|
|
This chapter provides quick reference configurations for the advanced Cisco AS5800 user and system administrator who need to rapidly modify system functionality or enhance system performance. Interface and/or protocol configurations addressed in this section are listed categorically and sequenced logically by operation.
Remember, Cisco routers are configured using a command line interface (CLI) from a user interface, known as a port, that provides hardware connectivity. Routers are accessed from the router's console port or by Telneting into the router's interface from another host. A command interpreter, called EXEC, is employed by the operating system to translate and execute IOS commands. This command interpreter provides a user a privileged mode of access that promotes security to the respective command levels, restricting user's to a subset of mode specific commands.
(5800>) provides restricted access and limits router configuration or troubleshooting. At this level, miscellaneous functionality is performed, such as viewing system information, obtaining basic router status, changing terminal settings, or establishing remote device connectivity.
(5800#) includes user mode functionality and provides unrestricted access. It is used exclusively for router configuration, debugging, setting operating system (OS) parameters, and retrieving detailed router status information.
[5800(config)#] is a preliminary configuration mode that recognizes commands affecting the whole router. Some of these commands cause the router to enter other configuration modes that recognize even more detailed commands.
[5800(config-if)#]. Again, each configuration command mode restricts user's to a subset of mode specific commands that individualize and secure a router.
(> or rommon>) is a CLI allowing router configuration if the router does not find a valid system image or if the bootup sequence is interrupted during startup.
The end (Ctrl-Z) command provides an escape from any configuration command mode; Terminal [5800(config)#], Interface [5800(config-if)#], Line [5800(config-line)#], Controller [5800(config-controll)#], Router [5800(config-router)#], etc., to privileged EXEC mode (5800#).The exit command provides an escape from any configuration command mode to one command prompt level higher, or completely out of the command line interface altogether if you are in privileged EXEC or user EXEC modes. The disable command provides an escape from privileged EXEC mode to user EXEC mode. The logout command provides a complete escape out of the command line interface if you are in privileged EXEC or user EXEC modes.
This section provides abridged interface and/or protocol configurations listed categorically and sequenced logically by operation. Each functional component is dependent on previous component configurations and includes the following reference information:
Other configuration considerations include access lists, route summarization, basic show commands, and useful debug commands.
AS5800 operational configurations are provided for the following functional components.
1. Egress Interface
2. Loopback Interface
3. Routing Protocol
4. Ingress Interface
5. Line Signaling
6. D-Channels (ISDN)
7. AAA
8. Modem Pools
9. TTY Line
10. Async Interface
11. Dial Interface
12. IP Address Pools
13. Virtual Template
14. SGBP
15. VPDN
16. SNMP
17. Virtual Profiles
18. Multilink Virtual Templates
19. V.120 Support
20. VoIP
21. Global Parameters
22. Other Configuration Considerations
Egress interfaces are network connections, or ports, used for outbound traffic flow.
The following requisites are significant considerations to identify before configuring an egress interface.
The following Cisco IOS CLI script serves as a sample egress interface configuration or setup.
5800(config)# interface FastEthernet0/0/0 5800(config-if)# ip address 1.1.1.1 255.255.255.0 5800(config-if)# no ip directed broadcast 5800(config-if)# no ip mroute-cache 5800(config-if)# no cdp enable 5800(config-if)# exit 5800(config)#
5800(config)# interface FastEthernet0/0/0
Defines the interface type.
5800(config-if)# ip address 1.1.1.1 255.255.255.0
Assigns a primary IP address and subnet mask to the interface.
5800(config-if)# no ip directed broadcast
Disables the translation of directed broadcast to physical broadcasts. It drops the directed broadcasts destined for this subnet.
5800(config-if)# no ip mroute-cache
Turns off IP multicast fast switching.
5800(config-if)# no cdp enable
Disables CDP (Cisco Discovery Protocol).
5800(config-if)# exit
Exits interface configuration mode to global configuration mode.
5800(config)#
Global configuration mode prompt.
interface FastEthernet0/0/0 ip address 1.1.1.1 255.255.255.0 no ip directed broadcast no ip mroute-cache no cdp enable exit
A logical interface on the router that can be used for diagnostics and troubleshooting purposes. It is also used to conserve address space so other physical interfaces can be unnumbered to this interface. The state of the Loopback interface is always UP/UP.
The following requisites are significant considerations to identify before configuring a looback interface.
The following Cisco IOS CLI script serves as a sample loopback configuration or setup.
5800(config)# interface loopback0 5800(config-if)# ip address 2.2.2.2 255.255.255.255 5800(config-if)# no ip directed broadcast 5800(config-if)# exit 5800(config)#
5800(config)# interface loopback0
Defines the interface type.
5800(config-if)# ip address 2.2.2.2 255.255.255.255
Assigns an IP address to the interface.
5800(config-if)# no ip directed broadcast
Disables the translation of directed broadcast to physical broadcasts.
5800(config-if)# exit
Exits this interface configuration mode to global configuration mode.
5800(config)#
Global configuration mode prompt.
interface loopback0 ip address 2.2.2.2 255.255.255.255 no ip directed broadcast exit
Protocol that accomplishes routing through the implementation of a specific routing algorithm. Examples of routing protocols include RIP, IGRP, EIGRP, OSPF, and BGP.
The following requisites are significant considerations to identify before configuring routing protocols.
The following Cisco IOS CLI script serves as a sample routing protocol configuration or setup.
5800(config)# router rip 5800(config-router)# version 2 5800(config-router)# redistribute static 5800(config-router)# passive-interface Group-Async0 5800(config-router)# passive-interface Virtual-Template1 5800(config-router)# passive-interface Dialer0 5800(config-router)# passive-interface Loopback0 5800(config-router)# network 10.0.0.0 5800(config-router)# network 172.16.0.0 5800(config-router)# no auto-summary 5800(config-router)# exit 5800(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1
5800(config)# router rip
Defines the routing protocol used on the router and initiates the routing protocol processes.
5800(config-router)# version 2
Defines the protocol version used. Enable sending and receiving of version 2 RIP packets.
5800(config-router)# redistribute static
Enables the redistribution of static routes in routing updates. Advertises static routes (including per-user static routes downloaded from RADIUS or TACACS+)
5800(config-router)# passive-interface Group-Async0
Defines the Group-Async interface as a passive interface so no routing updates are sent out of these interfaces. Basically disables sending of updates across the interface. Places the interface in listen mode.
