Cisco 4G-LTE-ANTM-O-3 Installation Guide

Cisco 800 Series Integrated Services Routers Software ConfigurationGuideFirst Published: January 01, 2009Last Modified: July 22, 2014Americas Headquar

Specifying the Serial Network Interface Module Timing 156Specifying the Serial Network Interface Module Timing 157Configuring Low-Speed Serial Interfa

Configuring Two-Way Delay MeasurementThe following steps show how to configure two-way delay measurement. Both single and double taggingmethods are in

PurposeCommand or ActionDMM is the only supported delay distribution parameter.Note•ethernet y1731 delay DMM domain valuevlan vlan-id inner-vlan inner

router#configure terminalrouter(config)#ip sla1101router(config-ip-sla)#ethernet y1731 delay DMM domain customer vlan 100 mpid 3101 cos 1router(config

Distribution Statistics:IntervalStart time: *10:43:12.930 UTC Mon Oct 21 2013Elapsed time: 15 secondsNumber of measurements initiated: 7Number of meas

Rcvd: 1171DMs:Transmitted: 0Rcvd: 0LMMs:Transmitted: 0LMRs:Rcvd: 0VSMs:Transmitted: 0VSRs:Rcvd: 0SLMs:Transmitted: 0SLRs:Rcvd: 0Test ID 0Router1#Route

Because debugging output is assigned high priority in the CPU process, it can diminish the performanceof the router or even render it unusable. For th

Cisco 800 Series Integrated Services Routers Software Configuration Guide78 OL-31704-02 Configuring Ethernet CFM and Y.1731 Performance Monitorin

CHAPTER 4Configuring Power ManagementThis chapter provides information about configuring power management and Power-over-Ethernet (PoE)for router mode

2interface fastethernet 03power inline {auto | never}4endDETAILED STEPSSUMMARY STEPS1.Router# configure terminal2.Router(config)# interface fastethern

CHAPTER 5Configuring Security FeaturesThis chapter provides an overview of authentication, authorization, and accounting (AAA), which is theprimary Ci

Configuring Wireless Quality of Service 181Configuring the Access Point in Hot Standby Mode 181Upgrading to Cisco Unified Software 182Preparing for th

•Configuring Authentication•Configuring Authorization•Configuring Accounting•RADIUS and TACACS + Attributes•Configuring KerberosConfiguring AutoSecure

Configuration CommandsACL Typeip access-list extended name {permit | deny}protocol {source-addr[source-mask] |any}{destination-addr [destination-mask]

access list remains active without return traffic passing through the router. When the timeout value is reached,the dynamic access list is removed, an

Configuring VPNA VPN connection provides a secure connection between two networks over a public network such as theInternet. Cisco 860 and Cisco 880 s

The Cisco Easy VPN client feature eliminates much of the tedious configuration work by implementing theCisco Unity Client protocol. This protocol allo

VPN client—Cisco 860 or Cisco 880 series ISR3Fast Ethernet or ATM interface—With address200.1.1.1 (also the outside interface for NAT)4LAN interface—C

SUMMARY STEPS1.crypto isakmp policy priority2.encryption {des | 3des | aes | aes 192 | aes 256}3.hash {md5 | sha}4.authentication {rsa-sig | rsa-encr

Configuring Group Policy InformationTo configure the group policy, perform these steps, beginning in global configuration mode:SUMMARY STEPS1.crypto i

PurposeCommand or ActionFor details about this command and additional parameters thatcan be set, see Cisco IOS Dial Technologies Command Reference.Exa

SUMMARY STEPS1.aaa new-model2.aaa authentication login {default | list-name} method1 [method2...]3.aaa authorization {network | exec | commands level

Disabling and Enabling Aironet Extensions 202Disabling Aironet Extensions 203Ethernet Encapsulation Transformation Method 204Configuring the Ethernet

During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at bothpeers. When a transform set is found that

SUMMARY STEPS1.crypto dynamic-map dynamic-map-name dynamic-seq-num2.set transform-set transform-set-name [transform-set-name2...transform-set-name6]3.

sent between remote sites. However, the public interface still allows the rest of the traffic to pass and providesconnectivity to the Internet.To appl

SUMMARY STEPS1.crypto ipsec client ezvpn name2.group group-name key group-key3.peer {ipaddress | hostname}4.mode {client | network-extension | network

PurposeCommand or ActionEnables dead peer detection messages.crypto isakmp keepalive secondsStep 6Example:Router(config)# crypto isakmp keepalive10• s

!crypto dynamic-map dynmap 1set transform-set vpn1reverse-route!crypto map static-map 1 ipsec-isakmp dynamic dynmapcrypto map dynmap isakmp authorizat

PurposeCommand or ActionSpecifies the source endpoint of the router for the GREtunnel.tunnel source interface-type numberExample:Router(config-if)# tu

The following configuration example shows a portion of the configuration file for a VPN using a GRE tunnelscenario described in the preceding sections

ip nat outsideno cdp enablecrypto map to_corporate ! Applies the IPsec tunnel to the outside interface.!! Utilize NAT overload in order to make best u

CHAPTER 6Configuring Backup Data Lines and RemoteManagementThe Cisco 819 series and Cisco 880 Series Integrated Services Routers (ISRs) support backup

Restoring the Default Configuration 219Configuring WLAN Using the CLI-based Interface 219WLAN CLI Interface 219Displaying Command Information for WLAN

•Configuring Gigabit Ethernet Failover Media, page 121•Configuring Third-Party SFPs, page 123Configuring Backup InterfacesWhen the router receives an

PurposeCommand or ActionThe example shows the configuration of a backup interface for an ATMWAN connection.Assigns an interface as the secondary, or b

dialer group dialer group numberSUMMARY STEPS1.configure terminal2.interface type number3.dialer watch-group group-number4.dialer watch-list group-num

PurposeCommand or ActionCreates a dialer list for traffic of interest and permitsaccess to an entire protocol.dialer-list dialer-group protocol protoc

DETAILED STEPSPurposeCommand or ActionEnters global configuration mode from the terminal.configure terminalExample:Router# configure terminalStep 1Est

match address 103!!!no ip dhcp use vrf connectedip dhcp excluded-address 10.4.0.254!ip dhcp pool gsmpool *** or cdmapool ***network 10.4.0.0 255.255.0

interface Vlan1description used as default gateway address for DHCP clientsip address 10.4.0.254 255.255.0.0ip nat insideip virtual-reassembly!interfa

no execline vty 0 4login!scheduler max-task-time 5000!webvpn cefendConfiguring Dial Backup and Remote Management Through theConsole or Auxiliary PortW

Remote management;serves as dial-in access toallow changes or updatesto Cisco IOSconfigurationsCPC3To configure dial backup and remote management for

PurposeCommand or ActionExample for specifying an IP address for the ATM interfacethrough PPP and IPCP address negotiation and dial backup,on page 113

Configuring the Beacon Interval 247Configuring the Radio Transmit Power 247Configuring WMM Options 248Displaying Current CLI Values and Keywords 249Di

PurposeCommand or ActionEnables dynamic translation of addresses on the insideinterface.ip nat inside source {list access-list-number}{interface type

PurposeCommand or ActionExample:Router(config)# line aux 0Enables hardware signal flow control.flowcontrol {none | software [lock] [in | out] |hardwar

pppoe-client dial-pool-number 1!dsl operating-mode auto!! Primary WAN link.interface Dialer1ip address negotiatedip nat outsideencapsulation pppdialer

!! Direct traffic to an interface only if the dialer is assigned an IP address.route-map main permit 10match ip address 101match interface Dialer1!rou

the ISDN switch. In Figure 5: Data Line Backup Directly from Router to ISDN Switch, on page 117, the dialbackup link goes directly from the router to

Figure 5: Data Line Backup Directly from Router to ISDN SwitchPrimary DSL interfaceAPC1Dial backup and remotemanagement through theISDN interface (ISD

Provides administratorwith remote managementcapability through theISDN interface when theprimary DSL link isdown; serves as dial-inaccess to allow cha

DETAILED STEPSPurposeCommand or ActionSpecifies the ISDN switch type.isdn switch-type switch-typeStep 1Example:Router(config)# isdn switch-type basic-

