Dial Configuration Solutions

Previous page
Table of content
Next page

A dial network can be as small as a single modem on a router or as large as millions of modems across a continent . From modest to grand, the configuration skeleton remains relatively the same. IOS lists the configurations in a standard way because of the hierarchy that is predefined in the system. By no means are you expected to write a configuration the way IOS displays it. In fact, the approach used in this chapter to create dial configurations is a logical approach where the configuration commands are covered in an order that's more direct than the way IOS displays them.

Text Dial-In Configuration

To create a text dial-in configuration, start by creating a fresh configuration in which a modem is connected to the AUX port of a router for remote console purposes. The router needs to be configured to allow text-based authentication. Because you are using a remote console, which means that the authentication servers might not be reachable , you have the choice of using local usernames and passwords, line passwords, or the enable secret as the password. AAA is optional, but because of its flexibility, it's used in the following example. The authentication method name used for the following is console, which allows only the enable secret to log in: 

 3600-wan(config)#  aaa authentication login console enable  3600-wan(config)#  line aux 0  3600-wan(config-line)#  login authentication console

Next , add the lines necessary to configure the modem. In this case, a US Robotics Sportster modem is used. You can configure the modem by using the discovery method, using one of the defined modemcaps, or by creating your own modemcap. To see the list of predefined modemcaps, use the command show modemcap . The output from the #show modemcap command is shown in Example 6-1.

Example 6-1. Output of the Command show modemcap 
 3600-wan#  show modemcap  default codex_3260 usr_courier usr_sportster hayes_optima global_village viva telebit_t3000 microcom_hdms microcom_server nec_v34 nec_v110 nec_piafs cisco_v110 microcom_mimic mica

The modem autoconfigure line configuration command performs a series of AT commands that are associated with a modemcap. These are either predefined in IOS or user defined by the modemcap global configuration command. The following shows the configuration commands necessary to configure the modem using the predefined modemcap for a US Robotics Sportster modem: 

 3600-wan(config)#  line aux 0  3600-wan(config-line)#  modem autoconfigure type usr_sportster

Finally, the command modem InOut sets the line up to allow incoming and outgoing calls. For only outgoing calls, such as setting up a router to dial into an ISP, you use the command modem host . The following shows this router being set up to answer calls using the line configuration command modem InOut : 

 3600-wan(config)#  line aux 0  3600-wan(config-line)#  modem InOut

The display of a full configuration for a remote console through a modem is shown in Example 6-2.

NOTE

Example 6-2 is the full configuration required for the console section only. The rest of the router must still be configured to address your requirements.


Example 6-2. Text Dial-In Configuration as a Remote Console 
 3600-wan#  show running-config  aaa new-model aaa authentication login console enable enable secret 5 $VzVJ$B6sbqGo8e2HJDBQ.gxGZp/ ! line aux 0  login authentication console  modem InOut  modem autoconfigure type usr_sportster  speed 115200 ! end

PPP Dial-In Configuration

All PPP dial-in configurations must have a set of the same elements, whether only one or one hundred modems are attached. The first key element is authentication. This can be done locally with a fixed username and password configured on the router or with an authentication, authorization, and accounting (AAA) server. AAA servers can run TACACS+ or RADIUS services for authentication. To apply any aaa configuration, you must first issue the command aaa new-model . This instructs the router to user the local username/password if there are no other aaa statements. You can use the following command for general purposes, such as allowing any dial-in authentication: 

 3600-dialin(config)#  aaa new-model  3600-dialin(config)#  aaa authentication ppp dial group auth

The preceding command simply states that the PPP authentication type named dial is to use the authentication servers in the group named auth. To define the group auth as a TACACS+ group, you need to add the following lines: 

 3600-dialin(config)#  aaa group server tacacs+ auth  3600-dialin(config-sg-tacacs+)#  server 192.168.100.1  3600-dialin(config-sg-tacacs+)#  server 192.168.100.2

Also, you must specify other characteristics about the TACACS+ servers, such as the port number, key, and timeout, by using the following command structure. For the example, use the default TACACS+ port with a timeout of 18 and a key of 0u812: 

 3600-dialin(config)#  tacacs-server host 192.168.100.1 timeout 18 key 0u812  3600-dialin(config)#  tacacs-server host 192.168.100.2 timeout 18 key 0u812

When using a RADIUS group with a slightly different key, the lines change a bit, as shown in Example 6-3.

Example 6-3. RADIUS AAA Group Configuration 
 3600-dialin(config)#  aaa group server radius auth  3600-dialin(config-sg-radius)#  server 192.168.100.1  3600-dialin(config-sg-radius)#  server 192.168.100.2  3600-dialin(config-sg-radius)#  exit  3600-dialin(config)#  radius-server host 192.168.100.1 timeout 18 key a10u8  3600-dialin(config)#  radius-server host 192.168.100.2 timeout 18 key a10u8

Review the AAA authentication and determine how it works using RADIUS configuration as the example. The dial authentication type for PPP uses the group called auth. This group contains two RADIUS servers, 192.168.100.1 and 192.168.100.2, both of which have a timeout of 18 seconds and a key of a10u8.

Other authentication requirements can be met by configuring additional features. For example, if you want to put a local username and password on the router for testing purposes, but still use the auth group for all other authentications, you could use the following line. This can be added to the same configuration because its authentication list has a different name. The name for this authentication list is testing, and the previous one is named dial: 

 3600-dialin(config)#  aaa authentication ppp testing local group auth

Authentication is configured in a particular order. In this case, if the username that tries to pass authentication is not found within the router configuration, the authentication is done by using the group named auth. It is worth mentioning that if a username is set in the router's configuration, the router never passes the authentication for this username to the authentication servers, whether it is correct or incorrect. In other words, after an authentication passes or fails, it never passes through to the next authentication method.

