|
|
This chapter provides information about configuring the Cisco 677 asymmetric digital subscriber line (ADSL) Discrete Multi-Tone (DMT) router.
| Configuration Procedures | Page Number |
|---|---|
3-2 | |
3-4 | |
3-9 | |
3-10 | |
3-13 | |
3-14 | |
| 3-14 3-15 3-15 3-16 3-16 3-18 3-19 3-22 3-24 |
3-25 | |
3-25 | |
3-26 | |
3-26 | |
3-27 | |
3-28 |
After connecting all the Cisco 677 cables, powering on the Cisco 677, and starting the terminal emulation program (see the "Setting Up the Cisco 677 Hardware Environment" section), press the Enter key until the CBOS login screen appears. When you see the welcome screen, you can log on to CBOS.
Hello!CBOS v2.0.1User Access VerificationPassword:
After you log on to CBOS and before proceeding any further with your configuration process, check the version of the CBOS to verify that the version number and date reflect the most recent firmware update:
cbos# show version
If the CBOS version is earlier than 2.2.0, get the latest version from your service provider or from Cisco. See the Trivial File Transfer Protocol (TFTP) command in "TFTP Server" section, for more information on how to update the Cisco 677 firmware.
The CBOS implements two operational modes: exec and enable. CBOS defaults to exec mode when you log in. The exec mode grants program execution (read-only) privileges to a user. To read or write changes to nonvolatile random-access memory (NVRAM), you must work in enable mode. Follow the steps below to invoke the enable mode:
Step 1 Type enable at the exec mode command line:cbos> enable
Step 2 Enter a password when CBOS prompts you:cbos> enablePassword:
You are now in enable mode. The system prompt appears:
cbos#
The CBOS supports two kinds of connection modes: bridging and routing. Routing mode has two options: Configurationless Provisioning (default) and Manual Provisioning.
When the Cisco 677 operates in bridge mode, it behaves like a wire connecting a local PC directly to a service provider's network. Bridge data is encapsulated using the RFC 1483 or PPP (BCP) protocol to enable data transport. Because bridges operate at a Media Access Control (MAC) layer only, applications requiring IP communication, such as Telnet, Trivial File Transfer Protocol (TFTP), Remote Access Dial-In User Service (RADIUS), Syslog, Ping, and the web interface, are not available unless a management VC is configured.
Cisco currently supports a learning bridge mode. The virtual path identifier/virtual channel identifier (VPI/VCI) configuration of the Cisco 677 is unaffected by the operational mode (bridging versus routing) of the device.
Cisco also provides two methods of configuring and managing the bridged Cisco 677, through in-band bridging management or through a separate management VC. The two methods cannot be used simultaneously. If a separate management VC is used, the Cisco 677 can only be managed remotely through wan0-1 and not from the local network.
With RFC 1483 management enabled, you can manage the router using telnet. The following commands are accessible through the managed bridge:
The following procedure shows how to set up the Cisco 677 for in-band bridging management.
Step 1 To enable RFC 1483 bridging, enter:
set bridging rfc1483 enabled
Step 2 To save your changes, enter:
write
Step 3 To reboot the device, enter:
reboot
Step 4 To enable in-band management of the bridge, enter:
set bridging management enabled <Enter>
set int eth0 ip ip address
The IP address of the Ethernet port should be an IP address on the same network as that of the "far-end" station.
Step 5 To enable the Cisco 677 to direct management traffic to the far-end station, enter:
set route default wan0-0 <Enter>
set route default ip ip address
The default IP address should be the IP address of the far-end station that is used to telnet to the router.
Step 6 To save your changes enter:
write
Step 7 To enable your changes, reboot the router:
reboot
To manage the bridged Cisco 677 using a separate management VC, follow these steps:
Step 1 To disable in-band bridging management, enter:
set bridging management disabled
Step 2 To enable bridging PVC, enter:
set bridging PVC enabled
Step 3 To save your changes, enter:
write
Step 4 To reboot the device, enter:
reboot
After rebooting, the Cisco 677 will have two PVCs enabled. Wan0-0 is used strictly for bridged traffic, while wan0-1 is used strictly for management traffic. Wan0-1 will be using RFC 1483 routing.