5800(config-router)# passive-interface Virtual-Template1
Defines the Virtual-Template as a passive interface so no routing updates are send out the Virtual-Access interfaces that are cloned off the Virtual-Template.
5800(config-router)# passive-interface Dialer0
Defines the Dialer interface as a passive interface.
5800(config-router)# passive-interface Loopback0
Defines the Loopback interface as a passive interface.
5800(config-router)# network 10.0.0.0
Enables advertisment of interfaces in this network. Defines 10.0.0.0 network as part of the RIP routing process. The router exchanges routing updates about the 10.0.0.0 network dynamically.
5800(config-router)# network 172.16.0.0
Defines 172.16.0.0 network as part of the RIP routing process. Updates regarding this network are exchanged dynamically between this router and its neighbors.
5800(config-router)# no auto-summary
Turns off route summarization, so updates are not summarized to classful boundaries.
5800(config-router)# exit
Exits the router configuration mode to global configuration mode.
5800(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1
Defines a default route for this router. If the router does not have an address in its routing table it forwards the packets to this IP address. Default route for destinations not learned through the routing protocol.
router rip version 2 redistribute static passive-interface Group-Async0 passive-interface Virtual-Template1 passive-interface Dialer0 passive-interface Loopback0 network 10.0.0.0 network 172.16.0.0 no auto-summary exit ip route 0.0.0.0 0.0.0.0 172.16.1.1
Interfaces used for inbound traffic flow.
The following requisites are significant considerations to identify before configuring ingress interfaces.
The following Cisco IOS CLI script serves as a sample T3 ingress interface configuration or setup.
5800(config)# isdn switch-type primary-ni (ISDN) 5800(config)# controller t3 1/0/0 5800(config-controller)# framing m23 5800(config-controller)# cablelength 224 5800(config-controller)# t1 1 controller 5800(config-controller)# t1 2 controller 5800(config-controller)# . . . 5800(config-controller)# exit 5800(config)#
5800(config)# isdn switch-type primary-ni (ISDN)
Defines the ISDN switch-type to be used on the router. This is a global command but can also be configured under the D-channel in later versions of IOS.
5800(config)# controller t3 1/0/0
Identifies controller type and number to be configured. The controller type is a T3 and the controller is in shelf 1, slot 0, port 0.
5800(config-controller)# framing m23
Enables m23 framing. Sets the framing type under the T3 controller.
5800(config-controller)# cablelength 224
Sets the cable length to 224 feet.
5800(config-controller)# t1 1 controller
Enables the first T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28.
5800(config-controller)# t1 2 controller
Enables the second T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28.
5800(config-controller)# . . .
Configures additional individual T1 controllers under the T3 controller. Range is 1-28.
5800(config-controller)# exit
Exits this controller configuration mode to global configuration mode.
5800(config)#
Global configuration mode prompt.
isdn switch-type primary-ni (ISDN) controller t3 1/0/0 framing m23 cablelength 224 t1 1 controller t1 2 controller exit
The following Cisco IOS CLI script serves as a sample T1 ingress interface configuration or setup.
5800(config)# controller t1 1/0/0:1 5800(config-controller) # framing esf 5800(config-controller) # linecode b8zs (t1-pri) 5800(config-controller) # pri-group timeslots 1-24 5800(config-controller)# controller t1 1/0/0:2 5800(config-controller)# framing esf 5800(config-controller)# pri-group timeslots 1-24 5800(config-controller)# exit 5800(config)#
5800(config)# controller t1 1/0/0:1
Configures the first T1 on the T3 card in slot 0. Enters the controller configuration mode and configures controller t1 1 under the T3 controller.
5800(config-controller) # framing esf
Enables T1 Extended Superframe Framing. Sets framing to Extended Super Frame (ESF).
5800(config-controller) # linecode b8zs (t1-pri)
Enable Binary 8 Zero Substitution line coding. Sets the line coding to Binary 8 Zero Substitution (B8ZS).
5800(config-controller) # pri-group timeslots 1-24
Configures the controller for ISDN PRI on time slots 1 through 24. Time slot 24 is the D-channel.
5800(config-controller)# controller t1 1/0/0:2
Configures the second T1 on the T3 card in slot 0. Configures controller t1 2 under the T3 controller.
5800(config-controller)# framing esf
Sets framing to Extended Super Frame (ESF).
5800(config-controller)# pri-group timeslots 1-24
Configures the controller for ISDN PRI on time slots 1 through 24. Time slot 24 is the D-channel.
5800(config-controller)# exit
Exits controller confiruation mode to global configuration mode.
5800(config)#
Global configuration mode prompt.
controller t1 1/0/0:1 framing esf linecode b8zs pri-group timeslots 1-24 controller t1 1/0/0:2 framing esf pri-group timeslots 1-24 Exit
When configuring a router for signaling, line signaling can be used for both inbound and outbound calls. The line signaling configuration must match the corresponding telco switch configuration.
The following requisites are significant considerations to identify before configuring line signaling.
The following Cisco IOS CLI script serves as a sample ISDN line signaling configuration or setup.
5800(config)#isdn switch-type primary-ni1 5800(config)#controller t1 1/0/0 5800(config-controller)#pri-group timeslots 1-24 5800(config-controller)#exit 5800(config)#
5800(config)#isdn switch-type primary-ni1
Configures the ISDN switch-type that the access server is connected to.
5800(config)#controller t1 1/0/0
Configures the first T1 on slot 0.
5800(config-controller)#pri-group timeslots 1-24
Enables this T1 to use ISDN PRI signaling on all 24 timeslots.
5800(config-controller)# exit
Exits controller confiruation mode to global configuration mode.
5800(config)#
Global configuration mode prompt.
isdn switch-type primary-ni1 controller t1 1/0/0 pri-group timeslots 1-24 exit
The following Cisco IOS CLI script serves as a sample CAS line signaling configuration or setup.
5800(config)#controller t1 1/0/11 5800(config-controll)#framing esf 5800(config-controll)#linecode b8zs 5800(config-controll)#ds0-group 0 timeslots 1-24 type e&m-fgb 5800(config-controller)#exit 5800(config)#
5800(config)#controller t1 1/0/11
Enters the controller configuration mode.
5800(config-controll)#framing esf
Sets framing to Extended Super Frame (ESF).
5800(config-controll)#linecode b8zs (t1-cas)
Sets the line coding to Binary 8 Zero Substitution (B8ZS).
