fundamentals and Network
Management Configuration Guide.
To save backup copies of the startup configuration file and the system image file, complete the following
steps.
SUMMARY STEPS
1.
enable
2.
copy nvram:startup-config {ftp: | rcp: | tftp:}
3.
dir flash:
4.
copy flash: {ftp: | rcp: | tftp:}
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
copy nvram:startup-config {ftp: | rcp: | tftp:}
Example:
Router# copy nvram:startup-config ftp:
Copies the startup configuration file to a server.
•
The configuration file copy can serve as a backup copy.
•
Enter the destination URL when prompted.
Cisco 1800 Series Software Configuration Guide
3
Upgrading the System Image
How to Upgrade the System Image
Step 3
Command or Action
Purpose
dir flash:
Displays the layout and contents of a flash memory file
system.
•
Example:
Learn the name of the system image file.
Router# dir flash:
Step 4
copy flash: {ftp: | rcp: | tftp:}
Copies a file from flash memory to a server.
•
Copy the system image file to a server. This file can
serve as a backup copy.
•
Enter the flash memory partition number if prompted.
•
Enter the filename and destination URL when
prompted.
Example:
Router# copy flash: ftp:
Examples
The following examples show how to copy a startup configuration to a TFTP server and how to copy
from flash memory to an FTP server.
Copying the Startup Configuration to a TFTP Server: Example
The following example shows the startup configuration being copied to a TFTP server:
Router# copy nvram:startup-config tftp:
Remote host[]? 192.0.0.1
Name of configuration file to write [rtr2-confg]? rtr2-config-b4upgrade
Write file rtr2-confg-b4upgrade on host 192.0.0.1?[confirm] <cr>
![OK]
Copying from Flash Memory to a TFTP Server: Example
The following example uses the dir flash: command in privileged EXEC mode to learn the name of the
system image file and the copy flash: tftp: command in privileged EXEC mode to copy the system
image (c2800-2is-mz) to a TFTP server. The router uses the default username and password.
Router# dir flash:
System flash directory:
File Length Name/status
1 4137888 c2800-image-mz
[4137952 bytes used, 12639264 available, 16777216 total]
16384K bytes of processor board System flash (Read/Write)\
Router# copy flash: tftp:
IP address of remote host [255.255.255.255]? 192.0.0.1
filename to write on tftp host? c2800-image-mz
writing c2800-image-mz !!!!...
successful ftp write.
Ensuring Adequate DRAM for the New System Image
This section describes how to check whether your router has enough DRAM for upgrading to the new
system image.
Cisco 1800 Series Software Configuration Guide
4
Upgrading the System Image
How to Upgrade the System Image
Prerequisites
Choose the Cisco IOS release and system image to which you want to upgrade. See the “Information
About Upgrading the System Image” section on page 2.
SUMMARY STEPS
1.
Select the system image in the Download Software Area at the following URL:
http://www.cisco.com/kobayashi/sw-center/index.shtml.
2.
Write down the minimum memory requirements for the image, as displayed in the File Download
Information table.
3.
show version
4.
Add the memory sizes that are displayed in the show version command output to calculate your
router’s DRAM size.
5.
Compare the calculated DRAM size with the minimum memory requirements from Step 2.
a. If the DRAM is equal to or greater than the new system image’s minimum memory
requirements, then proceed to the “Ensuring Adequate Flash Memory for the New System
Image” section on page 6.
b. If the DRAM is less than the new system image’s minimum flash requirements, then you must
upgrade your DRAM. See the hardware installation guide for your router.
DETAILED STEPS
Step 1
Select the system image in the Download Software Area at the following URL:
http://www.cisco.com/kobayashi/sw-center/index.shtml.
You must have an account on Cisco.com. If you do not have an account or have forgotten your username
or password, click Cancel at the login dialog box and follow the instructions that appear.
Step 2
Write down the minimum memory requirements for the image, as displayed in the File Download
Information table.
Add screenshot of File Download Information table.
Step 3
show version
Use this command to display the router processor and memory (shown in bold text in the following
sample output):
Router# show version
Cisco IOS Software, 2800 Software (C2800-IPBASE-M), Version 12.3(2), [fc3]
Copyright (c) 2004 by Cisco Systems, Inc.
Compiled Thu 11-Aug-04 18:15
ROM: System Bootstrap, Version 12.3(2)
Router1 uptime is 1 day, 23 hours, 15 minutes
System returned to ROM by reload at 13:11:44 UTC Fri Mar 12 2004
Running default software
Cisco 2800(revision 2.0) with 231424K/30720K bytes of memory.
Processor board ID FHH0746C042
2 Gigabit Ethernet interfaces
2 Serial interfaces
Cisco 1800 Series Software Configuration Guide
5
Upgrading the System Image
How to Upgrade the System Image
2 Channelized E1/PRI ports
2 Channelized T1/PRI ports
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
125440K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x820
Router#
Step 4
Add the memory sizes that are displayed in the show version command output to calculate the amount
of DRAM in your router.
For example, in the sample show version command output shown in Step 3, you would add 231424 KB
and 30720 KB for a total of 262144 KB, or 256 MB, of DRAM.
Tip
Step 5
To convert from kilobytes (KB) to megabytes (MB), divide the number of kilobytes by 1024.