Step 5 Set an IP address on the Ethernet port that is on the same network as the far-end station out the wan0-1 interface:
set int eth0 ip ip address
Step 6 Set the default route of the Cisco 677 to wan0-1:
set route default wan0-1
For more information on using the set bridging command, see the Cisco Broadband Operating System User Guide.
The rules that govern the bridge command are:
If you choose bridging as your connection mode, see also the following sections:
Three Cisco 677 applications compose the configurationless provisioning feature: DHCP client, DHCP server, and Network Address Translation (NAT). With these applications enabled, you can use the Cisco 677 without following the procedures described in this chapter such as "Bridging Mode Procedures" section or "Configure the WAN Ports and ATM Virtual Connections" section. See the following section to enable configurationless provisioning.
Step 1 Enable the DHCP client:
set dhcp client enabled
Step 2 To check whether this feature is enabled, enter the following command:
show dhcp client
Step 3 Enable the DHCP server:
set dhcp server enabled
Step 4 To check whether this feature is enabled, enter the following command:
show dhcp server
Step 5 Enable NAT:
set nat enabled
Step 6 To check whether this feature is enabled, enter the following command:
show nat
Step 7 Write the changes to NVRAM:
write
Step 8 Reboot the Cisco 677:
reboot
When the Cisco 677 reboots, configurationless provisioning is enabled.
Step 1 Disable the DHCP client:
set dhcp client disabled
Step 2 Disable the DHCP server:
set dhcp server disabled
Step 3 Disable NAT:
set nat disabled
Step 4 Write the changes to NVRAM:
write
Step 5 Reboot the Cisco 677:
reboot
Use the commands below to change the components of configurationless provisioning:
For a complete description of each of these commands, see the Cisco Broadband Operating System User Guide.
If you disable Configurationless Provisioning, see the following steps for manual provisioning: from the "Configure the Ethernet Port (eth0)" section through the "Evaluate System Activity and Performance" section.
To configure the Ethernet port, you must assign an IP address and netmask to the port. Follow the steps below to configure your IP address and your netmask. When setting the IP address of a particular interface, the netmask is set automatically unless it is explicitly specified. Substitute your own IP address for the ones shown in steps 2 through 4.
You must be in the enabled mode to do this procedure:
Step 1 Log on to the CBOS (cbos#) using the serial connection.
Step 2 To set the IP address (and your netmask), follow this example of a sample command:
set interface eth0 address 192.168.34.9
The IP address becomes 192.168.34.9 and the netmask becomes 255.255.255.0 by default. If you wish to explicitly set the netmask, enter:
set interface eth0 mask 255.255.255.248
Step 3 To set the destination IP address for the WAN port, enter:
set interface wan0-0 dest 192.168.34.10
Step 4 To save your changes, enter:
write
Step 5 To allow the system to come up with these new settings, reboot the Cisco 677:
reboot
Step 6 Log back on to the CBOS to continue.
For more detailed information on the set interface command, see the Cisco Broadband Operating System User Guide.
The Cisco 677 has two types of WAN ports: physical (wan0) and logical (wan0-x). The physical WAN port connects the Cisco 677 to the wide area network. The logical WAN port or ports allow you to create virtual WAN connections for plural destinations. To configure logical WAN ports, you must provision ATM virtual connections. The instructions for each are shown below.
The Cisco 677 automatically trains up to the ideal line speed. By default, the Cisco 677 is provisioned with rates of 8.032 Mbps downstream and .832 Mbps upstream. The maximum operative rate is determined by the Central Office ADSL equipment.
On the Cisco 677, the WAN0 port is always ready to send and receive network traffic.You may need to define an ATM virtual connection (VC) when communicating across an ATM network. There are two types of ATM connections:
Because the Cisco 677 connects to the Cisco 6xxx series, the subscriber side VPI/VCI settings are not seen by the ATM network. All subscriber side VCs use VPI 1 by default.
Cisco 677 comes preconfigured with one VC already established. Each VC is expressed as WAN0-x, where x is a number between zero and three.
To set the maximum number of VCs, entercbos# set interface wan0 maxvcs n
| VPI <count> | VPI Range | VCI Range |
|---|---|---|
1 | 0 | 0..255 |
2 | 0..1 | 0..127 |
4 | 0..3 | 0..63 |
8 | 0..7 | 0..31 |
Step 1 To set the VPI number to 2, enter:
set interface wan0-1 vpi 2
Step 2 To begin using this connection with the new settings, enter:
set interface wan0-1 open
Step 3 Repeat steps 1 and 2 for every VPI assignment you want to make.