PurposeCommand or ActionSets the encapsulation type to PPP for the interface.encapsulation encapsulation-typeExample:Router(config-if)# encapsulation

vpdn-group 1accept-dialinprotocol pppoevirtual-template 1!interface Ethernet3description “4700ref-1”ip address 40.1.1.1 255.255.255.0media-type 10Base

Defining AAA Server Groups 269Configuration Example: AAA Group 271Configuring RADIUS Authorization for User Privileged Access and NetworkServices 272D

SUMMARY STEPS1.hostname name2.enable secret password3.interface gigabitethernet slot/port4.media-type {sfp | rj45} auto-failover5.exitDETAILED STEPSPu

The Auto-Detect feature only works with 1000 Base SFPs. This feature does not detect 100 Base SFPs.NoteTo configure the Auto-Detect feature, perform t

Cisco does not provide any kind of support for the third-party SFPs because they are not validated byCisco.NoteNote•Supports only 100BASE SFPs and 100

PurposeCommand or ActionEnters the global configuration mode.configure terminalExample:Router# configure terminalStep 2Enables third-party SFP support

Example for Configuring Third-Party SFPsThis example shows how to configure a third-party SFP on a Cisco ISR G2 Series Router:Router# configure termin

CHAPTER 7Configuring Ethernet SwitchesThis chapter gives an overview of configuration tasks for the following:•4-port Fast Ethernet (FE) switch on the

Restrictions for the FE SwitchThe following restrictions apply to the FE switch:•Ports of an FE switch must not be connected to any Fast Ethernet onbo

The authentication command under switch trunk interface mode is enabled for the NEAT feature. Thisis available with Cisco IOS Release 15.2T.NoteSpanni

Storm ControlFor information on storm control, see:http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt1636nm.html#wp1051018Overview of S

When you create a VLAN ‘x’, the logical entity public@x is added. If you query with public community,the Layer 3 MIB is displayed. When you query with

Configuring the Access Point to Provide DHCP Service 293Setting up the DHCP Server 293Monitoring and Maintaining the DHCP Server Access Point 295Confi

Configuring VLANsThis section provides information on how to configure VLANs. The Cisco 860 series ISRs support two VLANsand the 860VAE series ISRs su

PurposeCommand or ActionExits configuration mode.endExample:Router(config-if)# endStep 5What to Do NextFor additional information, see the information

Configuring Layer 2 InterfacesFor information on how to configure Layer 2 interfaces, see the following URL:http://www.cisco.com/en/US/docs/ios/12_3t/

•Configuring the Hello Time•Configuring the forward-delay time for a VLAN•Configuring the maximum aging time for a VLAN•Disabling spanning treeConfigu

•Enabling CDP•Enabling CDP on an interface•Monitoring and maintaining CDPConfiguring the Switched Port AnalyzerFor information on how to configure a s

•Statically configuring an interface to join a group•Configuring a multicast router portIGMP Version 3In support of the IGMPv3 feature in Cisco IOS Re

•Configuring Static Addresses•Clearing all MAC Address Tables Cisco 800 Series Integrated Services Routers Software Configuration Guide138 OL-31704-

CHAPTER 8Configuring Voice FunctionalityThis chapter provides information about configuring voice functionality on the Cisco 880 Series IntegratedServ

Analog and Digital Voice Port AssignmentsAnalog and digital voice port assignments vary by model number. Table 19: Voice Port Assignments forCisco 880

MGCPMedia Gateway Control Protocol (MGCP) RFC 2705 defines a centralized architecture for creating multimediaapplications, including Voice over IP (Vo

Environmental and Power Management 323Cisco EnergyWise Support 324CHAPTER 14 4G LTE Wireless WAN 3254G LTE Support on Cisco 800 Series ISRs 325How to

Dual Tone Multi Frequency RelayUsing Dial Tone Multi Frequency (DTMF) Relay the local VoIP gateway listens for DTMF digits and sendsthe digits uncompr

•Speed dial optionsFor more information on the features supported and their configuration, see SCCP Controlled Analog (FXS)Ports with Supplementary Fe

Unified SRST automatically detects a failure in the network and initializes the process of auto configuringthe router. Unified SRST provides redundanc

CHAPTER 9Configuring the Serial InterfaceThis chapter describes configuring serial interface management.•Configuring the Serial Interface, page 145•Le

Legacy Protocol TransportSerial and synchronous/asynchronous ports are ideally suited to transport legacy traffic across a TCP/IPnetwork, facilitating

Configuring Serial InterfacesWhen the router receives an indication that the primary interface is down, the backup interface becomesenabled. After the

PPP uses keepalives to monitor the link state, as described in the Keepalive Timer, on page 149.PPP supports the following authentication protocols, w

Keepalive TimerCisco keepalives are useful for monitoring the link state. Periodic keepalives are sent to and received fromthe peer at a frequency det

The administrative state of a parent interface drives the state of the subinterface and its PVC. When theadministrative state of a parent interface or

Configuring a Synchronous Serial InterfaceSynchronous serial interfaces are supported on various serial network interface cards or systems. This inter

Applying the Crypto Map to the Physical Interface 346Creating an Easy VPN Remote Configuration 347Verifying Your Easy VPN Configuration 349Configurati

You cannot use the physical-layer async command for frame-relay encapsulation.NoteEncapsulation methods are set according to the type of protocol or a

Compression is performed in software and might significantly affect system performance. We recommendthat you disable compression if CPU load exceeds 6

DETAILED STEPSPurposeCommand or ActionEnables NRZI encoding format.Do one of the following:Step 1Enables NRZI encoding format for router.•nrzi-encodin

DETAILED STEPSPurposeCommand or ActionInverts the clock signal on an interface.invert txclockExample:Router(config-if)# invert txclockStep 1Inverts th

Ignoring DCD and Monitoring DSR as Line Up/Down IndicatorBy default, when the serial interface is operating in DTE mode, it monitors the Data Carrier

DETAILED STEPSPurposeCommand or ActionConfigures the DCE to use SCTE from the DTE.dce-terminal-timing enableExample:Router(config-if)# dce-terminal-ti

Half-Duplex DTE State MachinesAs shown in the figure below, the half-duplex DTE transmit state machine for low-speed interfaces remainsin the ready st

signal is deasserted or the timeout timer expires, the state machine transitions back to the ready state. If thetimer expires before CTS is deasserted

value is 0 ms; use the half-duplex timer transmit-delay interface configuration command to specify a delayvalue not equal to 0.Figure 10: Half-Duplex

3After the DCE transmits the last frame, it transitions to the wait transmit finish state, where it waits fortransmit FIFO to empty and the last frame

debug atm errors Command 371debug atm events Command 372debug atm packet Command 373Software Upgrade Methods 374Recovering a Lost Password 374Change t

DETAILED STEPSPurposeCommand or ActionPlaces a low-speed serial interface inconstant-carrier mode.no half-duplex controlled-carrierExample:Router(conf

DETAILED STEPSPurposeCommand or ActionSpecifies the mode of a low-speed interface as eithersynchronous or asynchronous.physical-layer {sync | async}Ex

Examples for Interface Enablement ConfigurationThe following example illustrates how to begin interface configuration on a serial interface. It assign

The following example shows some typical synchronous serial interface configuration commands availablewhen the interface is in synchronous mode:interf

Cisco 800 Series Integrated Services Routers Software Configuration Guide166 OL-31704-02 Configuring the Serial InterfaceExamples for Low-Speed S

CHAPTER 10Configuring Wireless DevicesThis chapter describes the procedures for initial configuration of the wireless device, radio settings, WLAN,and

• Cisco Unified Wireless mode—operates in conjunction with a Cisco Unified Wireless LAN controller,where all configuration information is maintained w

to the user. Figure 12: Access Points as Root Units on a Wired LAN, on page 169 shows access points actingas root units on a wired LAN.Figure 12: Acce

communications, increasing the communication range of wireless users. Figure 13: Access Point as CentralUnit in All-Wireless Network, on page 170 show

TFTP support with Ethernet WAN interfaceTrivial File Transfer Protocol (TFTP) is a file transfer protocol notable for its simplicity. It is generally

©2009-14 Cisco Systems, Inc. All rights reserved.

