Sample Legacy DDR Configurations
One common application for DDR is a dial-up connection to the Internet. Here's a configuration that dials an ISP any time there is traffic that needs to go to the Internet:
! Define the chat scripts chat-script modem1 "" "atz " OK "atdt T" TIMEOUT 30 CONNECT c chat-script login1 TIMEOUT 20 login: "bob " password: "mypassword " ! ! Set up the dialer interface interface async1 ! We are going to let the router negotiate its IP address through PPP ip address negotiated encapsulation ppp ! Enable dialing on this interface dialer in-band ! Set the idle timeout dialer idle-timeout 600 ! Map our provider's IP address dialer map 172.168.1.20 modem-script modem1 system-script login1 14105551212 dialer-group 2 ! ! Assign the dialer group to an access list dialer-list 2 list 101 access-list 101 permit ip any any ! ! Set a default route ip route 0.0.0.0 0.0.0.0 async1
In some respects, this is a simpler configuration than the previous one. We use a negotiated IP address (i.e., an address assigned to us by the ISP) rather than specifying the address explicitly. We specify PPP encapsulation, but don't do any special authentication; authentication is handled by a simple login sequence, which we implement in the chat scripts . This is typical of many ISP connections.
Note that we have separated the chat script into two parts, a modem script and a system script, both of which are specified in our dialer map. This separation allows us to divide the parts of the script that configure the modem from the parts that deal with the ISP (i.e., perform a login). These two parts are specified by the dialer map command, which associates an IP address (in this case, the IP address of the ISP's end of the connection) with an actual phone number. The chat scripts also use a number of abbreviations, such as T, which stands for the phone number. Table 12-1 shows some common abbreviations.
|
Abbreviation |
Meaning |
|---|---|
|
c |
Suppress newline character |
|
d |
Two-second delay |
|
K |
Send a break |
|
|
Newline character |
|
p |
1/4-second delay |
|
|
Return character |
|
s |
Space |
|
|
Tab character |
|
T |
Phone number |
|
\ |
Backslash |
|
BREAK |
Send a break. |
|
EOT |
EOT character |
|
"" |
Expect a null string |
12.2.1. DDR Backup Links
Dial-on-demand is frequently used to provide a backup link for a permanent connection. There are two methods for dial backup: backup interface commands and floating static routes. Backup interface commands are relatively easy to configure, can provide bandwidth on demand, and stay idle until brought online. On the other hand, they are dependent on encapsulation, and they provide only one backup interface per "permanent" interface.
A floating static route is simply a static route whose administrative distance has been raised so that it is less desirable than the primary route. We covered backup static routes and administrative distances in Chapter 8, so this should be familiar. Floating static routes are convenient if you require multiple backup interfaces or backup routes that are encapsulation-independent. But floating static routes are somewhat difficult to configure, require the use of a routing protocol, and require that the "interesting traffic" access list actually cause the backup interface to be dialed.
First let's look at the backup interface commands and what they can do for us. Then we will revisit the example using a floating static route.
12.2.1.1. Backup interface commands
In this example, the ISDN interface bri0 is defined as a backup to our serial link. If the serial link goes down, the bri0 interface is dialed and the connection is made. Once the serial link has been restored for a period of time, the bri0 link is disconnected. The first number in the backup delay command tells the router to wait 5 seconds before bringing the bri0 interface up after serial1 goes down; the second number tells the router to wait 30 seconds after serial1 comes back online before switching back. These delay values try to ensure that the serial1 link is really up or down before switching over to the backup interface.
interface serial1 description T1 to Baltimore ip address 10.10.2.1 255.255.255.0 ! The backup for this link is bri0. When serial1 goes down, bri0 comes up backup interface bri0 ! Set delay values. Wait 5 seconds before bringing bri0 up ! and wait 30 seconds after serial1 comes back up before switching back backup delay 5 30 ! interface bri0 ip address 10.10.3.1 255.255.255.0 encapsulation ppp dialer map ip 10.10.3.2 name baltimore-rtr broadcast 4105552323 dialer-group 1 ! isdn switch-type basic-5ess username baltimore-rtr password hello123 ! ! Configure the dialer list dialer-list 1 protocol ip permit
12.2.1.2. DDR bandwidth on demand with backup interface commands
In the previous example, bri0 acts as a backup for serial1. However, the ISDN link is used only as a backup. In this example, we'll take things a bit farther and use bri0 to provide some additional bandwidth, helping out serial1 during periods of congestion. In particular, we will bring up bri0 when the load on serial1 is greater than 70%, using the backup load command. When the load on serial1 drops back to 15%, we drop the bri0 link.