Step 4 To save the new WAN port configuration, enter:
write
Step 5 To exit the CBOS, enter:
quit
Step 1 To set the VCI number to 4, enter:
set interface wan0-0 vci 4
Step 2 To begin using this connection with the new settings, enter:
set interface wan0-0 open
Step 3 Repeat steps 1 and 2 for every VCI assignment you want to make.
Step 4 To save the new WAN port configuration, enter:
write
Step 5 To exit the CBOS, enter:
quit
For more information on configuring VPI/VCI address mapping, see the Cisco Broadband Operating System User Guide.
In order to pass data through a network and onto the Internet or wide area network, you might need to add the IP address(es) of gateway(s) to the routing table. Follow the instructions below to build a routing table manually by adding or deleting entries in the table.
Step 2 To add a route and specify a netmask, gateway, or metric, enter:
set route add ip 192.168.10.0 mask 255.255.255.0
gw 192.168.245.228 metric 1
Step 3 To set a default route, enter:
set route default 192.168.245.228
Step 5 To save your changes, enter:
write
Step 6 To exit the CBOS, enter:
quit
For more information on using the set route command, see the Cisco Broadband Operating System User Guide.
To enable RIP and RIP2 in the CBOS, enter:
set rip enabled
To disable RIP, enter:
set rip disabled
For more information on using the set rip commands, see the Cisco Broadband Operating System User Guide.
The Cisco 677 supports up to 10 filters for TCP and UDP packets passing through the Cisco 677's interfaces. Enabled filters are applied to packets in sequential order according to filter number.
To use filtering to block all packets going through the Ethernet interface, enter:
set filter 0 on deny eth0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
For more information on using the set filter command, see the Cisco Broadband Operating System User Guide.
The Cisco 677 supports several applications for management and control of the system. These applications include:
Step 1 Enable the DHCP client:
set dhcp client enabled
Step 2 To check whether this feature is enabled, enter the following command:
show dhcp client
Step 3 Write the changes to NVRAM:
write
Step 4 Reboot the Cisco 677:
reboot
For more information on using DHCP clients, see the set dhcp client commands.
Step 1 Enable the DHCP server:
set dhcp server enabled
Step 2 To check whether this feature is enabled, enter the following command:
show dhcp server
Step 3 Write the changes to NVRAM:
write
Step 4 Reboot the Cisco 677:
reboot
For more information on using DHCP servers, see the set dhcp server series of commands in Cisco Broadband Operating System User Guide.
The NAT application converts IP addresses on a private network (designated as "inside" or "LAN") to global IP addresses that can forward packets to another registered network (designated as "outside" or "WAN"). Follow these steps to enable NAT:
Step 1 Enable NAT:
set nat enabled
Step 2 To check whether this feature is enabled, enter:
show nat
Step 3 Write the changes to NVRAM:
write
Step 4 Reboot the Cisco 677:
reboot
For more information on using NAT, see the set nat series of commands in Cisco Broadband Operating System User Guide.
RADIUS authenticates users for access to a network. The RADIUS server uses an authentication scheme, such as PAP, to authenticate incoming messages from RADIUS clients. When a password is present, it is hidden using a method based on the RSA Message Digest Algorithm MD5 [1].
The Cisco 677 has been successfully tested for compatibility with the following RADIUS server providers:
The following examples assume that the Cisco 677 is connected to a network equipped with a RADIUS server:
set radius enabled
RADIUS is enabled
set ppp wan0-0 radius enabled
set ppp wan0-0 login cisco
set ppp wan0-0 password is_great
Use the show radius command to display the Cisco 677's default configuration for RADIUS.
For more information on RADIUS commands, see the Cisco Broadband Operating System User Guide.
SYSLOG logs significant system information to a remote SYSLOG server for processing without requiring large amounts of local storage or local processing.