TACACS+ 393Network Address Translation 393Easy IP (Phase 1) 393Easy IP (Phase 2) 394Network Interfaces 394Ethernet 394ATM for DSL 395PVC 395Dialer Int

DescriptionColorLEDModule is powered on andconnected but not transmitting orreceiving.GreenWWANModule is powered on andsearching for connection.Green

DescriptionColorLEDSIM in slot 0 active, SIM in slot 1is not.Green / Yellow (one green blinkfollowed by two yellow blinks)SIM7,8SIM in slot 1 active,

3G Modem-QuadBand HSPA+R7/HSPA/UMTS QuadBand EDGE/GPRS Global and GPS,Cellular modem configuration:---------------------------GSM-Carrier Type : Cellu

Enter the following commands in global configuration mode on the router’s Cisco IOS command-line interface(CLI).SUMMARY STEPS1.interface wlan-ap02.ip

PurposeCommand or ActionSpecifies the interface IP address and subnet mask.ip address subnet maskExample:Router(config-if)# ip address 10.10.0.30255.2

Configuring Wireless SettingsIf you are configuring the wireless device for the first time, you must start a configuration session betweenthe access p

Configuring Wireless Security SettingsThis section includes the following configuration tasks:Configuring AuthenticationAuthentication types are tied

Configuring Wireless VLANs and Assigning SSIDsIf you use VLANs on your wireless LAN and assign SSIDs to VLANs, you can create multiple SSIDs byusing a

Security Features EnabledDescriptionSecurity TypeMandatory WEP. Client devices cannotassociate using this SSID without a WEPkey that matches the wirel

Security Features EnabledDescriptionSecurity TypeMandatory WPA authentication. Clientdevices that associate using this SSID mustbe WPA capable.If radi

Error Reporting 407ROM Monitor Debug Commands 407Exiting the ROM Monitor 409Cisco 800 Series Integrated Services Routers Software Configuration Guide

network, matching settings ensure that client devices can switch easily to the standby access point. For moreinformation, see Hot Standby Access Point

1Ping the WLC from the router to confirm IP connectivity.2Enter the service-module wlan-ap 0 session command to establish a session into the access po

The access point may attempt to boot and fail or may become stuck in the recovery mode and fail to upgradeto the Unified software. If either one of th

LinksTopicThis document describes how to use a wireless device in the roleof an access point as a local authenticator, serving as a standaloneauthenti

LinksTopicThis document lists the radio channels supported by Cisco accessproducts in the regulatory domains of the world.http://www.cisco.com/en/US/c

You must create a service set identifier (SSID) before you can enable the radio interface.NoteTo enable the access point radio, follow these steps, be

•Non-root bridge•Root bridge with wireless clients•Non-root bridge without wireless clientsYou can also configure a fallback role for root access poin

PurposeCommand or ActionReturns to privileged EXEC mode.endStep 4(Optional) Saves your entries in the configuration file.copy running-config startup-c

To configure the access point for Fast Ethernet tracking, enter the following command:# station-role root access-point fallback track fa 0MAC-Address

Typically, the trade-off is between throughput and range. When the signal degrades (possibly due to distancefrom the access point), the rates renegoti

Cisco 800 Series Integrated Services Routers Software Configuration Guidexxii OL-31704-02 Contents

DETAILED STEPSPurposeCommand or ActionEnters global configuration mode.configure terminalStep 1Enters interface configuration mode for the radio inter

PurposeCommand or Actionallow both 802.11b and 802.11g client devices to associate to the wirelessdevice 802.11g radio.On the 5-GHz radio, the default

Table 25: Data Rates Based on MCS Settings, Guard Interval, and Channel WidthGuard Interval = 400nsGuard Interval = 800nsMCS Index40-MHz ChannelWidth

Configuration Example: MCS RatesMCS rates are configured using the speed command.The following example shows configuring speed setting for an 802.11g/

PurposeCommand or ActionReturns to privileged EXEC mode.endStep 4(Optional) Saves your entries in the configuration file.copy running-config startup-c

PurposeCommand or ActionReturns to privileged EXEC mode.endStep 4(Optional) Saves your entries in the configuration file.copy running-config startup-c

Configuring Wireless Channel WidthTo set the wireless device channel width, follow these steps, beginning in privileged EXEC mode:SUMMARY STEPS1.confi

Enabling and Disabling World ModeYou can configure the wireless device to support 802.11d world mode, Cisco legacy world mode, or worldmode roaming. W

PurposeCommand or ActionAironet extensions must be enabled for legacy world mode operation,but Aironet extensions are not required for 802.11d world m

PurposeCommand or ActionEnters interface configuration mode for the 2.4-GHz radio interface.interface dot11radio {0 }Step 2Disables short preambles an

PrefaceThis preface describes the audience, organization, and conventions of this guide, and describes relateddocuments that have additional informati

SUMMARY STEPS1.configure terminal2.interface dot11radio {0 }3.gain dB4.antenna receive {diversity | left | right}5.end6.copy running-config startup-co

• Message Integrity Check (MIC)—MIC is an additional WEP security feature that prevents attacks onencrypted packets called bit-flip attacks. The MIC,

What to Do NextUse the dot11 extension aironet command to enable Aironet extensions if they are disabled.Ethernet Encapsulation Transformation MethodW

Enabling and Disabling Public Secure Packet ForwardingPublic Secure Packet Forwarding (PSPF) prevents client devices that are associated to an access

What to Do NextUse the no form of the bridge group command to disable PSPF.Configuring Protected PortsTo prevent communication between client devices

Beacon Period and the DTIMThe beacon period is the amount of time between access point beacons in kilomicroseconds (Kmicrosecs).One Kmicrosec equals 1

RTS Threshold and RetriesThe request to send (RTS) threshold determines the packet size at which the wireless device issues an RTSbefore sending the p

What to Do NextUse the no form of the rts command to reset the RTS settings to defaults.Maximum Data RetriesThe maximum data retries setting determine

What to Do NextConfiguring the Fragmentation ThresholdThe fragmentation threshold determines the size at which packets are fragmented (sent as several

What to Do NextEnabling Short Slot Time for 802.11g RadiosYou can increase throughput on the 802.11g 2.4-GHz radio by enabling short slot time. Reduci

DescriptionChapterProvides procedures for configuring the network interface devicefunctionality, Ethernet data plane loopback, IEEE connectivity fault

The default value for maximum retries is 3 for the Low Latency setting. This value indicates how manytimes the access point will try to retrieve a los

Address for Accessing Web-based InterfaceYou can change the address for accessing the web-based interface. See Configuring Access to the Web-basedInte

Configuring Basic Wireless SettingsIn the left pane, click Wireless -> Basic to open the Wireless - Basic page, providing configuration optionsfor

Configuring SecurityIn the left pane, click Wireless -> Security to open the Wireless - Security page, providing security settingsfor each access p

DescriptionOption(Enabled when Channel is set to Auto)Minutes to wait before scanning again to determinethe best channel.Range: 1 to 35791394 minutes.

DescriptionOptionTransmit/Receive rate for multicast packets.If 802.11n/EWC is Disabled and “54g Mode”is set to “802.11b Only,” then the optionswill c

DescriptionOption(WMM (Wi-Fi Multimedia) must be set to Enabledor Auto)Enables/disables the WMM Automatic Power SaveDelivery feature.When WMM is in Au

Saving the Wireless LAN Configuration to a FileIn the left pane, click Configuration -> Backup to save a configuration file for the wireless config

ap(config)# exitap#Displaying Command Information for WLAN CLIEntering a question mark (?) displays information about available command options. This

Example: Accessing WLAN CLI Using Telnet Through the Loopback InterfaceRouter# telnet 1.1.1.1 2002Trying 1.1.1.1, 2002 ... OpenConnecting to AP consol

DescriptionChapterProvides information to help isolate problems you might encounter.Troubleshooting Cisco 800 SeriesRoutersProvides information for ho

PurposeCommand or ActionEnabling and Disabling WLANBy default, the WLAN feature is enabled.To enable or disable WLAN, follow these steps from global c

DETAILED STEPSPurposeCommand or ActionEnters configuration mode.configure terminalExample:ap# configure terminalStep 1Example:ap(config)#SSID-name—The

PurposeCommand or ActionThe example specifies a new SSID of guest1 for guest SSIDnumber 1.Enabling and Disabling Guest SSIDsTo enable or disable a gue

Hiding the SSID (access point) provides a small measure of security in helping to prevent unauthorizedusers from accessing the network. When you hide

DETAILED STEPSPurposeCommand or ActionEnters SSID configuration mode for a specific SSID. The ap(config-ssid)prompt indicates SSID configuration mode.