5800(config-controll)#ds0-group 0 timeslots 1-24 type e&m-fgb
Configures this T1 CAS line to use E&M feature-group B signaling on all 24 timeslots.
5800(config-controller)# exit
Exits controller confiruation mode to global configuration mode.
controller t1 1/0/0:1 framing esf linecode b8zs ds0-group 0 timeslots 1-24 type exit
This is the 24th timeslot on T1/PRI or the 16th timeslot on E1/PRI and is used for signaling information. Call setup and tear down information is sent over the D-channel.
The following requisites are significant considerations to identify before configuring ISDN D-Channels.
The following Cisco IOS CLI script serves as a sample ISDN D-Channel configuration or setup.
5800(config)# interface s 1/0/0:1:23 5800(config-if)# no ip address 5800(config-if)# no ip directed-broadcast 5800(config-if)# encapsulation ppp 5800(config-if)# dialer rotary-group 0 5800(config-if)# isdn switch-type primary-5ess 5800(config-if)# isdn incoming-voice modem 5800(config-if)# no cdp enable 5800(config-if)# exit 5800(config)#
5800(config)# interface s 1/0/0:1:23
Defines the D-channel to configure. Configure the D-channel on controller T1 1 under the T3 controller in shelf 1, slot 0, and port 0.
5800(config-if)# no ip address
Not assigning an IP address on the D-channel.
5800(config-if)# no ip directed-broadcast
Disables the translation of directed broadcast to physical broadcasts
5800(config-if)# encapsulation ppp
Sets the encapsulation type to PPP.
5800(config-if)# dialer rotary-group 0
Configures the D-channel for rotary-group. Make this interface a member of the Dialer 0 rotary interface. This is legacy DDR configuration and it assigns the physical interface serial 1/0/0:1:23 to rotary-group 0.
5800(config-if)# isdn switch-type primary-5ess
Sets the isdn switch-type to primary-5ess.
5800(config-if)# isdn incoming-voice modem
Incoming voice calls should be handed off to the CSM and terminated on a modem. Accept speech (voice) bearer-type calls and route them to a voice or modem resource.
5800(config-if)# no cdp enable
Disables Cisco Discovery Protocol (CDP). If an incoming speech call cannot be terminated because all voice/modem resources are in use, disconnect the call with a cause code of user-busy.
5800(config-if)# exit
Exits interface configuration mode to global configuration mode.
interface s 1/0/0:1:23 no ip address no ip directed-broadcast encapsulation ppp dialer rotary-group 0 isdn switch-type primary-5ess isdn incoming-voice modem no cdp enable
Triple A security in billing that stands for Authentication, Authorization and Accounting.
The following requisites are significant considerations to identify before configuring Triple-A (AAA).
Refer to the following URL for detailed AAA configuration information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt1/
index.htm
Refer to the following URL for detailed RADIUS Server configuration information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_r/srprt2/
sr_rad.htm
The following Cisco IOS CLI script serves as a sample AAA authentication configuration or setup.
5800(config)# aaa new-model 5800(config)# aaa authentication login CONSOLE none 5800(config)# aaa authentication login LOCAL none 5800(config)# aaa authentication login USE-RADIUS group radius local 5800(config)# aaa authentication login USE-TACACS tacacs+ enable 5800(config)# aaa authentication enable default enable tacacs+ 5800(config)# aaa authentication ppp USE-RADIUS if-needed radius 5800(config)# username cisco password cisco
5800(config)# aaa new-model
Turns on the AAA process on a Cisco router. Enables the AAA security paradigm.
5800(config)# aaa authentication login CONSOLE none
Configure an authentication method list called CONSOLE that requires no authentication. Defines the login authentication method for exec users. The method list is called "CONSOLE" and it points to none so there is no authentication for method list CONSOLE.
5800(config)# aaa authentication login LOCAL none
Configures an authentication method list called LOCAL that consults the local database of usernames and passwords.
5800(config)# aaa authentication login USE-RADIUS group radius local
Defines the login authentication for method list USE-RADIUS that points to radius server. User will be authenticated against the radius database. Configure an authentication method list called USE-RADIUS that uses the global RADIUS server list. If the RADIUS servers do not respond, then fallback to the local user database.
5800(config)# aaa authentication login USE-TACACS tacacs+ enable
Defines the login authentication for method list USE-TACACS that point to tacacs+ server. Users will be authenticated against the tacacs+ database. Configure an authentication method list called USE-TACACS that uses the global TACACS+ server list. If the TACACS+ servers do not respond, fallback to using the enable password.
5800(config)# aaa authentication enable default enable tacacs+
Defines the authentication method for enable privilege on the router. The method list is called "default" and it points to the enable password defined on the router and then to the tacacs+ server.
5800(config)# aaa authentication ppp USE-RADIUS if-needed radius
Defines the authentication method for PPP users. Method list is called "USE-RADIUS" and it points to the radius server if authentication is required. The "if-needed" option states that if users have already been authenticated then do not re-authenticate them. Configure an authentication method list called USE-RADIUS that uses the global RADIUS server list
5800(config)# username cisco password cisco
Defines the username and password locally on the router for local authentication. Configure a local user account to authenticate when the RADIUS server is not available.
aaa new-model aaa authentication login CONSOLE none aaa authentication login USE-RADIUS radius aaa authentication login TAC_PLUS tacacs+ enable aaa authentication login LOCAL local aaa authentication enable default enable tacacs+ aaa authentication ppp USE-RADIUS if-needed radius username cisco password cisco
The following Cisco IOS CLI script serves as a sample AAA authorization configuration or setup.
5800(config)# aaa authorization exec USE-RADIUS group radius if-authenticated 5800(config)# aaa authorization exec USE-TACACS group tacacs+ if-authenticated 5800(config)# aaa authorization network default radius if-authenticated 5800(config)# aaa authorization network USE-RADIUS group radius if-authenticated
5800(config)# aaa authorization exec USE-RADIUS group radius if-authenticated
Configures an authorization method list called USE-RADIUS that uses the global RADIUS server list. EXEC authorization is required to process per-user attribute such as autocommands. Defines the authorization method for exec (shell). Method list is called "USE-RADIUS" and it points to the radius server. If the radius server does not respond the user, if already authenticated, will be automatically authorized due to the "if-authenticated" option.
