|
|
This chapter explains how to install and configure the Cisco 6510 Service Selection Gateway software. Before performing any procedures in this chapter, follow the instructions in the Cisco 6510 Service Selection Gateway Hardware Installation Guide until the Cisco 6510 displays the SSG > prompt.
The Cisco 6510 ships in bootable form with its software in Flash memory. However, the software might need to be updated. To check whether it needs to be updated, do the following:
Step 1 From the SSG > prompt, enter version.
The Cisco 6510 displays text similar to the following:
Step 2 Note the version and build number of the installed software.
Step 3 Use a web browser to access Cisco Connection Online (CCO) at the following URL:
Step 4 To access CCO, you must be a registered user. After entering your username and password, the next page displays a list of files available for download. If the Cisco 6510 software image file on CCO is newer than the installed version, download the software image and update the Cisco 6510. For information on updating the Cisco 6510, refer to the next section.
http://www.cisco.com/pcgi-bin/tablebuild.pl/6510.
To update the Cisco 6510 software, complete the following steps:
Step 1 Rename the downloaded software image file to csco6510.
Step 2 Copy this file to a 1.44 MB DOS formatted 3.5-inch disk.
Step 3 Start the Cisco 6510.
Step 4 Insert the disk in the Cisco 6510 floppy drive.
Step 5 Enter the following command at the SSG > prompt:
The Cisco 6510 begins updating its software.
Step 6 When it is finished, reboot the Cisco 6510 by entering the following command:
The Cisco 6510 uses a command-line interface for configuring its parameters. Although parameters are not case-sensitive, all commands must be entered in lowercase characters.
If you are using two Cisco 6510s for failover, the primary Cisco 6510 replicates settings to the standby unit whenever a command is entered. To keep the settings synchronized, make sure to enter all configuration commands at the primary unit.
For a complete listing of available commands, refer to the "Command Reference" chapter. For a complete listing of command parameters, refer to the "Configuration Reference" chapter.
The config set command supports pattern matching and is convenient for setting multiple parameters. For example, if you entered config set fei, you would be prompted to configure the following parameters:
Carriage Return to Skip; '.' to quit; 'c' to clear -->
FEI0_InetAddr: <10.10.10.1>:
FEI0_Mask: <255.255.0.0>:
FEI0_InetGateway: <>:
FEI0_InetName: <Hosts>:
FEI1_InetAddr: <171.69.255.54>:
FEI1_Mask: <255.255.255.240>:
FEI1_InetGateway: <171.69.255.49>:
FEI1_InetName: <UCPcard>:
FEI2_InetAddr: <171.69.255.21>:
FEI2_Mask: <255.255.255.248>:
FEI2_InetGateway: <171.69.255.22>:
FEI2_InetName: <ISPcard>:
When you enter a command from the SSG > prompt, it immediately takes effect and, if applicable, is copied to the standby unit. However, the configuration is not saved to Flash memory. To save all changes, enter config save.
If you make a mistake while entering a command, simply enter the command again with the correct settings. If you make several mistakes or are not sure what you did, enter reboot. When prompted to save the configuration, select no.
To restore the Cisco 6510 to its default factory settings, enter config setdefault.
Online help is available for the Cisco 6510 using the following methods:
The following sections describe the minimum parameters that must be configured to use the Cisco 6510.
To configure interface card settings, enter the following:
SSG > config set feiThe Cisco 6510 prompts you to configure all interface card settings. When you are finished configuring interface card settings, enter config save.
The following table describes each parameter.
| Parameter | Description |
|---|---|
| FEI0_InetAddr | IP address of interface card 0, the interface card that connects to Dashboard hosts. |
| FEI0_Mask | Subnet mask of interface card 0. |
| FEI0_InetGateway | IP address of the default gateway to which interface card 0 attaches. |
| FEI0_InetName | Description of interface card 0. This field does not affect operation. |
| FEI1_InetAddr | IP address of interface card 1, the interface card that connects to AAA1 and DHCP2 Services. |
| FEI1_Mask | Subnet mask of interface card 1. |
| FEI1_InetGateway | IP address of the default gateway to which interface card 1 attaches. |
| FEI1_InetName | Description of interface card 1. This field does not affect operation. |
| FEI2_InetAddr | IP address of interface card 2, the interface card that connects to the ISP network. |
| FEI2_Mask | Subnet mask of interface card 2. |
| FEI2_InetGateway | IP address of the default gateway to which interface card 2 attaches. |
| FEI2_InetName | Description of interface card 2. This field does not affect operation. |
To configure security settings, enter the following:
SSG > config set password
The Cisco 6510 prompts you to configure all security settings. When you are finished configuring security settings, enter config save.