PurposeCommand or Action• SSID-name—The SSID name.Disables the WMM Advertise feature for the SSID specified in the previousstep.[no] disable-wmmExampl

Configuring the Global Maximum Number of ClientsTo set the global maximum number of clients that can connect to an AP, follow these steps from globalc

PurposeCommand or ActionExample:ap(config)# dot11 guest-ssid 1 guestssid1• ssid—The main SSID.• guest-ssid—A guest SSID.• guest-SSID-number—The guest

PurposeCommand or ActionWhat to Do NextTable 27: Authentication Command Options, on page 230 describes options for the authentication command:Table 27

DescriptionSyntaxOptionDefines the authentication rekey intervalin seconds.Range: 0 to 2147483647 (seconds)The example configures the rekey intervalto

DescriptionConventionNested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a v

DescriptionSyntaxOptionDefines the WPA2 reauthorization intervalin seconds.Range: 0 to 2147483647 (seconds)The example configures the reauthorizationi

DescriptionSyntaxOptionEnables WPA2 preauthentication.The no form of the command disablespreauthentication.Mixed-WPA2-WPA preauthap(config-ssid)# auth

SUMMARY STEPS1.dot11 {ssid | guest-ssid} [guest-SSID-number] SSID-name2.encryption mode encryption-optionsDETAILED STEPSPurposeCommand or ActionEnters

DescriptionSyntaxOptionEnables WEP encryption. The no form ofthe command disables WEP encryption.The WEP encryption defaultsetting depends on theauthe

DescriptionSyntaxOptionConfigures the encryption mode toTKIP+AES.TKIP+AES is supported onlyunder WPA, WPA-PSK, WPA2,WPA2-PSK, Mixed WPA2/WPA,or Mixed

Configuring the MAC Address Filter ModeTo select the MAC address access list mode, follow these steps from global configuration mode:SUMMARY STEPS1.do

DETAILED STEPSPurposeCommand or ActionEnters radio interface mode, indicated by the ap(config-if) prompt.interface Dot11Radio 0Example:ap(config)# int

PurposeCommand or ActionConfigures 802.11n radio options.[no] dot11nStep 2Configures the 802.11n rate:dot11n rateStep 3•rate range: 0 to 15. Table 29:

RateValueMCS index 4, 39 Mbps4MCS index 5, 52 Mbps5MCS index 6, 58.5 Mbps6MCS index 7, 65 Mbps7MCS index 8, 13 Mbps8MCS index 9, 26 Mbps9MCS index 10,

PurposeCommand or ActionExample:ap(config-if)# 54g-mode auto• dot11b-only—Accepts only 802.11b clients.• lrs—54g Limited Rate Support (LRS). Intended

•Readme First for the Cisco 800 Series Integrated Services Routers.•Cisco 860, Cisco 880, and Cisco 890 Series Integrated Services Routers Hardware In

Configuring the 54g RateTo set the 54g transmission rate, follow these steps from global configuration mode:The 54g rate can be set only when the 802.

Configuring 54g ProtectionTo set 54g protection, follow these steps from global configuration mode:54g protection can be set only when 802.11n is disa

DETAILED STEPSPurposeCommand or ActionEnters radio interface mode, indicated by the ap(config-if) prompt.interface Dot11Radio 0Example:ap(config)# int

DETAILED STEPSPurposeCommand or ActionEnters radio interface mode, indicated by the ap(config-if)prompt.interface Dot11Radio 0Example:ap(config)# inte

Configuring the RTS ThresholdTo set the request-to-send (RTS) threshold, follow these steps from global configuration mode:If an access point transmit

DETAILED STEPSPurposeCommand or ActionEnters radio interface mode, indicated by the ap(config-if) prompt.interface Dot11Radio 0Example:ap(config)# int

SUMMARY STEPS1.interface Dot11Radio 02.tx-pwr power-percentageDETAILED STEPSPurposeCommand or ActionEnters radio interface mode, indicated by the ap(c

PurposeCommand or ActionEnable or Disables WMM.[no] wmm [auto | no-ack | apsd]Step 2Example:ap(config-if)# wmm• auto—Configures WMM auto mode:• no-ack

dot11 guest-ssid 1 Cisco860_Guest1no isolate-clientsno wmfmax-associations 16no hide-apno disable-wmmno mac-filter-modeauthentication openno encryptio

DETAILED STEPSPurposeCommand or ActionDisplays the current channel and power information.show controllers Dot11Radio 0Example:ap# show controllers Dot

Cisco 800 Series Integrated Services Routers Software Configuration Guidexxviii OL-31704-02 PrefaceObtaining Documentation and Submitting a Servi

VHT8_9SS1_CDD1 2 -MCS0_7_STBC 2 17.50VHT8_9SS1_STBC 2 -MCS8_15 2 17.50VHT8_9SS2 2 -DSSS_MULTI2 3 -OFDM_CDD2 3 -MCS0_7_CDD2 3 -VHT8_9SS1_CDD2 3 -MCS0_7

DETAILED STEPSPurposeCommand or ActionDisplays the current associated clients.show dot11 associationsExample:ap# show dot11 associationsStep 1What to

Displaying the Tx/Rx StatisticsUse the show dot11 statistics command to display the current transmit/receive (tx/rx) statistics for Dot11Radio0 interf

DETAILED STEPSPurposeCommand or ActionDisplays the current BVI 1 interface details.show interfaces BVI 1Example:ap# show interfaces BVI 1Step 1What to

Example: Displaying Dot11Radio 0 Interface InformationThis example displays Dot11Radio 0 interface information.ap# show interfaces Dot11Radio 0Dot11Ra

SUMMARY STEPS1.show processes cpuDETAILED STEPSPurposeCommand or ActionDisplays CPU utilization statistics.show processes cpuExample:ap# show processe

Pinging an AddressUse the ping command to test connectivity with a specific address.SUMMARY STEPS1.ping {IP-address | hostname}DETAILED STEPSPurposeCo

Configuring the Number of Lines on ScreenUse the terminal length command to configure the number of lines displayed on the screen.SUMMARY STEPS1.termi

SUMMARY STEPS1.configure terminal2.no boot mode-button3.endDETAILED STEPSPurposeCommand or ActionEnters global configuration mode.configure terminalSt

The characters TAB, ?, $, +, and [ are invalid characters for passwords.NoteProtecting Access to Privileged EXEC CommandsA simple way of providing ter

CHAPTER 1Product OverviewThis chapter provides an overview of the features available for the Cisco 810, Cisco 860, Cisco 880 andCisco 890 series Integ

SUMMARY STEPS1.configure terminal2.enable password password3.end4.show running-config5.copy running-config startup-configDETAILED STEPSPurposeCommand

It is recommend that you use the enable secret command because it uses an improved encryptionalgorithm.If you configure the enable secret command, it

PurposeCommand or Action(Optional) Saves your entries in the configuration file.copy running-config startup-configStep 5Configuration Example: Enable

PurposeCommand or Action• password —The password the user must enter to gain access to the wirelessdevice. The password must be from 1 to 25 character

SUMMARY STEPS1.configure terminal2.privilege mode level level command3.enable password level level password4.end5.•show running-configor•show privileg

Configuring Multiple Privilege LevelsWhen you set a command to a privilege level, all commands whose syntax is a subset of that commandare also set to

RADIUS ConfigurationRADIUS and AAA are disabled by default. To prevent a lapse in security, you cannot configure RADIUSthrough a network management ap

