|
|
This chapter describes how to configure IP routing for each interface and sub-interface. To configure IP filters, see the IP, IP Filter, and IP Route Filter sections in the Cisco VPN 5000 Concentrator Series Command Reference Guide.
Sub-interfaces allow you to have separate subnets connecting to the same physical port, allowing you to maximize your ports and bandwidth.
To configure the IP section for a sub-interface, use the following syntax to enter the sub-interface number along with the slot and port:
configure IP Ethernet port.sub-interface
For example:
configure IP Ethernet 0.1
The primary interface is sub-interface 0, which you do not have to specify in syntax. For example:
configure IP Ethernet 0
To turn on IP routing, follow these steps:
| Command | Purpose | |
|---|---|---|
Step 1 | configure IP Ethernet port | Identifies the port for which you want to enable routing. You enable routing for all sub-interfaces. |
Step 2 | Mode = Routed | Turns on routing. |
To set an IP address:
| Command | Purpose | |
|---|---|---|
Step 1 | If you have not already entered the IP section, enter: configure IP Ethernet port[.sub-interface] | Specifies the port for which you want to configure IP. |
Step 2 | IPAddress = IP_Address | Specifies the interface IP address. |
Step 3 | SubnetMask = IP_Address | Specifies the interface subnet mask. |
Step 4 | IPBroadcast = IP_Address | (Optional) Specifies the interface broadcast address. If you do not set a broadcast address, the system derives one from the IP address and subnet mask you entered. |
The default gateway is the router IP address to which the concentrator sends all IP packets for which it does not have a route. To configure the default gateway, follow these steps:
edit config IP Static
 |
Note The edit config text editor allows you to add lines to the configuration exactly as entered. Unlike the configure configuration editor used elsewhere in this guide, you do not enter keywords and values. |
Step 2 Enter:
append 1
Adds a line after the section name and changes the prompt to Append>.
Step 3 (Optional) Add a comment by starting the line with a pound sign (#), and press the Enter key at the end of the comment to go to a new line.
Step 4 Enter the default route:
0.0.0.0 0.0.0.0 {Gateway | VPN VPN_port_number} Metric
The destination and mask of 0.0.0.0 are wild cards that indicate that any packet that is not routed according to the routing table is sent to the Gateway address or through the specified Port.
| Option | Description |
|---|---|
Gateway | The address on the upstream router. |
VPN VPN_port_ | The port name for a VPN LAN-to-LAN connection where you do not need to specify the other end's IP address. |
Metric | A value between 1 (recommended) and 15 that specifies the distance or cost to the destination address. A route with a lower metric supersedes a competing route, for example one learned through a routing protocol. The metric loosely corresponds with the number of hops to the destination. You can artificially inflate or deflate the cost for a route. For example, if there is more than one route to a destination, but the route with the shortest number of hops is over a slow WAN link, you can add a non-WAN route with a deflated metric to supersede the slow WAN route. |
Step 5 Press the Enter key to go to a new line, enter a period (.) and press Enter.
Step 6 Enter the following command to exit the editor and save your changes:
exit
Use quit to exit the editor without making any changes.
IP routing protocols create and update routing tables that tell routers where to send a particular packet. For the VPN 5001 concentrator, a dynamic routing protocol:
You can specify the following protocols:
If you do not use a routing protocol, configure static routes using the steps in the "Configuring Static Routes" section.
For Ethernet 1, do not specify a protocol because it cannot send or accept routing protocol packets.
You can only apply a dynamic routing protocol to the primary interface and not to individual sub-interfaces. For example, if you apply OSPF to Ethernet 0, then OSPF is also active on Ethernet 0.1 and Ethernet 0.2.