5800(config)# aaa authorization exec USE-TACACS group tacacs+ if-authenticated
Configure an authorization method list called USE-TACACS that uses the global TACACS+ server list. EXEC authorization is required to process per-user attribute such as autocommands. Defines the authorization method for exec (shell). Method list is called "USE-TACACS" and it points to the TACACS+ server. If the TACACS+ server does not respond the user, if already authenticated, will be automatically authorized due to the "if-authenticated" option.
5800(config)# aaa authorization network default radius if-authenticated
Defines the authorization method for network services (PPP, SLIP, ARAP). Method list is called "default" and it points to the radius server. If the radius server does not respond the user, if already authenticated, will be automatically authorized due to the "if-authenticated" option.
5800(config)# aaa authorization network USE-RADIUS group radius if-authenticated
Defines the authorization method for network services (PPP, SLIP, ARAP). Method list is called "USE-RADIUS" and it points to the radius server. If the radius server does not respond the user, if already authenticated, will be automatically authorized due to the "if-authenticated" option.
aaa authorization exec USE-RADIUS group radius if-authenticated aaa authorization exec USE-TACACS group tacacs+ if-authenticated aaa authorization network default radius if-authenticated aaa authorization network USE-RADIUS group radius if-authenticated
The following Cisco IOS CLI script serves as a sample AAA accounting configuration or setup.
5800(config)# aaa accounting suppress null-username 5800(config)# aaa accounting exec default start-stop group radius 5800(config)# aaa accounting network default start-stop group radius 5800(config)# aaa accounting system default start-stop group radius
5800(config)# aaa accounting suppress null-username
Don't generate accounting records for users with a null-username.
5800(config)# aaa accounting exec default start-stop group radius
Generates accounting records for exec (shell) service. Start and Stop records should be generated without wait. Radius server is being used for this accounting. This enables accounting records for all EXEC sessions. The accounting record will be sent at the beginning and the end of the EXEC session. The record will be sent to the global RADIUS server list.
5800(config)# aaa accounting network default start-stop group radius
Generates accounting records for network services (PPP, SLIP, ARAP). Start and Stop records should be generated without wait. Radius server is bring used for this accounting. This enables accounting records for all network sessions (PPP/SLIP). The accounting record will be sent at the beginning and the end of the network session. The record will be sent to the global RADIUS server list.
5800(config)# aaa accounting system default start-stop group radius
Generates accounting records for systems events. Start and Stop records should be generated using the Radius server. This enables accounting records for system events. The accounting record will be sent when the access server is booted and when accounting is turned on or off. The record will be sent to the global RADIUS server list.
aaa accounting suppress null-username aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa accounting system default start-stop group radius
The following Cisco IOS CLI script serves as a sample AAA Radius Server configuration or setup.
5800(config)# radius-server host x.x.x.x auth-port x acct-port x non-standard 5800(config)# radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret 5800(config)# radius-server deadtime 5 5800(config)# radius-server timeout 3 5800(config)# radius-server retransmit 2 5800(config)# radius-server attribute nas-port format c
5800(config)# radius-server host x.x.x.x auth-port x acct-port x non-standard
Defines the radius server IP address and the authentication (UDP 1645) and accounting (UDP 1646) ports. The non-standard option enable the parsing of attributes that violate the RADIUS standard.
5800(config)# radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret
Defines a RADIUS server at IP address a.b.c.d, with authentication being done on UDP port x and accounting being done on UDP port y. "mysharedsecret" will be used as the key to encrypt the password on the wire.
5800(config)# radius-server deadtime 5
Defines the time to stop using a server that doesn't respond. The time is defined in minutes.
5800(config)# radius-server timeout 3
Defines the time to wait for a RADIUS server to reply. The time is defined in seconds.
5800(config)# radius-server retransmit 2
Specifies the number of retries to active server.
5800(config)# radius-server attribute nas-port format c
Sets the format of the NAS-Port attribute to "c" which means:
Data format(bits): shelf(2), slot(4), port(5), channel(5)
radius-server host x.x.x.x auth-port x acct-port x non-standard radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret radius-server deadtime 5 radius-server timeout 3 radius-server retransmit 2 radius-server attribute nas-port format c
The following Cisco IOS CLI script serves as a sample TACACS Server configuration or setup.
5800(config)# tacacs-server host x.x.x.x key mysharedsecret
5800(config)# tacacs-server host x.x.x.x key mysharedsecret
Defines a TACACS+ server at IP address a.b.c.d, "mysharedsecret" will be used as the key to encrypt the all transactions with the TACACS+ server on the wire.
tacacs-server host x.x.x.x key mysharedsecret
The modem pool covers a specified range of modems that accept calls based on the number called by dialin users. If there is only one dialin number, then all modems can be defined under the default modem pool. It is also used for modem firmware upgrades.
The following requisites are significant considerations to identify before configuring modem pools.
Modem Management Commands:
The following Cisco IOS CLI script serves as a sample modem pool configuration or setup.
5800(config)# modem-pool Default 5800(config-modem-pool)# pool-range 1/2/00-1/11/143 5800(config-modem-pool)# firmware 2.6.2.0 5800(config-modem-pool)# exit 5800(config)# modem recovery action none 5800(config)# modem call-record terse
5800(config)# modem-pool Default
Defines the Default modem pool. Creates a new modem-pool called "Default".
5800(config-modem-pool)# pool-range 1/2/00-1/11/143
Defines the pool-range for the modems to be included in the modem pool. The modem-pool spans all modems between 1/2/00 and 1/11/143. Empty slots are ignored.
5800(config-modem-pool)# firmware 2.6.2.0
Defines the firmware to be loaded onto the modems. Configures all modems within a modem-pool to run version 2.6.2.0 of Portware.
5800(config-modem-pool)# exit
Exits from the configuration mode.
5800(config)# modem recovery action none
Disables the modem recovery process. Disables the automatic recovery of faulty modems. Modem recovery may be enabled if you are temporarily working around a specific problem of hung modems.
5800(config)# modem call-record terse
Generates a Terse Modem Call Record at end of a call. Enables the logging of modem call-records that provide detailed connection information which greatly aids in troubleshooting and establishing call failure patterns.
modem-pool Default pool-range 1/2/00-1/11/143 firmware 2.6.2.0 exit modem recovery action none modem call-record terse
These are asynchronous lines on the router. TTY is a line configuration, not an interface configuration. These lines correspond to async interfaces that are configured separately.
The following requisites are significant considerations to identify before configuring a TTY line.