The following table describes each parameter.
| Parameter | Description |
|---|---|
| AAAPassword | RADIUS shared secret between the Cisco 6510 and the AAA server. |
| DashBoardPassword | RADIUS shared secret between the Cisco 6510 and the Dashboard. |
| ServicePassword | Password used to authenticate the Cisco 6510 with the CiscoSecure ACS service profiles. This value must match the value configured for the CiscoSecure ACS service profiles by the CiscoSecure ACS administrator |
To configure IP address settings, enter the following:
SSG > config set ip
The Cisco 6510 prompts you to configure IP addresses. When you are finished, enter config save.
The following table describes each parameter.
| Parameter | Description |
|---|---|
| DefaultServerIP | Sets an IP address that users will be able to access without using the Dashboard application.
This IP address is usually used to allow the user to access a web page from which they can download the Dashboard. |
| AAAIP1 | Specifies the first IP address for the authentication server. |
| AAAIP2 | Specifies the second IP address for the authentication server. This paramater is used for load-balancing and is optional. |
| AccountingIP1 | Specifies the primary IP address for the accounting server. |
| AccountingIP2 | Specifies the backup IP address for the accounting server (optional). |
| DHCPIP | Specifies the IP address of the DHCP server. |
The Cisco 6510 appears as a network access server (NAS) to the service provider's home gateway. For the Cisco 6510 to be authenticated, the MachineName parameter must match a NAS name on the home gateway's VPDN incoming statement.
To set the NAS name to identify the Cisco 6510 to the home gateway, enter the following:
SSG > config set machinename name
where name is the NAS name.
The Cisco 6510 can be configured to send logging information to the terminal console connected to the Cisco 6510 or a syslog server. You can specify up to four levels of information for nine different debug handlers.
To configure the Cisco 6510 for failover, do the following:
Step 1 Perform the hardware installation described in the Cisco 6510 Service Selection Gateway Hardware Installation Guide. Make sure to connect the failover cable.
Step 2 On the primary unit, configure the settings described in this chapter.
Step 3 On the standby unit, configure the interface cards. See the "Configuring the Interface Cards" section, earlier in this chapter.
Step 4 Go to the primary unit.
Step 5 Enter the following command:
The Cisco 6510 prompts you to configure the IP addresses for all interface cards in both the primary and standby Cisco 6510. These must match the IP addresses set in the "Configuring the Interface Cards" section, earlier in this chapter..
Step 6 Enable the new settings by entering failover enable.
Step 7 Save the configuration by entering config save.
Step 8 Activate failover by entering failover reset.
Step 9 To test the configuration, enter failover test. If failover is correctly configured, the Cisco 6510 will display text similar to the following:
The Cisco 6510 advanced parameters are configured for optimal performance for most applications. For more information on modifying these settings, refer to the Configuration Reference chapter.
| Parameter | Description |
|---|---|
| ACCOUNTINGRemotePort | Port number which the RADIUS1 server connected to the Cisco 6510 listens for accounting packets. (default: 1646) |
| AcctRetryCount | Number of times the Cisco 6510 resends an accounting request packet before timing out the request. (default: 5) |
| AcctTimeout | Number of seconds the Cisco 6510 waits before timing out an accounting request packet. (default: 10) |
| ARPRetryCount | Number of times the Cisco 6510 resends an ARP request packet before timing out the request. (default: 1) |
| ARPTimeout | Number of milliseconds the Cisco 6510 waits before timing out an ARP request packet. (default: 60) |
| DHCPRemotePort | Remote port from which the Cisco 6510 receives DHCP packets. (default: 67) |
| DNSRemotePort | Remote port from which the Cisco 6510 receives DNS2 packets. (default: 53) |
| L2FRemotePort | Port number from which the home gateway connected to the Cisco 6510 listens for Layer 2 Forwarding (L2F) packets. (default: 1701) |
| RADIUSRemotePort | Port number from which the RADIUS server connected to the Cisco 6510 listens for RADIUS packets. (default: 1645) |
| NATFTPConnTimeout | Number of milliseconds the Cisco 6510 waits before timing out an FTP connection request for network address translation. (default: 14400) |
| NATFTPFinConnTimeout | Interval, in seconds, that the Cisco 6510 waits before timing out the connection object for an FTP connection. (default: 1) |
| NATFTPCleanupInternal | Interval that the Cisco 6510 waits before cleaning up a connection object for an FTP NAT request. (default: 300) |
| NATFTPCTaskDelay | Interval, in seconds, that the Cisco 6510 delays processing a task that it carries out when processing an FTP connection. (default: 15) |
|
|