|
|
This chapter describes how to configure three small-office-to-Internet service provider (ISP) networks, which Table 4-1 presents.
| No. | WAN Options | WAN Encapsulation | Routed Protocols | Other Features | Configuration Options |
|---|---|---|---|---|---|
1 | Synchronous leased line | PPP | IP | Static IP route |
|
2 | Asynchronous dial-up line | PPP | IP |
|
|
3 | Frame Relay | Frame Relay | IP |
|
|
The Cisco 805 Fast Step software is a Windows 95, Windows NT, and Windows 98 based configuration tool included with the Cisco 805 router. For more information, refer to the Cisco 805 Fast Step CD-ROM.
For more information on configuring your router using the CLI, continue reading this chapter.
Refer to Table 4-2 to determine what you need to do before configuring each network.
| Number | WAN Options | What You Must Do |
|---|---|---|
1 | Leased line, PPP |
|
2 | Dial-up line, PPP |
|
3 | Frame Relay |
|
| 1For more information on CHAP and PAP, refer to "Concepts." |
Figure 4-1 shows a sample small office network connected to an ISP with a synchronous leased line. This sample network uses IP as the only routed protocol. Instead of using a dynamic routing protocol such as RIP to learn the route to the ISP, this network uses a static IP route, which is a user-defined route to the ISP.
To configure the features for this sample network, perform the tasks described in the following sections on a PC. A sample configuration file that illustrates how to configure the network is presented after the tasks.
After your router boots, the following prompt displays. Enter no.
Would you like to enter the initial configuration dialog [yes]: no
For complete information on how to access global configuration mode, refer to the "Entering Global Configuration Mode" section in "Cisco IOS Basic Skills." For more information on the commands used in the following tables, refer to the Cisco IOS Release 12.0 documentation set.
Use the following table to configure the router for global parameters.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode. | Router# | configure terminal |
2 | Specify name for router. | Router (config)# | hostname name |
3 | Specify encrypted password to prevent unauthorized access to router. | Router (config)# | enable secret <password> |
4 | Configure router to recognize zero subnet range as valid range of addresses. | Router (config)# | ip subnet-zero |
5 | Disable router from translating unfamiliar words (typos) entered during a console session into IP addresses. | Router (config)# | no ip domain-lookup |
Use the following table to configure the Ethernet interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for Ethernet interface. | Router (config)# | interface ethernet 0 |
2 | Set IP address and subnet mask. | Router (config-if)# | ip address ip-address mask |
3 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
4 | Exit configuration mode for Ethernet interface. | Router (config-if)# | exit |
Use the following table to configure the serial interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for serial interface. | Router (config)# | interface serial 0 |
2 | Set IP address to address used on Ethernet interface. | Router (config-if)# | ip unnumbered ethernet 0 |
3 | Specify PPP as encapsulation (framing) method. | Router (config-if)# | encapsulation ppp |
4 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
5 | Exit configuration mode for serial interface. | Router (config-if)# | exit |
6 | Set up a static route to ISP router. | Router (config)# | ip route 0.0.0.0 0.0.0.0 serial 0 |
Use the following table to configure parameters to control access to the router.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter line configuration mode, and specify the console terminal line. | Router (config)# | line console 0 |
2 | Specify a unique password on the line. | Router (config-line)# | password <password> |
3 | Enable password checking at terminal session login. | Router (config-line)# | login |
4 | Specify a virtual terminal for remote console access. | Router (config-line)# | line vty 0 4 |
5 | Specify a unique password on the line. | Router (config-line)# | password <password> |
6 | Enable password checking at virtual terminal session login. | Router (config-line)# | login |
7 | Exit line configuration mode, and return to privileged EXEC mode. | Router (config-line)# | end |
The following is a sample configuration based on performing the tasks in "Configuring the Cisco 805 Router" section. You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running command.
Current configuration: ! version 12.0 no service pad (default) service timestamps debug uptime (default) service timestamps log uptime (default) no service password-encryption (default) hostname Cisco805 enable secret 5 $1$RnI.$K4mh5q4MFetaqKzBbQ7gv0 ip subnet-zero no ip domain-lookup ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast (default) ! interface Serial0 ip unnumbered ethernet 0 no ip directed-broadcast (default) encapsulation ppp ! no ip http server (default) ip classless (default) ! ip route 0.0.0.0 0.0.0.0 serial 0 ! line con 0 exec-timeout 10 0 (default) password 4youreyesonly login transport input none (default) stopbits 1 (default) line vty 0 4 password secret login ! end
Figure 4-2 shows a sample small office network connected to an ISP with a asynchronous dial-up line running PPP. This sample network uses IP as the only routed protocol. Instead of using a dynamic routing protocol such as RIP to learn the route to the ISP, this network uses a static IP route, which is a user-defined route to the ISP.