This configuration does not use an explicit access list to specify what traffic is interesting. Instead, it uses a variant of the dialer list command that incorporates a simple access list saying "Any IP traffic is permitted." If your requirements are simple, this approach is often clearer and more straightforward than using a separate access list.
interface serial1 description T1 to Baltimore ip address 10.10.2.1 255.255.255.0 ! Set the backup interface to bri0 backup interface bri0 ! Use bri0 when load hits 70, take offline when load drops back to 15 backup load 70 15 ! interface bri0 ip address 10.10.3.1 255.255.255.0 encapsulation ppp dialer map ip 10.10.3.2 name baltimore-rtr broadcast 4105552323 dialer-group 1 ! isdn switch-type basic-5ess username baltimore-rtr password hello123 ! ! Configure the dialer list for dialer-group 1 dialer-list 1 protocol ip permit
12.2.1.3. DDR backup with floating static routes
It's easy to write our backup interface example using a floating static route. In order for this example to work properly, we also need to configure a routing protocolin this case, we'll use EIGRP. So, to get our floating static route to work, we need to set the administrative distance for the static route higher than EIGRP's distance. The default administrative distance for EIGRP routes is 170 (for external routes), so we'll use a distance of 200 for our backup route. The rest is straightforward.
! Almost the same serial configuration as before except no backup commands. interface serial1 description T1 to Baltimore ip address 10.10.2.1 255.255.255.0 ! We are going to tweak EIGRP so our backup dialer link comes online faster ! the 100 is our EIGRP AS number ip hello-interval eigrp 100 3 ip hold-time eigrp 100 10 ! interface bri0 ip address 10.10.3.1 255.255.255.0 encapsulation ppp dialer map ip 10.10.3.2 name baltimore-rtr broadcast 4105552323 dialer-group 1 ! isdn switch-type basic-5ess username baltimore-rtr password hello123 ! ! Configure EIGRP router eigrp 100 network 10.0.0.0 ! ! Configure our floating/backup static route, setting the administrative ! distance to 200 ip route 10.10.5.0 255.255.255.0 10.10.3.2 200 ! ! Configure the dialer list; this time use an access list to block ! EIGRP traffic from bringing up our link dialer-list 1 protocol ip list 101 ! ! Finally, our access list. This list blocks EIGRP and permits everything else. ! REMEMBER: This list is used only to identify interesting traffic. It ! does nothing to block traffic once the link is established. access-list 101 deny eigrp any any access-list 101 permit ip any any
12.2.2. Dialer Maps
Dialer maps allow IP addresses to be mapped directly to phone numbers and dialer scripts. With this feature, one interface can be configured to dial several different sites, or to dial the same site using different phone numbers, based on the IP address.
12.2.2.1. The most basic form of this command
In the following example, we use the dialer map command to configure the two B channels of an ISDN interface bri0:
interface bri0 ip address 10.10.3.1 255.255.255.0 encapsulation ppp dialer map ip 10.10.3.2 name ROUTER1 broadcast 4105552323 dialer map ip 10.10.3.4 name ROUTER2 broadcast 4105552333 ppp authentication chap ppp multilink dialer-group 1 ! dialer-list 1 protocol ip permit
The dialer map commands map the remote device's IP address, its device name (for authentication), and a dial string (phone number). Optionally, we can also set the speed (56 or 64) and whether or not we want to allow broadcasts. The broadcast keyword says that we will allow broadcasts, such as routing updates. By default, broadcasts aren't allowed.
Dialer maps are the preferred way to configure dialing of a link. They are used throughout this chapter.
12.2.2.2. A more complicated use of dialer maps
In this example, we want to set up a router to communicate with two remote offices through a single serial interface. Office 1's local network is 10.10.2.0/24; Office 2's network is 10.10.4.0/24. To create this configuration, we map the IP address 10.10.1.2 and the phone number 555-1111 to the chat script that dials Office 1; we map 10.10.1.4 and 555-1112 to the chat script for Office 2. To do so, we use two dialer map commands, plus several chat-script commands for setting up the scripts. Both connections are handled by the same interface and the same modem. The static routes set the routes to the proper office network.
In this configuration, it's impossible for both offices to be connected at the same time because we are using a single analog modem. With ISDN, this wouldn't be a problem. BRI interfaces have two B channels, which enable one interface to dial two different locations at once.
Once a connection has been made to either destination, the connection remains up until it has been idle for a certain timeout period. To make this configuration more flexible, we use two different idle timeout periods. The normal timeout, set by the dialer idle-timeout command, is 300 seconds; this timeout is used if there is no traffic waiting for the other office. If there is traffic waiting, the configuration specifies a shorter timeout of 15 seconds, using the dialer fast-idle command.
