Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
Preface This preface describes the objectives, audience, organization, conventions of this guide, and the references that accompany this document set.
Preface Part 1 Module 1 Configuring the Router Description Module 2 Basic Router Configuration Module 3 Configuring Backup Data Lines and Describes how to configure backup interfaces, Remote Management dial backup, and remote management. Module 4 Configuring Power Efficiency Management Describes the hardware and software power efficiency management features on the router.
Preface Appendix B Using CompactFlash Memory Cards Describes how to use Advanced Capability CF3 memory cards on the router. Appendix C Using ROM Monitor Describes how to use the ROM monitor to manually load a system image, upgrade the system image when there are no TFTP servers or network connections, or prepare for disaster recovery.
Preface Timesaver Warning Means the described action saves time. You can save time by performing the action described in the paragraph. Means reader be warned. In this situation, you might perform an action that could result in bodily injury.
Preface Type of Document Links Cisco Internet Operating System Software (IOS) Cisco IOS software release 15.0 is the next IOS release following the Cisco IOS 12.4(24)T release. For information about new features in Cisco IOS software release 15.0, see the Cisco IOS software pages at Cisco.com. Go here to read a product bulletin that specifies the software feature sets available for Cisco 1900, 2900 and 3900 Series Integrated Services Routers in release 15.0.
Preface Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide viii OL-21850-01
PA R T 1 Configuring the Router
Overview of the Hardware and Software The Cisco 3900 series, 2900 series, and 1900 series integrated services routers (ISRs) offer secure, wire-speed delivery of concurrent data, voice, and video services. The modular design of these routers provides maximum flexibility, allowing you to configure your router to meet evolving needs.
Overview of the Hardware and Software New Features in this Release New Features in this Release New features in this release are described in Table 1. Table 1 New Features Feature Description Services Performance Engine SPEs1 are modular motherboards on Cisco 3900 series ISRs. The SPE houses PVDM3 slots, system memory slots, and the ISM slot. The SPE provides a modular approach to system upgrades.
Overview of the Hardware and Software New Features in this Release Table 1 New Features (continued) Feature Description New Modules and Interface Cards Cisco 3900 series, 2900 series, and 1900 series ISRs introduce the following new modules and interface cards, which are inserted in the following new router slots: • EHWIC • PVDM3 • ISM • SM Note See the router’s product page at Cisco.com for a complete list of supported modules and interfaces.
Overview of the Hardware and Software New Features by Platform New Features by Platform Table 2 shows new feature support by platform.
Overview of the Hardware and Software New Slots and Ports by Platform New Slots and Ports by Platform This section provides the type and number of the slots and ports available in the Cisco 3900 series, 2900 series, and 1900 series ISRs. • Cisco 3900 Series ISRs, page 5 • Cisco 2900 Series ISRs, page 5 • Cisco 1900 Series ISRs, page 6 Cisco 3900 Series ISRs Table 4 lists the slots and ports available on Cisco 3900 series routers. To view the installation guide, see the following URL http://www.
Overview of the Hardware and Software Common Ports Cisco 1900 Series ISRs Table 6 lists the slots and ports available on Cisco 1900 series routers. To view the installation guide, see the following URL http://www.cisco.com/en/US/docs/routers/access/1900/hardware/installation/guide/1900_HIG.
Overview of the Hardware and Software Getting Started Getting Started See the router-specific hardware installation guide to install the router in an appropriate location. Connect the router with the appropriate cables. Supply power to the router and perform the initial software configuration using Cisco Configuration Professional Express.
Overview of the Hardware and Software Getting Started CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play,
Basic Router Configuration This module provides configuration procedures for Cisco 3900 series, 2900 series, and 1900 series integrated services routers (ISRs). It also includes configuration examples and verification steps whenever possible.
Basic Router Configuration Default Configuration Default Configuration When you boot up your Cisco router for the first time, you notice some basic configuration has already been performed. Use the show running-config command to view the initial configuration, as shown in the following example. Router# show running-config Building configuration... Current configuration : 723 bytes ! version 12.
Basic Router Configuration Configuring Global Parameters ! no ip http server ! ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 3 login ! exception data-corruption buffer truncate scheduler allocate 20000 1000 end Configuring Global Parameters To configure the global parameters for your router, follow these steps. SUMMARY STEPS 1. configure terminal 2. hostname name 3. enable secret password 4.
Basic Router Configuration Configuring I/O Memory Allocation Step 3 Command Purpose enable secret password Specifies an encrypted password to prevent unauthorized access to the router. Example: Router(config)# enable secret cr1ny5ho Router(config)# Step 4 no ip domain-lookup Disables the router from translating unfamiliar words (typos) into IP addresses.
Basic Router Configuration Interface Ports Verifying IOMEM Setting Router# show run Current configuration : 6590 bytes ! ! Last configuration change at 16:48:41 UTC Tue Feb 23 2010 ! version 15.
Basic Router Configuration Configuring Gigabit Ethernet Interfaces Table 7 Interfaces by Cisco Router (continued) Slots, Ports, Logical Interface, Interfaces 29011 1941 2911 & 2921 2951 & 3925 & 3945 5 Interfaces on Double Wide-SM not supported not supported not supported interface 2/port interface4/port6 Interfaces HWIC on SM not supported not supported interface1wic-slot/ interface1-2/wic- port slot/port7 interface1-4/wic- slot/port8 Interfaces VWIC on SM 3925E & 3945E interface 2/po
Basic Router Configuration Configuring Wireless LAN Interfaces Step 3 Command Purpose no shutdown Enables the GE interface, changing its state from administratively down to administratively up. Example: Router(config-if)# no shutdown Router(config-if)# Step 4 exit Exits configuration mode for the GE interface and returns to global configuration mode.
Basic Router Configuration Configuring a Loopback Interface DETAILED STEPS Step 1 Command Purpose interface type number Enters configuration mode for the loopback interface. Example: Router(config)# interface Loopback 0 Router(config-if)# Step 2 ip address ip-address mask Sets the IP address and subnet mask for the loopback interface. Example: Router(config-if)# ip address 10.108.1.1 255.255.255.
Basic Router Configuration Configuring Command-Line Access 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out Another way to verify the loopback interface is to ping it:
Basic Router Configuration Configuring Command-Line Access Step 3 Command Purpose login Enables password checking at terminal session login. Example: Router(config-line)# login Router(config-line)# Step 4 exec-timeout minutes [seconds] Example: Router(config-line)# exec-timeout 5 30 Router(config-line)# Step 5 line [aux | console | tty | vty] line-number Sets the interval that the EXEC command interpreter waits until user input is detected. The default is 10 minutes.
Basic Router Configuration Configuring Static Routes Configuring Static Routes Static routes provide fixed routing paths through the network. They are manually configured on the router. If the network topology changes, the static route must be updated with a new route. Static routes are private routes unless they are redistributed by a routing protocol. To configure static routes, follow these steps, beginning in global configuration mode. SUMMARY STEPS 1.
Basic Router Configuration Configuring Dynamic Routes Verifying Configuration To verify that you have properly configured static routing, enter the show ip route command and look for static routes signified by the “S.
Basic Router Configuration Configuring Dynamic Routes DETAILED STEPS Step 1 Command Task router rip Enters router configuration mode, and enables RIP on the router. Example: Router> configure terminal Router(config)# router rip Router(config-router)# Step 2 version {1 | 2} Specifies use of RIP version 1 or 2.
Basic Router Configuration Configuring Dynamic Routes Verifying Configuration To verify that you have properly configured RIP, enter the show ip route command and look for RIP routes signified by “R.” You should see a verification output like the example shown below.
Basic Router Configuration Configuring Dynamic Routes Example The following configuration example shows the EIGRP routing protocol enabled in IP networks 192.145.1.0 and 10.10.12.115. The EIGRP autonomous system number is 109. To see this configuration use the show running-config command, beginning in privileged EXEC mode. Router# show running-config ... ! router eigrp 109 network 192.145.1.0 network 10.10.12.115 ! ...
Basic Router Configuration Configuring Dynamic Routes CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play,
Configuring Backup Data Lines and Remote Management Cisco 3900 series, 2900 series, and 1900 series integrated services routers (ISRs) support remote management and backup data connectivity by means of ISDN.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces SUMMARY STEPS 1. interface type number 2. backup interface interface-type interface-number 3. backup delay enable-delay disable-delay 4. exit DETAILED STEPS Step 1 Command Purpose interface type number Enters interface configuration mode for the interface for which you want to configure backup. Example: The example shows configuration of a backup interface for an ATM WAN connection.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces Configuring Gigabit Ethernet Failover Media Cisco 2921, Cisco 2951, and Cisco 3900 Series routers provide a Gigabit Ethernet (GE) small-form-factor pluggable (SFP) port that supports copper and fiber concurrent connections. Media can be configured for failover redundancy when the network goes down.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces Step 3 Command Purpose media-type sfp Designates SFP port as the primary media. OR Example: Designates RJ-45 as the primary media.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces DETAILED STEPS Step 1 Command Purpose configure terminal Enters global configuration mode. Example: Router# configure terminal Router(config)# Step 2 interface gigabitethernet slot/port Enters interface configuration mode. Example: Router(config)# interface gigabitethernet 0/1 Router(config-if)# Step 3 no media-type Example: Router(config-if)# no media-type GigabitEthernet0/1: Changing media to UNKNOWN.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces Configuring DDR Backup Using Dialer Watch To initiate dialer watch, you must configure the interface to perform dial-on-demand routing (DDR) and backup. Use traditional DDR configuration commands, such as dialer map, for DDR capabilities. To enable dialer watch on the backup interface and create a dialer list, use the following commands in interface configuration mode. SUMMARY STEPS 1. configure terminal 2.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces Step 6 Step 7 Command or Action Purpose ip access-list access-list-number permit ip-source-address Defines traffic of interest. Example: Router(config)# access list 2 permit 10.4.0.0 Do not use the access list permit all command to avoid sending traffic to the IP network. This may result in call termination. interface cellular 0 Specifies the cellular interface.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters global configuration mode from the terminal. Example: Router# configure terminal Step 2 ip route network-number network-mask {ip-address | interface} [administrative-distance] [name name] Establishes a floating static route with the configured administrative distance through the specified interface.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces ! ip dhcp pool miercom network 10.1.0.0 255.255.0.0 default-router 10.1.0.254 dns-server 10.1.0.254 ! ip dhcp pool wlan-clients network 10.9.0.0 255.255.0.0 default-router 10.9.0.254 dns-server 10.9.0.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces duplex auto speed auto crypto ipsec client ezvpn hw-client-pri inside crypto ipsec client ezvpn hw-client inside ! ! interface Cellular0/0/0 no ip address ip access-group 131 out ip nat outside ip virtual-reassembly encapsulation ppp load-interval 30 dialer in-band dialer pool-member 1 dialer idle-timeout 0 dialer-group 1 no peer default ip address async mode interactive no ppp lcp fast-start ppp ipcp dns request ppp timeout
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces fair-queue crypto ipsec client ezvpn hw-client ! ! interface Dialer2 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp load-interval 30 dialer pool 2 dialer idle-timeout 0 dialer persistent dialer-group 2 ppp authentication chap callin ppp chap hostname ciscoenzo2@sbcglobal.net ppp chap password 0 Enzo221 ppp pap sent-username ciscoenzo2@sbcglobal.
Configuring Backup Data Lines and Remote Management Configuring Backup Interfaces ! route-map nat2cell permit 10 match ip address 101 match interface Dialer1 ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 line aux 0 line 0/0/0 exec-timeout 0 0 script dialer cdma login modem InOut no exec transport input all transport output all autoselect ppp rxspeed 3100000 txspeed 1800000 line 67 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port When customer premises equipment, such as a Cisco 3900 series ISR, is connected to an ISP, an IP address is dynamically assigned to the router, or the IP address is assigned by the router peer through the centrally managed function.
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port To configure dial backup and remote management on Cisco 3900 series, 2900 series, and 1900 series ISRs, follow these steps, beginning in global configuration mode. SUMMARY STEPS 1. ip name-server server-address 2. ip dhcp pool name 3. exit 4. chat-script script-name expect-send 5. interface type number 6. exit 7. interface type number 8.
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port Step 3 Command Purpose exit Exits DHCP pool configuration mode and enters global configuration mode.
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port Step 11 Command Purpose ip route prefix mask {ip-address | interface-type interface-number [ip-address]} Sets the IP route to point to the dialer interface as a default gateway. Example: Router(config)# ip route 0.0.0.0 0.0.0.0 22.0.0.
