- Preparing for Configuration
- Setting Platform Variables from IOS Environment
- Understanding Cisco RFGW-10 Configuration Fundamentals
- Entering the Initial Configuration Information
- Basic Configuration Using the Setup Facility
- System Configuration Dialog
- Configuring a Switch using the Extended Configuration Mode
- Configuring a Default Gateway
- Configuring a Static Route
- Controlling Access to Privileged EXEC Commands
- Setting or Changing a Static Enable Password
- Enabling multicast on the Cisco RFGW-10
Configuring the Cisco RFGW-10 for the First Time
This section describes how to start up and configure the Cisco RFGW-10 for the first time. The chapter contains the following sections:
Identifies tasks and analysis that you must complete prior to powering on and configuring the Cisco RFGW-10. |
|
Describes the basic principles of using passwords and summarizes the initial router configuration utilities that are available to you. |
|
Configuring the Cisco RFGW-10 Manually Using Configuration Mode |
|
Describes how to save your configurations on the Cisco RFGW-10. |
|
Provides commands to check your settings and review any changes to your configuration. |
Preparing for Configuration
Complete these prerequisite steps before you power on and configure the Cisco RFGW-10:
- Ensure that the network supports reliable broadband data transmission. Your facility must be cleaned, balanced, and certified based on National Television Standards Committee (NTSC) or appropriate international cable plant recommendations. Ensure your facility meets all DOCSIS requirements.
- Ensure that the Cisco RFGW-10 is installed according to the instructions in the hardware installation guide.
- Ensure that all other required headend or distribution hub routing and network interface equipment is installed, configured, and operational (based on the supported services). This includes:
– Servers (Dynamic Host Configuration Protocol (DHCP) servers, Trivial File Transfer Protocol (TFTP) servers, and time-of-day (ToD) servers)
– Other configuration or billing systems
- Ensure that DHCP and DOCSIS configuration files are created and transferred to the appropriate servers so that each cable modem, when initialized, can:
– Obtain TFTP and ToD server addresses
– Download a DOCSIS configuration file in your network
- Ensure that customer premises equipment (CPE)—CMs or set-top boxes (STBs), PCs, telephones, or facsimile machines—meet requirements for your network and service offerings.
- Be familiar with your channel plan to assign appropriate frequencies. Outline your strategies for setting up bundling, if applicable to your headend or distribution hub. As appropriate, obtain the following:
After these prerequisites are met, you are ready to configure the Cisco RFGW-10. This includes, at a minimum:
- Configuring a host name and password for the Cisco RFGW-10
- Configuring the CMTS to support IP over the cable plant and network backbone
Note Effective from Cisco IOS-XE 3.2.0SQ, IPv6 is not supported on interface FA1 of the Cisco RFGW-10.
Setting Platform Variables from IOS Environment
Effective with Cisco IOS-XE 3.2.3SQ, platform environment variables such as BootParam1 can be modified from the IOS Command Line Interface. This provides a convenient way to modify these variables, instead of using a directly connected console to modify them via the ROMMON.
The following example shows how to use the unset the Bootparam platform variable:
Note This feature is not supported in Cisco IOS-XE 3.3.0SQ and later releases.
Understanding Cisco RFGW-10 Configuration Fundamentals
This section describes the basic parameters of using passwords.
Note These sections provide minimal configuration instructions. For additional configuration information, refer to subsequent chapters in this guide.
Tip Be sure to have the appropriate addresses and values based on your network before you attempt to configure the router. Enter the show version command to display the release of Cisco IOS software on your router.
Using the Enable Secret and the Enable Passwords
The Cisco RFGW-10 is administered using the Cisco command interpreter, called the EXEC. You must boot and log in to the router before you can enter an EXEC command.
Step 1 Connect a terminal to the I/O controller console port of the Cisco RFGW-10 and establish a terminal session. You can open a Terminal application (Hyper Terminal) on a PC as follows:
Setting Password Protection
Note For security purposes, the EXEC has two levels of access to commands: user EXEC mode and privileged EXEC mode. The commands available at the user level are a subset of those available at the privileged level.
Tip Because many privileged-level EXEC commands are used to set operating parameters, password-protect these commands to prevent unauthorized use.
At the EXEC prompt, enter one of the following two commands to set password protection:
- enable secret password (which is a very secure, encrypted password)
- enable password (which is a less secure, nonencrypted password)
To gain access to privileged-level commands, enter the desired password.