This sample network uses the dial-on-demand routing (DDR) implementation of dialer profiles. For conceptual information, refer to the "Dialer Profiles" section in "Concepts."
This sample network uses nonregistered IP addresses on the router Ethernet interface and the LAN devices. To solve the problem of using nonregistered IP addresses when accessing the Internet, this sample network uses Easy IP (Phase 1). This feature combines NAT and PPP/IPCP. With this feature, the Cisco 805 router can automatically negotiate a registered IP address for the router dialer interface from the ISP router. All devices in this sample network can use this registered IP address when accessing the Internet. For more information on this feature, including configuration information, refer to the "Configuring Easy IP (Phase 1)" section in "Advanced Features."
You can also configure the firewall feature in this sample network.
To configure the features for this sample network, perform the tasks described in the following sections on a PC. A sample configuration file that illustrates how to configure the network is presented after the tasks.
After your router boots, the following prompt displays. Enter no.
Would you like to enter the initial configuration dialog [yes]: no
For complete information on how to access global configuration mode, refer to the "Entering Global Configuration Mode" section in "Cisco IOS Basic Skills." For more information on the commands used in the following tables, refer to the Cisco IOS Release 12.0 documentation set.
Use the following table to configure the router for global parameters.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode. | Router# | configure terminal |
2 | Specify name for router. | Router (config)# | hostname name |
3 | Specify encrypted password to prevent unauthorized access to router. | Router (config)# | enable secret <password> |
4 | Configure router to recognize zero subnet range as valid range of addresses. | Router (config)# | ip subnet-zero |
5 | Disable router from translating unfamiliar words (typos) entered during a console session into IP addresses. | Router (config)# | no ip domain-lookup |
Use the following table to configure the Ethernet interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for Ethernet interface. | Router (config)# | interface ethernet 0 |
2 | Set IP address and subnet mask. | Router (config-if)# | ip address ip-address mask |
3 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
4 | Exit configuration mode for Ethernet interface. | Router (config-if)# | exit |
Use the following table to configure the serial interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for serial interface. | Router (config)# | interface serial 0 |
2 | Remove any IP address associated with interface. | Router (config-if)# | no ip address |
3 | Specify PPP as encapsulation (framing) type. | Router (config-if)# | encapsulation ppp |
4 | Enable CHAP and/or PAP, and specify authentication on incoming (received) calls only. | Router (config-if)# | ppp authentication chap pap callin or ppp authentication chap callin or ppp authentication pap callin |
5 | Specify mode of serial interface as asynchronous. | Router (config-if)# | physical-layer async |
6 | Configure asynchronous line for data traffic. | Router (config-if)# | async mode dedicated |
7 | Specify that you are using DDR. | Router (config-if)# | dialer in-band |
8 | Set up dialer pool, and assign serial interface to the dialer pool. | Router (config-if)# | dialer pool-member number |
9 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
10 | Exit serial configuration mode. | Router (config-if)# | exit |
To configure the dialer profile, you must set up a dialer interface and dialer pool. (Dialer pools are set up with the serial interface.) For conceptual information, refer to the "Dialer Profiles" section in "Concepts."
Use the following table to configure the dialer interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for and define dialer rotary group. | Router (config)# | interface dialer 1 |
2 | Specify PPP as encapsulation (framing) type. | Router (config-if)# | encapsulation ppp |
3 | Specify ISP router authentication name. | Router (config-if)# | dialer remote-name name |
4 | Specify amount of idle time before calls are disconnected. | Router (config-if)# | dialer idle-timeout seconds either |
5 | Specify telephone number of ISP router. | Router (config-if)# | dialer string string modem-script chat-script-name |
6 | Specify dialer pool to use for calls to ISP. (Dialer pool was set up in "Serial Interface" section.) | Router (config-if)# | dialer pool number |
7 | Assign dialer interface to a dialer group. | Router (config-if)# | dialer-group number |
8 | Enable CHAP and/or PAP, and specify authentication on incoming (received) calls only. | Router (config-if)# | ppp authentication chap pap callin or ppp authentication chap callin or ppp authentication pap callin |
9 | Set up CHAP hostname and password. | Router (config-if)# | ppp chap hostname hostname ppp chap password <secret> |
10 | Set up PAP username and password. | Router (config-if)# | ppp pap sent-username username password <password> |
11 | Disable CDP. | Router (config-if)# | no cdp enable |
12 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
13 | Exit configuration mode for dialer interface. | Router (config-if)# | exit |
14 | Set up static route to ISP router. | Router (config)# | ip route 0.0.0.0 0.0.0.0 dialer 1 |
15 | Create script that causes connected modem to place call to ISP router. | Router (config)# | chat-script script-name expect-send |
16 | Set up dialer list that determines that IP triggers a call. | Router (config)# | dialer-list dialer-group protocol ip permit |
For information on controlling the types of traffic that can activate your dial-up line and increase your monthly dial-up line cost, refer to the "Controlling Dial-up Line Activation" section in "Advanced Features."