Compare the amount of DRAM in the router to the minimum memory requirements from Step 2.
a.
If the DRAM is equal to or greater than the new system image’s minimum memory requirements,
proceed to the “Ensuring Adequate Flash Memory for the New System Image” section on page 6.
b.
If the DRAM is less than the new system image’s minimum memory requirements, you must
upgrade your DRAM. See the hardware installation guide for your router.
What to Do Next
Proceed to the “Ensuring Adequate Flash Memory for the New System Image” section on page 6.
Ensuring Adequate Flash Memory for the New System Image
This section describes how to check whether your router has enough flash memory to upgrade to the new
system image and, if necessary, how to properly delete files in flash memory to make room for the new
system image. For more information, see Using Compact Flash Memory Cards.
Prerequisites
•
Choose the Cisco IOS release and system image to which you want to upgrade. See the “Information
About Upgrading the System Image” section on page 2.
•
Select the system image in the Download Software Area at:
http://www.cisco.com/kobayashi/sw-center/index.shtml.
You must have an account on Cisco.com. If you do not have an account or have forgotten your
username or password, click Cancel at the login dialog box and follow the instructions that appear.
From the File Download Information table, write down the minimum flash requirements for the
image.
Cisco 1800 Series Software Configuration Guide
6
Upgrading the System Image
How to Upgrade the System Image
SUMMARY STEPS
1.
enable
2.
(Class B file systems only) squeeze flash:
3.
dir flash:
4.
From the displayed output of the dir flash: command, compare the number of bytes available to the
minimum flash requirements for the new system image.
a. If the available memory is equal to or greater than the new system image’s minimum flash
requirements, proceed to the “Copying the System Image into Flash Memory” section on
page 10.
b. If the available memory is less than the new system image’s minimum flash requirements,
proceed to Step 5.
5.
From the displayed output of the dir flash: command, compare the number of bytes total to the size
of the system image to which you want to upgrade.
a. If the total memory is less than the new system image’s minimum flash requirements, you must
upgrade your compact flash memory card. See the hardware installation guide for your router.
b. If the total memory is equal to or greater than the new system image’s minimum flash
requirements, proceed to Step 6.
6.
dir /all flash:
7.
From the displayed output of the dir /all flash: command, write down the names and directory
locations of the files that you can delete.
8.
(Optional) copy flash: {tftp | rcp}
9.
(Optional) Repeat Step 8 for each file that you identified in Step 7.
10. delete flash:directory-path/filename
11. Repeat Step 10 for each file that you identified in Step 7.
12. (Class B file systems only) squeeze flash:
13. dir flash:[partition-number:]
14. From the displayed output of the dir flash: command, compare the number of bytes available to the
size of the system image to which you want to upgrade.
a. If the available memory is less than the new system image’s minimum flash requirements, then
you must upgrade your compact flash memory card to a size that can accommodate both the
existing files and the new system image. See the hardware installation guide for your router.
b. If the available memory is equal to or greater than the new system image’s minimum flash
requirements, proceed to the “Copying the System Image into Flash Memory” section on
page 10.
Cisco 1800 Series Software Configuration Guide
7
Upgrading the System Image
How to Upgrade the System Image
DETAILED STEPS
Step 1
enable
Use this command to enter privileged EXEC mode. Enter your password if prompted. For example:
Router> enable
Password:
Router#
Step 2
(Class B file systems only) squeeze flash:
Note
The squeeze command is only applicable for Class B flash file systems. It is not needed for
Class C flash file systems. For more details on supported flash file systems, see Using
CompactFlash Memory Cards.
Use this command to reclaim the memory space of previously deleted files:
Router# squeeze flash:
Squeeze operation may take a while. Continue? [confirm]
squeeze in progress...
sssssssssssssssssssssssseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Rebuild file system directory...
Squeeze complete
Step 3
dir flash:
Use this command to display the layout and contents of flash memory:
Router# dir flash:
Flash CompactFlash directory:
File Length
Name/status
1
6458208 c38xx-i-mz.tmp [deleted]
2
6458208 c38xx-i-mz
[12916544 bytes used, 3139776 available, 16056320 total]
15680K bytes of ATA CompactFlash (Read/Write)
Step 4
Step 5
Step 6
From the displayed output of the dir flash: command, compare the number of bytes available to the
minimum flash requirements for the new system image.
•
If the available memory is equal to or greater than the new system image’s minimum flash
requirements, proceed to the “Copying the System Image into Flash Memory” section on page 10.
•
If the available memory is less than the new system image’s minimum flash requirements, proceed
to Step 5.
From the displayed output of the dir flash: command, compare the number of bytes total to the size of
the system image to which you want to upgrade.
•
If the total memory is less than the new system image’s minimum flash requirements, you must
upgrade your compact flash memory card. See the hardware installation guide for your router.