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port Step 17 Command Purpose line [aux | console | tty | vty] line-number [ending-line-number] Enters configuration mode for the auxiliary interface. Example: Router(config)# line aux 0 Router(config)# Step 18 flowcontrol {none | software [lock] [in | out] | hardware Enables hardware signal flow control.
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port ! dsl operating-mode auto ! ! Primary WAN link. interface Dialer1 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 ppp authentication pap callin ppp pap sent-username account password 7 pass ppp ipcp dns request ppp ipcp wins request ppp ipcp mask request ! ! Dialer backup logical interface.
Configuring Backup Data Lines and Remote Management Configuring Dial Backup and Remote Management Through the Console Port or Auxiliary Port dialer watch-list 1 ip 64.161.31.254 255.255.255.255 dialer watch-list 1 ip 64.174.91.254 255.255.255.255 dialer watch-list 1 ip 64.125.91.254 255.255.255.255 ! ! Dial backup will kick in if primary link is not available ! 5 minutes after CPE starts up.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port Configuring Data Line Backup and Remote Management Through the ISDN S/T Port This section contains the following topics: • Configuring ISDN Settings, page 21 • Example, page 24 Cisco 3900 series routers can use the ISDN S/T port for remote management.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port Figure 3 shows a dial backup link that goes directly from the router to the ISDN switch.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port 7. interface dialer dialer-rotary-group-number 8. ip address negotiated 9. encapsulation encapsulation-type 10. dialer pool number 11. dialer string dial-string# [:isdn-subaddress] 12. dialer-group group-number 13. exit 14.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port Step 7 Command Purpose interface dialer dialer-rotary-group-number Creates a dialer interface (numbered 0 to 255) and enters interface configuration mode.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port Example The following configuration example configures an aggregated and ISDN peer router. The aggregator is typically a concentrator router where your Cisco router Asynchronous Transfer Mode (ATM) permanent virtual connection (PVC) terminates. In the following configuration example, the aggregator is configured as a PPP over Ethernet (PPPoE) server.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port ip address 192.168.2.2 255.255.255.0 encapsulation ppp dialer pool 1 dialer string 384020 dialer-group 1 peer default ip address pool isdn ! ip local pool isdn 192.168.2.1 ip http server ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 ip route 40.0.0.0 255.0.0.0 30.1.1.
Configuring Backup Data Lines and Remote Management Configuring Data Line Backup and Remote Management Through the ISDN S/T Port CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome
Configuring Power Efficiency Management The Cisco 3900 series, 2900 series, and 1900 series integrated services routers generation 2 (ISR G2) have hardware and software features for reducing power consumption. The hardware features include high-efficiency AC power supplies and electrical components with built-in power saving features, such as RAM select and clock gating. See your router’s hardware installation guide for more information on these hardware features.
Configuring Power Efficiency Management Restrictions for Power Efficiency Management and OIR Table 1 Modules that Support the Power Efficiency Management Feature (continued) Type of Module Module Name PVDM3 PVDM3-256 SRE SM-SRE-700-K9 1. NM-16ESW is not supported on Cisco 3945E and Cisco 3925E.
Configuring Power Efficiency Management Restrictions for Power Efficiency Management and OIR CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks;
Configuring Power Efficiency Management Restrictions for Power Efficiency Management and OIR Configuring Power Efficiency Management 4
Configuring Security Features Cisco 3900 series, 2900 series, and 1900 series integrated services routers (ISRs) provide the following security features: • Configuring the Cryptographic Engine Accelerator, page 1 • Configuring SSL VPN, page 2 • Authentication, Authorization, and Accounting, page 2 • Configuring AutoSecure, page 3 • Configuring Access Lists, page 3 • Configuring Cisco IOS Firewall, page 4 • Zone-Based Policy Firewall, page 5 • Configuring Cisco IOS IPS, page 5 • Content Filt
Configuring Security Features Configuring SSL VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Configuring SSL VPN The Secure Socket Layer Virtual Private Network (SSL VPN) feature (also known as WebVPN) provides support, in Cisco IOS software, for remote user access to enterprise networks from anywhere on the Internet. Remote access is provided through a SSL–enabled SSL VPN gateway. The SSL VPN gateway allows remote users to establish a secure VPN tunnel using a web browser.
Configuring Security Features Configuring AutoSecure Configuring AutoSecure The AutoSecure feature disables common IP services that can be exploited for network attacks and enables IP services and features that can aid in the defense of a network when under attack. These IP services are all disabled and enabled simultaneously with a single command, greatly simplifying security configuration on your router.
Configuring Security Features Configuring Cisco IOS Firewall B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Access Groups An access group is a sequence of access list definitions bound together with a common name or number. An access group is enabled for an interface during interface configuration. Use the following guidelines when creating access groups: • The order of access list definitions is significant. A packet is compared against the first access list in the sequence.
Configuring Security Features Zone-Based Policy Firewall Zone-Based Policy Firewall The Cisco IOS Zone-Based Policy Firewall can be used to deploy security policies by assigning interfaces to different zones and configuring a policy to inspect the traffic moving between these zones. The policy specifies a set of actions to be applied on the defined traffic class.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Configuring VPN A Virtual Private Network (VPN) connection provides a secure connection between two networks over a public network such as the Internet. Cisco 3900 series, 2900 series, and 1900 series ISRs support two types of VPNs: site-to-site and remote access. Remote access VPNs are used by remote clients to log in to a corporate network.
Configuring Security Features Configuring VPN The Cisco Easy VPN client feature can be configured in one of two modes—client mode or network extension mode. Client mode is the default configuration and allows only devices at the client site to access resources at the central site. Resources at the client site are unavailable to the central site. Network extension mode allows users at the central site (where the Cisco VPN 3000 series concentrator is located) to access network resources on the client site.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L For more information about IPSec and GRE configuration, see the Configuring Security for VPNs with IPSec” chapter of Cisco IOS Security Configuration Guide: Secure Connectivity, Release 12.4T at: http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/12_4t/ sec_secure_connectivity_12_4t_book.html.
Configuring Security Features Configuring VPN Configure the IKE Policy To configure the Internet Key Exchange (IKE) policy, follow these steps, beginning in global configuration mode. SUMMARY STEPS 1. crypto isakmp policy priority 2. encryption {des | 3des | aes | aes 192 | aes 256} 3. hash {md5 | sha} 4. authentication {rsa-sig | rsa-encr | pre-share} 5. group {1 | 2 | 5} 6. lifetime seconds 7. exit 8.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Step 6 Command or Action Purpose lifetime seconds Specifies the lifetime, from 60 to 86400 seconds, for an IKE SA5. Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Step 7 exit Exits IKE policy configuration mode and enters global configuration mode. Example: Router(config-isakmp)# exit Router(config)# 1.
Configuring Security Features Configuring VPN Step 3 Command or Action Purpose dns primary-server Specifies the primary DNS1 server for the group. Example: You may also want to specify WINS2 servers for the group by using the wins command. Router(config-isakmp-group)# dns 10.50.10.1 Router(config-isakmp-group)# Step 4 domain name Specifies group domain membership. Example: Router(config-isakmp-group)# domain company.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Apply Mode Configuration to the Crypto Map To apply mode configuration to the crypto map, follow these steps, beginning in global configuration mode. SUMMARY STEPS 1. crypto map map-name isakmp authorization list list-name 2.
Configuring Security Features Configuring VPN Enable Policy Lookup To enable policy lookup through AAA, follow these steps, beginning in global configuration mode. SUMMARY STEPS 1. aaa new-model 2. aaa authentication login {default | list-name} method1 [method2...] 3. aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} [method1 [method2...]] 4.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Configure IPSec Transforms and Protocols A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow. During IKE negotiations, the peers search multiple transform sets for a transform that is the same at both peers.
Configuring Security Features Configuring VPN Configure the IPSec Crypto Method and Parameters A dynamic crypto map policy processes negotiation requests for new security associations from remote IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address). To configure the IPSec crypto method, follow these steps, beginning in global configuration mode. SUMMARY STEPS 1. crypto dynamic-map dynamic-map-name dynamic-seq-num 2.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Step 4 Command or Action Purpose exit Returns to global configuration mode. Example: Router(config-crypto-map)# exit Router(config)# Step 5 crypto map map-name seq-num [ipsec-isakmp] [dynamic dynamic-map-name] [discover] [profile profile-name] Creates a crypto map profile.
Configuring Security Features Configuring VPN Step 2 Command or Action Purpose crypto map map-name Applies the crypto map to the interface. Example: See Cisco IOS Security Command Reference for more detail about this command. Router(config-if)# crypto map static-map Router(config-if)# Step 3 exit Returns to global configuration mode.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L DETAILED STEPS Step 1 Command or Action Purpose crypto ipsec client ezvpn name Creates a Cisco Easy VPN remote configuration, and enters Cisco Easy VPN remote configuration mode. Example: Router(config)# crypto ipsec client ezvpn ezvpnclient Router(config-crypto-ezvpn)# Step 2 group group-name key group-key Specifies the IPSec group and IPSec key value for the VPN connection.
Configuring Security Features Configuring VPN Step 7 Command or Action Purpose interface type number Enters the interface configuration mode for the interface to which you are applying the Cisco Easy VPN remote configuration. Example: Router(config)# interface fastethernet 4 Router(config-if)# Step 8 Note For routers with an ATM WAN interface, this command would be interface atm 0.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L crypto ipsec client ezvpn ezvpnclient connect auto group 2 key secret-password mode client peer 192.168.100.
Configuring Security Features Configuring VPN Step 3 Command or Action Purpose tunnel source interface-type number Specifies the source endpoint of the router for the GRE tunnel. Example: Router(config-if)# tunnel source fastethernet 0 Router(config-if)# Step 4 tunnel destination default-gateway-ip-address Specifies the destination endpoint of the router for the GRE tunnel. Example: Router(config-if)# tunnel destination 192.168.101.
Configuring Security Features Configuring VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Configuration Example The following configuration example shows a portion of the configuration file for a site-to-site VPN using a GRE tunnel as described in the preceding sections. ! aaa new-model ! aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common ! username username1 password 0 password1 ! interface tunnel 1 ip address 10.62.1.193 255.
Configuring Security Features Configuring Dynamic Multipoint VPN ! VLAN 1 is the internal home network. interface vlan 1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip inspect firewall in ! Inspection examines outbound traffic. crypto map static-map no cdp enable ! ! FE4 is the outside or Internet-exposed interface interface fastethernet 4 ip address 210.110.101.21 255.255.255.0 ! acl 103 permits IPsec traffic from the corp. router as well as ! denies Internet-initiated traffic inbound.
Configuring Security Features Configuring Group Encrypted Transport VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Configuring Group Encrypted Transport VPN Group Encrypted Transport (GET) VPN is a set of features that are necessary to secure IP multicast group traffic or unicast traffic over a private WAN that originates on or flows through a Cisco IOS device.
Configuring Security Features Configuring Group Encrypted Transport VPN CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We
Configuring Security Features Configuring Group Encrypted Transport VPN B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide 26
Unified Communications on Cisco Integrated Services Routers The following sections describe Unified Communications (UC) application services that are supported on Cisco 3900 series and 2900 series integrated services routers (ISRs).
Unified Communications on Cisco Integrated Services Routers Modules and Interface Cards • Applications and Application Interfaces (APIs), page 11 – Cisco Unity Express, page 12 – Voice XML, page 12 – Hoot-n-Holler, page 13 – Cisco Application Extension Platform, page 13 – APIs, page 13 • Online Insertion and Removal, page 14 Modules and Interface Cards Cisco 3900 series and 2900 series ISRs support Unified Communications (UC) modules and interface cards in the following slots: Note • Next-generation
Unified Communications on Cisco Integrated Services Routers Call Control traditional telephony solutions. The ability to deliver IP telephony and data routing by using a single converged solution allows customers to optimize their operations and maintenance costs, resulting in a very cost-effective solution that meets office needs. A Cisco Unified CME system is extremely flexible because it is modular.
Unified Communications on Cisco Integrated Services Routers Call Control Protocols Cisco Unified SIP Proxy (CUSP) The Cisco Unified SIP Proxy (CUSP) is a high-performance, highly available Session Initiation Protocol (SIP) server for centralized routing and SIP signaling normalization. By forwarding requests between call-control domains, the Cisco Unified SIP Proxy provides the means for routing sessions within enterprise and service provider networks.