Note An enable secret password can contain from 1 to 25 uppercase and lowercase alphanumeric characters. An enable password can contain any number of uppercase and lowercase alphanumeric characters. A number cannot be the first character. Spaces are valid password characters; for example, “two words” is a valid password. Leading spaces are ignored. Trailing spaces are recognized. Alphanumeric characters are recognized as uppercase or lowercase.
Passwords should be different for maximum security. If you enter the same password for both during the setup script, the system accepts it, but you receive a warning message indicating that you should enter a different password.
Replacing or Recovering a Lost Password
This section describes how to recover a lost enable or console login password and how to replace a lost enable secret password on your Cisco RFGW-10.
Note It is possible to recover the enable or console login password. However, the enable secret password is encrypted, and must be replaced with a new enable secret password.
Overview of the Password Recovery Process
Following is an overview of the general steps in the password recovery procedure:
Step 1 If you can log in to the router, enter the show version command to determine the existing configuration register value.
Step 2 Press the Break key to get to the bootstrap program prompt (ROM monitor). You might need to reload the system image by power cycling the router.
Step 3 Change the configuration register so that the following functions are enabled:
Note The key to recovering a lost password is to set the configuration register bit 6 (0x0040) so that the startup configuration (usually in NVRAM) is ignored. This allows you to log in without using a password and to display the startup configuration passwords. Cisco recommends setting the configuration register to 0x142.
Step 4 Power cycle the router by turning power off and then back on.
Step 5 Log in to the router and enter the privileged EXEC mode.
Step 6 Enter the show startup-config command to display the passwords.
Step 7 Recover or replace the displayed passwords.
Step 8 Change the configuration register back to its original setting.
Note To recover a lost password if Break is disabled on the router, you must have physical access to the router.
Replacing or Recovering Passwords
Complete the following steps to recover or replace a lost enable, enable secret, or console login password:
Step 1 Attach an ASCII terminal to the console port on your Cisco RFGW-10.
Step 2 Configure the terminal to operate at 9600 baud, 8 data bits, no parity, and 2 stop bits.
Step 3 If you can log in to the router as a nonprivileged user, enter the show version command to display the existing configuration register value. Note the value for later use. If you cannot log in to the router at all, continue with the next step.
Step 4 Press the Break key or send a Break from the console terminal.
-
If Break is enabled, the router enters the ROM monitor, indicated by the ROM monitor prompt (
rommon n>), where n is the number of the command line. Proceed to Step 6. - If Break is disabled, power cycle the router (turn the router off or unplug the power cord, and then restore power). Proceed to Within 60 seconds of restoring the power to the router, press the Break key or send a Break. This action causes the router to enter the ROM monitor and display the ROM monitor prompt (rommon 1>)..
Step 5 Within 60 seconds of restoring the power to the router, press the
Break
key or send a Break. This action causes the router to enter the ROM monitor and display the ROM monitor prompt (
rommon 1>
).
Step 6 To set the configuration register on a Cisco RFGW-10, use the configuration register utility by entering the confreg command at the ROM monitor prompt as follows:
Answer yes to the enable
ignore system config info?
prompt and note the current configuration register settings.
Step 7 Initialize the router by entering the reset command as follows:
The router initializes, the configuration register is set to 0x142, the router boots the system image from Flash memory and enters the System Configuration dialog (setup), as follows:
Step 8 Enter no in response to the System Configuration dialog prompts until the following message appears:
Step 9 Press Return. The user EXEC prompt appears as follows:
Step 10 Enter the enable command to enter privileged EXEC mode.
Step 11 Enter the show startup-config command to display the passwords in the configuration file as follows:
Step 12 Scan the configuration file display looking for the passwords; the enable passwords are usually near the beginning of the file, and the console login or user EXEC password is near the end. The passwords displayed will look something like this:
Note The enable secret password is encrypted and cannot be recovered; it must be replaced. The enable and console passwords can be encrypted text or clear text.
Proceed to the next step to replace an enable secret, console login, or enable password. If there is no enable secret password, note the enable and console login passwords if they are not encrypted and proceed to Step 17.
Step 13 Enter the configure memory command to load the startup configuration file into running memory. This action allows you to modify or replace passwords in the configuration.