PurposeCommand or Actionmethods that are to be used in default situations. The default method list isautomatically applied to all interfaces.• list-na

as RADIUS hosts providing a specific AAA service. If you configure two different host entries on the sameRADIUS server for the same service (such as a

PurposeCommand or Action• key string —(Optional) Specifies the authentication and encryption key usedbetween the wireless device and the RADIUS daemon

CONTENTSPreface Preface xxiiiAudience xxiiiDocument Organization xxiiiDocument Conventions xxvRelated Documentation xxviObtaining Documentation an

Features of Cisco 860 Series ISRsThe following features are supported on all Cisco 860 series ISRs:4-port 10/100 FE LAN Switch of Cisco 860 Series ISR

Configuring RADIUS Authorization for User Privileged Access and Network ServicesAAA authorization limits the services that are available to a user. Wh

PurposeCommand or ActionVerifies your entries.show running-configStep 5(Optional) Saves your entries in the configuration file.copy running-config sta

until there is successful communication with a listed authentication method or until all defined methods areexhausted. If authentication fails at any

PurposeCommand or ActionEnters line configuration mode, and configures the lines to which theauthentication list applies.line [console | tty | vty]lin

SUMMARY STEPS1.configure terminal2.aaa authorization network tacacs+3.aaa authorization exec tacacs+4.end5.show running-config6.copy running-config st

Resetting the Wireless Device to the Factory Default ConfigurationTo reset the wireless device hardware and software to its factory default configurat

grSystem uptime = 0 days, 4 hours, 28 minutes, 5 secondsRouter#d was introduced for embedded wireless LAN access points on Integrated ServicesRouters.

Enter the sntp server command once for each NTP server. The NTP servers must be configured to respondto the SNTP messages from the access point.If you

PurposeCommand or ActionSets the time zone.clock timezone zone hours-offsetminutes-offsetStep 2The wireless device keeps internal time in universal ti

PurposeCommand or Action• day —(Optional) Specifies the day of the week (for example, Sunday).• month —(Optional) Specifies the month (for example, Ja

BenefitFeature•IPSec & Easy VPN with 10 tunnels.•BGP.•MAC filtering and port security.•QoS features include LLQ and WFQ.•NBAR and DiffServ.Securit

For complete syntax and usage information for the commands used in this section, see Cisco IOSConfiguration Fundamentals Command Reference and Cisco I

IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domainnames are pieced together with periods

PurposeCommand or ActionAt boot time, no domain name is configured. However, if the wireless deviceconfiguration comes from a BOOTP or DHCP server, th

Creating a BannerYou can configure a message-of-the-day (MOTD) and a login banner. By default the MOTD and login bannersare not configured.The MOTD ba

PurposeCommand or Action(Optional) Saves your entries in the configuration file.copy running-config startup-configStep 5Example: Configuring a MOTD Ba

PurposeCommand or Actionbeginning and end of the banner text. Characters after the endingdelimiter are discarded.• message —Enter a login message up t

SUMMARY STEPS1.configure terminal2.interface fastethernet03.speed {10 | 100 | auto}4.duplex {auto | full | half}5.end6.show running-config7.copy runni

Configuring the Access Point for Local Authentication and AuthorizationYou can configure AAA to operate without a server by configuring the wireless d

PurposeCommand or Action• level—(Optional) Specifies the privilege level that the user has after gainingaccess. The range is 0 to 15. Level 15 gives p

See Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges, Versions 12.4(10b)JAand 12.3(8)JEC for information about these commands.N

BenefitFeature•A single dual-purpose port provides directconnection to a console or external modem formanagement or backup access points.CON/AUX port•

!interface Dot11Radio0no ip addressno ip route-cacheshutdownspeed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0statio

Configuring the Access Point to Provide DHCP ServiceBy default, access points are configured to receive IP settings from a DHCP server on your network

PurposeCommand or ActionExcludes the wireless device IP address from the range of addresses that thewireless device assigns.ip dhcp excluded-addresslo

The following example shows how to configure the wireless device as a DHCP server, how to exclude a rangeof IP address, and how to assign a default ro

PurposeCommandClears an address conflict from the DHCP database.Specifying the address argument clears the conflictfor a specific IP address. Specifyi

Client ARP CachingYou can configure the wireless device to maintain an address resolution protocol (ARP) cache for associatedclient devices. Maintaini

PurposeCommand or Action(Optional) Use the optional keyword to enable ARP caching only forthe client devices whose IP addresses are known to the wirel

CHAPTER 11Configuring PPP over Ethernet with NATThis chapter provides an overview of Point-to-Point Protocol over Ethernet (PPPoE) clients and network

OverviewMultiple PCs can be connected to the LAN behind the router. Before the traffic from these PCs is sent to thePPPoE session, it can be encrypted

A PPPoE session is initiated on the client side by the Cisco 819, Cisco 860, or Cisco 880 ISRs. An establishedPPPoE client session can be terminated i

IOS Images for Cisco 860 VAE Series ISRsTable 3: IOS Images of the Cisco 860VAE Series ISRs, on page 5 describes the IOS images included inCisco 860VA

PurposeCommand or ActionCreates and associates a VPDN group with a customer orVPDN profile.vpdn-group nameExample:Router(config)# vpdn-group 1Step 2Cr

DETAILED STEPSPurposeCommand or ActionEnters interface configuration mode for WAN interface.interface type numberExample:Router(config)# interface fas

To configure a dialer interface for one of the Fast Ethernet LAN interfaces on the router, complete the followingsteps, starting in global configurati

PurposeCommand or ActionSpecifies the dialer pool that is used to connect to a specificdestination subnetwork.dialer pool numberExample:Router(config-

SUMMARY STEPS1.ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}2.Do one of the following:•ip nat inside source {list a

PurposeCommand or ActionIdentifies the specified VLAN interface as the NAT insideinterface.ip nat {inside | outside}Example:Router(config-if)# ip nat

What to Do NextTo use NAT with a virtual-template interface, you must configure a loopback interface. See Basic RouterConfiguration for information on

Verifying Your ConfigurationUse the show ip nat statistics command in privileged EXEC mode to verify the PPPoE with NAT configuration.You should see v

Cisco 800 Series Integrated Services Routers Software Configuration Guide310 OL-31704-02 Configuring PPP over Ethernet with NATVerifying Your Con

CHAPTER 12Configuring PPP over ATM with NATThis chapter provides an overview of Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA)clients

x—ADSL2oPOTS886G and 886GW—xADSL2oPOTS887 and 887Wx—ADSL2oPOTS887G and 887GWxxVDSL2oPOTS887-VA-V—xVDSL2oPOTS887V and 887VWx—VDSL2oPOTS887VG and 887VGW

page 312 shows a typical deployment scenario with a PPPoA client and NAT configured on the Cisco router.This scenario uses a single static IP address

Configuration TasksPerform the following tasks to configure this network scenario:•Configure the Dialer Interface, on page 313•Configure the ATM WAN I

PurposeCommand or ActionSpecifies that the IP address for the dialer interface is obtainedthrough PPP/IPCP (IP Control Protocol) address negotiation.i

PurposeCommand or ActionFor details about this command and additional parameters that canbe set, see the Cisco IOS IP Command Reference, Volume 1 of 4

PurposeCommand or ActionSpecifies the encapsulation type for the PVC and points back to thedialer interface.encapsulation {aal5auto | aal5autopppvirtu

Table 35: Default ADSL ConfigurationDefault ValueDescriptionAttributeAutoSpecifies the operating mode of the digitalsubscriber line (DSL) for an ATM i

LOSES Errors: 1 0UES Errors: 0 276233Defect Status: None NoneLast Fail Code: NoneWatchdog Counter: 0x56Watchdog Resets: 0Selftest Result: 0x00Subfunct

SUMMARY STEPS1.ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}2.Do one of the following:•ip nat inside source {list a

PurposeCommand or ActionEnters configuration mode for the VLAN (on which the FastEthernet LAN interfaces [FE0–FE3] reside) to be the insideinterface f

What to Do NextIf you want to use NAT with a virtual-template interface, you must configure a loopback interface. SeeBasic Router Configuration for in

—1—24FEC881-Vx——24VDSL2/ADSL2C887VA-Vx—x24VDSL2/ADSL2C887VA-V-WThe Cisco 887 VA-V and Cisco 881-V routers give you the flexibility to use the FXS or B

Verifying Your Configuration with NATUse the show ip nat statistics command in privileged EXEC mode to verify the PPPoA client with NATconfiguration.