Unified Communications on Cisco Integrated Services Routers Call Control Protocols Session Initiation Protocol (SIP) Session Initiation Protocol (SIP) is a peer-to-peer, multimedia signaling protocol developed in the IETF (IETF RFC 3261). Session Initiation Protocol is ASCII-based. It resembles HTTP, and it reuses existing IP protocols (such as DNS and SDP) to provide media setup and tear down. See Cisco IOS SIP Configuration Guide for more information.
Unified Communications on Cisco Integrated Services Routers Unified Communications Gateways SCCP-Controlled Analog Ports with Supplementary Features Voice gateway ISRs support the Cisco Skinny Client Control Protocol (SCCP), which supplies basic and supplementary features on analog voice ports that are controlled by Cisco Unified Communications Manager or by a Cisco Unified Communications Manager Express system.
Unified Communications on Cisco Integrated Services Routers Unified Communications Gateways TDM Gateways The Cisco 3900 series and Cisco 2900 series ISRs support the following type of time-division multiplexing (TDM) gateways: • Voice Gateways, page 7 • Video Gateway, page 7 Voice Gateways Cisco IOS voice gateways connect TDM equipment such as private branch exchanges (PBXs) and the PSTN to VoIP packet networks.
Unified Communications on Cisco Integrated Services Routers Unified Communications Gateways Cisco Unified Border Element Cisco Unified Border Element (Cisco UBE) is a session border controller that provides the necessary services for interconnecting independent Unified Communications networks securely, flexibly, and reliably. Media packets can flow either through the gateway (thus hiding the networks from each other) or around the border element, if so configured.
Unified Communications on Cisco Integrated Services Routers IP Media Services IP Media Services The Cisco 3900 series and Cisco 2900 series ISRs support the following media services: • Conferencing, Transcoding and Media Termination Point (MTP), page 9 • RSVP Agent, page 9 • Trusted Relay Point (TRP), page 9 Conferencing, Transcoding and Media Termination Point (MTP) Cisco Enhanced Conferencing and Transcoding for Voice Gateway Routers provides conferencing and transcoding capabilities in Cisco IOS S
Unified Communications on Cisco Integrated Services Routers Voice Security Packet Voice Data Module The Next-Generation Packet Voice Data Module (PVDM3) digital signal processor (DSP) modules provide up to four times the density (per slot) of existing audio applications on Cisco voice gateway routers.
Unified Communications on Cisco Integrated Services Routers Applications and Application Interfaces (APIs) Signaling and Media Authentication and Encryption The Media and Signaling Authentication and Encryption Feature for Cisco IOS MGCP Gateways feature provides support for Cisco Secure Survivable Remote Site Telephony (SRST) and voice security features that include authentication, integrity, and encryption of voice media and related call control signaling.
Unified Communications on Cisco Integrated Services Routers Applications and Application Interfaces (APIs) Cisco Unity Express Cisco Unity Express provides integrated messaging, voicemail, Automated Attendant services, and optional interactive voice response (IVR) for the small and medium-sized office or branch office. The application is delivered on either a network module or advanced integration module, both of which are supported on a variety of voice-enabled integrated services routers.
Unified Communications on Cisco Integrated Services Routers Applications and Application Interfaces (APIs) Hoot-n-Holler Cisco Hoot-n-Holler network solution uses Cisco IOS Multicast and Cisco IOS Voice-over-IP technologies. The Cisco IP-based Hoot network uses bandwidth when it is in use; when it is not, the same bandwidth can be used to carry other traffic.
Unified Communications on Cisco Integrated Services Routers Online Insertion and Removal TAPI The standard Cisco Unified TAPI provides an unchanging programming interface for different implementations. The goal of Cisco in implementing TAPI for the Cisco Unified Communications Manager platform remains to conform as closely as possible to the TAPI specification, while providing extensions that enhance TAPI and expose the advanced features of Cisco Unified Communications Manager to applications.
Unified Communications on Cisco Integrated Services Routers Online Insertion and Removal CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Cha
Unified Communications on Cisco Integrated Services Routers Online Insertion and Removal Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide 16
Configuring Next-Generation High-Density PVDM3 Modules The next-generation packet voice/data module (PVDM3) digital signal processor (DSP) modules provide up to four times the density (per slot) of existing audio applications on Cisco voice gateway routers. One universal DSP image for these DSP modules provides resources for time-division multiplexing-to-Internet Protocol (TDM-to-IP) gateway functionality for digital and analog interfaces, audio transcoding, and audio conferencing.
Configuring Next-Generation High-Density PVDM3 Modules Prerequisites for Configuring the PVDM3 Module on Cisco Voice Gateway Routers This module contains the following sections: • Prerequisites for Configuring the PVDM3 Module on Cisco Voice Gateway Routers, page 2 • Restrictions for Configuring the PVDM3 Module on Cisco Voice Gateway Routers, page 2 • Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers, page 3 • How to Verify and Troubleshoot the Functionality of the PVDM3
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers To take full advantage of the PVDM3 cards on Cisco voice gateway routers, you should understand the following concepts: • DSP Resource Manager Enhancement and DSP Numbering • DSP Image for the PVDM3 • DSP Farms • DSP Farm Profiles • Conferencing • Broadcast Fast Busy Tone for DSP Oversubs
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Table 2 Example of a DSP Numbering Scheme for PVDM3 Only, PVDM2 Only, and Mixed Installation (continued) PVDM slot 0 PVDM slot 1 PVDM slot 2 PVDM slot 3 PVDM3-256 PVDM3-16 PVDM3-64 PVDM3-192 DSP ID 1,2 23,24,25,26,27,28 29 — Device ID — 2,2,2,3,3,3 — — PVDM3 Only DSP Image for the PVDM3 The DSP image for the PVDM3 supports all features supported on PVDM2
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers DSP Farms DSP Farm is enhanced to support increased transcoding and conference density. For DSPs on PVDM3 modules, existing resource allocation and management mechanisms are enhanced: • For the PVDM3 DSP, participant-per-conference support is expanded to a maximum of 64. Note that this is supported only by low-complexity conference in Cisco IOS Release 15.0(1)M.
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Broadcast Fast Busy Tone for DSP Oversubscription There should always be a dial tone when a telephone is lifted. However, when DSP oversubscription occurs, and a caller goes off-hook, dead-air is received. With this feature, the caller receives a fast-busy tone instead of silence.
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers 7. shutdown 8. exit DETAILED STEPS Step 1 Command or Action Purpose enable Enable privileged EXEC mode • Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enter global configuration mode. Example: Router# configure terminal Step 3 controller e1 slot/port Enter config-controller mode.
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers Perform online insertion and removal SUMMARY STEPS 1. hw-module sm slot oir-stop 2. Confirm that the board is ready for removal.The LED blinks for 3 seconds and turns off. After the LED is off, the board is ready for removal. 3. Insert the replacement board in the same slot or in an empty slot. 4.
Configuring Next-Generation High-Density PVDM3 Modules Information About Configuring the PVDM3 Module on Cisco Voice Gateway Routers DETAILED STEPS Step 1 Command or Action Purpose configure terminal Enters global configuration mode. Example: Router# configure terminal Step 2 controller e1 slot/port Enters config-controller mode. Example: Router(config)# controller e1 0/0/0 Step 3 no shutdown Restarts the controller port.
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways TDM Sharing/Pooling Configuration Time-division multiplexing (TDM) sharing/pooling is only allowed among the same type of PVDMs. For example, if the motherboard has PVDM3 modules, and other voice cards have PVDM2 modules, the motherboard cannot share or pool DSP resources with other voice cards.
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways DETAILED STEPS Step 1 show platform hw-module-power Use this command to display power settings of PVDM3 service modules, for example: Router# show platform hw-module-power PVDM: Slot 0/1 Levels supported 0x441 : SHUT FRUGAL FULL CURRENT level : 10 (FULL) Previous level : 10 (FULL) Transitions : Successful Unsuccessful SHUT : 0 0 FRUGAL : 0 0 FULL : 0 0 Slot 0/2
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 0/1/1:23 Step 3 121314151617181920212223- - - show voice dsp group all Use this command to display information for each DSP group, for example: Router# show voice dsp group all DSP groups on slot 0: dsp 1: State: UP, firmware: 26.0.
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways Credits used (rounded-up): 0 Slot: 0 Device idx: 0 PVDM Slot: 0 Dsp Type: SP2600 dsp 4: State: UP, firmware: 26.0.
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways dsp 7: State: UP, firmware: 26.0.
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways dsp 4: State: UP, firmware: 26.0.
Configuring Next-Generation High-Density PVDM3 Modules How to Verify and Troubleshoot the Functionality of the PVDM3 Cards on Cisco Voice Gateways Voice Channels: g711perdsp = 43, g726perdsp = 32, g729perdsp g723perdsp = 20, g728perdsp = 20, g723perdsp gsmefrperdsp = 20, gsmamrnbperdsp = 20, ilbcperdsp = 20, modemrelayperdsp = 20 g72264Perdsp = 32, h324perdsp = 20, m_f_thruperdsp = 43, faxrelayperdsp = 32, maxchperdsp = 43, minchperdsp = 20, srtp_maxchperdsp = 27, srtp_minchperdsp = 14, g711_srtp_perdsp =
Configuring Next-Generation High-Density PVDM3 Modules Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers Device 1: 2048 packets from device, 3579 packets to device 0 Ctrl & 0 Media out of sequence packets, 0 packets drop 0 input error packets, 0 output error packets 0 resource errors packets, 0 gaints vlan id: 2 Device and Port Statistics: PVDM-1 -----------------------------------29083 input packets at port, 32627 output packets at port Device 2: 29081 packets from dev
Configuring Next-Generation High-Density PVDM3 Modules Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers show running-config: Example Router# show running-config Building configuration... ! ! ! ! voice-card 0: Mixed PVDM3 and PVDM2 C5510 DSP cards detected. Mixed DSP types in this slot is an unsupported configuration. PVDM2 C5510 DSP cards have been disabled. Current configuration : 3726 bytes ! version 12.
Configuring Next-Generation High-Density PVDM3 Modules Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers voice service voip allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip fax protocol cisco ! ! ! archive log config hidekeys ! ! controller T1 0/0/0 cablelength long 0db ds0-group 1 timeslots 1-24 type e&m-immediate-start ! controller T1 0/0/1 cablelength long 0db pri-group timeslots 1-24 ! controller
Configuring Next-Generation High-Density PVDM3 Modules Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers ip forward-protocol nd ip route 223.255.254.254 255.255.255.255 10.1.0.1 ! no ip http server no ip http secure-server ! ! ! nls resp-timeout 1 cpd cr-id 1 ! ! control-plane ! ! ! voice-port 0/0/0:1 ! voice-port 0/0/1:23 ! ! mgcp fax t38 ecm ! sccp local GigabitEthernet0/0 sccp ccm 10.1.32.147 identifier 1 priority 1 version 5.0.
Configuring Next-Generation High-Density PVDM3 Modules Configuration Examples for Configuring the PVDM3 Module on Cisco Voice Gateway Routers dial-peer voice 201 voip session protocol sipv2 incoming called-number 408555.... codec g711ulaw no vad ! dial-peer voice 202 voip destination-pattern 408555[0-4]... session protocol sipv2 session target ipv4:10.1.32.153 codec g722-64 no vad ! dial-peer voice 203 voip destination-pattern 408555[5-9]... session protocol sipv2 session target ipv4:10.1.32.
Configuring Next-Generation High-Density PVDM3 Modules Additional References Additional References The following sections provide references related to the PVDM3 on Cisco Gateway Routers feature. Related Documents Related Topic Document Title Comprehensive command reference information for Cisco IOS voice commands. Cisco IOS Voice Command Reference Configuration information for Cisco Voice Gateway Routers that are configured for Cisco Unified Communications Manager.
Configuring Next-Generation High-Density PVDM3 Modules Feature Information for Configuring the PVDM3 Module on Cisco Voice Gateway Routers Technical Assistance Description Link The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. http://www.cisco.
Configuring Next-Generation High-Density PVDM3 Modules Glossary Glossary AGC—Automatic Gain Control. BCN—Backward Congestion Notification. CM—Connection manager (TDM). COS—Class of service, 802.1p. DA—Ethernet Destination Address. DMA—Direct Memory Access. DSA—Distributed Switch Architecture. DSP—Digital Signal Processor. DSPRM—DSP Resource Manager. DTMF—Dual-tone multi-frequency. ECAN—Echo Canceller. EVSM—Extended Voice Service Module. FC—Flex Complexity. FPGA—Field-Programmable Gate Array.