Step 14 Enter the configure terminal command for configuration mode:
Step 15 Enter the following commands to change the passwords:
Change only the passwords necessary for your configuration. You can remove individual passwords by using the no form of the previous commands. For example, entering the no enable secret command removes the enable secret password.
Step 16 You must configure all interfaces to not be administratively shut down as follows:
Enter the equivalent commands for all interfaces that were originally configured. If you omit this step, all interfaces are administratively shut down and unavailable when the router is restarted.
Step 17 Use the config-registe r command to set the configuration register to the original value noted in If you can log in to the router as a nonprivileged user, enter the show version command to display the existing configuration register value. Note the value for later use. If you cannot log in to the router at all, continue with the next step. or Initialize the router by entering the reset command as follows:.
Step 18 Press Ctrl-Z or type end to exit configuration mode:
Step 19 Enter the copy running-config startup-config command to save the new configuration to nonvolatile (NVRAM) memory:
Step 20 Enter the reload command to reboot the router:
Step 21 Log in to the router with the new or recovered passwords.
Administratively Shutting Down and Restarting an Interface
You can disable an interface by shutting it down. Shutting down an interface disables all functions on the specified interface and marks the interface as unavailable on the display of all monitoring commands.One reason to shut down an interface is if you want to change the electrical interface type or mode of a port online. This information is communicated to other network servers through all dynamic routing protocols. You replace the serial adapter cable, for example, and use software commands to restart the interface, and if necessary, to reconfigure the port for the new interface. The interface is not featured in any routing updates. On serial interfaces, shutting down an interface causes the dedicated Token Ring (DTR) signal to be dropped. On Token Ring interfaces, shutting down an interface causes the interface to exit from the ring. On Fiber Distributed Data Interfaces (FDDIs), shutting down an interface causes the optical bypass switch, if present, to go into bypass mode.
To shut down an interface and then restart it, use the following commands in interface configuration mode:
To check whether an interface is disabled, use the show interfaces command in Privileged EXEC mode. An interface that is shut down is shown as administratively down in the show interfaces command display.
At system startup or restart, the Fast Serial Interface Processor (FSIP) polls the interfaces and determines the electrical interface type of each port (according to the type of port adapter cable attached). However, it does not necessarily poll an interface again when you change the adapter cable online.
To ensure that the system recognizes the new interface type, shut down the interface using the shutdown command, and enable the interface after changing the cable. See your hardware documentation for more details.
Configuring the Cisco RFGW-10 Manually Using Configuration Mode
This section describes how to configure the Cisco RFGW-10 the first time.
Entering the Initial Configuration Information
To set up the Cisco RFGW-10, assign an IP address and other configuration information necessary for the switch to communicate with the local routers and the Internet. The minimal configuration provided here does not cover feature configuration. For feature configurations, see the feature guides at http://www.cisco.com/en/US/products/ps8360/products_feature_guides_list.html.
Basic Configuration Using the Setup Facility
The first time you power on a Cisco RFGW-10, the setup facility starts. You can also initiate the facility by running the setup command in privileged EXEC mode. This facility helps you enhance a default configuration that already exists on the Cisco RFGW-10. The setup facility uses a question-and-answer sequence called the System Configuration Dialog to walk you through the configuration.
You do not have to configure the interfaces immediately; however, without configuring the interfaces you cannot enable or connect these interfaces to the networks.
Tip You can quickly connect to the network using the basic configuration setup. This allows you retrieve a configuration file from a TFTP server.
System Configuration Dialog
Use the System Configuration Dialog to help you perform a basic configuration. Proceed through the dialog by answering questions and then pressing the ENTER key. In most cases, you can get additional information by entering a question mark (?).
Throughout the dialog, default values are shown in square brackets ([ ]).
To cancel the configuration dialog, press CTRL-C, or you can let the dialog help you perform one of two configuration types:
- Basic configuration setup configures only enough connectivity for management of the system.
- Extended configuration setup asks you to configure each interface and is not appropriate for configuring the Cisco RFGW-10. You can run the setup facility any time you are at the enable prompt (#) by entering the setup command.
Configuring the System Using the Basic System Configuration Dialog
Complete the following steps to perform a basic configuration using the System Configuration Dialog:
Step 1 The dialog starts by asking if you want to continue with the configuration dialog. Enter Yes . To return to the enable prompt, enter No .
Step 2 Enter Yes to perform a basic management setup. Enter No to perform an extended configuration setup.
Step 3 Specify a hostname. The hostname becomes part of the Cisco IOS prompt.