The following Cisco IOS CLI script serves as a sample TTY line configuration or setup.
5800(config)# line 1/2/00 1/11/143 5800(config-line)# location "Async call" 5800(config-line)# exec-timeout 0 0 5800(config-line)# autoselect PPP 5800(config-line)# autoselect during-login 5800(config-line)# login authentication USE-RADIUS 5800(config-line)# authorization exec USE-RADIUS 5800(config-line)# modem Dialin 5800(config-line)# no modem log rs232 5800(config-line)# transport preferred none 5800(config-line)# exit 5800(config)#
5800(config)# line 1/2/00 1/11/143
Defines the range for lines to be configured.
5800(config-line)# location "Async call"
Defines the location of the async line.
5800(config-line)# exec-timeout 0 0
Sets the exec-timeout under the line to indefinite.
5800(config-line)# autoselect ppp
Sets line to allow PPP autoselection. Enables the automatic the detection of PPP packets.
5800(config-line)# autoselect during-login
Automatically selects at the Username/Password prompt. Present the login prompt before beginning autoselect process.
5800(config-line)# login authentication USE-RADIUS
Defines the authentication method for login and point it to the "USE-RADIUS" list defined in the AAA process. Configures EXEC authentication on this line to use the method list called USE-RADIUS defined earlier.
5800(config-line)# authorization exec USE-RADIUS
Defines the authorization method for exec service and point it to the "USE-RADIUS" list defined in the AAA process. Configures EXEC authorization on the line to use the method list called USE-RADIUS defined earlier.
5800(config-line)# modem Dialin
Configures line for and allows a modern modem to dialin (dialout not allowed).
5800(config-line)# no modem log rs232
Turns off the rs232 log events. Does not log EIA/TIA-232 events in the modem log.
5800(config-line)# transport preferred none
Sets the preferred protocol to none. Does not try to auto-connect the user to a host with a particular protocol.
5800(config-line)# exit
Exits line configuration mode to global configuration mode.
line 1/2/00 1/11/143 location "Async call" exec-timeout 0 0 autoselect ppp autoselect during-login login authentication USE-RADIUS authorization exec USE-RADIUS modem Dialin no modem log rs232 transport preferred none
Asychronous interface is used to terminate analog (async) dialin calls.
The following requisites are significant considerations to identify before configuring an async interface.
The following Cisco IOS CLI script serves as a sample async interface configuration or setup.
5800(config)# interface group-async0 5800(config-if)# ip unnumbered loopback0 5800(config-if)# encapsulation ppp 5800(config-if)# dialer in-band 5800(config-if)# dialer idle-timeout 2700 5800(config-if)# dialer-group 1 5800(config-if)# async mode interactive 5800(config-if)# ntp disable 5800(config-if)# no snmp trap link-status 5800(config-if)# peer default ip address pool default 5800(config-if)# no cdp enable 5800(config-if)# ppp authentication pap callin USE-RADIUS 5800(config-if)# ppp multilink 5800(config-if) group-range 1/2/00 1/11/143 5800(config-if) exit 5800(config)#
5800(config)# interface group-async0
Creates a group-async interface used to configure all the async interfaces at one time.
5800(config-if)# ip unnumbered loopback0
Unnumbers the interface to the IP address of loopback 0 interface.
5800(config-if)# encapsulation ppp
Sets the default encapsulation type to PPP.
5800(config-if)# dialer in-band
Enables dial on demand routing on this interface. Establishes a dialer interface.
5800(config-if)# dialer idle-timeout 2700
Defines the idle-timeout under the interface. If the call is idle for 45 minutes (2700 seconds) then disconnect user. Default is 120 seconds.
5800(config-if)# dialer-group 1
Assigns interface to dialer-list 1. Use dialer-list 1 to determine what kind of traffic is considered interesting.
5800(config-if)# async mode interactive
Allows the user to run PPP or SLIP on this interface. Line may be switched between interactive use and async interface.
5800(config-if)# ntp disable
Disables the processing of Network Time Protocol (NTP) on this interface.
5800(config-if)# no snmp trap link-status
Disables SNMP LINKUP and LINKDOWN traps. Don't send SNMP traps when this interface goes up or down.
5800(config-if)# peer default ip address pool default
Use IP pool mechanism to allocate a peer IP address. The pool in this case is called "default". When the client requests an address, get the address from a local address pool called "default".
5800(config-if)# no cdp enable
Disables CDP. Turns off Cisco Discovery Protocol (CDP) on this interface.
5800(config-if)# ppp authentication pap callin USE-RADIUS
Defines the authentication protocol (PAP) to be used for authenticating incoming calls only. The USE-RADIUS list is defined in the AAA process. PPP clients must authenticate themselves using the Password Authentication Protocol. Authentication will be done using the method list called USE-RADIUS that was defined earlier.
5800(config-if)# ppp multilink
Configures the interface for multilink. Enable this interface to negotiate PPP multilink.
5800(config-if) group-range 1/2/00 1/11/143
Defines the group-range for interface to be covered under this group-async interface. Apply this configuration to interfaces from Async1/2/00 to Async1/11/143.
5800(config-if) exit
Exits interface configuration mode to global configuration mode.
5800(config)#
Global configuration mode prompt.
interface group-async0 ip unnumbered loopback0 encapsulation ppp dialer in-band dialer idle-timeout 2700 dialer-group 1 async mode interactive ntp disable no snmp trap link-status peer default ip address pool default no cdp enable ppp authentication pap callin USE-RADIUS ppp multilink group-range 1/2/00 1/11/143 exit
These interfaces are used for terminating digital calls. Dialer interfaces are also used for async calls.
The following requisites are significant considerations to identify before configuring a dial interface.
The following Cisco IOS CLI script serves as a sample dial interface configuration or setup.
5800(config)# interface dialer0 5800(config-if)# ip unnumbered loopback0 5800(config-if)# encapsulation ppp 5800(config-if)# no ip mroute-cache 5800(config-if)# dialer in-band 5800(config-if)# dialer idle-timeout 2700 5800(config-if)# dialer-group 1 5800(config-if)# ntp disable 5800(config-if)# no snmp trap link-status 5800(config-if)# peer default ip address pool default 5800(config-if)# no cdp enable 5800(config-if)# ppp authentication pap callin USE-RADIUS 5800(config-if)# ppp multilink 5800(config-if)# exit 5800(config)# dialer-list 1 protocol ip permit
5800(config)# interface dialer0
Define the dialer interface. Creates a dialer interface used to configure all the dialer interfaces at one time.
