Cisco Systems 1604 User Manual

CHAPTER

Configuring the Cisco 1604 Router

This chapter describes how to configure the Cisco 1604 router to dial out to the Cisco AS5300.

Network Topology, Hardware, and Software Selections

Figure 3-1 Case Study Scenario Network Topology from the Perspective of the Cisco 1604

Branch office

server

Headquarters

10.1.254.1

255.255.255.0

PSTN/ISDN

Cisco AS5300

Table 3-1 provides detailed information about the end-to-end connections for the Cisco 1604. This is the network administrator’s top-level design table. The Cisco 1604’s WAN default gateway is

10.1.254.1, which is configured on the Cisco AS5300 as the dialer interface address.

Table 3-1 Network Device Characteristics

Site Hardware WAN IP Address

Cisco 1604 10.1.254.4

255.255.255.0

Cisco AS5300 10.1.254.1

255.255.255.0 Dialer Interface

10.1.4.1

255.255.255.0

BRI line

Cisco

10.1.254.4

255.255.255.0

Ethernet IP Address Assigned Phone Number

10.1.4.1

255.255.255.0

10.1.1.10

255.255.255.0

1604

Directory number = 5125554433

4085551234 hq-sanjose hq-sanjose-pw

15579

Host Name/ User Name

robo-austin austin-pw

Username Password

Cisco IOS Dial Services Quick Configuration Guide

3-1

Overview of Steps

After you verify your start up configuration, follow these steps to configure the router:

Step 1—Configuring the Host Name, Password, and Time Stamps

Step 2—Configuring Local AAA Security

Step 3—Configuring the Ethernet Interface

Step 4—Configuring Basic Rate Interface

Step 5—Configuring Dial-on-Demand Routing

Step 6—Testing the Cisco 1604 Connection to the Cisco AS5300

Step 7—Confirming the Cisco 1604 Final Running Configuration

Step 8—Saving the Configuration

Verifying Your Start Up Configuration

Chapter 3 Configuring the Cisco 1604 Router

If the startup configuration of the Cisco IOS software release running inside the Cisco 1604 router is not configured, the following screen appears at bootup. The automatic setup script is engaged:

In this case study, the Cisco 1604 is manually configured. The automatic setup script is not used.

program load complete, entry point: 0x4018060, size: 0x1da928

Notice: NVRAM invalid, possibly due to write erase.

%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?program load complete, entry point: 0x8000060, size: 0x3f5f2c

Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706

Cisco Internetwork Operating System Software

IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(x)

3-2

ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Router uptime is 10 minutes System restarted by reload

System image file is "flash:c1600-sy-l.120-x"

Cisco IOS Dial Services Quick Configuration Guide

Chapter 3 Configuring the Cisco 1604 Router

cisco 1604 (68360) processor (revision C) with 17920K/512K bytes of memory.

Processor board ID 08823977, with hardware revision 00972006 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1.

1 Ethernet/IEEE 802.3 interface(s) 1 ISDN Basic Rate interface(s)

System/IO memory with parity disabled

2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM

System running from FLASH 8K bytes of non-volatile configuration memory.

12288K bytes of processor board PCMCIA flash (Read ONLY)

--- System Configuration Dialog ---

When you are asked the question, “Would you like to enter the initial configuration dialog? [yes/no]:”, enter no.

Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]: yes

Press RETURN to get started!

Step 1—Configuring the Host Name, Password, and Time Stamps

00:00:17: %QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem? 00:00:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:17: %LINK-3-UPDOWN: Interface Serial0, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state todown 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed stat to down 00:00:44: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down 00:00:46: %LINK-5-CHANGED: Interface Serial0, changed state to administratively down 00:00:46: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 00:00:47: %IP-5-WEBINST_KILL: Terminating DNS process

Router>

Step 1—Configuring the Host Name, Password, and Time Stamps

Assign a host name to the Cisco 1604, enable basic security, and turn on time stamping.

• Assigning a host name helps you to distinguish between different network devices.

• Enabling passwords helps you to prevent unauthorized configuration changes.

• Setting time stamps helps you to trace debug output for testing connections—not knowing exactly

when an event occurs hinders you from examining background processes.

As you configure the software, make sure that all logging dialog generated by the router appears on your terminal screen. If it does not, enter the terminal monitor EXEC command. If you are configuring the router with the console port, logging automatically appears.

You can use security measures in addition to those described in Steps 4 and 5 below to further encrypt the password. See the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference for more information.

Cisco IOS Dial Services Quick Configuration Guide

3-3

Verifying Host Name, Password, and Time Stamp Configuration

To configure the host name, password and timestamps for the Cisco 1604, enter the following commands beginning in user EXEC mode:

Step 1 Enter privileged EXEC mode.

Router> enable

Step 2 Enter global configuration mode.

Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.

Step 3 Assign a host name to the router. This host name is typically used during authentication with the central

site.