•
If the total memory is equal to or greater than the new system image’s minimum flash requirements,
proceed to Step 6.
dir /all flash:
Use this command to display a list of all files and directories in flash memory:
Router# dir /all flash:
Cisco 1800 Series Software Configuration Guide
8
Upgrading the System Image
How to Upgrade the System Image
Directory of flash:/
3
1580
-rw-rw-
6458388
6462268
Mar 01 1993 00:00:58
Mar 06 1993 06:14:02
c38xx-i-mz.tmp
c38xx-i-mz.2800ata
63930368 bytes total (51007488 bytes free)
Step 7
From the displayed output of the dir /all flash: command, write down the names and directory locations
of the files that you can delete. If you cannot delete any files, you must upgrade your compact flash
memory card. See the hardware installation guide for your router.
Note
Step 8
Do not delete the system image that the router already uses. If you are not sure which files can
be safely deleted, either consult your network administrator or upgrade your compact flash
memory card to a size that can accommodate both the existing files and the new system image.
See the hardware installation guide for your router.
copy flash:{tftp | rcp}
(Optional) Copy a file to a server before deleting the file from flash memory. When prompted, enter the
filename and the server’s hostname or IP address:
Router# copy flash tftp
Need sample screendump.
Step 9
(Optional) Repeat Step 8 for each file that you identified in Step 7.
Step 10
delete flash:directory-path/filename
Use this command to delete a file in flash memory:
Router# delete flash:c38xx-i-mz.tmp
Delete filename [c38xx-i-mz.tmp]? <cr>
Delete flash:c38xx-i-mz.tmp? [confirm] <cr>
Step 11
Repeat Step 10 for each file that you identified in Step 7.
Step 12
(Class B file systems only) squeeze flash:
Use this command to reclaim the memory space of previously deleted files, for example:
Router# squeeze flash:
Squeeze operation may take a while. Continue? [confirm]
squeeze in progress...
sssssssssssssssssssssssseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Rebuild file system directory...
Squeeze complete
Step 13
dir flash:
Use this command to display the layout and contents of flash memory:
Router# dir flash:
Flash CompactFlash directory:
File Length
Name/status
1
6458208 c38xx-i-mz.tmp [deleted]
2
6458208 c38xx-i-mz
[12916544 bytes used, 3139776 available, 16056320 total]
15680K bytes of ATA CompactFlash (Read/Write)
Cisco 1800 Series Software Configuration Guide
9
Upgrading the System Image
How to Upgrade the System Image
Step 14
From the displayed output of the dir flash: command, compare the number of bytes available to the size
of the system image to which you want to upgrade.
•
If the available memory is less than the new system image’s minimum flash requirements, you must
upgrade your compact flash memory card to a size that can accommodate both the existing files and
the new system image. See the hardware installation guide for your router.
•
If the available memory is equal to or greater than the new system image’s minimum flash
requirements, proceed to the “Copying the System Image into Flash Memory” section on page 10.
Troubleshooting Tips
Any tips?
What to Do Next
Proceed to the “Copying the System Image into Flash Memory” section on page 10.
Copying the System Image into Flash Memory
This section describes how to copy the system image into the compact flash memory card for your router.
Choose one of the following methods:
•
Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory, page 10
•
Using the ROM Monitor to Copy the System Image over a Network, page 14
•
Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash Memory,
page 17
•
Using Console Download (xmodem) in ROM Monitor to Copy the System Image into Flash
Memory, page 18
Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory
This section describes how to use TFTP or Remote Copy Protocol (RCP) to upgrade the system image.
This is the recommended and most common method of upgrading the system image.
Need to test these procedures.
Prerequisites
•
Install a TFTP server or an RCP server application on a TCP/IP-ready workstation or PC. Many
third-party vendors provide free TFTP server software, which you can find by searching for “TFTP
server” in a web search engine.
If you use TFTP:
– Configure the TFTP application to operate as a TFTP server, not a TFTP client.
– Specify the outbound file directory to which you will download and store the system image.
•
Download the new Cisco IOS software image into the workstation or PC. See the “Where Do I
Download the System Image?” section on page 2.
Cisco 1800 Series Software Configuration Guide
10
Upgrading the System Image
How to Upgrade the System Image
•
Establish a console session to the router. We recommend that you connect your PC directly to the
router console port. See the quick start guide that shipped with your router.
Cisco 1800 Series Software Configuration Guide
11
Upgrading the System Image
How to Upgrade the System Image
•
Verify that the TFTP or RCP server has IP connectivity to the router. If you cannot successfully ping
between the TFTP or RCP server and the router, do one of the following:
– Configure a default gateway on the router.
– Make sure that the server and the router each have an IP address in the same network or subnet.
See the tech note, Determining IP Addresses: Frequently Asked Questions.
Tip
For more detailed information on how to perform the prerequisites, see the Software Installation and
Upgrade Procedure tech note.
SUMMARY STEPS
1.
enable
2.
copy tftp flash
or
copy rcp flash
3.
When prompted, enter the IP address of the TFTP or RCP server.
4.
When prompted, enter the filename of the Cisco IOS software image to be installed.
5.
When prompted, enter the filename as you want it to appear on the router.
6.
If an error message appears that says, “Not enough space on device,” do one of the following, as
appropriate:
•
If you are certain that all the files in flash memory should be erased, enter y twice when prompted
to erase flash before copying.
•
If you are not certain that all files in flash memory should be erased, press Ctrl-Z (How exit copy
command sequence?) and follow the instructions in the “Ensuring Adequate Flash Memory for the
New System Image” section on page 6.