5800(config-if)# ip unnumbered loopback0
Unnumbers the interface to the IP address of loopback 0 interface.
5800(config-if)# encapsulation ppp
Sets the default encapsulation type to PPP.
5800(config-if)# no ip mroute-cache
Turns off fast switching for multicast traffic.
5800(config-if)# dialer in-band
Enables dial on demand routing on this interface. Enables this interface to be a dialer interface.
5800(config-if)# dialer idle-timeout 2700
Defines the idle-timeout under the interface. If the call is idle for 45 minutes (2700 seconds) then disconnect user. Default is 120 seconds.
5800(config-if)# dialer-group 1
Assigns interface to dialer-list 1. Use dialer-list 1 to determine what kind of traffic is considered interesting.
5800(config-if)# ntp disable
Disables the processing of Network Time Protocol (NTP) on this interface.
5800(config-if)# no snmp trap link-status
Disables SNMP LINKUP and LINKDOWN traps. Don't send SNMP traps when this interface goes up or down.
5800(config-if)# peer default ip address pool default
Use IP pool mechanism to allocate a peer IP address. The pool in this case is called "default". When the client requests an address, get the address from a local address pool called "default".
5800(config-if)# no cdp enable
Disables CDP. Turns off Cisco Discovery Protocol (CDP) on this interface.
5800(config-if)# ppp authentication pap callin USE-RADIUS
Defines the authentication protocol (PAP) to be used for authenticating incoming calls only. The USE-RADIUS list is defined in the AAA process. PPP clients must authenticate themselves using the Password Authentication Protocol. Authentication will be done using the method list called USE-RADIUS that was defined earlier.
5800(config-if)# ppp multilink
Configures the interface for multilink. Enable this interface to negotiate PPP multilink.
5800(config-if)# exit
Exits interface configuration mode to golobal configuration mode.
5800(config)# dialer-list 1 protocol ip permit
Defines all IP traffic as interesting. Configures dialer-list 1 to consider all IP traffic to be interesting.
interface dialer0 ip unnumbered loopback0 no ip directed broadcast encapsulation ppp no ip mroute-cache dialer in-band dialer idle-timeout 2700 dialer-group 1 ntp disable no snmp trap link-status peer default ip address pool default no cdp enable ppp authentication pap callin USE-RADIUS ppp multilink exit dialer-list 1 protocol ip permit
Administratively defined numeric group of available internet protocol (IP) network device identifier. Range of numeric IP addresses set aside for a specific allocation purpose, such as DHCP. As clients connect to the Network Access Server (NAS), they request and are assigned an IP address from the configured IP address pool.
The following requisites are significant considerations to identify before configuring an IP address pool.
The following Cisco IOS CLI script serves as a sample IP address pool configuration or setup.
5800(config)# ip dhcp-server x.x.x.x (if using dhcp) 5800(config)# ip local pool default 1.1.1.1 1.1.1.255 5800(config)# ip local pool default 1.1.2.1 1.1.2.255 5800(config)# ip local pool default 21.21.21.1 21.21.21.255 5800(config)# ip local pool 1 10.100.1.1 10.100.1.64 5800(config)# ip local pool 1 172.17.18.1 172.17.18.255
5800(config)# ip dhcp-server x.x.x.x (if using dhcp)
Defines the IP address for the DHCP server. IOS will query this particular DHCP server (instead of broadcasting on all interfaces) when it needs to get an address for a client from DHCP.
5800(config)# ip local pool default 1.1.1.1 1.1.1.255
Defines the IP address pool for network 1.1.1.0. The range is from 1 to 254 as 255 is a broadcast address. Configures a local address pool called "default" with addresses spanning 1.1.1.1 to 1.1.1.255.
5800(config)# ip local pool default 1.1.2.1 1.1.2.255
Defines the IP address pool for network 1.1.2.0. The range is from 1 to 254 since 255 is a broadcast address. Appends the address range 1.1.2.1 to 1.1.2.255 to the address pool called "default".
5800(config)# ip local pool default 21.21.21.1 21.21.21.255
Defines the IP address pool for network 1.1.2.0. The range is from 1 to 254 since 255 is a broadcast address. Appends the address range 21.21.21.1 to 21.21.21.255 to the address pool called "default".
5800(config)# ip local pool 1 10.100.1.1 10.100.1.64
Defines the IP address pool for network 1.1.2.0. Range is from 1 to 64. Configures a local address pool called "1" with the address spanning from 10.100.1.1 to 10.100.1.64.
5800(config)# ip local pool 1 172.17.18.1 172.17.18.255
Defines the IP address pool for network 1.1.2.0. The range is from 1 to 254 since 255 is a broadcast address. Appends the address range 172.16.18.1 to 172.17.18.255 to the address pool called "1".
ip dhcp-server x.x.x.x ip local pool default 1.1.1.1 1.1.1.255 ip local pool default 1.1.2.1 1.1.2.255 ip local pool default 21.21.21.1 21.21.21.255 ip local pool 1 10.100.1.1 10.100.1.64 ip local pool 1 172.17.18.1 172.17.18.255
Virutal Templates are used for cloning virtual-access interfaces for inbound calls.
The following requisites are significant considerations to identify before configuring a virtual template.
The following Cisco IOS CLI script serves as a sample virtual template configuration or setup.
5800(config)# interface virtual-template 1 5800(config-if)# ip unnumbered loopback0 5800(config-if)# no ip directed broadcast 5800(config-if)# no ip mroute-cache 5800(config-if)# ntp disable 5800(config-if)# no snmp trap link-status 5800(config-if)# ppp authentication pap callin USE-RADIUS 5800(config-if)# ppp multilink 5800(config-if)# exit
5800(config)# interface virtual-template 1
Defines the Virtual-Tempalte inteface used for cloning virtual-access interfaces.
5800(config-if)# ip unnumbered loopback0
Unnumbers the interface to the IP address of loopback 0 interface.
5800(config-if)# no ip directed broadcast
Disables the translation of directed broadcast to physical broadcasts. It drops the directed broadcasts destined for this subnet.
5800(config-if)# no ip mroute-cache
Turns off fast switching for multicast traffic.
5800(config-if)# ntp disable
Disables the processing of Network Time Protocol (NTP) on this interface.
5800(config-if)# no snmp trap link-status
Disables SNMP LINKUP and LINKDOWN traps. Don't send SNMP traps when this interface goes up or down.