Configuring Next-Generation High-Density PVDM3 Modules Glossary TDM—Time Division Multiplexing. UHPI—Universal Host Port Interface. VIC—Voice Interface Card. VLAN—Virtual LAN. VNM—Voice Network Module. VWIC—Voice/WAN Interface Card.
Configuring Next-Generation High-Density PVDM3 Modules Glossary CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Li
Configuring Multi-Gigabit Fabric Communication Cisco 3900 series, 2900 series, and 1900 series ISRs use a multi-gigabit fabric (MGF) for the new modules and interface cards to inter-communicate on the router. Legacy modules that support Cisco High-Speed Intrachassis Module Interconnect (HIMI) also support the MGF. Next generation module drivers integrate with the MGF to perform port configurations, configure packet flow, and control traffic buffering.
Configuring Multi-Gigabit Fabric Communication Supported Slots, Modules, and Interface Cards Supported Slots, Modules, and Interface Cards The following slots support communication through the MGF: • Service module (SM) • Enhanced high-speed WAN interface card (EHWIC) • Internal service module (ISM) The following modules and interface cards support communication through the MGF: • Wireless LAN Module in the Cisco 1941W ISR, page 2 • Cisco Etherswitch Service Modules, page 2 Cisco 3900 series, 290
Configuring Multi-Gigabit Fabric Communication Cisco High-Speed Intrachassis Module Interconnect (HIMI) Cisco 3900 series, 2900 series, and 1900 series integrated services routers support the following Cisco EtherSwitch service modules for SM-to-SM or SM-to-ISM communication. • NME-16ES-1G • NME-16ES-1G-P • NME-X-23ES-1G • NME-X-23ES-1G-P • NME-XD-48ES-2S-P • NME-XD-24ES-1S-P See the Cisco EtherSwitch Feature Guide documentation at Cisco.com for configuration details, http://www.cisco.
Configuring Multi-Gigabit Fabric Communication Viewing Platform Information Viewing Platform Information The following sections explain how to view VLAN, slot, module, interface card, and MGF statistics on the router. • Viewing VLAN and Slot Assignments, page 4 • Viewing Module and Interface Card Status on the Router, page 4 • Viewing Multi-Gigabit Fabric Statistics, page 5 Viewing VLAN and Slot Assignments Slots on the router are optionally assigned to VLANs.
Configuring Multi-Gigabit Fabric Communication Viewing Platform Information Table 1 Show Platform MGF Module Information Code Code Description NR Not registered TM Trust mode (User Priority [UP] or Differentiated Service Code [DSCP]) SP Scheduling profile BL Buffer level TR Traffic rate PT Pause threshold level Viewing Multi-Gigabit Fabric Statistics Statistics reports for each slot show packet performance and packet failures.
Configuring Multi-Gigabit Fabric Communication Viewing Platform Information Viewing Multi-Gigabit Fabric CPU Port Statistics Multi-Gigabit Fabric’s CPU port statistics display details about the hardware status, data transmission rate, line type, protocols, and packets. The following example displays output for the show platform mgf statistics cpu command when entered on a Cisco 3945 ISR.
Configuring Multi-Gigabit Fabric Communication Viewing Platform Information CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way
Configuring Multi-Gigabit Fabric Communication Viewing Platform Information Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide 8
Upgrading the Cisco IOS Software This module describes how to upgrade the Cisco Internet Operating System (IOS) software image on the following hardware: • Cisco 3900 series ISRs • Cisco 2900 series ISRs • Cisco 1900 series ISRs • Cisco 1941W Wireless Device This module contains the following sections: • Restrictions for Upgrading the System Image, page 1 • Information About Upgrading the System Image, page 2 • How to Upgrade the Cisco IOS Image, page 3 • How to Upgrade the IOS Image on the A
Upgrading the Cisco IOS Software Information About Upgrading the System Image Table 1 describes the slot number and name for the Advanced Capability CF slots. Table 1 Slot Number Slot0 1 Slot1 Compact Flash Slot Numbering and Naming CF Filenames flash0:2 flash1: 1. Slot 0 is the default CF slot. It stores the system image, configurations, and data files. CF must be present in this slot for the router to boot and perform normal file operations. 2. flash0: is aliased to flash:.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Which Cisco IOS Release Is Running on My Router Now? To determine the Cisco IOS release that is currently running on your router, and the filename of the system image, enter the show version command in user EXEC or privileged EXEC mode. How Do I Choose the New Cisco IOS Release and Feature Set? To determine which Cisco IOS releases and feature are supported on your platform, go to Cisco Feature Navigator at http://www.cisco.com/go/cfn.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Saving Backup Copies of Your Old System Image and Configuration To avoid unexpected downtime in the event you encounter serious problems using a new system image or startup configuration, we recommend that you save backup copies of your current startup configuration file and Cisco IOS software system image file on a server.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Examples The following examples show how to copy a startup configuration to a TFTP server and how to copy from flash memory to an FTP server. Copying the Startup Configuration to a TFTP Server: Example The following example shows the startup configuration being copied to a TFTP server: Router# copy nvram:startup-config tftp: Remote host[]? 192.0.0.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image SUMMARY STEPS 1. Select the system image in the Cisco IOS Upgrade Planner at: http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi. 2. Write down the minimum memory requirements for the image, as displayed in the File Download Information table. 3. show version 4. Add the memory sizes that are displayed in the show version command output to calculate your router’s DRAM size. 5.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Ensuring Adequate Flash Memory for the New System Image This section describes how to check whether your router has enough flash memory to upgrade to the new system image and, if necessary, how to properly delete files in flash memory to make room for the new system image. Cisco 3900 series, 2900 series, and 1900 series ISRs have two external CF slots and two USB slots. Use the secondary CF for overflow files, if required.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image SUMMARY STEPS 1. enable 2. dir flash0: 3. From the displayed output of the dir flash0: command, compare the number of bytes available to the minimum flash requirements for the new system image. a. If the available memory is equal to or greater than the new system image’s minimum flash requirements, proceed to the “Copying the System Image into Flash Memory” section on page 10. b.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image DETAILED STEPS Step 1 enable Use this command to enter privileged EXEC mode. Enter your password if prompted. For example: Router> enable Password: Router# Step 2 dir flash0: Use this command to display the layout and contents of flash memory: Router# dir flash0: Flash CompactFlash directory: File Length Name/status 1 6458208 c39xx.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Step 7 copy flash0:{tftp | rcp} (Optional) Copy a file to a server before deleting the file from flash memory. When prompted, enter the filename and the server’s hostname or IP address: Router# copy flash0: tftp Step 8 (Optional) Repeat Step 7 for each file that you identified in Step 6. Step 9 delete flash0:directory-path/filename Use this command to delete a file in flash memory: Router# delete flash0:c39xx.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Using TFTP or Remote Copy Protocol to Copy the System Image into Flash Memory This section describes how to use TFTP or Remote Copy Protocol (RCP) to upgrade the system image. This is the recommended and most common method of upgrading the system image. Prerequisites The following details the logistics of upgrading the system image. • Install a TFTP server or an RCP server application on a TCP/IP-ready workstation or PC.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image DETAILED STEPS Step 1 enable Use this command to enter privileged EXEC mode. Enter your password if prompted: Router> enable Password: Router# Step 2 copy tftp flash0: or copy rcp flash0 Use one of these commands to copy a file from a server to flash memory: Router# copy tftp flash0: Step 3 When prompted, enter the IP address of the TFTP or RCP server: Address or name of remote host []? 10.10.10.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image What to Do Next Proceed to the “Loading the New System Image” section on page 16. Using the ROM Monitor to Copy the System Image over a Network This section describes how to download a Cisco IOS software image from a remote TFTP server to the router flash memory by using the tftpdnld ROM monitor command. Caution Using the tftpdnld ROM monitor command may erase the system image, configuration, and data files.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image 15. (Optional) Set the TFTP_DESTINATION=[flash0: | flash1: | usbflash0: | usbflash1:] flash destination device for file. 16. (Optional) Set the GE_SPEED_MODE= speed configuration. 17. Use the set command to verify that you have set the variables correctly. 18. Use the tftpdnld [-r] command to download the image. DETAILED STEPS Step 1 Enter ROM monitor mode. Step 2 Set the IP address of the router. For example: rommon > IP_ADDRESS=172.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Step 12 (Optional) Configure the print variable. Usage is TFTP_VERBOSE= [0 | 1 | 2], where print: 0= is quiet. 1= in progress. 2= verbose Step 13 Use the set command to display the ROM monitor environment variables to verify that you have configured them correctly. For example: rommon > set Step 14 Download the system image, as specified by the ROM monitor environmental variables, using the tftpdnld [-r] command.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image DETAILED STEPS Step 1 Remove the compact flash memory card from the router. Step 2 Insert the card into the compact flash card reader on a PC. Step 3 Use the PC to copy the system image file to the compact flash memory card. Step 4 Remove the card from the compact flash card reader. Step 5 Insert the compact flash memory card into the router. What to Do Next Proceed to the “Loading the New System Image” section on page 16.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image 14. When prompted to save the system configuration, enter no. 15. When prompted to confirm the reload, enter y. 16. show version DETAILED STEPS Step 1 dir flash0: Use this command to display a list of all files and directories in flash memory: Router# dir flash0: Directory of flash0:/ 3 1580 -rw-rw- 6458388 6462268 Mar 01 1993 00:00:58 Mar 06 1993 06:14:02 c38xx.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Step 7 show version Use this command to display the configuration register setting: Router# show version Cisco Internetwork Operating System Software . . . Configuration register is 0x0 Router# Step 8 If the last digit in the configuration register is 0 or 1, proceed to Step 9. However, if the last digit in the configuration register is between 2 and F, proceed to Step 12.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Step 15 When prompted to confirm the reload, enter y: Proceed with reload? [confirm] y Step 16 show version Use this command to verify that the router loaded the proper system image: Router# show version 00:22:25: %SYS-5-CONFIG_I: Configured from console by console Cisco Internetwork Operating System Software . . . System returned to ROM by reload System image file is "flash0:c2900-universalk9-mz.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image DETAILED STEPS Step 1 dir flash0:[partition-number:] Use this command to list files in flash memory: rommon > dir flash0: program load complete, entry point: 0x4000000, size: 0x18fa0 Directory of flash0: 2 48296872 -rw- c3900-universalk9-mz.SPA Note whether the new system image is the first file or the only file listed in the dir flash0: command output.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image Step 10 exit Use this command to exit global configuration mode: Router(config)# exit Router# Step 11 copy run start Use this command to copy the running configuration to the startup configuration: Router# copy run start What to Do Next Proceed to the “Saving Backup Copies of Your New System Image and Configuration” section on page 21.
Upgrading the Cisco IOS Software How to Upgrade the Cisco IOS Image DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 copy nvram:startup-config {ftp: | rcp: | tftp:} Example: Copies the startup configuration file to a server. • The configuration file copy serves as a backup copy. • Enter the destination URL when prompted.
Upgrading the Cisco IOS Software How to Upgrade the IOS Image on the Access Point Router# copy flash0: tftp: IP address of remote host [255.255.255.255]? 192.0.0.1 filename to write on tftp host? c2900-universalk9-mz writing c2900-mz !!!!... successful ftp write. How to Upgrade the IOS Image on the Access Point This section describes how to upgrade the Cisco IOS image on the access point.
Upgrading the Cisco IOS Software How to Upgrade the IOS Image on the Access Point Step 3 Command Purpose no shutdown Enables the Gigabit Ethernet interface, changing its state from administratively down to administratively up. Example: Router(config-if)# no shutdown Router(config-if)# Step 4 exit Example: Exits configuration mode for the Gigabit Ethernet interface and returns to global configuration mode.
Upgrading the Cisco IOS Software How to Upgrade the IOS Image on the Access Point description Service module interface to manage the embedded AP ip address 10.0.0.1 255.0.0.0 arp timeout 0 ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Vlan1 ip address 192.168.10.1 255.255.255.0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 ! no ip http server Upgrading the IOS Image on the Access Point Follow the image upgrade instructions at Cisco.
Upgrading the Cisco IOS Software Additional References Additional References The following sections provide references related to upgrading the system image on your router. Related Documents and Websites Related Topic Document Title or Website Matching Cisco IOS releases and features to hardware Cisco Feature Navigator http://www.cisco.com/go/fn Downloading system images Cisco IOS Upgrade Planner Displaying minimum DRAM and flash memory requirements http://www.cisco.