Note
7.
Cisco 1841 and Cisco 2801 routers only support DOSFS (Class C) flash memory file
systems. If there is not enough space, you will not be prompted to erase flash memory.
Instead, the operation aborts and you will need to erase some files manually to make enough
space for the image.
If the error message does not appear, enter no when prompted to erase the flash memory before
copying.
DETAILED STEPS
Step 1
enable
Use this command to enter privileged EXEC mode. Enter your password if prompted:
Router> enable
Password: <password>
Router#
Cisco 1800 Series Software Configuration Guide
12
Upgrading the System Image
How to Upgrade the System Image
Step 2
copy tftp flash
or
copy rcp flash
Use one of these commands to copy a file from a server to flash memory:
Router# copy tftp flash
Step 3
When prompted, enter the IP address of the TFTP or RCP server:
Address or name of remote host []? 10.10.10.2
Step 4
When prompted, enter the filename of the Cisco IOS software image to be installed:
Source filename []? c2600-i-mz.121-14.bin
Note
Step 5
The filename is case sensitive.
When prompted, enter the filename as you want it to appear on the router. Typically, the same filename
is entered as was used in Step 4:
Destination filename []? c2600-i-mz.121-14.bin
Step 6
If an error message appears that says, “Not enough space on device,” do one of the following as
appropriate:
•
If you are certain that all the files in flash memory should be erased, enter y when prompted twice
to confirm that flash memory will be erased before copying:
Accessing tftp://10.10.10.2/c2600-i-mz.121-14.bin...
Erase flash: before copying? [confirm] y
Erasing the flash filesystem will remove all files! Continue? [confirm] y
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
•
Step 7
If you are not certain that all the files in flash memory should be erased, press Ctrl-Z (How exit
copy command sequence?) and follow the instructions in the “Ensuring Adequate Flash Memory for
the New System Image” section on page 6.
If the error message does not appear, enter no when prompted to erase the flash memory before copying:
Accessing tftp://10.10.10.2/c2600-i-mz.121-14.bin...
Erase flash: before copying? [confirm] no
Examples
Need full screen dump.
Troubleshooting Tips
See theCommon Problems in Installing Images Using TFTP or an RCP Server tech note.
What to Do Next
Proceed to the “Loading the New System Image” section on page 20.
Cisco 1800 Series Software Configuration Guide
13
Upgrading the System Image
How to Upgrade the System Image
Using the ROM Monitor to Copy the System Image over a Network
This section describes how to download a Cisco IOS software image from a remote TFTP server to the
router flash memory by using the tftpdnld ROM monitor command.
Before you can enter the tftpdnld ROM monitor command, you must set the ROM monitor environment
variables.
Prerequisites
Connect the TFTP server to a fixed network port on your router.
Restrictions
The LAN ports on network modules or interface cards are not active in ROM monitor mode. Therefore,
only a fixed port on your router can be used for TFTP download. This can be either a fixed Ethernet port
on the router or one of the Gigabit Ethernet ports on routers equipped with them.
Note
You can use this command only to download files to the router. You cannot use tftpdnld to get files from
the router.
SUMMARY STEPS
1.
Enter ROM monitor mode
2.
Set the IP_ADDRESS=ip_address configuration variable.
3.
Set the IP_SUBNET_MASK=ip_address configuration variable.
4.
Set the DEFAULT_GATEWAY=ip_address configuration variable.
5.
Set the TFTP_SERVER=ip_address configuration variable.
6.
Set the TFTP_FILE=[directory-path/]filename configuration variable.
7.
(Optional) Set the GE_PORT=[0 | 1 ] configuration variable.
8.
(Optional) Set the MEDIA_TYPE=[0 | 1] configuration variable.
9.
(Optional) Set the TFTP_CHECKSUM=[0 | 1] configuration variable.
10. (Optional) Set the TFTP_RETRY_COUNT=retry_times configuration variable.
11. (Optional) Set the TFTP_TIMEOUT=time configuration variable.
12. (Optional) Set the TFTP_VERBOSE=setting configuration variable.
13. Use the set command to verify that you have set the variables correctly.
14. Use the tftpdnld [-r] command to download the image.
DETAILED STEPS
Step 1
Enter ROM monitor mode.
