Problem
You want automatic dial recovery in case a WAN link fails.
Solution
One of the most reliable ways of implementing dial backup on a Cisco router is to use a floating static default route, as follows:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface BRI0/0 Router1(config-if)#ip address 10.1.99.55 255.255.255.0 Router1(config-if)#encapsulation ppp Router1(config-if)#dialer idle-timeout 300 Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212 Router1(config-if)#dialer load-threshold 50 either Router1(config-if)#dialer-group 1 Router1(config-if)#isdn switch-type basic-ni Router1(config-if)#isdn spid1 800555123400 5551234 Router1(config-if)#isdn spid2 800555123500 5551235 Router1(config-if)#ppp authentication chap Router1(config-if)#ppp multilink Router1(config-if)#exit Router1(config)#username dialhost password dialpassword Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180 Router1(config)#dialer-list 1 protocol ip list 101 Router1(config)#access-list 101 deny eigrp any any Router1(config)#access-list 101 permit ip any any Router1(config)#router eigrp 55 Router1(config-router)#network 10.0.0.0 Router1(config-router)#end Router1#
Then the matching configuration of the other end is shown in Recipe 13.2.
Discussion
This recipe includes several important features. First, notice that we have configured dial backup using an ISDN BRI interface on this router. So we have to set up the ISDN configuration:
Router1(config)#interface BRI0/0 Router1(config-if)#isdn switch-type basic-ni Router1(config-if)#isdn spid1 800555123400 5551234 Router1(config-if)#isdn spid2 800555123500 5551235
This site is connected to a National ISDN switch. So we have defined the switch type to be basic-ni. If this had been a PRI rather than a BRI, we would have used primary-ni. And because it is a National ISDN switch, we also have to include the ISDN Service Profile Identifier (SPID) values. These define the telephone numbers associated with each of the two B channels in the BRI. Note that the syntax includes essentially the same number twice:
Router1(config-if)#isdn spid1 800555123400 5551234
The first argument is the whole telephone number including area code with 00 tacked on the end. These extra two digits vary between different telephone companies. Sometimes this needs to be a different code, such as 0101. The telephone company can tell you the correct value to include.
The second number is not always required. This is essentially the phone number that you would need to call this B channel from the other B channel. In this example, the telephone company uses seven-digit local dialing, so we can eliminate the area code.
There are several different kinds of ISDN switches, and it's important to find out what your carrier uses to ensure that you configure the router properly.
For telephone companies that use AT&T switches:
Router1(config-if)#isdn switch-type basic-5ess
For telephone companies that use Nortel DMS100 switches:
Router1(config-if)#isdn switch-type basic-dms100
Telephone companies outside of North America often use different kinds of ISDN switches. In France you would use the following command:
Router1(config-if)#isdn switch-type vn3
In Australia, the telephone company uses TS013 ISDN switches:
Router1(config-if)#isdn switch-type basic-ts013
In Norway and New Zealand:
Router1(config-if)#isdn switch-type basic-net3
In Germany:
Router1(config-if)#isdn switch-type basic-1tr6
And, in Japan:
Router1(config-if)#isdn switch-type ntt
Please contact the local telephone company supplying the BRI circuit to ensure that you have the right switch type. And be sure to ask them whether you need to configure SPIDs on your router. Some switches require them; others don't.
You can verify that you have your ISDN configuration working correctly with the show isdn status command:
Router1#show isdn status Global ISDN Switchtype = basic-ni ISDN BRI1/0 interface dsl 8, interface ISDN Switchtype = basic-ni Layer 1 Status: ACTIVE Layer 2 Status: TEI = 85, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 86, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 85, ces = 1, state = 8(established) spid1 configured, spid1 sent, spid1 valid TEI 86, ces = 2, state = 8(established) spid2 configured, spid2 sent, spid2 valid Layer 3 Status: 0 Active Layer 3 Call(s) Activated dsl 8 CCBs = 0 The Free Channel Mask: 0x80000003 Total Allocated ISDN CCBs = 2 Router1#
In this case, you can see you have an "active" status at Layer 1, and both of the Terminal Endpoint Identifiers (TEI) are in a "MULTIPLE_FRAME_ESTABLISHED" state. This means that the router is talking with the telephone company's ISDN switch, and that both of the B channels are ready to go. This display also says that there are currently no active calls at Layer 3. As an aside, we should point out that this refers to the ISDN circuit's Layer 3, and not the IP network layer. When the router places a call, it will establish a PPP connection, which will support IP.
The actual dialing is done by the dialer map command:
Router1(config)#dialer-list 1 protocol ip list 101 Router1(config)#access-list 101 deny eigrp any any Router1(config)#access-list 101 permit ip any any Router1(config)#interface BRI0/0 Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212 Router1(config-if)#dialer-group 1
In this case, the dialer map says that to reach the IP address 10.1.99.1, it should dial the phone number 95551212 to reach the router called dialhost. Note that we have included a "9" at the start of this phone number. Again, you will need to ask your local telephone company whether there is a special code digit. We have seen places where we needed a 9, an 8, or nothing at all.
The broadcast keyword in this command allows both multicast and broadcast traffic to use this dialup link. This is extremely important for routing protocols such as EIGRP, RIPv2, and OSPF, which use multicasts for sending their updates between routers. This example uses EIGRP, so we need to include this keyword.
With this type of dialer configuration, you also need to define a dialer group. In this case, we have assigned this interface to dialer group number 1. You configure the behavior of this dialer group with the dialer-list statement, which defines what an interesting packet is for this network.
An interesting packet is one that will bring up the dialer, or keep it active if it is already up. If the circuit is up, then the router will reset the idle timer every time it sees an interesting packet. The result is that as long as there are interesting packets to send, the router will keep the dial session active. Otherwise, it will disconnect the call when the idle timer expires. This is particularly important when you are calling long distance numbers. If the wrong packets are considered interesting, it could mean an expensive phone bill.