! Set up the chat script for the modem (we have only one type of modem) chat-script usr ABORT ERROR "" "at z" OK "atdt T" TIMEOUT 20 ! ! Set up the login script for office1 chat-script office1 ABORT invalid TIMEOUT 10 name: frank word: letmein ">" ! ! Set up the login script for office2 chat-script office2 ABORT invalid TIMEOUT 10 name: saul word: letme ">" ! interface async 3 description DDR connection to remote offices ip address 10.10.1.1 255.255.255.0 dialer in-band ! Create the map for this interface to office1 dialer map ip 10.10.1.2 modem-script usr system-script office1 555-1111 ! Create the map for this interface to office2 dialer map ip 10.10.1.4 modem-script usr system-script office2 555-1112 ! Set the idle timeouts dialer idle-timeout 300 dialer fast-idle 15 dialer-group 1 ! ! Set a static route to office1 ip route 10.10.2.0 255.255.255.0 10.10.1.2 ! Set a static route to office2 ip route 10.10.4.0 255.255.255.0 10.10.1.4 ! ! Set up the dialer groups access-list 110 deny icmp any any access-list 110 permit ip any any dialer-list 1 protocol ip list 110
We've made one additional improvement to our earlier configurations: we added a deny rule that blocks ICMP traffic to access list 110. Since this rule is used in a dialer list, it prevents a ping from bringing up the connection. We don't want the line to be dialed every time someone pings the remote site. However, we don't actually block pings: this access list isn't applied to the traffic going into or out of an interface. If the line is up, the ping will succeed.
This configuration assumes that a routing protocol is not in use. A routing protocol would bring up the links each time it sends routing updates to adjacent routers, and this is almost certainly undesirable. If you do use a routing protocol in a configuration like this one, make the DDR interface a passive interface. In the following statements, we start a RIP routing process and specify that the interface async3 is passive:
router rip network 10.0.0.0 passive-interface async3
Getting Started
- Getting Started
- IOS User Modes
- Command-Line Completion
- Get to Know the Question Mark
- Command-Line Editing Keys
- Pausing Output
- show Commands
IOS Images and Configuration Files
- IOS Images and Configuration Files
- IOS Image Filenames
- The New Cisco IOS Packaging Model
- Loading Image Files Through the Network
- Using the IOS Filesystem for Images
- The Routers Configuration
- Loading Configuration Files
Basic Router Configuration
- Basic Router Configuration
- Setting the Router Name
- Setting the System Prompt
- Configuration Comments
- The Enable Password
- Mapping Hostnames to IP Addresses
- Setting the Routers Time
- Enabling SNMP
- Cisco Discovery Protocol
- System Banners
Line Commands
- Line Commands
- The line Command
- The Console Port
- Virtual Terminals (VTYs)
- Asynchronous Ports (TTYs)
- The Auxiliary (AUX) Port
- show line
- Reverse Telnet
- Common Configuration Items
Interface Commands
- Interface Commands
- Naming and Numbering Interfaces
- Basic Interface Configuration Commands
- The Loopback Interface
- The Null Interface
- Ethernet, Fast Ethernet, and Gigabit Ethernet Interfaces
- Token Ring Interfaces
- ISDN Interfaces
- Serial Interfaces
- Asynchronous Interfaces
- Interface show Commands
Networking Technologies
Access Lists
IP Routing Topics
- IP Routing Topics
- Autonomous System (AS) Numbers
- Interior and Exterior Gateway Protocols
- Distance-Vector and Link-State Routing Protocols
- Static Routes
- Split Horizon
- Passive Interfaces
- Fast Switching and Process Switching
Interior Routing Protocols
Border Gateway Protocol
- Border Gateway Protocol
- Introduction to BGP
- A Simple BGP Configuration
- Route Filtering
- An Advanced BGP Configuration
- Neighbor Authentication
- Peer Groups
- Route Reflectors
- BGP Confederacies
- BGP TTL Security
Quality of Service
- Quality of Service
- Marking
- Older Queuing Methods
- Modern IOS QoS Tools
- Congestion Avoidance
- Traffic Policing
- Traffic Shaping
- AutoQoS
- QoS Device Manager
Dial-on-Demand Routing
- Dial-on-Demand Routing
- Configuring a Simple DDR Connection
- Sample Legacy DDR Configurations
- Dialer Interfaces (Dialer Profiles)
- Multilink PPP
- Snapshot DDR
Specialized Networking Topics
- Specialized Networking Topics
- Bridging
- Hot Standby Routing Protocol (HSRP)
- Network Address Translation (NAT)
- Tunnels
- Encrypted Tunnels
- Multicast Routing
- Multiprotocol Label Switching (MPLS)
Switches and VLANs
- Switches and VLANs
- Switch Terminology
- IOS on Switches
- Basic Switch Configuration
- Trunking
- Switch Monitor Port for IDS or Sniffers
- Troubleshooting Switches
Router Security
- Router Security
- Securing Enable Mode Access
- Routine Security Measures
- Restricting Access to Your Router
Troubleshooting and Logging
Quick Reference
Appendix A Network Basics
Index
EAN: 2147483647
Pages: 1031
- Enterprise Application Integration: New Solutions for a Solved Problem or a Challenging Research Field?
- The Effects of an Enterprise Resource Planning System (ERP) Implementation on Job Characteristics – A Study using the Hackman and Oldham Job Characteristics Model
- Intrinsic and Contextual Data Quality: The Effect of Media and Personal Involvement
- Healthcare Information: From Administrative to Practice Databases
- Development of Interactive Web Sites to Enhance Police/Community Relations