Gateways and routers that support RIP send routing-update messages at regular intervals and when the network topology changes. These RIP packets contain information about the networks that the routers and gateways can reach, as well as the number of routers/gateways that a packet must travel through to reach the destination address. RIP generates more traffic than OSPF, but is easier to configure initially.
| Command | Purpose | |
|---|---|---|
Step 1 | If you have not already entered the IP section, enter: configure IP Ethernet 0 | Specifies the primary interface for which you want to configure RIP. You cannot specify a sub-interface. |
Step 2 | RIPVersion = {V1 | V2}
|
Use RIP V2 unless a neighboring router uses V1, in which case all routers should use V1. |
To learn more about these and other settings, see the IP section in the Cisco VPN 5000 Concentrator Series Command Reference Guide.
OSPF uses a link-state algorithm to build and calculate the shortest path to all known destinations. Each router in an OSPF area contains an identical link-state database, which is a list of each router's usable interfaces and reachable neighbors.
The advantage of OSPF over RIP is OSPF link-state database updates are sent less frequently than RIP updates, and the link-state database is updated instantly rather than gradually as stale information is timed out.
Also, routing decisions are based on "cost," which is an indication of the overhead required to send packets across a certain interface. The cost of an interface is calculated based on link bandwidth rather than the number of hops to the destination. The cost can also be configured to specify preferred paths.
The disadvantage of shortest path first algorithms is that they require a lot of CPU cycles and memory.
To enable and configure OSPF, see the IP section and the OSPF Area section in the Cisco VPN 5000 Concentrator Series Command Reference Guide. See the OSPF Virtual Link section to configure a virtual link, which is the only way to allow an area that is not contiguous to the backbone area (area 0) to operate.
If you do not use a dynamic routing protocol to learn and propagate routes, use static routes. You might want to use static routes if:
On the concentrator, you need to identify routes for all networks the concentrator needs to reach, for example, all networks that VPN clients need to reach. You might also need to set up static routes on neighboring routers to inform them of the path to the VPN client networks identified by the LocalIPNet in the VPN group section. You do not need to identify the VPN client network if you use StartIPAddress. See "Configuring VPN Groups," for more information.
The simplest option is to use only the default route for all traffic, relying on the default gateway to route the traffic for you. However, this approach is not as efficient as explicit static routes.
To configure static routes, follow these steps:
edit config IP Static
|
Note The edit config text editor allows you to add lines to the configuration exactly as entered. Unlike the configure configuration editor used elsewhere in this guide, you do not enter keywords and values. |
Step 2 Enter:
append $
Adds a line at the end of the section and changes the prompt to Append>.
Step 3 (Optional) Add a comment by starting the line with a pound sign (#), and press the Enter key at the end of the comment to go to a new line.
Step 4 Enter the static route:
Destination Mask {Gateway | VPN VPN_port_number} Metric [Redist={RIP |
OSPF1 | OSPF2 | none}]
| Option | Description |
|---|---|
Destination | The IP address for the destination network in dotted decimal notation. |
Mask | The subnet mask for the Destination address. |
Gateway | The IP address of the upstream router responsible for this network. |
VPN VPN_port_ | The port name for a VPN LAN-to-LAN connection where you do not need to specify the other end's IP address. |
Metric | A value between 1 (recommended) and 15 that specifies the distance or cost to the destination address. A route with a lower metric supersedes a competing route, for example one learned through a routing protocol. The metric loosely corresponds with the number of hops to the destination. You can artificially inflate or deflate the cost for a route. For example, if there is more than one route to a destination, but the route with the shortest number of hops is over a slow WAN link, you can add a non-WAN route with a deflated metric to supersede the slow WAN route. |
Redist | Indicates whether this static route should be redistributed using a routing protocol, enabling other routers to use the concentrator as the gateway for packets with the static route's destination address. Do not enter a spaces around the equals sign in Redist=value.
|
For example, the following route sends all traffic destined for the 167.56.7.0 network to the router IP address 189.5.6.1:
167.56.7.0 255.255.255.0 189.5.6.1 1 Redist=RIP
Step 5 To enter additional routes, press the Enter key to go to a new line.
Step 6 After entering the last route, press the Enter key to go to a new line, enter a period (.) and press Enter.
Step 7 Enter the following command to exit the editor and keep your changes:
exit
Use quit to exit the editor without making any changes.
Posted: Wed Sep 27 09:57:26 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.