Step 2
Set the IP address of the router. For example:
rommon > IP_ADDRESS=172.16.23.32
Step 3
Set the IP subnet mask. For example:
Cisco 1800 Series Software Configuration Guide
14
Upgrading the System Image
How to Upgrade the System Image
rommon > IP_SUBNET_MASK=255.255.255.224
Step 4
Set the default gateway address. For example:
rommon > DEFAULT_GATEWAY=172.16.23.40
Step 5
Set the TFTP server IP address, which is the location from which the software will be downloaded:
rommon > TFTP_SERVER=172.16.23.33
Step 6
Set the name and directory location to which the image file will be downloaded onto the router. For
example:
rommon > TFTP_FILE=archive/rel22/c2600-i-mz
Step 7
(Optional) Set the input port to use a Gigabit Ethernet port, available on Cisco 2800 series and
Cisco 3800 series routers. Usage is GE_PORT=[0 | 1], selecting either gig 0/0 or gig 0/1. For example:
rommon > GE_PORT=0
Step 8
(Optional) Set the Ethernet connection media type, RJ-45 or SFP. Usage is MEDIA_TYPE=[0 | 1], where
RJ-45=0 and SFP=1 (SFP is applicable only if GE_PORT=0 in the previous step):
rommon > MEDIA_TYPE=1
Step 9
(Optional) Decide whether the router will perform a checksum test on the downloaded image. Usage is
TFTP_CHECKSUM=[0|1], where 1=checksum test is performed (default) and 0=no checksum test. For
example:
rommon > TFTP_CHECKSUM=0
Step 10
(Optional) Set the number of times that the router will attempt Address Resolution Protocol (ARP) and
TFTP download. The default is 7 attempts. For example:
rommon > TFTP_RETRY_COUNT=10
Step 11
(Optional) Set the amount of time, in seconds, before the download process times out. The default is
2400 seconds (40 minutes). The following example shows 1800 seconds (30 minutes):
TFTP_TIMEOUT=1800
Step 12
(Optional) Configure how the router will display the file download progress. Usage is
TFTP_VERBOSE=[0 | 1 | 2], where:
0=No progress is displayed.
1=Exclamation points (!!!) are displayed to indicate file download progress. This is the default setting.
2=Detailed progress is displayed during the file download process, for example:
Initializing interface.
Interface link state up.
ARPing for 1.4.0.1
ARP reply for 1.4.0.1 received.
MAC address 00:00:0c:07:ac:01
Step 13
Use the set command to display the ROM monitor environment variables to verify that you have
configured them correctly. For example:
rommon > set
Step 14
Download the system image, as specified by the ROM monitor environmental variables, using the
tftpdnld [-r] command. Without the -r option, the command downloads the specified image and saves
it in flash memory, deleting all existing data in all partitions in flash memory. Using the -r option
downloads and boots the new software but does not save the software to flash memory.
Cisco 1800 Series Software Configuration Guide
15
Upgrading the System Image
How to Upgrade the System Image
rommon> tftpdnld [-r]
Cisco 1800 Series Software Configuration Guide
16
Upgrading the System Image
How to Upgrade the System Image
A prompt is displayed:
Do you wish to continue? y/n:
[n]:
y
Entering “y” confirms that you want to continue with the TFTP download.
Troubleshooting Tips
???
What to Do Next
Proceed to the “Loading the New System Image” section on page 20.
Using a PC with a CompactFlash Card Reader to Copy the System Image into Flash Memory
Because the system image is stored on an external CompactFlash memory card, you can use a PC with
a compact flash card reader to format the card and copy a new system image file onto the card. However,
this upgrade method is not commonly used.
For more information about using flash memory cards, see Using CompactFlash Memory Cards.
Prerequisites
•
Download the new Cisco IOS Software image to the PC. See the “Where Do I Download the System
Image?” section on page 2.
•
Locate the compact flash memory card slot on the router chassis. For help with locating the slot and
instructions for removing and inserting the card, see the hardware installation guide for your router.
Does the user need to power off the router before removing the compact Flash memory card?
Caution
Removing the compact flash memory card may disrupt the network because some software features use
the compact flash memory card to store tables and other important data.
SUMMARY STEPS
1.
Remove the compact flash memory card from the router.
2.
Insert the card into the compact flash card reader on a PC.
3.
Use the PC to copy the system image file to the compact flash memory card.
4.
Remove the card from the compact flash card reader.
5.
Insert the compact flash memory card into the router.
DETAILED STEPS
Step 1
Remove the compact flash memory card from the router.
Step 2
Insert the card into the compact flash card reader on a PC.
Step 3
Use the PC to copy the system image file to the compact flash memory card.
Cisco 1800 Series Software Configuration Guide
17
Upgrading the System Image
How to Upgrade the System Image
Step 4
Remove the card from the compact flash card reader.
Step 5
Insert the compact flash memory card into the router.
Troubleshooting Tips
???
What to Do Next
Proceed to the “Loading the New System Image” section on page 20.
Using Console Download (xmodem) in ROM Monitor to Copy the System Image into Flash Memory
Use console download, a ROM monitor function, when you do not have access to a TFTP server.
For detailed information about the console download function and the xmodem ROM monitor
command, see the Xmodem Console Download Procedure Using ROMmon tech note.
Prerequisites
•
Download the new Cisco IOS software image to your PC. See the “Where Do I Download the
System Image?” section on page 2.
•
Connect your PC to the router console port, and launch a terminal emulator program. For examples
of performing this task on similar routers, see the Xmodem Console Download Procedure Using
ROMmon tech note.
•
If you use a PC to download a Cisco IOS image over the router console port at 115,200 bps, make
sure that the PC serial port uses a 16550 universal asynchronous receiver/transmitter (UART).
•
If the PC serial port does not use a 16550 UART, we recommend using a speed of 38,400 bps or
lower when downloading a Cisco IOS image over the console port.
•
The xmodem transfer works only on the console port.
•
You can only use the xmodem command to download files to the router. You cannot use xmodem
to get files from the router.
•
Because the ROM monitor console download uses the console to perform the data transfer, error
messages are displayed on the console only after the data transfer is terminated. If an error occurs
during console download, the download is terminated, and an error message is displayed. If you
changed the baud rate from the default rate, the error message is followed by a message that tells
you to restore the terminal to the baud rate specified in the configuration register.