Router(config)# hostname robo-austin

Step 4 Enter a secret enable password that secures privileged EXEC mode. Be sure to change “guessme” to

your own secret password.

robo-austin(config)# enable secret guessme

Chapter 3 Configuring the Cisco 1604 Router

Step 5 Encrypt passwords in the configuration file for greater security.

hq-sanjose(config)# service password-encryption

Step 6 Enable millisecond time stamping on debug and logging output. Time stamps are useful for detailed

access tracing.

hq-sanjose(config)# service timestamps debug datetime msec hq-sanjose(config)# service timestamps log datetime msec

Verifying Host Name, Password, and Time Stamp Configuration

To verify configuration of the Cisco 1604’s host name, password, and time stamps:

Step 1 Enter the show running command:

robo-austin# show running Building configuration...

Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname robo-austin ! enable secret 5 $1$og7B$nSwMZM0NBKTPhV09KVgxl1 ! interface Ethernet0 no ip address shutdown !

3-4

Cisco IOS Dial Services Quick Configuration Guide

Chapter 3 Configuring the Cisco 1604 Router

interface Serial0 no ip address shutdown ! interface BRI0 no ip address shutdown ! ip classless ! ! line con 0 line vty 0 4 login !

Step 2 Log in with your new enable password.

Step 3 Exit out of enable mode by using the disable command.

The prompt changes from

Step 4 Enter the enable command followed by your password.

Step 5 Enter the show privilege command to show the current security privilege level, which is level 15:

robo-austin# disable robo-austin> enable Password: robo-austin# show privilege Current privilege level is 15 robo-austin#

Step 2—Configuring Local AAA Security

robo-austin# to robo-austin>.

Tips

If you have trouble:

• Make sure the Caps Lock key is off.

• Make sure you entered the correct password. Passwords are case sensitive.

Step 2—Configuring Local AAA Security

The Cisco IOS security model to use on all Cisco devices is authentication, authorization, and accounting (AAA). AAA provides the primary framework through which you set up access control on the access server.

• Authentication—Who are you?

• Authorization—What can you do?

• Accounting—What did you do?

In this case study, the same authentication method is used on all interfaces. AAA is set up to use the local database configured on the Cisco 1604 router. This local database is created with the username configuration commands.

Note Setting up your AAA security at this point in the configuration process is a matter of “best

practices”; it ensures that the configuration is managed for most effectiveness.

Cisco IOS Dial Services Quick Configuration Guide

3-5

Verifying Local AAA Security Configuration

To configure local AAA security on the Cisco 1604, enter the following commands beginning in global configuration mode:

Step 1 Create a local username for yourself. Make sure to change “joe-admin” to your own username and

“joe-password” to your own password. This step prevents you from getting locked out of the router when you enable AAA.

robo-austin(config)# username joe-admin password joe-password

Step 2 Enable AAA access control. This step immediately enables login and PPP authentication.

robo-austin(config)# aaa new-model

Step 3 Configure AAA to perform login authentication by using the local username database. The login

keyword indicates authentication of EXEC (shell) users.

robo-austin(config)# aaa authentication login default local

Step 4 Configure PPP authentication to use the local database if the session was not already authenticated by

robo-austin(config)# aaa authentication ppp default local

Chapter 3 Configuring the Cisco 1604 Router

Note After you finish setting up basic security, you can enhance the security solution by

extending it to an external TACACS+ or RADIUS server. However, this case study describes only local AAA security.

Verifying Local AAA Security Configuration

To verify the local AAA security configuration on the Cisco 1604:

Step 1 Log in with your username:password.

Step 2 Enter the login command at the EXEC (shell) prompt. Do not disconnect your EXEC session until you

can log in successfully. (If you get locked out, recover your password by rebooting the router.)

robo-austin# login

User Access Verification

Username: joe-admin Password:

robo-austin#

3-6

Cisco IOS Dial Services Quick Configuration Guide

Chapter 3 Configuring the Cisco 1604 Router

Step 3 Enter the show running command to see the Cisco 1604’s current configuration:

robo-austin# show running Building configuration...

Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname robo-austin ! aaa new-model aaa authentication login default local aaa authentication ppp default local enable secret 5 $1$og7B$nSwMZM0NBKTPhV09KVgxl1 ! username joe-admin password 7 <removed> ! interface Ethernet0 no ip address shutdown ! interface Serial0 no ip address shutdown ! interface BRI0 no ip address shutdown ! ip classless ! ! line con 0 line vty 0 4 !

Step 3—Configuring the Ethernet Interface

Assign an IP address to the Cisco 1604’s Ethernet interface. Test the interface by pinging it from a PC on the LAN.

To configure the Ethernet interface, enter the following commands beginning in global configuration mode:

Step 1 Configure the IP address and subnet mask on the Ethernet interface.

robo-austin(config)# interface ethernet 0 robo-austin(config-if)# ip address 10.1.4.1 255.255.255.0

Cisco IOS Dial Services Quick Configuration Guide

3-7

+ 15 hidden pages