CHAPTER 13Environmental and Power ManagementThis chapter explains the environmental and power Management features.•Environmental and Power Management,

SYSTEM WATTAGE===============Board Power consumption is: 4.851 WPower Supply Loss: 1.149 WTotal System Power consumption is: 6.000 WREAL TIME CLOCK BA

CHAPTER 144G LTE Wireless WANThe Cisco Fourth-Generation Long-Term Evolution (4G LTE) Wireless WAN (WWAN) offers a highlysecure, simplified, and cost-

How to Configure Cisco 800 Series 4G LTE ISRsFor instructions on how to configure the 4G LTE features on Cisco 819 Series 4G LTE ISRs, Cisco C880Serie

async mode interactive!dialer watch-list 1 ip 5.6.7.8 0.0.0.0dialer watch-list 1 delay route-check initial 60dialer watch-list 1 delay connect 1!ip ro

interface Cellular0ip address negotiatedencapsulation slipno ip mroute-cachedialer in-banddialer string ltedialer-group 1async mode interactive! traff

CHAPTER 15Configuring a LAN with DHCP and VLANsThe Cisco 819, Cisco 860 and Cisco 880 Integrated Services Routers (ISRs) support clients on both physi

Router and DHCP server—Cisco 819, Cisco 860, orCisco 880 ISR—connected to the Internet2VLAN 13VLAN 24DHCPDHCP, which is described in RFC 2131, uses a

SUMMARY STEPS1.ip domain name name2.ip name-server server-address1 [server-address2...server-address6]3.ip dhcp excluded-address low-address [high-add

Security Features of Cisco 880 Series ISRsThe Cisco 880 Series ISRs provide the following security features:•Intrusion Prevention System (IPS)•Dynamic

PurposeCommand or ActionImports DHCP option parameters into the DHCP portion ofthe router database.import allExample:Router(config-dhcp)# import allSt

• show ip dhcp pool—Displays information about the DHCP address pools.• show ip dhcp server statistics—Displays the DHCP server statistics, such as th

PurposeCommand or ActionUpdates the VLAN database, propagates it throughout theadministrative domain, and returns to global configuration mode.exitExa

• show—Entered from VLAN database mode. Displays summary configuration information for allconfigured VLANs.• show vlan-switch—Entered from privileged

Router# show vlan-switchVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0, Fa1

CHAPTER 16Configuring a VPN Using Easy VPN and an IPSecTunnelThis chapter provides an overview of the creation of Virtual Private Networks (VPNs) that

The example in this chapter illustrates the configuration of a remote access VPN that uses the Cisco EasyVPN and an IP Security (IPSec) tunnel to conf

at the central site. Resources at the client site are unavailable to the central site. Network extension modeallows users at the central site to acces

SUMMARY STEPS1.crypto isakmp policy priority2.encryption {des | 3des | aes | aes 192 | aes 256}3.hash {md5 | sha}4.authentication {rsa-sig | rsa-encr

PurposeCommand or ActionExits ISAKMP policy configuration mode and returns to globalconfiguration mode.exitExample:Router(config-isakmp)# exitStep 7Co

Table 8: Port Configurations of the Cisco 890 Series ISRsData BackupWAN PortModelISDNV.92FE—xxGE891 and 891Wx—xGE892 and 892Wx—xGE3or SFP4892F and 892

PurposeCommand or ActionSpecifies group domain membership.domain nameExample:Router(config-isakmp-group)# domaincompany.comStep 4Exits ISAKMP policy c

PurposeCommand or ActionConfigures the router to reply to mode configurationrequests from remote clients.crypto map tag client configuration address [

PurposeCommand or ActionYou could also use a RADIUS server for this. Fordetails, see the Cisco IOS Security Configuration Guideand Cisco IOS Security

What to Do NextWith manually established security associations, there is no negotiation with the peer, and both sides mustspecify the same transform s

PurposeCommand or ActionExits crypto map configuration mode and returns toglobal configuration mode.exitExample:Router(config-crypto-map)# exitRouter(

PurposeCommand or ActionExample:Router(config-if)# crypto map static-mapSee Cisco IOS Security Command Reference for details aboutthis command.Exits i

PurposeCommand or ActionSpecifies the IPSec group and IPSec key value for the VPNconnection.group group-name key group-keyExample:Router(config-crypto

Verifying Your Easy VPN ConfigurationRouter# show crypto ipsec client ezvpnTunnel name :ezvpnclientInside interface list:vlan 1Outside interface:faste

crypto ipsec client ezvpn ezvpnclient inside! Cisco 800 Series Integrated Services Routers Software Configuration Guide350 OL-31704-02 Configuring

CHAPTER 17Configuring Cisco Multimode G.SHDSL EFM/ATMThis chapter provides a link to a document that describes the configuration of the Cisco Multimod

Cisco 810 Series ISRsThis section provides information about the features supported by Cisco 810 series ISRs. In Cisco 810 seriesISRs, there are two d

Cisco 800 Series Integrated Services Routers Software Configuration Guide352 OL-31704-02 Configuring Cisco Multimode G.SHDSL EFM/ATM

CHAPTER 18Configuring VDSL2 Bonding and Single-Wire PairVery-high-bit-rate digital subscriber line 2 (VDSL2) bonding combines two copper wire pairs to

Configuring Bonding in Auto ModeYou can configure bonding either in auto mode or VDSL2. The default configuration is auto.Perform the following tasks

SUMMARY STEPS1.configure terminal2.controller VDSL slot3.operating mode mode4.line-mode bonding5.exitDETAILED STEPSPurposeCommand or ActionEnters glob

DETAILED STEPSPurposeCommand or ActionEnters global configuration mode when using theconsole port.configure terminalExample:router#configure terminalS

PurposeCommand or ActionEnters controller configuration mode.controller VDSL slotExample:router(config)# controller vdsl 0Step 2Enables profile 8a thr

router(config-controller)# no line-mode single-wire line 1router(config-controller)# exit Cisco 800 Series Integrated Services Routers Software Conf

CHAPTER 19Deployment ScenariosThis chapter describes and shows some typical deployment scenarios for the Cisco 860, Cisco 880, and Cisco890 series Int

Embedded Wireless Device•Cisco 860 series, Cisco 880 series, and Cisco 890 ISRs have an optional wireless device that runs itsown version of the Cisco

•Quality of service (QoS) prioritizes critical applications and ensures timely delivery of latency- sensitiveand mission-critical applicationsFigure 1

WLAN Features of Cisco 812 Series ISRA Wireless Local Area Network (WLAN) implements a flexible data communication system frequentlyaugmenting rather

Network (VPN) service using IP Security and Generic Routing Encapsulation (IPSec+GRE) for secure andprivate communication over the public Internet.Fig

•Support for existing analog voice and fax capabilities.Figure 21: Small-to Medium-Size BusinessEnterprise Wireless Deployments with LWAPPThe figure b

•Ability to mix and match embedded access points with external access points.Figure 22: Wireless LAN with LWAPPEnterprise Small Branch Office Deployme

CHAPTER 20Troubleshooting Cisco 800 Series RoutersUse the information in this chapter to help isolate problems you might encounter or to rule out the

•Chassis type and serial number•Maintenance agreement or warranty information•Type of software and version number•Date you received the hardware•Brief

VDSL2 TroubleshootingVery-high-data-rate digital subscriber line 2 (VDSL2) is available on the Cisco 887 routers. If you experiencetrouble with the VD

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,reliability 255/255., txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec

CauseOutputThe specified ATM subinterface is up and operatingcorrectly.ATM 0.n is up, line protocol is upThe specified ATM subinterface has been disab

ping atm interface CommandUse the ping atm interface command to determine whether a particular PVC is in use. The PVC does notneed to be configured on

DescriptionFieldMaximum number of virtual connections this interfacesupports.Maximum VCsNumber of active virtual channel connections (VCCs).Current VC