Upgrading the Cisco IOS Software Additional References CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play,
Upgrading the Cisco IOS Software Additional References Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software 28
PA R T 2 Configuring the Access Point
Wireless Device Overview Wireless devices (also known as access points) provide a secure, affordable, and easy-to-use wireless LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. When configured as an access point, the wireless device serves as the connection point between wireless and wired networks or as the center point of a stand-alone wireless network.
Wireless Device Overview Management Options See Why Migrate to a Cisco Unified Wireless Network? at Cisco.com for more about this network architecture design: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps6548/ prod_white_paper0900aecd804f19e3_ps6305_Products_White_Paper.html Management Options The wireless device runs its own version of Cisco IOS software that is separate from the Cisco IOS software operating on the router.
Wireless Device Overview Management Options Figure 1 Access Points as Root Units on a Wired LAN Access point 135445 Access point Central Unit in an All-Wireless Network In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations together. The access point serves as the focal point for communications, increasing the communication range of wireless users.
Wireless Device Overview Management Options CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn,
Configuring the Wireless Device The following sections describe how to configure the wireless device on the Cisco 1941W integrated services router (ISR): • Starting a Wireless Configuration Session, page 1 • Configuring Wireless Settings, page 4 • Upgrading to Cisco Unified Software, page 9 • Related Documentation, page 12 Note You can upgrade the software on the device to Cisco Unified software. See the “Upgrading to Cisco Unified Software” section on page 9.
Configuring the Wireless Device Starting a Wireless Configuration Session SUMMARY STEPS 1. interface wlan-ap0 2. ip address subnet mask 3. no shut 4. interface vlan1 5. ip address subnet mask 6. exit 7. exit 8. service-module wlan-ap 0 session DETAILED STEPS Step 1 Command Purpose interface wlan-ap0 Defines the router’s console interface to the wireless device. It is used for communication between the router’s Console and the wireless device.
Configuring the Wireless Device Starting a Wireless Configuration Session Step 5 Command Purpose ip address subnet mask Specifies the interface IP address and subnet mask. Example: router(config-if)# ip address 10.10.0.30 255.255.255.0 Step 6 exit Exits the mode. Example: router(config-if)# exit router(config)# Step 7 exit Exits the mode.
Configuring the Wireless Device Configuring Wireless Settings Configuring Wireless Settings Note If you are configuring the autonomous wireless device for the first time, start a configuration session between the router and the access point before attempting to configure basic wireless settings. See the “Starting a Wireless Configuration Session” section on page 1. Configure the wireless device with the appropriate software tool.
Configuring the Wireless Device Configuring Wireless Settings Configuring Wireless Security Settings • Configuring Authentication, page 5 • Configuring WEP and Cipher Suites, page 6 • Configuring Wireless VLANs, page 6 • Configuring the Access Point in Hot Standby Mode, page 9 Configuring Authentication Authentication types are tied to the Service Set Identifiers (SSIDs) that are configured for the access point.
Configuring the Wireless Device Configuring Wireless Settings Configuring WEP and Cipher Suites Wired Equivalent Privacy (WEP) encryption scrambles the data transmitted between wireless devices to keep the communication private. Wireless devices and their wireless client devices use the same WEP key to encrypt and decrypt data. WEP keys encrypt both unicast and multicast messages. Unicast messages are addressed to one device on the network.
Configuring the Wireless Device Configuring Wireless Settings Security Types Table 1 describes the four security types that you can assign to an SSID. Table 1 Types of SSID Security Security Type Description Security Features Enabled No Security This is the least secure option. You should use this option None. only for SSIDs used in a public space and assign it to a VLAN that restricts access to your network. Static WEP Key This option is more secure than no security.
Configuring the Wireless Device Configuring Wireless Settings Table 1 Types of SSID Security (continued) Security Type 1 EAP Authentication Description Security Features Enabled This option enables 802.1X authentication (such as LEAP2, PEAP3, EAP-TLS4, EAP-FAST5, EAP-TTLS6, EAP-GTC7 EAP-SIM8, and other 802.1X/EAP based products) Mandatory 802.1X authentication. Client devices that associate using this SSID must perform 802.1X authentication.
Configuring the Wireless Device Upgrading to Cisco Unified Software Configuring the Access Point in Hot Standby Mode In hot standby mode, an access point is designated as a backup for another access point. The standby access point is placed near the access point that it monitors and is configured exactly like the monitored access point.
Configuring the Wireless Device Upgrading to Cisco Unified Software For more information about the WLC discovery process, see Cisco Wireless LAN Configuration Guide at Cisco.com: http://www.cisco.com/en/US/docs/wireless/controller/4.0/configuration/guide/ccfig40.html Prior to the Upgrade Perform the following steps. 1. Ping the WLC from the router to confirm IP connectivity. 2. Enter the service-module wlan-ap 0 session command to establish a session with the access point. 3.
Configuring the Wireless Device Upgrading to Cisco Unified Software Troubleshooting an Upgrade or Reverting the AP to Autonomous Mode Q. My access point failed to upgrade from autonomous software to Unified software and it appears to be stuck in the recovery mode. What is my next step? A.
Configuring the Wireless Device Related Documentation Related Documentation See the following documentation for additional autonomous and unified configuration information: Table 2 • Autonomous Documentation—Table 2 • Unified Documentation—Table 3 Autonomous Documentation Network Design Links Description Wireless Overview “Wireless Device Overview” Describes the roles of the wireless device on the network.
Configuring the Wireless Device Related Documentation Table 2 Autonomous Documentation (continued) Quality of Service http://www.cisco.com/en/US/docs/ routers/access/wireless/software/guide/ QualityOfService.html Describes how to configure QoS10 on your Cisco wireless interface. With this feature, you can provide preferential treatment to certain traffic at the expense of other traffic. Without QoS, the device offers best-effort service to each packet, regardless of the packet contents or size.
Configuring the Wireless Device Related Documentation CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play,
Configuring Radio Settings The following sections describe how to configure radio settings for the wireless device: • Enabling the Radio Interface, page 2 • Configuring the Role in the Radio Network, page 3 • Configuring Dual-Radio Fallback, page 5 • Configuring Radio Data Rates, page 6 • Configuring MCS Rates, page 9 • Configuring Radio Transmit Power, page 11 • Configuring Radio Channel Settings, page 13 • Enabling and Disabling World Mode, page 19 • Disabling and Enabling Short Radio Pre
Configuring Radio Settings Enabling the Radio Interface Enabling the Radio Interface The wireless device radios are disabled by default. Note You must create a service set identifier (SSID) before you can enable the radio interface. To enable the access point radio, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. dot11 ssid ssid 3. interface dot11radio {0| 1} 4. ssid ssid 5. no shutdown 6. end 7.
Configuring Radio Settings Configuring the Role in the Radio Network Configuring the Role in the Radio Network The radio performs the following roles in the wireless network: • Access point • Access point (fallback to radio shutdown) • Root bridge • Non-root bridge • Root bridge with wireless clients • Non-root bridge without wireless clients You can also configure a fallback role for root access points.
Configuring Radio Settings Configuring the Role in the Radio Network DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface. The 2.4-GHz and 802.11g/n 2.4-GHz radios are radio 0. The 5-GHz and the 802.11n 5-GHz radio is radio 1. 4 Step 3 Sets the wireless device role.
Configuring Radio Settings Configuring Dual-Radio Fallback Configuring Dual-Radio Fallback The dual-radio fallback feature, see Figure 1, allows you to configure access points so that if the non-root bridge link connecting the access point to the network infrastructure goes down, the root access point link through which a client connects to the access point shut down. Shutting down the root access point link causes the client to roam to another access point.
Configuring Radio Settings Configuring Radio Data Rates Fast Ethernet Tracking You can configure the access point for fallback when its Ethernet port is disabled or disconnected from the wired LAN. You configure the access point for Fast Ethernet tracking as described in the “Configuring the Role in the Radio Network” section on page 3. Note Fast Ethernet tracking does not support the repeater mode.
Configuring Radio Settings Configuring Radio Data Rates You can configure the wireless device to set the data rates automatically to optimize either the range or the throughput. When you enter range for the data rate setting, the wireless device sets the 1-Mb/s rate to basic and sets the other rates to enabled. The range setting allows the access point to extend the coverage area by compromising on the data rate.
Configuring Radio Settings Configuring Radio Data Rates Step 3 Command Purpose speed Sets each data rate to basic or enabled, or enters range to optimize range or enters throughput to optimize throughput. 802.11b, 2.4-GHz radio: {[1.0] [11.0] [2.0] [5.5] [basic-1.0] [basic-11.0] [basic-2.0] [basic-5.5] | range | throughput} • Enter 1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0, 24.0, 36.0, 48.0, and 54.0 to set these data rates to enabled on the 802.11g, 2.4-GHz radio. 802.11g, 2.4-GHz radio: {[1.
Configuring Radio Settings Configuring MCS Rates Command Purpose Step 4 end Returns to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Use the no form of the speed command to remove one or more data rates from the configuration. This example shows how to remove data rates basic-2.0 and basic-5.5 from the configuration: ap1200# configure terminal ap1200(config)# interface dot11radio 0 ap1200(config-if)# no speed basic-2.
Configuring Radio Settings Configuring MCS Rates Table 1 MCS Index Data Rates Based on MCS Settings, Guard Interval, and Channel Width Guard Interval = 800 ns Guard Interval = 400 ns 20-MHz Channel Width Data Rate (Mb/s) 40-MHz Channel Width Data Rate (Mb/s) 20-MHz Channel Width Data Rate (Mb/s) 40-MHz Channel Width Data Rate (Mb/s) 0 6.5 13.5 7 2/9 15 1 13 27 14 4/9 30 2 19.5 40.5 21 2/3 45 3 26 54 28 8/9 60 4 39 81 43 1/3 90 5 52 109 57 5/9 120 6 58.5 121.
Configuring Radio Settings Configuring Radio Transmit Power Configuring Radio Transmit Power Radio transmit power is based on the type of radio or radios installed in your access point and the regulatory domain in which it operates. To set the transmit power on access point radios, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. interface dot11radio {0| 1} 3. power local level 4. end 5.
Configuring Radio Settings Configuring Radio Transmit Power SUMMARY STEPS 1. configure terminal 2. interface dot11radio {0| 1} 3. power client level 4. end 5. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface. The 2.4-GHz and 802.11g/n 2.4-GHz radios are radio 0. The 5-GHz and the 802.11n 5-GHz radio is radio 1.
Configuring Radio Settings Configuring Radio Channel Settings Configuring Radio Channel Settings The default channel setting for the wireless device radios is least congested. At startup, the wireless device scans for and selects the least-congested channel. For the most consistent performance after a site survey, however, we recommend that you assign a static channel setting for each access point.
Configuring Radio Settings Configuring Radio Channel Settings DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0 | 1} Enters interface configuration mode for the radio interface. The 802.11g/n 2.4-GHz radio is radio 0. The 802.11n 5-GHz radio is radio 1. Step 3 Sets the default channel for the wireless device radio.To search for channel the least-congested channel on startup, enter least-congested.
Configuring Radio Settings Configuring Radio Channel Settings Note • Randomly selects a different 5-GHz channel. • If the channel selected is one of the channels in Table 2, scans the new channel for radar signals for 60 seconds. • If there are no radar signals on the new channel, enables beacons and accepts client associations. • If participating in WDS, sends a DFS notification of its new operating frequency to the active WDS device.
Configuring Radio Settings Configuring Radio Channel Settings Note The maximum legal transmit power is greater for some 5-GHz channels than for others. When it randomly selects a 5-GHz channel on which power is restricted, the access point automatically reduces transmit power to comply with power limits for that channel. Note Cisco recommends that you use the world-mode dot11d country-code configuration interface command to configure a country code on DFS-enabled radios. The IEEE 802.
Configuring Radio Settings Configuring Radio Channel Settings Configuring a Channel Use the channel command to configure a channel. The command for the interface is modified to only allow you to select a specific channel number and to enable DFS. To configure a channel, follow these steps. SUMMARY STEPS 1. configure terminal 2. interface dot11radio1 dfs simulate 3. channel {number | dfs band <1–4>} 4. end 5. show running-config 6.
