Cisco 1000 Series Connected Grid Routers Unicast Routing Software Configuration Guide

Step 1 

interface loopback number

Creates a path between the Cisco CG-OS router and the head-end router.

Step 2 

ip address ip address

Creates an IP address for the loopback interface.

Step 3 

ip router ospf instance-tag area area-id [secondaries none]

Creates an OSPFv2 area on the interface.

Step 1 

chat-script gsm1 name

Defines the ATDT modem commands when the dialer is initiated to automate the connect procedure.

Step 2 

interface dialer number

Configures an external dialer interface.

Step 3 

dialer persistent

Initiates a dial-out when the connection disconnects to ensure the connection remains active.

Step 4 

dialer pool number

Creates a dialer pool.

Step 5 

dialer string gsm number

Specifies the number or string to call. Reference the name of the chat script in this command for call setup.

Step 6 

interface cellular slot/port

Configures the 3G cellular interface. Slot value range is 3 to 6. Port value is 1.

Step 7 

dialer pool-member number

Assigns membership to a defined dialer pool.

Step 8 

no shutdown

Brings up the port, administratively.

Step 9 

exit

Exits to the global configuration mode.

Step 1 

wimax scan-list name

Sets a scan-list and enters the scan list mode.

Step 2 

channel {index number | frequency number | bandwidth number}

Configures the channel number, frequency, or bandwidth for the interface.

Step 3 

nap id nap-id priority value channel-index value

Defines the Network Access Provider (NAP) ID, priority, and channel for the interface.

nap-id-Must be in the following format: XX:XX:XX (maximum size of 64).

priority value-Any value in the range of 1 to 250.

channel-index value-Any value in the range of 0 to15.

Step 4 

nsp id nsp-id home

Defines the Network Service Provider (NSP) ID for the interface.

nsp-id-Must be in the following format: XX:XX:XX (maximum size of 64).

Step 5 

interface wimax slot/port

Configures the WiMAX cellular interface. Slot value range is 3 to 6. Port value is 1.

Step 6 

scan-list name

Attaches a scan list to the interface.

Step 7 

ip address ip address

Assigns an IP address to the interface.

Step 8 

no shutdown

Brings up the port, administratively.

Step 9 

exit

Enter exit to return to the global configuration mode.

Step 1 

feature crypto ike

Enables IKEv2 on the Cisco CG-OS router.

Note To prevent loss of the IKEv2 configuration, do not disable IKEv2 when IPSec is enabled on the Cisco CG-OS router.

Step 2 

crypto ike domain ipsec

Configures the IKEv2 domain and enters the IKEv2 configuration submode.

Step 3 

identity hostname

(Optional) Configures the identity of the IKEv2 protocol. By default, the IP address of the Cisco CG-OS router is taken as the identity for IKEv2 protocol.

Note This command is optional when using pre-share key (PSK) authentication.

Step 4 

keepalive value

(Optional) Configures the frequency of keep alive messages sent between peers in the tunnel. Keep alive messages validate the ability of peers to send and receive traffic. Value can be any number between 120 and 86400 seconds. The default value is 3600 seconds.

Step 5 

policy value

Defines IKEv2 priority policy and enters the policy configuration submode. The lower the number, the higher the priority.

Step 6 

authentication method

Specifies the IKEv2 authentication method.

Method options are PSK (pre-share) and RSA signature (rsa-sig) authentication.

Note RSA is the default setting.

Step 7 

encryption enc_algo

(Optional) Specifies the encryption algorithm for the policy.

Options are:

3des-168-bit DES (3DES)

aes-AES-CBC

Default setting for the Cisco CG-OS router is aes.

Step 8 

hash hash_algo

(Optional) Configures the hash algorithm for the IKEv2 policy. Options are:

md5-HMAC-MD5

sha-HMAC-SHA1

Default setting for the Cisco CG-OS router is sha.

Step 9 

group DH_group

Configures the Diffie Hellman group for the policy. Options are:

1-768-bit Diffie Hellman group

2-1024-bit Diffie Hellman group

5-1536-bit Diffie Hellman group

Default setting for the Cisco CG-OS router is 2.

Step 10 

lifetime seconds value

(Optional) Specifies the IKEv2 SA lifetime for the policy. Value is a range from 600 to 86400 seconds. Default setting is 86400 seconds.

Step 11 

exit

Exits to the global configuration mode.

Step 12 

key pre-share key {address ip address | hostname name}

Configures the key that IKEv2 communicates to the peer (head-end router) ip address. The peer must have the same key in its configuration. Maximum per-shared ley length is 128.

Step 1 

feature crypto ipsec virtual- tunnel

Enables IPSec tunnelling on the Cisco CG-OS router and creates a virtual tunnel interface.

Step 2 

crypto ipsec transform-set tx-form-name {txform | encr_txform auth_txform}

Configures a single transform set that is included within the IPSec protection profile.