Using the CBOS, the Cisco 677 allows you to specify a remote server for logging system messages. Cisco supports the following levels of severity:
The messages are similar to the standard Berkley Software Distribution (BSD)-style severity levels for SYSLOG; however, they do not include None and Mark. To configure your SYSLOG daemon to receive Cisco SYSLOG messages, modify the /etc/syslog.conf configuration file (remember to use tabs, not spaces). Many systems, such as Linux and FreeBSD, have SYSLOG set up by default.
The following /etc/syslog.conf configuration file entry enables all messages for Info severity levels and above:
*.info /var/log/messages
To enable only alarm messages and above, enter the following in /etc/syslog.conf:
*.alarm /var/log/messages
Be sure your UNIX syslogd daemon accepts remote reception (network messages). Some processes may need to be killed and restarted with a -r option. Using the man syslog command to view the online UNIX manuals for information about the SYSLOG daemon.
To use SYSLOG, simply enter the following at your CBOS prompt:
set syslog remote IPaddress of remote server
Windows does not have a SYSLOG client. If you want to utilize SYSLOG on a Windows 95, Windows 98, or Windows NT system, you must install a SYSLOG client from a third-party vendor onto your system. One way to locate a SYSLOG client is to use an Internet search engine to locate a vendor who sells a SYSLOG client. Some SYSLOG clients are provided as share or freeware on the Internet.
Cisco has proven compatibility with the following third-party products:
For more information on SYSLOG commands, see the Cisco Broadband Operating System User Guide.
Telnet provides a command-line interface and is used as a means of providing remote login connections between machines on many networks, including the Internet.
 | Caution Before closing a Telnet connection, always enter exit or quit at the cbos# prompt. |
Use the telnet daemon to connect to CBOS and configure and operate the Cisco 677.
Step 1 Click Start.
Step 2 Select the Run... option.
Step 3 When the Run box appears, enter telnet in the space provided.
Step 4 Click OK. The Connect menu appears.
Step 5 Select the Remote System... option from the Connect menu. The screen shown in Figure 3-1 appears.
Step 6 Enter the IP address of the Cisco 677 in the Host Name box and click Connect. The system then initiates a session with the Cisco 677. Press the Enter key three or four times to establish a connection.
Step 7 Provide the exec user password information. After the system authenticates your password, you have access to the CBOS.
Windows' Telnet client does not support NVT (Network Virtual Terminal) or any extra form of option negotiation. However, if you are going to use the Windows Telnet client, follow these steps to set your terminal settings.
Step 1 When the Telnet window appears, access the Preferences menu in Telnet by selecting Preferences from the Terminal drop-down menu. (See Figure 3-2.)
Step 2 Set the terminal settings on the Terminal Preferences menu to the values shown in Figure 3-3.
If you try to run Linux without installing the Term/Termcap database, the message BAD ADDRESS displays during a connection attempt. To install the Term/Termcap database, check the original Linux installation disks.
Step 1 Enter the following at your prompt:
telnet IP address of Cisco 677
After you have connected to the Cisco 677, the following information appears on your terminal:
User Access VerificationPassword: <password>
Step 2 Provide the exec user password. After the system authenticates the password, you have access to the CBOS.
set telnet timeout off write
For more information on Telnet commands, see the Cisco Broadband Operating System User Guide.
The Trivial File Transfer Protocol (TFTP) allows you to transfer files to and from a Cisco 677. The Cisco 677 runs a tftp daemon, which allows users from remote machines who have TFTP client software to remotely transfer files to and from the Cisco 677. The TFTP client can be enabled and disabled from the CBOS or the Web Management Interface.
| Caution For security reasons, Cisco recommends that you disable the TFTP application, except when uploading or downloading a file. |
Use TFTP to transfer a new software image from Cisco to your Cisco 677, where the file name format is: nsrouter.c676.x.x.x.ima or nsrouter.c677.x.x.x.ima. The x.x.x represents the image version number.
Use TFTP to back up a copy of your configuration file before changing it so you can easily recover the old file when necessary. The naming conventions for the configuration file are:
For information on the UNIX TFTP client, access the online manual by entering:
man tftp
The manual page for TFTP appears.
Follow these steps:
Step 1 Enable the tftp server on the Cisco 677. As an enabled user, enter the following command:
set tftp enabled
Step 2 Start a DOS session and enter:C:>tftp -i IP address of Cisco 677 put image_filename
Where necessary, implement the following options:
-i - Sets the transfer mode to binary mode (all router images)
get - Downloads a file from a specified IP address
put - Uploads a file to a specified IP address
Use the show errors command to verify that TFTP is working.