Configuring Radio Settings Configuring Radio Channel Settings Blocking Channels from DFS Selection If your regulatory domain limits the channels that you can use in specific locations—for example, indoors or outdoors—you can block groups of channels to prevent the access point from selecting them when DFS is enabled.
Configuring Radio Settings Enabling and Disabling World Mode Setting the 802.11n Guard Interval The 802.11n guard interval is the period in nanoseconds between packets. Two settings are available: short (400ns) and long (800ns). To to set the 802.11n guard interval, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. interface dot11radio {0 | 1} 3. guard-interval {any | long} 4. end 5.
Configuring Radio Settings Enabling and Disabling World Mode SUMMARY STEPS 1. configure terminal 2. interface dot11radio {0| 1} 3. world-mode {dot11d country_code code {both | indoor | outdoor} | world-mode roaming | legacy} 4. end 5. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface.
Configuring Radio Settings Disabling and Enabling Short Radio Preambles Disabling and Enabling Short Radio Preambles The radio preamble (sometimes called a header) is a section of data at the head of a packet that contains information that the wireless device and client devices need when sending and receiving packets. You can set the radio preamble to long or short: • Short—A short preamble improves throughput performance.
Configuring Radio Settings Configuring Transmit and Receive Antennas Configuring Transmit and Receive Antennas You can select the antenna that the wireless device uses to receive and transmit data. There are three option settings for both the receive antenna (see step 4) and the transmit antenna (see step 5): • Gain—Sets the resultant antenna gain in decibels (dB). • Diversity—This default setting tells the wireless device to use the antenna that receives the best signal.
Configuring Radio Settings Enabling and Disabling Gratuitous Probe Response Command Purpose antenna transmit {diversity | left | right} Sets the transmit antenna to diversity, left, or right. Step 6 end Returns to privileged EXEC mode. Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Step 5 Note For best performance with two antennas, leave the receive antenna setting at the default setting, diversity.
Configuring Radio Settings Disabling and Enabling Aironet Extensions Command Purpose Step 5 speed {[6.0] [9.0] [12.0] [18.0] [24.0] [36.0] [48.0] [54.0]} (Optional) Sets the response speed in Mbps. The default value is 6.0. Step 6 end Returns to privileged EXEC mode. Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Configuring Radio Settings Configuring the Ethernet Encapsulation Transformation Method DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface. The 802.11g/n 2.4-GHz radio is radio 0. The 802.11n 5-GHz radio is radio 1. Step 3 no dot11 extension aironet Disables Aironet extensions. Step 4 end Returns to privileged EXEC mode.
Configuring Radio Settings Enabling and Disabling Public Secure Packet Forwarding DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface. The 802.11g/n 2.4-GHz radio is radio 0. The 802.11n 5-GHz radio is radio 1. Step 3 payload-encapsulation {snap | dot1h} Sets the encapsulation transformation method to RFC 1042 (snap) or 802.1h (dot1h, the default setting).
Configuring Radio Settings Enabling and Disabling Public Secure Packet Forwarding DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface. The 802.11g/n 2.4-GHz radio is radio 0. The 802.11n 5-GHz radio is radio 1. Step 3 bridge-group group port-protected Enables PSPF. Step 4 end Returns to privileged EXEC mode.
Configuring Radio Settings Configuring the Beacon Period and the DTIM To disable protected port, use the no switchport protected command. For detailed information on protected ports and port blocking, see the “Configuring Port-Based Traffic Control” chapter in Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(12c)EA1. Click this link to browse to that guide: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_12c_ea1/ configuration/guide/3550scg.
Configuring Radio Settings Configure RTS Threshold and Retries Configure RTS Threshold and Retries The request to send (RTS) threshold determines the packet size at which the wireless device issues an RTS before sending the packet. A low RTS threshold setting can be useful in areas where many client devices are associating with the wireless device, or in areas where the clients are far apart and can detect only the wireless device and not detect each other.
Configuring Radio Settings Configuring the Maximum Data Retries Configuring the Maximum Data Retries The maximum data retries setting determines the number of attempts that the wireless device makes to send a packet before it drops the packet. The default setting is 32. To configure the maximum data retries, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. interface dot11radio {0| 1} 3. packet retries value 4. end 5.
Configuring Radio Settings Enabling Short Slot Time for 802.11g Radios DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 interface dot11radio {0| 1} Enters interface configuration mode for the radio interface. The 802.11g/n 2.4-GHz and 5-GHz radios are radio 0. The 802.11n 5-GHz radio is radio 1. Step 3 fragment-threshold value Sets the fragmentation threshold. Enter a setting from 256 to 2346 bytes for the 2.4-GHz radio.
Configuring Radio Settings Configuring VoIP Packet Handling Configuring VoIP Packet Handling You can improve the quality of VoIP packet handling per radio on access points by enhancing 802.11 MAC behavior for lower latency for the class of service (CoS) 5 (Video) and CoS 6 (Voice) user priorities. To configure VoIP packet handling on an access point, follow these steps: Step 1 Using a browser, log in to the access point.
Configuring Radio Settings Configuring VoIP Packet Handling CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live,
Configuring Radio Settings Configuring VoIP Packet Handling 34
Administering the Wireless Device The following sections describe administration tasks for the wireless device: Security on the Wireless Device • Disabling the Mode Button Function, page 2 • Preventing Unauthorized Access to Your Access Point, page 3 • Protecting Access to Privileged EXEC Commands, page 3 • Controlling Access Point Access with RADIUS, page 11 • Controlling Access Point Access with TACACS+, page 16 Administering the Wireless Device • Administering the Wireless Hardware and Softwar
Administering the Wireless Device Disabling the Mode Button Function Disabling the Mode Button Function You can disable the mode button on the wireless device by using the [no] boot mode-button command. Caution This command disables password recovery. If you lose the privileged EXEC mode password for the access point after entering this command, you will need to contact the Cisco Technical Assistance Center (TAC) to regain access to the access point command line interface (CLI).
Administering the Wireless Device Preventing Unauthorized Access to Your Access Point Note As long as the privileged EXEC password is known, you can use the boot mode-button command to restore the mode button to normal operation. Preventing Unauthorized Access to Your Access Point You can prevent unauthorized users from reconfiguring the wireless device and viewing configuration information.
Administering the Wireless Device Protecting Access to Privileged EXEC Commands Configuring Default Password and Privilege Level Table 1 shows the default password and privilege level configuration. Table 1 Default Passwords and Privilege Levels Privilege Level Default Setting Username and password Default username is Cisco, and the default password is Cisco. Enable password and privilege level Default password is Cisco. The default is level 15 (privileged EXEC level).
Administering the Wireless Device Protecting Access to Privileged EXEC Commands DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 enable password password Defines a new password or changes an existing password for access to privileged EXEC mode. The default password is Cisco. For password, specify a string from 1 to 25 alphanumeric characters. The string cannot start with a number, is case sensitive, and allows spaces but ignores leading spaces.
Administering the Wireless Device Protecting Access to Privileged EXEC Commands To configure encryption for enable and enable secret passwords, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. enable password [level level] {password | encryption-type encrypted-password} or enable secret [level level] {password | encryption-type encrypted-password} 3. service password-encryption 4. end 5.
Administering the Wireless Device Protecting Access to Privileged EXEC Commands If both the enable and enable secret passwords are defined, users must enter the enable secret password. Use the level keyword to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level command in global configuration mode to specify commands accessible at various levels.
Administering the Wireless Device Protecting Access to Privileged EXEC Commands DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 username name [privilege level] {password encryption-type password} Enters the username, privilege level, and password for each user. • For name, specify the user ID as one word. Spaces and quotation marks are not allowed. • (Optional) For level, specify the privilege level the user has after gaining access.
Administering the Wireless Device Protecting Access to Privileged EXEC Commands Setting the Privilege Level for a Command To set the privilege level for a command mode, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. privilege mode level level command 3. enable password level level password 4. end 5. show running-config or show privilege 6.
Administering the Wireless Device Protecting Access to Privileged EXEC Commands Step 5 Command Purpose show running-config Verifies your entries. or The show running-config command displays the password and access level configuration. show privilege The show privilege command displays the privilege level configuration. Step 6 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Administering the Wireless Device Controlling Access Point Access with RADIUS Controlling Access Point Access with RADIUS This section describes how to control administrator access to the wireless device by using Remote Authentication Dial-In User Service (RADIUS). For complete instructions on configuring the wireless device to support RADIUS, see the “Configuring Radius and TACACS+ Servers” chapter in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points.
Administering the Wireless Device Controlling Access Point Access with RADIUS To configure login authentication, follow these steps, beginning in privileged EXEC mode. This procedure is required. SUMMARY STEPS 1. configure terminal 2. aaa new-model 3. aaa authentication login {default | list-name} method1 [method2...] 4. line [console | tty | vty] line-number [ending-line-number] 5. login authentication {default | list-name} 6. end 7. show running-config 8.
Administering the Wireless Device Controlling Access Point Access with RADIUS Step 5 Command Purpose login authentication {default | list-name} Applies the authentication list to a line or set of lines. • If you specify default, use the default list that you created with the aaa authentication login command. • For list-name, specify the list that you created with the aaa authentication login command. Step 6 end Returns to privileged EXEC mode. Step 7 show running-config Verifies your entries.
Administering the Wireless Device Controlling Access Point Access with RADIUS 8. copy running-config startup-config 9. aaa authorization exec radius DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 aaa new-model Enables AAA. Step 3 radius-server host {hostname | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] Specifies the IP address or hostname of the remote RADIUS server host.
Administering the Wireless Device Controlling Access Point Access with RADIUS Command Purpose Step 6 end Returns to privileged EXEC mode. Step 7 show running-config Verifies your entries. Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file. Step 9 aaa authorization exec radius Enables RADIUS login authentication.
Administering the Wireless Device Controlling Access Point Access with TACACS+ To specify RADIUS authorization for privileged EXEC access and network services, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. aaa authorization network radius 3. aaa authorization exec radius 4. end 5. show running-config 6. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode.
Administering the Wireless Device Controlling Access Point Access with TACACS+ Note For complete syntax and usage information for the commands used in this section, see Cisco IOS Security Command Reference.
Administering the Wireless Device Controlling Access Point Access with TACACS+ 7. show running-config 8. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 aaa new-model Enables AAA. Step 3 aaa authentication login {default | list-name} method1 [method2...] Creates a login authentication method list.
Administering the Wireless Device Controlling Access Point Access with TACACS+ Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services AAA authorization limits the services available to a user. When AAA authorization is enabled, the wireless device uses information retrieved from the user profile, which is located either in the local user database or on the security server, to configure the user session.
Administering the Wireless Device Administering the Wireless Hardware and Software To disable authorization, use the no aaa authorization {network | exec} method1 command in global configuration mode. Displaying the TACACS+ Configuration To display TACACS+ server statistics, use the show tacacs command in privileged EXEC mode.
Administering the Wireless Device Managing the System Time and Date Monitoring the Wireless Device This section provides commands for monitoring hardware on the router. • Displaying Wireless Device Statistics, page 21 • Displaying Wireless Device Status, page 21 Displaying Wireless Device Statistics Use the service-module wlan-ap0 statistics command in privileged EXEC mode to display wireless device statistics.
Administering the Wireless Device Managing the System Time and Date Understanding Simple Network Time Protocol Simple Network Time Protocol (SNTP) is a simplified, client-only version of NTP. SNTP can only receive the time from NTP servers; it cannot provide time services to other systems. SNTP typically provides time within 100 milliseconds of the accurate time, but it does not provide the complex filtering and statistical mechanisms of NTP.
Administering the Wireless Device Managing the System Time and Date Setting the System Clock If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. To set the system clock, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. clock set hh:mm:ss day month year or clock set hh:mm:ss month day year 2. show running-config 3.
Administering the Wireless Device Managing the System Time and Date Configuring the Time Zone To manually configure the time zone, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. clock timezone zone hours-offset [minutes-offset] 3. end 4. show running-config 5. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode.
Administering the Wireless Device Managing the System Time and Date 4. show running-config 5. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 clock summer-time zone recurring Configures summer time to start and end on the specified days every year. [week day month hh:mm week day month Summer time is disabled by default.
Administering the Wireless Device Managing the System Time and Date DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 Configures summer time to start on the first date and end on the second clock summer-time zone date [month date year hh:mm month date year hh:mm date. [offset]] Summer time is disabled by default.
Administering the Wireless Device Configuring a System Name and Prompt Configuring a System Name and Prompt You configure the system name on the wireless device to identify it. By default, the system name and prompt are ap. If you have not configured a system prompt, the first 20 characters of the system name are used as the system prompt. A greater-than symbol (>) is appended.