1.
xmodem [-[c][y][r][x]] destination-file-name
Restrictions
SUMMARY STEPS
Cisco 1800 Series Software Configuration Guide
18
Upgrading the System Image
How to Upgrade the System Image
DETAILED STEPS
Step 1
xmodem [-[c][y][r][x]] destination-file-name
Use this command to download the system image over the console port, using the ROM monitor. See
Table 1 for command syntax descriptions.
Table 1
xmodem Command Syntax Descriptions
Keyword or Argument
Description
-c
(Optional) Performs the download using 16-bit cyclic redundancy check
(CRC) error checking to validate packets. The default is 8-bit CRC.
-y
(Optional) Performs the download using ymodem protocol. The default is
xmodem protocol. The protocols differ as follows:
•
The xmodem protocol supports a 128-block transfer size, whereas the
ymodem protocol supports a 1024-block transfer size.
•
The ymodem protocol uses 16-bit CRC error checking to validate each
packet. Depending on the device that the software is being
downloaded from, this function might not be supported by the
xmodem protocol.
-r
(Optional) Image is loaded into DRAM for execution. The default is to
load the image into flash memory.
-x
(Optional) Image is loaded into DRAM without being executed.
destination-file-name
The name of the system image file or the system configuration file. For the
router to recognize it, the name of the configuration file must be
router_config.
Examples
Need sample screen dump for Fruit or Good Month.
To see more examples for similar products, refer to the Xmodem Console Download Procedure Using
ROMmon tech note.
Troubleshooting Tips
???
What to Do Next
Proceed to the “Loading the New System Image” section on page 20.
Cisco 1800 Series Software Configuration Guide
19
Upgrading the System Image
How to Upgrade the System Image
Loading the New System Image
This section describes how to load the new system image that you copied into flash memory. First,
determine whether you are in ROM monitor mode or in the Cisco IOS CLI. Then choose one of the
following methods of loading the new system image:
•
Loading the New System Image from the Cisco IOS Software, page 20
•
Loading the New System Image from ROM Monitor Mode, page 23
Loading the New System Image from the Cisco IOS Software
This section describes how to load the new system image from the Cisco IOS software.
Cisco 1800 Series Software Configuration Guide
20
Upgrading the System Image
How to Upgrade the System Image
SUMMARY STEPS
1.
dir flash:
2.
configure terminal
3.
no boot system
4.
(Optional) boot system flash: system-image-filename
5.
(Optional) Repeat to specify the order in which the router should attempt to load any backup system
images.
6.
exit
7.
show version
8.
If the last digit in the configuration register is 0 or 1, proceed to Step 9. However, if the last digit in
the configuration register is between 2 and F, proceed to Step 12.
9.
configure terminal
10. config-register 0x2102
11. exit
12. copy run start
13. reload
14. When prompted to save the system configuration, enter no.
15. When prompted to confirm the reload, enter y.
16. show version
DETAILED STEPS
Step 1
dir flash:
Use this command to display a list of all files and directories in flash memory:
Router# dir flash:
Directory of flash:/
3
1580
-rw-rw-
6458388
6462268
Mar 01 1993 00:00:58
Mar 06 1993 06:14:02
c38xx-i-mz.tmp
c38xx-i-mz.2800ata
63930368 bytes total (51007488 bytes free)
Note
Step 2
Determine whether the new system image is the first file or the only file listed in the dir flash
command output ( is not required if it is the first file or only file listed).
configure terminal
Use this command to enter global configuration mode:
Router# configure terminal
Router(config)#
Cisco 1800 Series Software Configuration Guide
21
Upgrading the System Image
How to Upgrade the System Image
Step 3
no boot system
Use this command to delete all entries in the bootable image list, which specifies the order in which the
router attempts to load the system images at the next system reload or power cycle:
Router(config)# no boot system
Step 4
If the new system image is the first file or the only file displayed in the dir flash: command output, you
do not need to perform the following step.
boot system flash: system-image-filename
Use this command to load the new system image after the next system reload or power cycle. For
example:
Router(config)# boot system flash: c2600-i-mz.121-14.bin
Step 5
(Optional) Repeat to specify the order in which the router should attempt to load any backup system
images.
Step 6
exit
Use this command to exit global configuration mode:
Router(config)# exit
Router#
Step 7
show version
Use this command to display the configuration register setting:
Router# show version
Cisco Internetwork Operating System Software
.
.
.
Configuration register is 0x0
Router#
Step 8
If the last digit in the configuration register is 0 or 1, proceed to Step 9. However, if the last digit in the
configuration register is between 2 and F, proceed to Step 12.
Step 9
configure terminal
Use this command to enter global configuration mode:
Router# configure terminal
Router(config)#
Step 10
config-register 0x2102
Use this command to set the configuration register so that, after the next system reload or power cycle,
the router loads a system image from the boot system commands in the startup configuration file:
Router(config)# config-register 0x2102
Step 11
exit
Use this command to exit global configuration mode:
Router(config)# exit
Router#
Cisco 1800 Series Software Configuration Guide
22
Upgrading the System Image
How to Upgrade the System Image
Step 12
copy run start
Use this command to copy the running configuration to the startup configuration:
Router# copy run start
??? need screen dump ???
