|
|
This chapter describes how to set basic system parameters.
The default password is letmein. This password provides normal and enabled access. Normal access allows you to use commands to view tables and statistics, but not to make changes to the configuration. Enabled access allows you to make and save changes to the configuration.
Change the default password and system name by entering these commands:
| Command | Purpose | |||
|---|---|---|---|---|
Step 1 | configure General | Allows you to configure the General section.
| ||
Step 2 | Password = string | Sets the normal password, up to 8 characters. | ||
Step 3 | EnablePassword = string | Sets the supervisor password, up to 8 characters. | ||
Step 4 | DeviceName = string | Sets the device name, up to 32 characters. |
In IP routing, a Domain Name Server (DNS) resolves names to IP addresses. For the concentrator, the DNS allows it to use domain names instead of IP addresses for RADIUS servers, SecurID servers, or for hosts to ping or telnet to. To identify a DNS for a VPN group's remote users, see "Configuring VPN Groups."
To identify the DNS for the concentrator only, follow these steps:
| Command | Purpose | |
|---|---|---|
Step 1 | configure Domain Name Server | Allows you to configure the Domain Name Server section. |
Step 2 | PrimaryServer = IP_address | The primary DNS IP address. |
Step 3 | SecondaryServer = IP_address | (Optional) A secondary DNS in case the primary is unavailable. You can enter up to two secondary servers. |
Many commands require the concentrator to have a valid time and date set. You can set the time manually, or you can use a time server. If you set the time manually, every time you save, reboot, or lose power, you have to reset the time. A time server automatically supplies the time after a reboot.
To set the time manually, enter:
sys clock mm/dd/yyyy hh:mm
A time server automatically supplies an accurate time to the system. If you have a time server on your IP network, identify it using the following commands:
| Command | Purpose | |
|---|---|---|
Step 1 | configure Time Server | Allows you to configure the Time Server section. |
Step 2 | Enabled = On | Enables using a time server. |
Step 3 | TimeProtocol = {Timed | SNTP}
| The default is Timed. Unix servers usually use the Timed protocol, and Windows servers usually use SNTP. |
Step 4 | BindTo = {Ethernet | WAN}
slot:port[.subinterface]
| Specifies which interface's IP address the concentrator uses as a source address for all packets sent to the time server. |
Step 5 | ServerAddress = IP_address | The primary server address. |
Step 6 | BackupAddress = IP_address | (Optional) The backup server address. |
Step 7 | Adjust = [-]number | Adjusts the time from Greenwich Mean Time (GMT) in minutes. The following values apply for U.S. time zones: PST: -480 |
By default, the system logs configuration, error, and debug information into an internal buffer. If you restart the system, the buffer is cleared. To view the buffer, enter:
show system log buffer [n]
Where n is the last number of lines of the log. If you do not specify n, the entire log displays.
When the buffer fills up, the log is overwritten with new data.
By default, the system logs all Notice events and lower. To change the logging parameters, such as the logging level and where to send the log, enter the Logging section:
configure Logging
Once in the Logging section, you can configure the following attributes:
| Action | Command | Description | ||
|---|---|---|---|---|
Change the logging level. | level = {n (1-7) |
emergency | alert |
critical | error |
warning | notice |
info | debug}
| Where n corresponds to the level, for example, 1 is the same as alert. The log includes all events at the specified level and below, for example, 4 includes levels 0 through 4. See Table 3-2 for level descriptions. | ||
Send log messages to the Console port. | LogToAuxPort = On | You can view log messages in real time on your console.
| ||
Send log messages to a syslog daemon on another host on your network. | LogToSysLog = On | A syslog daemon is a UNIX application that handles requests across the network. | ||
SyslogFacility = Local0 | Local1 | Local2 | Local3 | Local4 | Local5 | Local6 | Local7} | Sets the syslog facility to which the system sends remote log messages. | |||
SyslogIPAddress = IP Address | Specifies the IP address of the remote syslog daemon. | |||
Disable logging for certain ports. | DisabledPorts =
{Ethernet | WAN}
slot:port [{Ethernet |
WAN} slot:port] [...]
|
|
Messages are labeled with one of the following categories:
| Level Name | Level Number | Description |
|---|---|---|
Emergency | 0 | You receive logging information only when the system is unusable. These log messages help indicate the source of the problem. |
Alert | 1 | Requires immediate attention. |
Critical | 2 | Indicates a serious problem. |
Error | 3 | Reports exception cases pertaining to violations of protocols or other operational rules. Violations might include illegal packets and improper command syntax. |
Warning | 4 | Reports problems which may need a response. Examples include network number conflicts and resource allocation problems. If Warning messages are repeated, they require a response. |
Notice | 5 | Reports information that might be useful on a day-to-day basis by an administrator but generally does not require any response. Examples include login/logout, serial line resets, and LAN-to-LAN connections. |
Info | 6 | Reports routine information, such as WAN network connect and disconnect messages. |
Debug | 7 | Reports every action of the device and is the best setting for troubleshooting. |
The Ethernet interface automatically senses 10BaseT or 100BaseT, and full or half duplex if you cabled the Ethernet port at startup. Otherwise, the port defaults to 10BaseT and half duplex. If the autosensing is not working, enter the Ethernet Interface section by entering:
configure Ethernet Interface Ethernet port
Once in the Ethernet Interface section, you can configure the following parameters:
| Action | Command | Description |
|---|---|---|
Set the protocol to 10BaseT or 100BaseT. | Speed = {10meg |
100meg}
| Sets the protocol if autosensing fails. Set the value required by your switch or hub. |
Set the duplex mode to full or half duplex. | Duplex = {Full | Half}
| Sets the duplex mode if autosensing fails. Set the value required by your switch or hub. |
The concentrator reads the configuration in a hierarchical manner. If you configure a parameter value in a port-specific configuration section, the concentrator uses that value. If the concentrator does not find that value, it looks for the value in a default section you defined. If the concentrator still does not find a parameter, the concentrator uses the default value from the software.
For allowed default sections and keywords, see the Cisco VPN 5000 Concentrator Series Command Reference Guide.
For example, to determine the value for RipOut (outgoing RIP) for Ethernet interface 0, the concentrator first looks for a RipOut parameter in the following text configuration file section:
[ IP Ethernet 0 ]
If not found, it searches the following sections in order:
[ IP Ethernet 0 Default ] [ IP Ethernet Default ] [ IP Default ]
If the RipOut parameter is not found in any of these sections, the concentrator uses the default value from the software.
The benefit of using a default section is to set, in one place, values used by multiple interfaces. For example, if all IP interfaces use RIP, you can enter:
device# configure IP Default [ IP Default ]# RIPVersion = V2
You then do not need to enter the RIPVersion keyword in any other IP section, except to override it.
In some cases, creating a default section might be all you need to configure. For example, to allow IPX routing on all Ethernet ports, the following commands may be all you need:
device# configure IPX Ethernet Default [ IPX Ethernet Default ]# mode = routed
Similarly, to make sure IPX routing is off on all ports, enter:
device# configure IPX Default [ IPX Default ]# mode = off
The Tunnel Partner VPN Default section is special because it allows you to terminate LAN-to-LAN tunnels without configuring a section for each tunnel. See the "Configuring a Generic Tunnel Partner" section for more information.
Posted: Wed Sep 27 10:03:14 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