Administering the Wireless Device Configuring a System Name and Prompt DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 hostname name Manually configures a system name. The default setting is ap. Note When you change the system name, the wireless device radios reset, and associated client devices disassociate and quickly reassociate. Note You can enter up to 63 characters for the system name.
Administering the Wireless Device Configuring a System Name and Prompt Default DNS Configuration Table 3 describes the default DNS configuration. Table 3 Default DNS Configuration Feature Default Setting DNS enable state Disabled. DNS default domain name None configured. DNS servers No name server addresses are configured. Setting Up DNS To set up the wireless device to use the DNS, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2.
Administering the Wireless Device Creating a Banner Step 4 Command Purpose ip domain-lookup (Optional) Enables DNS-based hostname-to-address translation on the wireless device. This feature is enabled by default. If your network devices require connectivity with devices in networks for which you do not control name assignment, you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS). Step 5 end Returns to privileged EXEC mode.
Administering the Wireless Device Creating a Banner This section contains the following configuration information: • Default Banner Configuration, page 31 • Configuring a Message-of-the-Day Login Banner, page 31 • Configuring a Login Banner, page 32 Default Banner Configuration The MOTD and login banners are not configured. Configuring a Message-of-the-Day Login Banner You can create a single-line or multiline message banner that appears on the screen when someone logs into the wireless device.
Administering the Wireless Device Creating a Banner This is a secure site. Only authorized users are allowed. For access, contact technical support. # AP(config)# This example shows the banner that results from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support.
Administering the Wireless Device Configuring Ethernet Speed and Duplex Settings To delete the login banner, use the no banner login command in global configuration mode. The following example shows how to configure a login banner for the wireless device using the dollar sign ($) as the beginning and ending delimiter: AP(config)# banner login $ Access for authorized users only. Please enter your username and password.
Administering the Wireless Device Configuring the Access Point for Wireless Network Management Command Purpose Step 6 show running-config Verifies your entries. Step 7 copy running-config startup-config (Optional) Saves your entries in the configuration file. Configuring the Access Point for Wireless Network Management You can enable the wireless device for wireless network management. The wireless network manager (WNM) manages the devices on your wireless LAN.
Administering the Wireless Device Configuring the Access Point for Local Authentication and Authorization 8. show running-config 9. copy running-config startup-config DETAILED STEPS Command Purpose Step 1 configure terminal Enters global configuration mode. Step 2 aaa new-model Enables AAA. Step 3 aaa authentication login default local Sets the login authentication to use the local username database. The default keyword applies the local user database authentication to all interfaces.
Administering the Wireless Device Configuring the Authentication Cache and Profile Configuring the Authentication Cache and Profile The authentication cache and profile feature allows the access point to cache the authentication and authorization responses for a user so that subsequent authentication and authorization requests do not need to be sent to the AAA server. Note On the access point, this feature is supported only for Admin authentication.
Administering the Wireless Device Configuring the Authentication Cache and Profile ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login default local cache tac_admin group tac_admin aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local cache tac_admin group tac_admin aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all ! aaa session-i
Administering the Wireless Device Configuring the Access Point to Provide DHCP Service ! tacacs-server host 192.168.133.231 key 7 105E080A16001D1908 tacacs-server directed-request radius-server attribute 32 include-in-access-req format %h radius-server host 192.168.134.
Administering the Wireless Device Configuring the Access Point to Provide DHCP Service To configure an access point to provide DHCP service and to specify a default router, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. ip dhcp excluded-address low_address [high_address] 3. ip dhcp pool pool_name 4. network subnet_number [mask | prefix-length] 5. lease {days [hours] [minutes] | infinite} 6. default-router address [address2 ... address 8] 7.
Administering the Wireless Device Configuring the Access Point to Provide DHCP Service Command Purpose Step 6 default-router address [address2 ... address 8] Specifies the IP address of the default router for DHCP clients on the subnet. One IP address is required; however, you can specify up to eight addresses in one command line. Step 7 end Returns to privileged EXEC mode. Step 8 show running-config Verifies your entries.
Administering the Wireless Device Configuring the Access Point for Secure Shell clear Commands To clear DHCP server variables, use the commands in Table 5, in privileged EXEC mode. Table 5 Clear Commands for DHCP Server Command Purpose clear ip dhcp binding {address | *} Deletes an automatic address binding from the DHCP database. Specifying the address argument clears the automatic binding for a specific (client) IP address. Specifying an asterisk (*) clears all automatic bindings.
Administering the Wireless Device Configuring Client ARP Caching Note The SSH feature in this software release does not support IP Security (IPsec). Configuring SSH Before configuring SSH, download the cryptographic software image from Cisco.com. For more information, see the release notes for this release. For information about configuring SSH and displaying SSH settings, see Part 6, “Other Security Features” in the Cisco IOS Security Configuration Guide for Release 12.4, which is available at Cisco.
Administering the Wireless Device Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging Configuring ARP Caching To configure the wireless device to maintain an ARP cache for associated clients, follow these steps, beginning in privileged EXEC mode. SUMMARY STEPS 1. configure terminal 2. dot11 arp-cache [optional] 3. end 4. show running-config 5.
Administering the Wireless Device Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging Using the class-based policing feature, you can specify the rate limit and apply it to the ingress of the Ethernet interface of a non-root bridge. Applying the rate at the ingress of the Ethernet interface ensures that all incoming Ethernet packets conform to the configured rate.
Administering the Wireless Device Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Netwo
Administering the Wireless Device Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging 46
PA R T 3 Appendix
A P P E N D I X A Cisco IOS CLI for Initial Configuration The following sections describe how to perform the initial configuration using the Cisco Internet Operating System (IOS) command line interface (CLI). Note • Prerequisites for Initial Software Configuration Using the Cisco IOS CLI, page A-1 • Using the Cisco IOS CLI to Perform Initial Configuration, page A-2 We recommend using Cisco Configuration Professional Express web-based application to configure the initial router settings.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration This section contains the following procedures: • Configuring the Router Hostname, page A-2 (Optional) • Configuring the Enable and Enable Secret Passwords, page A-3 (Required) • Configuring the Console Idle Privileged EXEC Timeout, page A-5 (Optional) • Configuring Gigabit Ethernet Interfaces, page A-6 (Required) • Specifying a Defa
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enters global configuration mode. Example: Router# configure terminal Step 3 hostname name Specifies or modifies the hostname for the network server.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration SUMMARY STEPS 1. enable 2. configure terminal 3. enable password password 4. enable secret password 5. end 6. enable 7. end DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enters global configuration mode.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Configuring the Console Idle Privileged EXEC Timeout This section describes how to configure the console line’s idle privileged EXEC timeout. By default, the privileged EXEC command interpreter waits 10 minutes to detect user input before timing out.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Step 5 Command or Action Purpose end Returns to privileged EXEC mode. Example: Router(config)# end Step 6 show running-config Displays the running configuration file. • Example: Verify that you properly configured the idle privileged EXEC timeout.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 show ip interface brief Displays a brief status of the interfaces that are configured for IP. • Example: Router# show ip interface brief Step 3 configure terminal Learn which type of Ethernet interface is on your router.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Examples Configuring the GigabitEthernet Interface: Example ! interface GigabitEthernet0/0 description GE int to HR group ip address 172.16.3.3 255.255.255.0 duplex auto speed auto no shutdown ! Sample Output for the show ip interface brief Command Router# show ip interface brief Interface GigabitEthernet0/0 GigabitEthernet0/1 Router# IP-Address 172.16.3.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Default Routes A router might not be able to determine the routes to all other networks. To provide complete routing capability, the common practice is to use some routers as smart routers and give the remaining routers default routes to the smart router. (Smart routers have routing table information for the entire internetwork.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration 6. end 7. show ip route DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enters global configuration mode. Example: Router# configure terminal Step 3 ip routing Enables IP routing.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Examples Specifying a Default Route: Example ! ip routing ! ip route 192.168.24.0 255.255.255.0 172.28.99.2 ! ip default-network 192.168.24.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration SUMMARY STEPS 1. enable 2. configure terminal 3. line vty line-number [ending-line-number] 4. password password 5. login 6. end 7. show running-config 8. From another network device, attempt to open a Telnet session to the router. DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Step 7 Command or Action Purpose show running-config Displays the running configuration file. • Example: Verify that you properly configured the virtual terminal lines for remote access. Router# show running-config Step 8 From another network device, attempt to open a Telnet Verifies that you can remotely access the router and that the session to the router.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration SUMMARY STEPS 1. enable 2. configure terminal 3. line aux 0 4. See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port. DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 ping [ip-address | hostname] Diagnoses initial network connectivity. • Example: To verify connectivity, ping the next hop router or connected host for each configured interface to. Router# ping 172.16.74.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Saving Your Router Configuration This section describes how to avoid losing your configuration at the next system reload or power cycle by saving the running configuration to the startup configuration in NVRAM. The NVRAM provides 256KB of storage on the router. SUMMARY STEPS 1. enable 2.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 copy nvram:startup-config {ftp: | rcp: | tftp:} Example: Copies the startup configuration file to a server. • The configuration file copy can serve as a backup copy. • Enter the destination URL when prompted.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration filename to write on tftp host? c3600-c2is-mz writing c3900-c2is-mz !!!!... successful ftp write.
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network
Appendix A Cisco IOS CLI for Initial Configuration Using the Cisco IOS CLI to Perform Initial Configuration Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software A-20 OL-21850-01
A P P E N D I X B Using CompactFlash Memory Cards Cisco 3900 series, 2900 series, and 1900 series integrated services routers (ISR) use Advanced Capability CompactFlash (CF) external memory to store the system image, configuration files, and some software data files. CF supports True IDE mode and Multi-Word DMA mode.
Appendix B Using CompactFlash Memory Cards Online Insertion and Removal Table B-1 Compact Flash Slot Numbering and Naming Slot Number CF Filenames Size1 Slot02 flash0: 256MB Slot1 flash1: 0 1. The maximum storage capacity for the CF in Slot0 and Slot1 is 4GB. 2. Slot 0 is the default CF slot. CF in slot0 can store system image, configuration, and data files. CF must be present in this slot for the router to boot and perform normal file operations.
Appendix B Using CompactFlash Memory Cards How to Format CompactFlash Memory Cards External Card with Class B Flash File System: Example The geometry and format information does not appear.
Appendix B Using CompactFlash Memory Cards File Operations on CompactFlash Memory Cards Note Use flash1: in the command syntax to access CF in slot 1. Use flash0: in the command syntax to access CF in slot 0. Formatting CompactFlash Memory as a Class C Flash File System: Example Router# format flash0: Format operation may take a while. Continue? [confirm] Format operation will destroy all data in "flash0:".
Appendix B Using CompactFlash Memory Cards File Operations on CompactFlash Memory Cards In the following example, the file my-config2 on the CF memory card is copied into the running-config file in the system memory: Router# copy flash0:my-config2 running-config Destination filename [running-config]? 709 bytes copied in 0.72 secs Displaying Files To display a list of files on a CF memory card, enter the dir flash0: command in privileged EXEC mode.
Appendix B Using CompactFlash Memory Cards File Operations on CompactFlash Memory Cards Displaying Geometry and Format Information To display the geometry and format information of a CF flash file system, enter the show flash0: filesys command in privileged EXEC mode. Use flash1: in the command syntax to access CF in slot 1. Use flash0: in the command syntax to access CF in slot 0.
Appendix B Using CompactFlash Memory Cards Directory Operations on a CompactFlash Memory Card 1580 -rw- 6462268 Mar 06 2004 06:14:02 c2900-universalk9-mz.3600ata 63930368 bytes total (51007488 bytes free) Router# rename flash0:c2900-universalk9-mz.tmp flash0:c2900-universalk9-mz Destination filename [c2900-universalk9-mz]? Router# dir flash0: Directory of flash0:/ 1580 3 -rw-rw- 6462268 6458388 Mar 06 2004 06:14:02 c2900-universalk9-mz.
Appendix B Using CompactFlash Memory Cards Directory Operations on a CompactFlash Memory Card Router# pwd flash0:/config/ Router# dir Directory of flash0:/config/ 380 203 -rw-rw- 6462268 6458388 Mar 08 2004 06:14:02 Mar 03 2004 00:01:24 myconfig1 myconfig2 63930368 bytes total (51007488 bytes free) Creating a New Directory To create a directory in flash memory, enter the mkdir flash0: command in privileged EXEC mode. Note Use flash1: in the command syntax to access CF in slot 1.