Use the following table to configure the asynchronous line.
| Step | Task | Router Prompt | Command |
1 | Enter configuration mode for asynchronous line (line 1). | Router (config)# | line 1 |
2 | Specifies that router should send and listen to flow control information from attached serial device. | Router (config-line)# | flowcontrol hardware |
3 | Specify that all protocols can connect to line 1. | Router (config-line)# | transport input all |
4 | Configure line 1 for both incoming and outgoing calls. | Router (config-line)# | modem inout |
5 | Set baud rate. | Router (config-line)# | speed 115200 |
6 | Set stop bits. | Router (config-line)# | stopbits 1 |
7 | Exit configuration mode for serial interface. | Router (config-if)# | exit |
For information on configuring Easy IP (Phase 1), refer to the "Configuring Easy IP (Phase 1)" section in "Advanced Features."
For information on configuring a firewall, refer to the Cisco IOS Firewall Feature Set feature module, which appears on Cisco Connection Online (CCO) only.
Use the following table to configure parameters to control access to the router.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter line configuration mode, and specify the console terminal line. | Router (config)# | line console 0 |
2 | Specify a unique password on the line. | Router (config-line)# | password <password> |
3 | Enable password checking at terminal session login. | Router (config-line)# | login |
4 | Specify a virtual terminal for remote console access. | Router (config-line)# | line vty 0 4 |
5 | Specify a unique password on the line. | Router (config-line)# | password <password> |
6 | Enable password checking at virtual terminal session login. | Router (config-line)# | login |
7 | Exit line configuration mode, and return to privileged EXEC mode. | Router (config-line)# | end |
The following is a sample configuration based on performing the tasks in "Configuring the Cisco 805 Router" section. It does not show firewall-related commands. For a sample configuration of the firewall feature, refer to the Cisco IOS Firewall Feature Set feature module, which appears on Cisco Connection Online (CCO) only.
You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running command.
Current configuration: ! version 12.0 no service pad (default) service timestamps debug uptime (default) service timestamps log uptime (default) no service password-encryption (default) hostname Cisco805 enable secret 5 $1$RnI.$K4mh5q4MFetaqKzBbQ7gv0 ip subnet-zero no ip domain-lookup chat-script dial "" AT OK "\patdt\T" TIMEOUT 60 CONNECT \C !This generic chat script is known to work. For information on !customizing your chat script, refer to the Dial Solutions Configuration !Guide. interface Ethernet0 ip address 10.1.1.1 255.255.255.0 no ip directed-broadcast (default) ip nat inside ! interface Serial0 physical-layer async no ip address no ip directed-broadcast (default) encapsulation ppp dialer in-band dialer pool-member 1 async mode dedicated ppp authentication chap pap callin ppp chap hostname chapisp ppp chap password abra ppp pap sent-username papisp password cadabra ! interface Dialer1 ip address negotiated no ip directed-broadcast (default) encapsulation ppp dialer remote-name isp dialer idle-timeout 500 dialer string 5551111 modem-script dial dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname chapisp ppp chap password abra ppp pap sent-username papisp password cadabra ip nat outside ! no ip http server (default) ip classless (default) ! ip route 0.0.0.0 0.0.0.0 dialer 1 dialer-list 1 protocol ip permit ip nat inside source list 1 interface dialer 0 overload access-list 1 permit 10.0.0.0 0.255.255.255 ! line con 0 exec-timeout 10 0 (default) password 4youreyesonly login transport input none (default) stopbits 1 (default) line 1 modem InOut transport input all speed 115200 flowcontrol hardware line vty 0 4 password secret login ! end
Figure 4-3 shows a sample small office network connected to an ISP with Frame Relay. This sample network uses IP as the only routed protocol. Instead of using a dynamic routing protocol such as RIP to learn the route to the ISP, this network uses a static IP route, which is a user-defined route to the ISP.