So we have associated the dialer list with an access list that specifies what is interesting. In this case, all IP packets except EIGRP are interesting. It's important to remember that EIGRP packets will still pass through the dial link normally. But if the link is not active, an EIGRP packet is not sufficient to bring it up. And if the link is active, the presence of EIGRP packets alone won't prevent the router from dropping it.
This is extremely important because, as we discussed in Chapter 7, the router will send an EIGRP HELLO packet every few seconds by default. But we don't want the link to remain active unless there is real user traffic to send. If you are using a different routing protocol, you should specify its update packets here instead.
However, sometimes you do want the link to remain active all the time. For example, the administrators of some small WANs like to keep ISDN sessions nailed up all the time (usually because they only pay an access charge, and not a usage or long distance charge). So if the session drops for any reasons, they want it to immediately dial up again. In this case, you could replace the access list with a new one that finds all traffic interesting:
Router1(config)#access-list 101 permit ip any any
It's easier still if you modify the dialer-list command to make all IP traffic interesting:
Router1(config)#dialer-list 1 protocol ip permit
When the router dials, it will use Point-to-Point Protocol (PPP) to carry Layer 3 protocols such as IP. So you need to define several PPP parameters:
Router1(config)#interface BRI0/0 Router1(config-if)#encapsulation ppp Router1(config-if)#ppp authentication chap Router1(config-if)#exit Router1(config)#username dialhost password dialpassword
The encapsulation command simply tells the router to use PPP as its Layer 2 protocol. But because you don't want just anybody dialing into this dialhost router, it's a good idea to include some authentication. In this case, we have configured the router to use Challenge Handshake Authentication Protocol (CHAP) for authenticating PPP sessions. This basically means that both this router and the router it dials to will exchange usernames and passwords when they connect. The username for this router is the router's name. And we define the username and password for the other router with the username command.
We note in passing that Cisco supports another PPP authentication scheme called Password Authentication Protocol (PAP). CHAP is much more secure because it only passes passwords in encrypted form rather than clear text, as PAP does. CHAP is no more complex to set up, and presents no appreciable extra load on the router's resources. So we strongly recommend using CHAP rather than PAP.
Because this is an ISDN BRI interface, we would like to be able to use both of the B channels to increase the available bandwidth:
Router1(config)#interface BRI0/0 Router1(config-if)#dialer load-threshold 50 either Router1(config-if)#ppp multilink
The command ppp multilink means that this PPP session can be split across several physical connections. This feature allows full load balancing and packet sequencing across all of the connections in the multilink bundle. In this case, we want to bond the two ISDN B channels into a single 128 Kbps PPP link. By default, the router will use only one of these channels, whichever one is available. The dialer load-threshold command specifies the rule that the router will use to bring up the second link. In this case, we have specified that if the traffic utilization in either direction (input or output) reaches ~20 percent (50/255 link utilization), then the router should bring up the second channel.
We have also modified the default idle timeout:
Router1(config)#interface BRI0/0 Router1(config-if)#dialer idle-timeout 300
By default, the router will drop the dial session if there have been no interesting packets for 120 seconds. We have increased this value to 300 seconds. Because ISDN dials so quickly, this is not vital. But with asynchronous modem dialup, it can take up to a full minute to establish a new session. You often need to increase the idle timer is to make sure that the primary connection is up and stable before disconnecting the backup circuit. It is a good idea to wait for the routing protocol to converge, and to ensure that the primary circuit isn't simply bouncing up and down. You also have to trade off between the time required to establish a new session and the cost of any long distance charges on this line. We generally recommend using an idle timeout period of 5 minutes, as shown in the example.
Finally, we come to one of the most important features of this configuration, the trigger condition. This router will dial whenever it has traffic to send to the IP address 10.1.99.1, which is the IP address of the dialhost router itself. User traffic will be directed to end devices such as servers, not to routers. The only way to bring up this dial interface is if this router needs to send an interesting packet to the dial router's IP address. This is where the floating static route comes in.
In Chapter 5, we discussed floating static routes. These are routes whose administrative distances are so high that any dynamically learned route to the same destination will be better. So the router will only install this static route if the dynamic routing protocol can't offer anything better:
Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180
In this particular case the routing protocol is EIGRP, which has an administrative distance of 90 by default for all internal routes and 170 for external routes. So, by creating this static default route with a metric of 180, we ensure that the router will never use it if it has anything better.
The net result is that if the primary link fails, EIGRP will lose all of its routes. So the router will install the floating static route to handle any user data packets that it needs to transmit. Since this route points to the far end of the dial link, this forces the router to bring up the dial connection.
The nice thing about this way of triggering dial backup is that it is extremely robust. Anything that causes you to lose connectivity for any reason will trigger the dial backup. This is better than the backup interface solution described in Recipe 13.4, for example, because it doesn't require loss of physical connectivity to trigger the backup.
Also, as we will discuss in Recipe 13.4, which uses the backup interface method to trigger dial backup, with the floating static configuration, you have the advantage that the interface remains up but not connected when the primary circuit is working. In the case of ISDN, this means that you can use the show isdn commands that we discuss in Recipe 13.7 to ensure that your circuit is still working.
And one of the most useful features of this type of trigger mechanism is that you can test the dial backup easily. If you look at the dialer list, you will see that all the router needs to initiate a dial session is to have a packet to send to the far end that matches the dialer list. So, in this particular example, you could easily bring up a dial session for testing by just logging into the remote router and pinging the IP address of the dial backup router:
Router1#ping 10.1.99.1
See Also
Recipe 13.2; Recipe 13.4; Chapter 5; Chapter 7
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index