Appendix B Using CompactFlash Memory Cards Directory Operations on a CompactFlash Memory Card Removing a Directory To remove a directory in flash memory, enter the rmdir flash0: command in privileged EXEC mode. Before you can remove a directory, you must remove all files and subdirectories from the directory. Note Use flash1: in the command syntax to access CF in slot 1. Use flash0: in the command syntax to access CF in slot 0.
Appendix B Using CompactFlash Memory Cards Directory Operations on a CompactFlash Memory Card CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademar
A P P E N D I X C Using ROM Monitor The ROM monitor is accessed during power up or reload when the router does not find a valid system image, the last digit of the boot field in the configuration register is 0, or you enter the Break key sequence during the first 5 seconds after reloading the router.
Appendix C Using ROM Monitor Information About the ROM Monitor Why is the Router in ROM Monitor Mode? The router boots to ROM monitor mode when one of the following occurs: • During power up or reload, the router did not find a valid system image. • The last digit of the boot field in the configuration register is 0 (for example, 0x100 or 0x0). • The Break key sequence was entered during the first 60 seconds after reloading the router.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Accessibility This product can be configured using the Cisco command-line interface (CLI). The CLI conforms to accessibility code 508 because it is text based and it relies on a keyboard for navigation. All functions of the router can be configured and monitored through the CLI. For a complete list of guidelines and Cisco products adherence to accessibility, see the Cisco Accessibility Products document at: http://www.cisco.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Using the Break Key Sequence to Interrupt the System Reload and Enter ROM Monitor Mode To enter ROM monitor mode by reloading the router and entering the Break key sequence, follow these steps. SUMMARY STEPS 1. enable 2. reload 3. Press Ctrl-Break. DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Troubleshooting Tips The Break key sequence varies, depending on the software on your PC or terminal. See the Standard Break Key Sequence Combinations During Password Recovery tech note. What to Do Next • Proceed to the “Displaying Commands and Command Syntax in ROM Monitor Mode (?, help, -?)” section on page C-7.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enters global configuration mode. Example: Router# configure terminal Step 3 config-register 0x0 Changes the configuration register settings. • Example: The 0x0 setting forces the router to boot to the ROM monitor at the next system reload.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks *Aug 24 11:09:31.167: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 15.0(1r)M1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 2009 by cisco Systems, Inc.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Examples Sample Output for the help ROM Monitor Command rommon 1 > help alias boot break confreg cont context cookie dev dir frame help history iomemset meminfo repeat reset rommon-pref set showmon stack sync sysret tftpdnld unalias unset xmodem hwpart set and display aliases command boot up an external process set/show/clear the breakpoint configuration register utility continue executing a downloaded image display the context of a l
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks SUMMARY STEPS 1. boot or boot flash0:[filename] or boot filename tftpserver or boot [filename] or boot usbflash0:[filename] DETAILED STEPS Step 1 Command or Action Purpose boot In order, the examples here direct the router to: or • Boot the first image in flash memory. boot flash0:[filename] • Boot the first image or a specified image in flash memory. Note In IOS, flash0 will be aliased onto flash.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Examples The following example shows how to load boot flash memory and USB boot flash memory: rommon 7 > boot flash0:c2900-universalk9-mz.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco c2911 (revision 1.0) with 987136K/61440K bytes of memory.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Modifying the Configuration Register (confreg) This section describes how to modify the configuration register by using the confreg ROM monitor command. You can also modify the configuration register setting from the Cisco IOS command-line interface (CLI) by using the config-register command in global configuration mode. Caution Do not set the configuration register by using the config-register 0x0 command after setting the baud rate.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks enable "ignore system config info"? y/n [n]: y change console baud rate? y/n [n]: y enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400 [0]: 0 change the boot characteristics? y/n [n]: y enter to boot: 0 = ROM Monitor 1 = the boot helper image 2-15 = boot system [0]: 0 Configuration Summary enabled are: diagnostic mode console baud: 9600 boot: the ROM Monitor rommon 8> Obtaining Information on USB Flash Devices This section describes h
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks id name flash: compact flash bootflash: boot flash usbflash0: usbflash0 usbflash1: usbflash1 eprom: eprom Modifying the I/O Memory (iomemset) This section describes how to modify the I/O memory by using the memory-size iomemset command. Note Use the iomemset command only when it is necessary to temporarily set the I/O memory from the ROM monitor mode. Using this command improperly can adversely affect the functioning of the router.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Examples In the following example, the percentage of DRAM used for I/O memory is set to 15: rommon 2 > iomemset usage: iomemset [smartinit | 5 | 10 | 15 | 20 | 25 | 30 | 40 | 50 ] rommon 3 > rommon 3 > iomemset 15 Invoking this command will change the io memory percent *****WARNING:IOS may not keep this value***** Do you wish to continue? y/n: [n]: y rommon 4 > meminfo ------------------------------------------------Current M
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks SUMMARY STEPS 1. IP_ADDRESS=ip_address 2. IP_SUBNET_MASK=ip_address 3. DEFAULT_GATEWAY=ip_address 4. TFTP_SERVER=ip_address 5. TFTP_FILE=[directory-path/]filename 6. GE_PORT=[0 | 1 | 2] 7. GE_SPEED_MODE=[0 | 1 | 2 | 3 | 4 | 5] 8. TFTP_MEDIA_TYPE=[0 | 1] 9. TFTP_CHECKSUM=[0 | 1] 10. TFTP_DESTINATION=[flash0: | flash1: | usbflash0: | usbflash1:] 11. TFTP_MACADDR=MAC_address 12. TFTP_RETRY_COUNT=retry_times 13.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Step 5 Command or Action Purpose TFTP_FILE=[directory-path/]filename Sets the name and location of the file that is downloaded to the router. Example: rommon > TFTP_FILE=archive/rel22/c2801-i-mz Step 6 GE_PORT=[0 | 1 | 2] (Optional) Sets the input port to use one of the Gigabit Ethernet ports. The default is 0.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Step 13 Command or Action Purpose TFTP_TIMEOUT=time (Optional) Sets the amount of time, in seconds, before the download process times out. The default is 7200 seconds (120 minutes). Example: TFTP_TIMEOUT=1800 Step 14 TFTP_ACK_RETRY=time (Optional) Sets the amount of time, in seconds, before the client will resend the ACK packet to indicate to the server to continue transmission of the remaining packets. The default is 5 seconds.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Examples Sample Output for Recovering the System Image (tftpdnld) rommon rommon rommon rommon rommon rommon 16 17 18 19 20 21 > > > > > > IP_ADDRESS=171.68.171.0 IP_SUBNET_MASK=255.255.254.0 DEFAULT_GATEWAY=171.68.170.3 TFTP_SERVER=171.69.1.129 TFTP_FILE=c2801-is-mz.113-2.0.3.Q tftpdnld IP_ADDRESS: IP_SUBNET_MASK: DEFAULT_GATEWAY: TFTP_SERVER: TFTP_FILE: 171.68.171.0 255.255.254.0 171.68.170.3 171.69.1.129 c2801-is-mz.113-2.0.3.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Router Crashes A router or system crash is a situation in which the system detects an unrecoverable error and restarts itself. The errors that cause crashes are typically detected by processor hardware, which automatically branches to special error-handling code in the ROM monitor. The ROM monitor identifies the error, prints a message, saves information about the failure, and restarts the system.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks DETAILED STEPS Step 1 Command or Action Purpose stack (Optional) Obtains a stack trace. or • k For detailed information on how to effectively use this command in ROM monitor mode, see the Troubleshooting Router Hangs tech note. Example: rommon > stack Step 2 context (Optional) Displays the CPU context at the time of the fault.
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks Sample Output for the stack ROM Monitor Command rommon 6> stack Kernel Level Stack Trace: Initial SP = 0x642190b8, Initial PC = 0x607a0d44, RA = 0x61d839f8 Frame 0 : FP= 0x642190b8, PC= 0x607a0d44, 0 bytes Frame 1 : FP= 0x642190b8, PC= 0x61d839f8, 24 bytes Frame 2 : FP= 0x642190d0, PC= 0x6079b6c4, 40 bytes Frame 3 : FP= 0x642190f8, PC= 0x6079ff70, 32 bytes Frame 4 : FP= 0x64219118, PC= 0x6079eaec, 0 bytes Process Initial Frame 0 Frame 1
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks t5 t6 t7 HI EPC Stat : : : : : : 00000000 00000000 00000000 ffffffff 00000000 3401ff03 00000001 00000000 6408d464 e57fce22 60e3b7f4 | | | | | | sp s8 ra LO ErrPC Cause : : : : : : 00000000 00000000 00000000 ffffffff ffffffff ffffffff 64049cb0 6429274c 60e36fa8 ea545255 ffffffff Sample Output for the frame ROM Monitor Command rommon 6 > frame 2 Stack Frame [0x642190d0 [0x642190d4 [0x642190d8 [0x642190dc [0x642190e0 [0x642190e4
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks rommon 4 > meminfo -l The following 64 bit memory configs are supported: ------------------------------------------------Onboard SDRAM DIMM SOCKET 0 TOTAL MEMORY Bank 0 Bank1 Bank 0 Bank 1 -----------------------------------128 MB 0 MB 0 MB 0 MB 128 MB 128 MB 0 MB 64 MB 0 MB 192 MB 128 MB 0 MB 64 MB 64 MB 256 MB 128 MB 0 MB 128 MB 0 MB 256 MB 128 MB 0 MB 128 MB 128 MB 384 MB 128 MB 0 MB 256 MB 0 MB 384 MB Troubleshooting Tips See the f
Appendix C Using ROM Monitor How to Use the ROM Monitor—Typical Tasks DETAILED STEPS Step 1 Command or Action Purpose dir flash0:[directory] Displays a list of the files and directories in flash memory. • Locate the system image that you want the router to load. • If the system image is not in flash memory, use the second or third option in Step 2.
Appendix C Using ROM Monitor Additional References Additional References The following sections provide references related to using the ROM monitor.
Appendix C Using ROM Monitor Additional References CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, a
A P P E N D I X D Changing the Configuration Register Settings The following sections describe the 16-bit configuration register in NVRAM in the Cisco 3900 series, 2900 series, and 1900 series integrated services routers (ISRs): • About the Configuration Register, page D-1 • Changing the Configuration Register Settings, page D-4 • Displaying the Configuration Register Settings, page D-5 • Configuring the Console Line Speed (Cisco IOS CLI), page D-5 About the Configuration Register The router has a
Appendix D Changing the Configuration Register Settings About the Configuration Register B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Table 1 Configuration Register Bit Descriptions (continued) Bit Number Hexadecimal Meaning 08 0x0100 Controls the console Break key: • (Factory default) Setting bit 8 causes the processor to ignore the console Break key.
Appendix D Changing the Configuration Register Settings About the Configuration Register Table 2 describes the boot field, which is the lowest four bits of the configuration register (bits 3, 2, 1, and 0). The boot field setting determines whether the router loads an operating system and where the router obtains the system image.
Appendix D Changing the Configuration Register Settings Changing the Configuration Register Settings B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Table 4 Console Line Speed Configuration Register Bit Combinations (continued) Bit 5 Bit 11 Bit 12 Console Line Speed (baud) 0 1 1 2400 0 0 1 1200 Changing the Configuration Register Settings You can change the configuration register settings from either the ROM monitor or the Cisco IOS CLI.
Appendix D Changing the Configuration Register Settings Displaying the Configuration Register Settings Step 9 Save the configuration changes to NVRAM: Router# copy run start The new configuration register settings are saved to NVRAM, but they do not take effect until the next router reload or power cycle.
Appendix D Changing the Configuration Register Settings Configuring the Console Line Speed (Cisco IOS CLI) B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Step 3 Command or Action Purpose line console 0 Specifies the console line and enters line configuration mode. Example: Router(config)# line console 0 Router(config-line)# Step 4 speed baud Example: Specifies the console line speed. Possible values (in baud): 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200.
Appendix D Changing the Configuration Register Settings Configuring the Console Line Speed (Cisco IOS CLI) CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network
Appendix D Changing the Configuration Register Settings Configuring the Console Line Speed (Cisco IOS CLI) B E TA D R A F T R E V I E W — C I S C O C O N F I D E N T I A L Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software D-8 OL-21850-01