8-port 10/100 FE LAN Switch of Cisco 890 Series ISRs 9802.11n Wireless LAN Option of Cisco 890 Series ISRs 9Real-Time Clock of Cisco 890 Series ISRs 9

TFTP with Ethernet WAN Interface Feature of Cisco 812 Series ISRFor more information on TFTP download, see Disaster Recovery with TFTP Download .The C

ATM errors debugging is onRouter#01:32:02:ATM(ATM0.2):VC(3) Bad SAP received 450001:32:04:ATM(ATM0.2):VC(3) Bad SAP received 450001:32:06:ATM(ATM0.2):

debug atm packet CommandUse the debug atm packet command to display all process-level ATM packets for both outbound and inboundpackets. The output rep

DescriptionFieldTotal length of the packet (in bytes) including theATM headers.Length: nSoftware Upgrade MethodsSeveral methods are available for upgr

SUMMARY STEPS1.Connect an ASCII terminal or a PC running a terminal emulation program to the CONSOLE port on theFthe router.2.Configure the terminal t

• Break disabled (default setting)—Bit 8 is set to 1.Reset the RouterTo reset the router, follow these steps:SUMMARY STEPS1.If break is enabled, go to

Example:--- System Configuration Dialog ---Step 5Enter no in response to the prompts until the following message is displayed:Example:Press RETURN to

SUMMARY STEPS1.Enter the configure terminal command to enter global configuration mode:2.Enter the enable secret command to reset the enable secret pa

DETAILED STEPSStep 1Enter the configure terminal command to enter global configuration mode:Example:Router# configure terminalStep 2Enter the configur

Cisco 800 Series Integrated Services Routers Software Configuration Guide380 OL-31704-02 Troubleshooting Cisco 800 Series RoutersCisco Configurat

APPENDIX ACisco IOS Software Basic SkillsUnderstanding how to use Cisco IOS software can save you time when you are configuring your router. Ifyou are

•Global Positioning System (GPS) Services•3G MIBWLAN Features of Cisco 819 Series ISRsCisco 819 series ISRs support the following WLAN features:•Dual

Terminal Emulation SoftwarePC Operating SystemProComm, VersaTermMacintoshYou can use the terminal emulation software to change settings for the router

Table 40: Command Modes SummaryAbout This ModeMode Exit and EntrancePromptAccess MethodModeUse this mode to:•Change terminalsettings.•Perform basic te

About This ModeMode Exit and EntrancePromptAccess MethodModeUse this mode toconfigure parameters forthe router Ethernet andserial interfaces orsubinte

For a list of available commands for a prticular command mode, enter a question mark:Router> ?access-enable Create a temporary access-list entryacc

Entering Global Configuration ModeTo make any configuration changes to your router, you must be in global configuration mode. This sectiondescribes ho

Abbreviating CommandsYou only have to enter enough characters for the router to recognize the command as unique. This exampleshows how to enter the sh

Saving Configuration ChangesYou must enter the copy running-config startup-config command to save your configuration changes toNVRAM so that they are

APPENDIX BConceptsThis appendix contains conceptual information that may be useful to Internet service providers or networkadministrators when they co

SHDSLSHDSL is a technology based on the G.SHDSL (G.991.2) standard that allows both data and voice to betransmitted over the same line. SHDSL is a pac

Table 42: RIP and Enhanced IGRP ComparisonRouting UpdatesMetricIdeal TopologyProtocolBy default, every 30seconds. You canreconfigure this value andals

•Firewall•URL filteringSKU Information for Cisco 819 Series ISRsSee the following link for SKUs available for Cisco 819 series ISRs:http://www.cisco.c

PPP originated as an encapsulation protocol for transporting IP traffic over point-to-point links. PPP alsoestablished a standard for the assignment a

We recommend using CHAP because it is the more secure of the two protocols.NoteTACACS+Cisco 860 and Cisco 880 series routers support the Terminal Acce

The Easy IP (Phase 1) feature combines NAT and PPP/IPCP. With NAT, the router translates the nonregisteredIP addresses used by the LAN devices into th

simultaneously. In this situation, both transmissions are damaged, and the hosts must retransmit at some latertime. Algorithms determine when the coll

Dial BackupDial backup provides protection against WAN downtime by allowing a user to configure a backup modemline connection. The following can be us

and latency (required by some real-time and interactive traffic), and improved loss characteristics. QoStechnologies provide the elemental building bl

There are two levels of queuing; ATM queues and Cisco IOS queues. CBWFQ is applied to Cisco IOS queues.A first-in-first-out (FIFO) Cisco IOS queue is

APPENDIX CROM MonitorThe ROM monitor firmware runs when the router is powered up or reset. The firmware helps to initializethe processor hardware and

DETAILED STEPSPurposeCommand or ActionEnters privileged EXEC mode.enableStep 1Enter your password if prompted.Enters global configuration mode.configu

mkdir Create dir(s)-mkdir <dirnames ...>more Concatenate (type) file(s)-cat <filenames ...>rename Rename a file-rename <old_name> &l

CHAPTER 2Basic Router ConfigurationThis chapter provides procedures for configuring the basic parameters of your Cisco router, including globalparamet

DescriptionCommandDisplays information about command syntax; forexample:rommon 16 > dis -?usage : dis [addr] [length]The output for this command is

TFTP Download Command VariablesThis section describes the system variables that can be set in ROM monitor mode and that are used duringthe TFTP downlo

CommandVariableTFTP_RETRY_COUNT= retry_timesNumber of times the router attempts ARP and TFTPdownload. The default is 7.TFTP_TIMEOUT= timeLength of tim

TFTP_FILE: c880-advsecurityk9-mzDo you wish to continue? y/n: [n]:Step 3If you are sure that you want to continue, enter y in response to the question

enable “load rom after netboot fails”? y/n [n]:enable “use all zero broadcast”? y/n [n]:enable “break/abort has effect”? y/n [n]:enable “ignore system

Optional. Sets the router to perform the downloadusing Ymodem protocol. The default is Xmodemprotocol. The protocols differ as follows:•Xmodem support

• stack or k—Produces a stack trace; for example:rommon 6> stackStack trace:PC = 0x801111b0Frame 00: FP = 0x80005ea8 PC = 0x801111b0Frame 01: FP =

Exiting the ROM MonitorYou must set the configuration register to a value from 0x2 to 0xF for the router to boot a Cisco IOS imagefrom flash memory up

Cisco 800 Series Integrated Services Routers Software Configuration Guide410 OL-31704-02 ROM MonitorExiting the ROM Monitor

INDEX802.11d 199802.11g 211802.1H 204AADSL 316configuring 316Aironet extensions 196antenna 201selection 201antenna command 201ARP 297caching 297ATM 31

Table 9: Supported Interfaces and Associated Port Labels by Cisco RouterPort LabelInterfaceRouterLAN, FE0–FE34-port Fast Ethernet LANCisco 819 RouterG

commands (continued)speed 191switchport protected 206world-mode 199commands station role 188compression 152HDLC 152configuration examples 19, 41, 42,

Frame Relay 149serial interfaces 149Ggain 201global parameters, setting up 21Hhalf-duplex DCE state machine 159constant carrier mode 159controlled-car

passwords (continued)setting 261, 262, 264enable 261enable secret 262with usernames 264payload-encapsulation command 204point-to-multipoint bridging 2

slot-time-short command 211SNTP 278overview 278software compression 152HDLC 152LAPB 152PPP 152speed command 191SSH 296configuring 296crypto software i

Cisco 800 Series Integrated Services Routers Software Configuration GuideIN-6 OL-31704-02 Index

no ip addressshutdownno fair-queueclock rate 2000000!interface Vlan1no ip address!ip forward-protocol ndno ip http serverno ip http secure-serverloggi

◦IP address depending on the mode•If you are setting up 3G:◦You must have service availability on the Cisco 819 ISR from a carrier, and you must have

Configuring Command-Line AccessTo configure parameters to control access to the router, perform the following steps, beginning in globalconfiguration

PurposeCommand or ActionSets the interval that the EXEC command interpreter waitsuntil user input is detected. The default is 10 minutes.Optionally, a