Step 4 Specify a secret password. It appears in encrypted form in the configuration file.
Step 5 Specify the enable password. It is used if you did not assign a secret password.
Step 6 Specify the password to use for Telnet sessions.
Step 7 At the Configure System Management prompt, enter No .
Step 8 If you want to access the router using SNMP, enter Yes at the prompt:
Step 9 Specify an SNMP community string.
Configuring a Switch using the Extended Configuration Mode
Complete the following steps to configure your switch from configuration mode:
Step 1 Connect a console terminal to the console interface of your supervisor card.
Step 2 After a few seconds, you will see the user EXEC prompt (
Switch>
). Now, you may want to enter privileged EXEC mode, also known as enable mode. Type
enable
to enter enable mode:
Note You must be in enable mode to make configuration changes.
The prompt will change to the enable prompt (#):
Step 3 At the enable prompt (#), enter the configure terminal command to enter global configuration mode:
Step 4 At the global configuration mode prompt, enter the interface { qam | qam-red } slot/port. [ channel ] command to enter interface configuration mode:
Step 5 Enter the end command to exit configuration mode.
Your switch is now minimally configured and can boot up. To see a list of the configuration commands, enter ‘ ?’ at the prompt or press the help key in configuration mode.
Configuring a Default Gateway
Configure a default gateway to send data to subnets other than its own when the switch is not configured with a routing protocol. The default gateway is also used for remote procedure call (RPC) communication to SDV and VOD servers. The default gateway must be the IP address of an interface on a router that is directly connected to the switch.
Note The switch uses the default gateway only when it is not configured with a routing protocol.
Complete the following steps to configure a default gateway:
Step 1 Configure a default gateway.
Step 2 Verify that the default gateway is correctly displayed in the IP routing table.
This example shows how to configure a default gateway and how to verify the configuration:
Configuring a Static Route
If your Telnet station or SNMP network management workstation is on a different network from your switch and a routing protocol has not been configured, you might need to add a static routing table entry for the network where your end station is located.
To configure a static route, use this procedure:
Step 1 Configure a static route to the remote network.
Step 2 Verify that the static route is displayed correctly.
This example shows how to use the ip route command to configure a static route to a workstation at IP address 171.10.5.10 on the switch with a subnet mask and IP address 172.20.3.35 of the forwarding router:
Controlling Access to Privileged EXEC Commands
The procedures in these sections let you control access to the system configuration file and privileged EXEC commands.
Setting or Changing a Static Enable Password
To set or change a static password that controls access to the enable mode, enter the enable password command:
This example shows how to configure the enable password “lab” in privileged EXEC mode:
Using the enable password and enable secret Commands
To provide an additional layer of security, particularly for passwords used to connect outside your network or that are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands configure an encrypted password that you must enter to access the enable mode (the default) or any other privilege level that you specify.
We recommend that you use the enable secret command.
If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously.
To configure the switch to require an enable password, issue either of the following commands:
The above command establishes a password for the privileged EXEC mode.
The above command specifies a secret password that is saved using a nonreversible encryption method.
Note If the enable password and enable secret commands are both set, you must enter the secret password.
When you enter either of these password commands with the level keyword, you define a password for a specific privilege level. After you specify the level and set a password, provide the password only to the users who need to have access at this level. Use the privilege level configuration command to specify commands accessible at various levels.
If you configure the service password-encryption command, the password you enter is encrypted. When you display the password with the more system:running-config command, the password is displayed in the encrypted form.
If you specify an encryption type, you must provide an encrypted password—an encrypted password you copy from another Cisco RFGW-10 UEQAM configuration, so that the passwords are the same.
Note You cannot recover a lost encrypted password. You must clear NVRAM and set a new password.
Setting or Changing a Privileged Password
To set or change a privileged password, enter the password command:
Saving Your Configuration Settings
To store the configuration or changes to your startup configuration in NVRAM, enter the
copy running-config startup-config
command at the
Router#
prompt:
This command saves the configuration settings.
Tip If you do not save your settings, your configuration will be lost the next time you reload the router.
Reviewing your Configuration Settings
You can check your settings and review any changes to your configuration using various software commands:
- To view information specific to the hardware and cable interface configuration on your Cisco RFGW-10, use the following show commands:
– Use this command to verify the downstream center frequency:
– Use this command to check the value of the settings you entered:
Feedback