Step 3 Be sure that you reboot the device to activate the new image. When you log back into the Cisco 677 after the reboot, use the following command to verify the version of the firmware that is active:
show version
Windows 95/98 does not have a TFTP client. If you want to utilize TFTP on a Windows 95/98 system, you must install a TFTP client from a third-party vendor on your system. One way to locate a TFTP client is to use an Internet search engine to locate a vendor who sells a TFTP client. Some TFTP clients are provided as share or freeware on the Internet. Cisco will provide a TFTP client upon request. TFTP client requests should be directed to Technical Assistance Center.
For more information on TFTP commands, see the Cisco Broadband Operating System User Guide.
The Cisco 677 supports a web server, which allows you to perform tasks such as configuring interfaces, displaying statistics, and much more. For a complete description of the web interface, see the Cisco Broadband Operating System User Guide.
The Cisco 677 supports two timeout values: session and idle. The session timeout is based on the total uptime of the session. The setting of the idle timeout facilitates the release of the ADSL physical layer so that the Central Office resource may be released, based on inactivity. The expiration of either timeout will end the ADSL session. However, because authentication is invisible, only the training delay is perceived by the user (7 to 46 seconds) when the connection is reestablished.
Use the set timeout command to configure the idle or session timeout values in seconds.
Step 1 To set the session timeout rate to 300 seconds, enter:
set timeout session 300
Step 2 To set the idle timeout rate to 300 seconds, enter:
set timeout idle 300
Step 3 To verify these values, enter:
show timeout
Step 4 To save your changes, enter:
write
Step 5 To exit the CBOS, enter:
quit
Step 1 Log on to the CBOS using either the serial or Telnet interfaces. See "Telnet" section for more information on how to use Telnet to log on to the CBOS.
Step 2 To change the default prompt to 4412883 as the subscriber identifier, enter:
set prompt 4412883
The following prompt now appears:
4412883#
Step 3 To save your changes, enter:
write
Step 4 To exit the CBOS, enter:
quit
After you have configured your Cisco 677, select and configure new passwords for both the enable and exec modes. Examples of good and bad passwords are:
Use the set password command to change both the enable and exec user passwords:
Step 1 To change the enable user password, enter:
set password enable <new password>
Step 2 To change the exec user password, enter:
set password exec <new password>
Step 3 To save your changes, enter:
write
Step 4 To exit the CBOS, enter:
quit
Use the write command to save any changes you have made during provisioning to the NVRAM configuration file. Enter:
write
| Caution If you do not use the write command after changes, all the changes you made during your current session will be lost when you reboot the Cisco 677. |
Table 3-3 describes the Cisco 677 LEDs and their status. The LEDs are located on the front of the unit.
| LED Label | Full Name | Description |
|---|---|---|
WAN-LNK | WAN Link | When this light is ON, a link has been established on the WAN port. When the light is solid, the Cisco 677 is connected and trained. The WAN-LNK light blinks steadily during ADSL line training activities. |
WAN-ACT | WAN Activity | When this light blinks ON, indicates that the WAN port is transmitting or receiving data. |
LAN-LNK | (Ethernet) LAN Link | When this light is ON, it indicates that a link has been established on the Ethernet port. |
LAN-ACT | (Ethernet) LAN Activity | When this light blinks ON, it indicates activity on the Ethernet port. |
ALARM | Alarm Light | When the light is Red, this indicates a problem or alarm that needs to be resolved. A brief Red light during power up is a normal behavior of the power on self test. |
POWER | Power Light | When this light is ON, the Cisco 677 is ON and the unit is receiving power. |
Use the stats command to display statistics on Cisco 677 activities. The statistics provided by the stats command varies on the application or interface selected. To retrieve Cisco 677 statistics, follow these steps:
Step 1 To see a list of applications and interfaces that provide status, enter:
stats ?
Step 2 To display specific statistics, for example, for the wan0 interface, enter:
stats wan0
Step 3 To exit the CBOS, enter:
quit
Use the stats command to retrieve certain key statistics regarding ADSL performance of your Cisco 677. These statistics are:
Posted: Tue Aug 24 19:16:32 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.