The following configuration shows the command-line access commands.You do not need to input the commands marked “default.” These commands appear autom

Data Account Provisioning 25Verifying Signal Strength and Service Availability 25Configuring a GSM Modem Data Profile 26CDMA Modem Activation and Prov

PurposeCommand or ActionExample:Router(config)#Specifies an encrypted password to prevent unauthorizedaccess to the router.enable secret passwordExamp

DETAILED STEPSPurposeCommand or ActionEnters the configuration mode for a Gigabit Ethernet WANinterface on the router.interface type numberExample:Rou

To configure the 3G cellular wireless interface, follow these guidelines and procedures:Prerequisites for Configuring the 3G Wireless InterfaceThe fol

•Inserting a different type of modem from what was previously removed requires configuration changesand you must reload the system.Data Account Provis

PurposeCommand or ActionDisplays the cellular gps information.show cellular 0 gpsExample:Router# show cellular 0 gpsStep 4Shows the radio signal stren

DETAILED STEPSPurposeCommand or ActionCreates a new modem data profile. See Table 10: ModemData Profile Parameters, on page 27 for details aboutthe co

CarrierActivation and Provisioning ProcessVerizon WirelessOTASP5ActivationSprintIOTA6for Data Profile refresh5OTASP = Over the Air Service Provisionin

Activating with Over-the-Air Service ProvisioningTo provision and activate your modem using Over-the-Air Service Provisioning (OTASP), use the followi

DETAILED STEPSPurposeCommand or ActionEnters global configuration mode from the terminal.configure terminalExample:Router# configure terminalStep 1Spe

What to Do NextWhen the cellular interface requires a static IP address, the address may be configured as IP addressnegotiated. Through IP Control Pro

Restrictions for Configuring Ethernet CFM 56Configuring Ethernet CFM (Port MEP) 57Configuration Example for Ethernet CFM (Port MEP) 59Verifying the Et

PurposeCommand or ActionSpecifies the cellular interface.interface cellular 0Example:Router (config)# interface cellular 0Step 2Enables DDR and config

PurposeCommand or ActionSpecifies a default modem chat script.script dialer <regexp>Example:Router (config-line)# script-dialer gsmStep 11Exits

Basic Cellular Interface ConfigurationThe following example shows how to configure a gsm cellular interface to be used as a primary WANconnection. It

bandwidth receive 1400000ip address 23.23.0.1 255.255.0.0ip nat outsideip virtual-reassemblyencapsulation pppno ip mroute-cachedialer in-banddialer id

DescriptionSyntaxCommandSets the failover timer in minutes.gsm failovertimer <1-7>gsm failovertimerVerifies the SIM CHV1 code.gsm sim authentica

The following example shows you how to configure the SIM card in slot 0 to use profile 10:router(config-controller)# gsm sim profile 10 slot 0Perform

What to Do NextUsing this button takes effect only during ROMMON initialization. During a warm reboot, pressing this buttonhas no impact on performanc

Golden config file at location : flash:/golden.cfgConfig Recovery Status : OkPush Button in WLAN APWhen the push button on the front panel is pressed,

PurposeCommand or ActionSets the IP address and subnet mask for the loopbackinterface.ip address ip-address maskExample:Router(config-if)# ip address

5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts,

Configuring the IKE Policy 87Configuring Group Policy Information 89Applying Mode Configuration to the Crypto Map 90Enabling Policy Lookup 90Configuri

What to Do NextFor general information on static routing, see the Concepts, on page 389.ExampleIn the following configuration example, the static rout

SUMMARY STEPS1.router rip2.version {1 | 2}3.network ip-address4.no auto-summary5.endDETAILED STEPSPurposeCommand or ActionEnters router configuration

PurposeCommand or ActionDisables automatic summarization of subnet routes intonetwork-level routes. This allows subprefix routinginformation to pass a

Configuring Enhanced Interior Gateway Routing ProtocolTo configure Enhanced Interior Gateway Routing Protocol (EIGRP), perform these steps, beginning

What to Do NextFor general information on EIGRP concept, see the Enhanced IGRP.ExampleThe following configuration example shows the EIGRP routing prot

CHAPTER 3Configuring Ethernet CFM and Y.1731Performance Monitoring on Layer 3 InterfacesThis chapter provides procedures for configuring the network i

SUMMARY STEPS1.enable2.configure terminal3.interface gigabitethernet slot/port4.port-tagging5.encapsulation dot1q vlan-id6.set cos cos-value7.endDETAI

PurposeCommand or ActionExits the interface configuration mode.endExample:Router(config-if-port-tagging)#endStep 7Configuration ExampleThis configurat

Sending 5, 100-byte ICMP Echos to 132.1.101.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msrouter#Tr

Internal Ethernet data plane loopback is not supported.NoteFigure 4-1 represents a sample topology to configure Ethernet data plane loopback.Restricti

Spanning Tree Protocol 129Cisco Discovery Protocol 129Switched Port Analyzer 129IGMP Snooping 129Storm Control 130Overview of SNMP MIBs 130BRIDGE-MIB

•The broadcast and multicast IP addresses of the broadcast and multicast IP frames that are receivedcannot be used as the source IP address of the fra

PurposeCommand or ActionSpecifies the subinterface and enters the subinterfaceconfiguration mode.interface gigabitethernet slot/port.sub-portExample:R

PurposeCommand or ActionDisplays information to verify if the loopback sessionhas ended.show ethernet loopback activeExample:Router#show ethernet loop

Use the show ethernet loopback permitted command to view the loopback capabilities per interface:Router#show ethernet loopback permitted--------------

Because debugging output is assigned high priority in the CPU process, it can diminish the performanceof the router or even render it unusable. For th

Configuring Ethernet CFM (Port MEP)Complete these steps to configure and enable Ethernet CFM on a port Maintenance End Point (MEP):SUMMARY STEPS1.enab

PurposeCommand or ActionDefines a CFM maintenance domain at a specified level,and enters the Ethernet CFM configuration mode.ethernet cfm domain domai

Configuration Example for Ethernet CFM (Port MEP)This example shows how to configure Ethernet CFM on a port MEP:Router>enableRouter#configure termi

N/ATotal Local MEPs: 1Local MIPs: NoneUse the show ethernet cfm maintenance-points remote command to display information about remotemaintenance point

- carrier S,C 100,1101 N/AN/A 0sMPID: 43 Domain: carrier MA: carrierUse the ping command to verify if Loopback Messages (LBM) and Loopback Replies (LB

Real-Time Transport Protocols 141Dual Tone Multi Frequency Relay 142CODECs 142SCCP-Controlled Analog Ports with Supplementary Features 142Fax Services

DETAILED STEPSPurposeCommand or ActionEnables the privileged EXEC mode.enableStep 1Example:Router>enableEnter your password when prompted.Enters th

PurposeCommand or ActionExample:Router(config-if)#ethernet cfm mep domaincustomer mpid 100 service customer1101The values for domain and service must

•show ethernet cfm error configurationUse the show ethernet cfm domain command to display the maintenance point domains configured in thenetwork. In t

N/A 12sMPID: 100 Domain: customer MA: customer1101410 enterprise 70ca.9b4d.a400 Up Up6 enterprise Gi0/1- custservice Vlan 110 N/AN/A 12sMPID: 400 Doma

SUMMARY STEPS1.enable2.configure terminal3.ethernet cfm ieee4.ethernet cfm global5.ethernet cfm domain domain-name level 0 to 76.service service-name

PurposeCommand or ActionExample:Router(config-ecfm)#service customer1101 vlan100 inner-vlan 30 direction down• vlan—Specifies the VLAN.• inner-vlan—Th

Configuration Example for Ethernet CFM (Double-Tagged Packets)This example shows how to configure Ethernet CFM for double-tagged packets:Router>ena

----------------------------------------------------------------------------------110 customer 8843.e154.6f01 Up Up7 customer Gi0/2.1101- customer1101

Use the show ethernet cfm error configuration command to view Ethernet CFM configuration errors (ifany). The following is a sample output of the show

Purposedebug CommandDisplays debug messages for all Ethernet CFMplatform common events.debug ecfmpal commonEnables debugging of all Ethernet CFM platf