5800(config-if)# ppp authentication pap callin USE-RADIUS
Defines the authentication protocol (PAP) to be used for authenticating incoming calls only. The USE-RADIUS list is defined in the AAA process. PPP clients must authenticate themselves using the Password Authentication Protocol. Authentication will be done using the method list called USE-RADIUS that was defined earlier.
5800(config-if)# ppp multilink
Configures the interface for multilink. Enables this interface to negotiate PPP multilink.
5800(config-if)# exit
Exits interface configuration mode to global configuration mode.
interface virtual-template 1 ip unnumbered loopback0 no ip directed broadcast no ip mroute-cache ntp disable no snmp trap link-status ppp authentication pap callin USE-RADIUS ppp multilink exit
Stack Group Bidding Protocol (SGBP) is a protocol used for configuring Multichassis Multilink PPP.
The following requisites are significant considerations to identify before configuring SGBP.
The following Cisco IOS CLI script serves as a sample SGBP configuration or setup.
5800(config)# username sg-group password anything 5800(config)# sgbp group sg-group 5800(config)# sgbp source-ip [loopback0 ip address] 5800(config)# sgbp member nas01 [nas01 loop0 ip] 5800(config)# sgbp member nas02 [nas02 loop0 ip]
5800(config)# username sg-group password anything
Defines the username and password for the sgbp stack group. Configures a shared secret for the SGBP group name that will be used to authenticate peers into the stack group.
5800(config)# sgbp group sg-group
Defines "sg-group" as the sgbp stack group name.
5800(config)# sgbp source-ip [loopback0 ip address]
Defines the source IP address for the sgbp stack. Forces the NAS to source the SGBP packets from the loopback0 interface.
5800(config)# sgbp member nas01 [nas01 loop0 ip]
Defines the sgbp member "nas01" and its IP address. Statically configures the peer, the name, and IP addresses of other peers in the stack group.
5800(config)# sgbp member nas02 [nas02 loop0 ip]
Defines the member "nas02" and its IP address. Statically configures the peer, the name, and IP addresses of other peers in the stack group.
username sg-group password anything sgbp group sg-group sgbp source-ip sgbp member nas01 sgbp member nas02
Virtual Private Dialup Network. The forwarding of PPP links from an Internet Service Provider (ISP) to a Home Gateway. L2TP and L2F are common options for tunneling protocol.
The following requisites are significant considerations to identify before configuring VPDN.
The following Cisco IOS CLI script serves as a sample VPDN configuration or setup.
5800(config)# vpdn enable 5800(config)# vpdn search-order dnis domain
5800(config)# vpdn enable
Enables vpdn on the router. Enables the processing of VPDN calls. VPDN calls are determined either by a special DNIS number or a special format to the username.
5800(config)# vpdn search-order dnis domain
Configures the order for searching different VPDN tunnel types. It looks for DNIS based tunnels first and then looks for DOMAIN based tunnels.
vpdn enable vpdn search-order dnis domain
Simple Network Management Protocol used for monitoring and managing network devices.
The following requisites are significant considerations to identify before configuring SNMP.
The following Cisco IOS CLI script serves as a sample SNMP configuration or setup.
5800(config)# snmp-server community public RO 5800(config)# snmp-server community private RW 5800(config)# snmp-server enable traps snmp 5800(config)# snmp-server enable traps envmon 5800(config)# snmp-server enable traps syslog 5800(config)# snmp-server host 9.9.9.9 public 5800(config)# snmp-server host 10.10.10.10 public
5800(config)# snmp-server community public RO
Enables SNMP and sets community string and access privileges for public to read-only. Allows users with the public community string to read-only.
5800(config)# snmp-server community private RW
Sets community string and access privileges for private to read-write. Allows users with the private community string to read and write.
5800(config)# snmp-server enable traps snmp
Enables SNMP traps.
5800(config)# snmp-server enable traps envmon
Enables SNMP environmental monitor traps. Sends an SNMP trap when the router detects an anomoly in the environmental conditions.
5800(config)# snmp-server enable traps syslog
Enables SNMP syslog traps. Sends traps to the syslog server.
5800(config)# snmp-server host 9.9.9.9 public
Specifies host 9.9.9.9 to receive SNMP notifications for public. Defines the SNMP server and community string.
5800(config)# snmp-server host 10.10.10.10 public
Specifies host 10.10.10.10 to receive SNMP notifications for public. Defines the SNMP server and community string.
snmp-server community public RO snmp-server community private RW snmp-server enable traps snmp snmp-server enable traps envmon snmp-server enable traps syslog snmp-server host 9.9.9.9 public snmp-server host 10.10.10.10 public
Virtual Profiles is a unique Point-to-Point application that can create and configure a virtual access interface dynamically when a dialin call is received, and tear down the interface dynamically when the call ends.
The following requisites are significant considerations to identify before configuring a virtual profile.
The following Cisco IOS CLI script serves as a sample virtual profile configuration or setup.
5800(config)# virtual-profile virtual-template 1 5800(config)# virtual-profile aaa
5800(config)# virtual-profile virtual-template 1
Enables virtual profiles by virtual interface template. Creates a virtual-access interface for every user that is connected to the access server. This is necessary when applying certain per-user attributes (such as timeouts).
5800(config)# virtual-profile aaa
Enables virtual profiles by AAA configuration. Allows the installation of per-user configurations specified by the interface-config attributes in a user's TACACS+/RADIUS profile.
virtual-profile virtual-template 1 virtual-profile aaa
A virtual template from which the specified Multilink PPP bundle can clone its interface parameters.
The following requisites are significant considerations to identify before configuring a multilink virtual template.
The following Cisco IOS CLI script serves as a sample multilink virtual template configuration or setup.
5800(config)# multilink virtual-template 1 5800(config)# multilink bundle-name both
5800(config)# multilink virtual-template 1
Defines a virtual template used to clone parameters for a virtual access interface for Multilink PPP. Allows the virtual-access interface for a user to clone form the virtual-template interface in case there is no physical/dialer interface to clone from. This is necessary on all stack group members.
5800(config)# multilink bundle-name both
Uses peer's authenticated name and endpoint discriminator for naming multilink bundles. Sets the router to uniquely identify this multilink session through a combination of the authentication username and the endpoint discriminator. This is necessary when multiple users are dialing in with the same username.
multilink virtual-template 1 multilink bundle-name both
V.120 dedicated PPP Dialin.