Step 13
reload
Use this command to reload the operating system:
Router# reload
Step 14
When prompted to save the system configuration, enter no:
System configuration has been modified. Save? [yes/no]: no
Step 15
When prompted to confirm the reload, enter y:
Proceed with reload? [confirm] y
Step 16
show version
Use this command to verify that the router loaded the proper system image:
Router# show version
00:22:25: %SYS-5-CONFIG_I: Configured from console by console
Cisco Internetwork Operating System Software
.
.
.
System returned to ROM by reload
System image file is "flash:c2600-i-mz.121-14.bin"
Examples
Include a full screen dump here, unless the examples spread throughout the steps seem sufficient.
Troubleshooting Tips
???
What to Do Next
Proceed to the “Saving Backup Copies of Your New System Image and Configuration” section on
page 26.
Loading the New System Image from ROM Monitor Mode
This section describes how to load the new system image from ROM monitor mode.
SUMMARY STEPS
1.
dir flash:[partition-number:]
2.
confreg 0x2102
3.
boot flash:[partition-number:]filename
Cisco 1800 Series Software Configuration Guide
23
Upgrading the System Image
How to Upgrade the System Image
4.
After the system loads the new system image, press Return a few times to display the Cisco IOS
command-line interface (CLI) prompt.
5.
enable
6.
configure terminal
7.
no boot system
8.
boot system flash new-system-image-filename
9.
(Optional) Repeat to specify the order in which the router should attempt to load any backup system
images.
10. exit
11. copy run start
DETAILED STEPS
Step 1
dir flash:[partition-number:]
Use this command to list files in flash memory:
rommon > dir flash:
File size
2229799 bytes (0x220627)
Checksum
0x469e
File name
C2600-j-m2.113-4T
Note whether the new system image is the first file or the only file listed in the dir flash command
output. ( is not required if the image is the first file or only file listed.)
Step 2
confreg 0x2102
Use this command to set the configuration register so that, after the next system reload or power cycle,
the router loads a system image from the boot system commands in the startup configuration file:
rommon > confreg 0x2102
Step 3
boot flash:[partition-number:]filename
Use this command to force the router to load the new system image:
rommon > boot flash:C2600-j-m2.113-4T
Need screen dump.
Step 4
After the system loads the new system image, press Return a few times to display the Cisco IOS CLI
prompt.Need screen dump.
Step 5
enable
Use this command to enable privileged EXEC mode, and enter your password if prompted:
Router> enable
Password: <password>
Router#
Step 6
configure terminal
Use this command to enter global configuration mode:
Router# configure terminal
Router(config)#
Step 7
no boot system
Eliminate all entries in the bootable image list, which specifies the system image that the router loads at
startup:
Cisco 1800 Series Software Configuration Guide
24
Upgrading the System Image
How to Upgrade the System Image
Router(config)# no boot system
Step 8
If the new system image is the first file or only the file displayed in the dir flash: command output, this
step is not required.
boot system flash new-system-image-filename
Cisco 1800 Series Software Configuration Guide
25
Upgrading the System Image
How to Upgrade the System Image
Use this command to load the new system image after the next system reload or power cycle:
Router(config)# boot system flash c2600-i-mz.121-14.bin
Step 9
(Optional) Repeat to specify the order in which the router should attempt to load any backup system
images.
Step 10
exit
Use this command to exit global configuration mode:
Router(config)# exit
Router#
Step 11
copy run start
Use this command to copy the running configuration to the startup configuration:
Router# copy run start
??? need screen dump ???
Troubleshooting Tips
???
What to Do Next
Proceed to the “Saving Backup Copies of Your New System Image and Configuration” section on
page 26.
Saving Backup Copies of Your New System Image and Configuration
To aid file recovery and to minimize downtime in the event of file corruption, we recommend that you
save backup copies of the startup configuration file and the Cisco IOS software system image file on a
server.
Tip
Do not erase any existing backup copies of your configuration and system image that you saved before
upgrading your system image. If you encounter serious problems using your new system image or startup
configuration, you can quickly revert to the previous working configuration and system image, if
necessary.
For more detailed information, see the “Managing Configuration Files” chapter and the “Loading and
Maintaining System Images” chapter of the Cisco IOS Configuration Fundamentals and Network
Management Configuration Guide.
To save backup copies of the startup configuration file and the system image file, complete the following
steps.
SUMMARY STEPS
1.
enable
2.
copy nvram:startup-config {ftp: | rcp: | tftp:}
3.
dir flash:
Cisco 1800 Series Software Configuration Guide
26
Upgrading the System Image
How to Upgrade the System Image
4.
copy flash: {ftp: | rcp: | tftp:}
DETAILED STEPS
Step 1
Command or Action
Purpose
enable
Enables privileged EXEC mode.
•
Enter your password if prompted.
Example:
Router> enable
Step 2
copy nvram:startup-config {ftp: | rcp: | tftp:}
Example:
Router# copy nvram:startup-config ftp:
Step 3
Copies the startup configuration file to a server.
•
The configuration file copy serves as a backup copy.
•
Enter the destination URL when prompted.