This sample network uses nonregistered IP addresses on the router Ethernet interface and the LAN devices. To solve the problem of using nonregistered IP addresses when accessing the Internet, this sample network uses the NAT overload feature. You buy one registered IP address for the serial interface from the ISP, then using NAT overload, all devices in this sample network can use this registered IP address when accessing the Internet. For more information on this feature, including configuration information, refer to the "Configuring NAT Overload" section in "Advanced Features."
You can also configure the firewall feature in this sample network.
To configure the features for this sample network, perform the tasks described in the following sections on a PC. A sample configuration file that illustrates how to configure the network is presented after the tasks.
After your router boots, the following prompt displays. Enter no.
Would you like to enter the initial configuration dialog [yes]: no
For complete information on how to access global configuration mode, refer to the "Entering Global Configuration Mode" section in "Cisco IOS Basic Skills." For more information on the commands used in the following tables, refer to the Cisco IOS Release 12.0 documentation set.
Use the following table to configure the router for global parameters.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode. | Router# | configure terminal |
2 | Specify name for router. | Router (config)# | hostname name |
3 | Specify encrypted password to prevent unauthorized access to router. | Router (config)# | enable secret <password> |
4 | Configure router to recognize zero subnet range as valid range of addresses. | Router (config)# | ip subnet-zero |
5 | Disable router from translating unfamiliar words (typos) entered during a console session into IP addresses. | Router (config)# | no ip domain-lookup |
Use the following table to configure the Ethernet interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for Ethernet interface. | Router (config)# | interface ethernet 0 |
2 | Set IP address and subnet mask. | Router (config-if)# | ip address ip-address mask |
3 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
4 | Exit configuration mode for Ethernet interface. | Router (config-if)# | exit |
Use the following table to configure the serial interface.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter configuration mode for serial interface. | Router (config)# | interface serial 0 |
2 | Set IP address and subnet mask. | Router (config-if)# | ip address ip-address mask |
4 | Set encapsulation (framing) method to Frame Relay. If the ISP router is not a Cisco router, use ietf option. | Router (config-if)# | encapsulation frame relay [ietf] |
5 | Set LMI type to type provided by Frame Relay service provider. (Default is cisco.) | Router (config-if)# | frame-relay lmi-type |
6 | Enable interface and configuration changes just made to interface. | Router (config-if)# | no shutdown |
7 | Exit configuration mode for serial interface. | Router (config-if)# | exit |
8 | Set up a static route to ISP router. | Router (config)# | ip route 0.0.0.0 0.0.0.0 serial 0 |
For information on configuring NAT overload, refer to the "Configuring NAT Overload" section in "Advanced Features."
For information on configuring a firewall, refer to the Cisco IOS Firewall Feature Set feature module, which appears on Cisco Connection Online (CCO) only.
Use the following table to configure parameters to control access to the router.
| Step | Task | Router Prompt | Command |
|---|---|---|---|
1 | Enter line configuration mode, and specify the console terminal line. | Router (config)# | line console 0 |
2 | Specify a unique password on the line. | Router (config-line)# | password <password> |
3 | Enable password checking at terminal session login. | Router (config-line)# | login |
4 | Specify a virtual terminal for remote console access. | Router (config-line)# | line vty 0 4 |
5 | Specify a unique password on the line. | Router (config-line)# | password <password> |
6 | Enable password checking at virtual terminal session login. | Router (config-line)# | login |
7 | Exit line configuration mode, and return to privileged EXEC mode. | Router (config-line)# | end |
The following is a sample configuration based on performing the tasks in "Configuring the Cisco 805 Router" section. You do not need to input the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running command.
Current configuration: ! version 12.0 no service pad (default) service timestamps debug uptime (default) service timestamps log uptime (default) no service password-encryption (default) hostname Cisco805 enable secret 5 $1$RnI.$K4mh5q4MFetaqKzBbQ7gv0 ip subnet-zero no ip domain-lookup ! interface Ethernet0 ip address 10.1.1.1 255.255.255.0 no ip directed-broadcast (default) ip nat inside ! interface Serial0 ip address 192.168.0.2 255.255.255.0 no ip directed-broadcast (default) no ip mroute-cache (default) encapsulation frame-relay ietf frame-relay lmi-type ansi ip nat outside ! no ip http server (default) ip classless (default) ! ip route 0.0.0.0 0.0.0.0 serial 0 ip nat inside source list 1 interface serial 0 overload access-list 1 permit 10.0.0.0 0.255.255.255 ! line con 0 exec-timeout 10 0 (default) password 4youreyesonly login transport input none (default) stopbits 1 (default) line vty 0 4 password secret login ! end
Posted: Wed Jun 16 14:24:40 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.