N/A
The following Cisco IOS CLI script serves as a sample V.120 configuration or setup.
5800(config)# interface s 1/0/0:1:23 5800(config-if)# autodetect encapsulation v120 ppp 5800(config-if)# line vty 5 20 5800(config-line)# transport input v120 5800(config-line)# login authentication USE-RADIUS 5800(config-line)# authorization exec USE-RADIUS 5800(config-line)# exit 5800(config)#
5800(config)# interface s 1/0/0:1:23 5800(config-if)# autodetect encapsulation v120 ppp
Configures the router to automatically switch between ISDN PPP users and ISDN V.120 users. Creates new vty's for V.120 users to start on.
5800(config-if)# line vty 5 20
Creates new vty's for V.120 users to start on.
5800(config-line)# transport input v120
Only allows V.120 users to connect to this vty.
5800(config-line)# login authentication USE-RADIUS
Configures EXEC authentication on this line to use the method list called USE-RADIUS that was defined earlier.
5800(config-line)# authorization exec USE-RADIUS
Configures EXEC authorization on the line to use the method list called USE-RADIUS that was defined earlier.
5800(config-line)# exit
Exits line configuration mode to global configuration mode.
interface s 1/0/0:1:23 autodetect encapsulation v120 ppp line vty 5 20 transport input v120 login authentication USE-RADIUS authorization exec USE-RADIUS exit
A technology used to transport voice traffic over the Internet using the existing IP network infrastructure. Refer to the following URL for sample configurations and command line descriptions.
These following parameters are defined in global configuration mode on the router.
N/A
The following Cisco IOS CLI script serves as sample configurations or setups for global parameters.
5800(config)# service timestamps debug datetime msec localtime 5800(config)# service timestamps log datetime msec localtime 5800(config)# service password-encryption 5800(config)# hostname [name of your nas] 5800(config)# enable secret thisissecret 5800(config)# clock timezone EST - 5 5800(config)# clock summer-time EDT recurring 5800(config)# ip subnet-zero 5800(config)# no ip source-route 5800(config)# async-bootp dns-server x.x.x.x 5800(config)# ntp server x.x.x.x prefer 5800(config)# ntp server y.y.y.y
5800(config)# service timestamps debug datetime msec localtime
Turns on milisecond timestamps for debugs. The debugs are printed with a date and time in milisecond timestamps. Enables debugs to be timestamped with millisecond resolution. This is critical to have when sending in debug traces to the TAC.
5800(config)# service timestamps log datetime msec localtime
Turns on milisecond timestamps for log messages. Log messages are printed with a date and time in milisecond timestamps. Enables log messages to be timestamped with millisecond resolution. This is critical to have when sending in debug traces to the TAC.
5800(config)# service password-encryption
Turns on service password encryption so the passwords defined on the router are encrypted when displayed in the running and startup config. Enables "light" encryption of passwords.
5800(config)# hostname [name of your nas]
Defines the hostname for the router. Changes the hostname of the router.
5800(config)# enable secret thisissecret
Configures a cryptographically strong version of the password used to gain enable access to the router.
5800(config)# clock timezone EST - 5
Sets the clock with the appropriate timezone. Sets the timezone and clock offset from GMT time.
5800(config)# clock summer-time EDT recurring
Configures recurring summer (daylight savings) time. Sets the clock to adjust for daylight savings time.
5800(config)# ip subnet-zero
Allows `subnet zero' subnets. Allows the router to use subnet zero.
5800(config)# no ip source-route
Disables processing of packets with source routing header options.
5800(config)# async-bootp dns-server x.x.x.x
Sets DNS nameservers. Configures the DNS server the router responds with when dealing with PPP clients that implement RFC1877.
5800(config)# ntp server x.x.x.x prefer
Configures NTP server and prefers this peer when possible.
5800(config)# ntp server y.y.y.y
Configures NTP server. Configures the router to sync to the NTP server at y.y.y.y.
service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption hostname [name of your nas] clock timezone EST - 5 clock summer-time EDT recurring ip subnet-zero no ip source-route async-bootp dns-server x.x.x.x ntp server x.x.x.x prefer ntp server y.y.y.y
Finishing up the router configurations and getting the router ready for operational mode.
N/A
The following Cisco IOS CLI script serves as a sample finalized operational configurations or setups.
5800(config)# no logging console
5800(config)# line con 0
5800(config)# login authentication CONSOLE
5800(config)# exec-timeout 0 0
5800(config)# line vty 0 4
5800(config)# exec-timeout 0 0
5800(config)# login authentication LOCAL
5800(config)# exit
5800#
5800(config)# no logging console
Turns off console logging so messages do not appear on the router console. Prevents debug messages to be sent to the console. Flooding of debug messages on the console will have an operational impact on the router.
5800(config)# line con 0
Enters console configuration mode.
5800(config)# login authentication CONSOLE
Sets the login authentication for console access. The method list CONSOLE is defined in the global AAA process. User will be prompted for a username and password when attempting console access. Configures EXEC authentication on this line to use the method list called CONSOLE that was defined earlier.
5800(config)# exec-timeout 0 0
Sets the EXEC timeout for the console to indefinite. Disables the idle timeout for EXEC sessions on this line.
5800(config)# line vty 0 4
Enters virtual terminal line configuration mode. These lines are used for Telneting to the router.
5800(config)# exec-timeout 0 0
Sets the EXEC timeout to indefinite. Disables the idle timeout for EXEC sessions on this line.
5800(config)# login authentication LOCAL
Sets the login authentication under the virtual terminal lines. The method list LOCAL is defined in the global AAA process. Configures EXEC authentication on this line to use the method list called LOCAL that was defined earlier.
5800(config)# exit
Exits global configuration mode to privileged EXEC mode.
5800#
Privileged EXEC mode prompt.
no logging console line con 0 login authentication CONSOLE exec-timeout 0 0 line vty 0 4 exec-timeout 0 0 login authentication LOCAL exit
Access lists are defined on the router to control the flow of incoming and outgoing traffic. Access lists define the kind of traffic permitted and denied.
Route summarization is used to summarize the routes advertised to other routers in the network. Routes are normally summarized to classful boundaries.
Show commands are used to look at various information and statistics on the router.
Debug commands are used for isolating and troubleshooting problems on the router. If something is not working on the router, use debug commands to find the cause of the problem.
Posted: Sat Sep 23 23:11:59 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.