Displays the layout and contents of a flash memory file
system.
dir flash:
•
Example:
Write down the name of the system image file.
Router# dir flash:
Step 4
copy flash: {ftp: | rcp: | tftp:}
Copies a file from flash memory to a server.
•
Copy the system image file to a server to serve as a
backup copy.
•
Enter the flash memory partition number if prompted.
•
Enter the filename and destination URL when
prompted.
Example:
Router# copy flash: ftp:
Examples
Copying the Startup Configuration to a TFTP Server: Example
The following example shows the startup configuration being copied to a TFTP server:
Router# copy nvram:startup-config tftp:
Remote host[]? 172.16.101.101
Name of configuration file to write [rtr2-confg]? <cr>
Write file rtr2-confg on host 172.16.101.101?[confirm] <cr>
![OK]
Copying from Flash Memory to a TFTP Server: Example
The following example uses the dir flash: privileged EXEC command to obtain the name of the system
image file and the copy flash: tftp: privileged EXEC command to copy the system image
(c2800-2is-mz) to a TFTP server. The router uses the default username and password.
Router# dir flash:
System flash directory:
File Length Name/status
1 4137888 c2800-image-mz
[4137952 bytes used, 12639264 available, 16777216 total]
16384K bytes of processor board System flash (Read/Write)\
Cisco 1800 Series Software Configuration Guide
27
Upgrading the System Image
Examples for Upgrading the System Image
Router# copy flash: tftp:
IP address of remote host [255.255.255.255]? 192.0.0.1
filename to write on tftp host? c2800-image-mz
writing c2800-image-mz !!!!...
successful ftp write.
Examples for Upgrading the System Image
This section provides the following comprehensive examples:
•
Upgrading the System Image on the Cisco Berry Router: Example, page 28
•
Upgrading the System Image on the Cisco May Router: Example, page 28
Upgrading the System Image on the Cisco Berry Router: Example
Need full screen dump.
Upgrading the System Image on the Cisco May Router: Example
Need full screen dump.
Additional References
The following sections provide references related to upgrading the system image on your router.
Related Documents and Websites
Related Topic
Document Title or Website
Matching Cisco IOS releases and features to hardware Cisco Feature Navigator at http://www.cisco.com/go/fn1
Choosing the Cisco IOS release and feature set
How to Choose a Cisco IOS Software Release
Downloading system images
Download Software Area at
http://www.cisco.com/kobayashi/sw-center/index.shtml1
Displaying minimum DRAM and flash memory
requirements
Choosing and downloading system images
Software Center at
http://www.cisco.com/kobayashi/sw-center/index.shtml
Loading and maintaining system images
Cisco IOS Configuration Fundamentals and Network Management
Configuration Guide
Using external compact flash memory cards
Using Compact Flash Memory Cards
Removing, inserting, and upgrading compact flash
memory cards
hardware installation guide for your router
Connecting your PC to the router console port
quick start guide for your router
Upgrading the system image on similar routers
Software Installation and Upgrade Procedure
Cisco 1800 Series Software Configuration Guide
28
Upgrading the System Image
Additional References
Related Topic
Document Title or Website
Verifying that the router and the server are on the same
network
Determining IP Addresses: Frequently Asked Questions
Troubleshooting while using TFTP or RCP to copy the Common Problems in Installing Images Using TFTP or an RCP
system image into flash memory
Server
Using the ROM monitor
Using the ROM Monitor
Using console download (xmodem) in the ROM
monitor to copy the system image into flash memory
Xmodem Console Download Procedure Using ROMmon
Upgrading the system image from boot mode
How to Upgrade from ROMmon Using the Boot Image
1. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog
box and follow the instructions that appear.
Technical Assistance
Description
Link
Technical Assistance Center (TAC) home page,
containing 30,000 pages of searchable technical
content, including links to products, technologies,
solutions, technical tips, and tools. Registered
Cisco.com users can log in from this page to access
even more content.1
http://www.cisco.com/public/support/tac/home.shtml
1. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog
box and follow the instructions that appear.
Cisco 1800 Series Software Configuration Guide
29
Upgrading the System Image
Additional References
Cisco 1800 Series Software Configuration Guide
30
Upgrading the System Image
Additional References
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco 1800 Series Software Configuration Guide
31
Upgrading the System Image
Additional References
Cisco 1800 Series Software Configuration Guide
32
Troubleshooting Links
•
Password Recovery Procedures
•
Troubleshooting Router Crashes
•
Troubleshooting Router Hangs
•
Troubleshooting Memory Problems
•
Troubleshooting High CPU Utilization on Cisco Routers
•
Technical Assistance Center (TAC) Website
You must have an account on Cisco.com to access the following tools. If you do not have an account or
have forgotten your username or password, click Cancel at the login dialog box, and follow the
instructions.
•
TAC Case Collection
Troubleshooting Assistant
•
Error Message Decoder
Research and resolve error messages
•
Output Interpreter
Generate output analysis of show commands
•
Bug Toolkit
Search for known caveats by software version, feature set, and keyword
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is
a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS,
iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0711R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
Cisco Systems, Inc.
www.cisco.com
Troubleshooting Links
Cisco 1800 Series Software Configuration Guide
2