Options for txform are:

•esp-gcm 128-128-bit AES-GCM authenticated encryption AES-CBC

•esp-gcm 256-256-bit AES-GCM authenticated encryption

Options for encr_txform are:

•esp-aes 128 or esp-aes 256 AES-CBC

Options for auth_txform are:

•esp-sha1-hmac or esp-sha256-hmac HMAC-SHA

Note The transform-set name (tx-form-name) defined here must match that transform-set name associated with the IPSec profile in below.

Step 3 

crypto ip sec profile profile-name

Configures an IPSec profile for attachment to the tunnel interface.

Step 4 

description text

(Optional) Allows the user to provide a description for the profile. The character limit is 64 characters.

Step 5 

set transform-set txfrom-name

Associates the transformation set to the currently configured IPSec profile (see above).

Step 6 

set pfs group

(Optional) Configures the Diffie-Hillman group for perfect forward secrecy for the IPSec tunnel. Options for group are as follows:

group 1-768-bit mode Diffie-Hillman

group 4-2048-bit mode Diffie-Hillman

group 2-1024-bit mode Diffie-Hillman

group 5-1536-bit mode Diffie-Hillman

By default, PFS is disabled.

Step 7 

set security-association lifetime [seconds] [kilobytes]

(Optional) Specifies the lifetime of the IPSec security association. When the configured lifetime value expires, a new security association is negotiated.

Lifetime can be expressed in both time (seconds, 120 to 86400) and data volume (kilobytes, 2560 to 4292967295).

The default time value is 3600 seconds.

The default data volume is 4608000 kilobytes.

Step 8 

exit

Exits to the global configuration mode.

Step 1 

router ospf instance-tag

Creates an OSPFv2 routing instance.

instance-tag-Internal identifier for the routing instance and can be an alphanumeric word or positive integer.

Step 1 

router ospfv3 instance-tag

Creates an OSPFv3 routing instance.

instance-tag-Internal identifier for the routing instance and can be an alphanumeric word or positive integer.

Step 1 

feature tunnel

Enables tunneling on the Cisco CG-OS router.

Step 1 

interface tunnel number

Creates a virtual tunnel.

When configuring a 3G or WiMAX interface, number is any value from 1 to 4095.

Step 2 

ip address ip address

Assigns an IP address for the tunnel.

Step 3 

ip ospf cost interface-cost

Specifies the cost of sending a packet on an interface.

Step 4 

ip ospf dead-interval seconds

Sets the interval during which a router must receive at least one hello packet before the router declares that neighbor as down. The range in seconds is from 1 to 65535.

Step 5 

ip ospf hello-interval seconds

Sets the interval between hello packets that OSPFv2 sends on the interface. The range in seconds is from 1 to 65535.

Step 6 

ip ospf mtu-ignore

Disables the OSPFv2 MTU mismatch detection on database descriptor (DBD) packets.

Note This parameter allows systems with Cisco IOS (such as the head-end router) and the Cisco CG-OS router to communicate and must be configured.

Step 7 

ip router ospf instance-tag area area-id [secondaries none]

Creates an OSPFv2 area on the interface.

Step 8 

tunnel mode ipsec ipv4

Configures the encapsulation mode for the tunnel.

Step 9 

tunnel source {ip-address | interface-type slot-port}

Configures the source endpoint for the tunnel.

Step 10 

tunnel destination {ip-address | host-name}

Configures the destination endpoint for the tunnel.

Step 11 

no keepalive value

(Optional) Disables the keepalive value on the Cisco CG-OS router.

The keepalive value command configures the frequency of keep alive messages sent between peers in the tunnel. Keep alive messages validate the ability of peers to send and receive traffic. Value can be any number between 120 and 86400 seconds. The default value is 3600 seconds.

Step 12 

tunnel protection ipsec profile profile-name

Binds the IPSec protection profile to the tunnel interfaces.

Note The profile-name defined in this step must match the profile name assigned to the virtual tunnel interface in by using the crypto ip sec profile profile-name command.

Step 13 

no shutdown

(Optional) Brings the port up, administratively.

Step 14 

exit

Exits the interface configuration mode.

Step 1 

interface tunnel number

Creates a GRE tunnel on an interface.

number-Any value from 1 to 4095.

Step 2 

ip address ip address

Assigns an IPv4 address to the tunnel interface.

Step 3 

ipv6 address addr

Assigns an IPv6 address to the tunnel interface. The format is A:B::C:D/length. The length range is 1 to 128.

Step 4 

ipv6 router ospfv3 instance-tag area area-id [secondaries none]

Creates an OSPFv3 area on the tunnel interface.

Step 5 

tunnel source {ip-address | interface-type slot-port}

Configures the source endpoint for the tunnel.

Step 6 

tunnel destination {ip-address | host-name}

Configures the destination endpoint for the tunnel.

Step 7 

no shutdown

(Optional) Brings the port up, administratively.