The router determines which named authentication method to use based on what is stated in the interface configuration that is listed later in the full configuration, which is why you can have both the dial and the testing named methods in the same configuration.

All dial-in routers that support PPP must have an Async interface. It is much easier to work with a Group-Async interface in any environment that has multiple modems with the same interface configuration. In either case, the commands are exactly the same. The Group-Async interface applies its subcommands to every Async interface in its group range. The group-range command at the end of the list identifies what Async interfaces to apply the subcommands. Example 6-4 shows three separate Async interfaces that are configured the same.

Example 6-4. Three Async Interfaces Configured for PPP Dial-In 
 3600-dialin(config)#  interface Async1  3600-dialin(config-if)#  ip unnumbered Loopback0  3600-dialin(config-if)#  encapsulation ppp  3600-dialin(config-if)#  async mode dedicated  3600-dialin(config-if)#  ppp authentication pap dial  3600-dialin(config-if)#  exit  3600-dialin(config)#  interface Async2  3600-dialin(config-if)#  ip unnumbered Loopback0  3600-dialin(config-if)#  encapsulation ppp  3600-dialin(config-if)#  async mode dedicated  3600-dialin(config-if)#  ppp authentication pap dial  3600-dialin(config-if)#  exit  3600-dialin(config)#  interface Async3  3600-dialin(config-if)#  ip unnumbered Loopback0  3600-dialin(config-if)#  encapsulation ppp  3600-dialin(config-if)#  async mode dedicated  3600-dialin(config-if)#  ppp authentication pap dial

The preceding three interfaces were all configured the same way. They could have been easily consolidated into the commands in Example 6-5.

Example 6-5. Group-Async Interface to Consolidate Individual Async Interfaces 
 3600-dialin(config)#  interface Group-Async1  3600-dialin(config-if)#  ip unnumbered Loopback0  3600-dialin(config-if)#  encapsulation ppp  3600-dialin(config-if)#  async mode dedicated  3600-dialin(config-if)#  ppp authentication pap dial  3600-dialin(config-if)#  group-range 1 3

In both examples, all three Async interfaces use the IP address of Loopback0, use PPP as the encapsulation type, are dedicated to async mode (not interactive), and also authenticate through PPP using the dial named authentication method.

While configuring the Async interfaces, add the lines necessary to configure the modem; this case uses US Robotics Sportster modems as the example. You can configure the lines on which these modems reside by either using the discovery method, the defined modemcaps, or by creating your own modemcap. To see the list of predefined modemcaps in Cisco IOS, use the command show modemcap . The following configures this modem with the predefined modemcap built into an IOS named usr sportster: 

 3600-dialin(config)#  line 1 3  3600-dialin(config-line)#  modem autoconfigure type usr_sportster

The following shows the command modem InOut being configured to allow incoming modem calls in the same way as it was done in the text dial-in scenario: 

 3600-dialin(config)#  line 1 3  3600-dialin(config-line)#  modem InOut

There are still a few more components to add to this configuration to provide client modems with all the information they require. First, you must provide an IP address from a specified pool: 

 3600-dialin(config)#  ip local pool dialpool 192.168.0.250 192.168.0.254

The first line specifies the pool named dialpool. It defines an address pool range starting with 192.168.0.250 and ending with 192.168.0.254. For this pool to be used, it must be applied to the Group-Async interface using the following commands: 

 3600-dialin(config)#  interface Group-Async1  3600-dialin(config-if)#  peer default ip address pool dialpool

After it is applied to the interface, the client modems can get an IP address from the range specified. Because the interface Loopback0 still does not have an IP address, however, the client modems do not have a default gateway that works. Therefore, you must assign an IP address for that interface using the following commands: 

 3600-dialin(config)#  interface Loopback0  3600-dialin(config-if)#  ip address 192.168.0.249 255.255.255.248

The interface for Loopback0 is given the first address in the subnet. This address is not contained within the dialpool address pool, but is still within the same subnet. By not including it in the pool, you ensure that the IP is not inadvertently given to a host, thus causing a conflict.

Now, the connecting modems can now get an IP address, but some services still need to be configured. The connecting clients now require Domain Name System (DNS) and Windows Internet Naming Service (WINS) server information, and default gateway and subnet mask information: 

 3600-dialin(config)#  async-bootp dns-server 192.168.100.3 192.168.100.4  3600-dialin(config)#  async-bootp nbns-server 192.168.100.5 192.168.100.6  3600-dialin(config)#  async-bootp gateway 192.168.0.249  3600-dialin(config)#  async-bootp subnet-mask 255.255.255.248

The connecting modem has all the information that it needs to connect and route, and to use DNS and WINS services. Now, you must configure this dial-in router to route all traffic to the backbone. In most cases, you use a routing protocol that handles this issue for you; however, because this is a single- homed router, static routing is preferred.

On the dial-in core router, the Ethernet0/0 interface shown in these examples connects to the backbone and uses IP address 192.168.0.246/30. Your connection will use different IP addresses. You must add a default route to the device on the other side, which in this example uses the IP address 192.168.0.245: 

 3600-dialin(config)#  interface Ethernet0/0  3600-dialin(config-if)#  ip address 192.168.0.246 255.255.255.252  3600-dialin(config-if)#  exit  3600-dialin(config)#  ip route 0.0.0.0 0.0.0.0 192.168.0.245

Finally, issue the command show ip interface brief to ensure that all the interfaces on the router are not in shutdown state. If they are, you must issue the no shutdown command on each interface. Example 6-6 shows the output from this command. You'll notice that all the individual Async interfaces exist in the output, even though their configuration is consolidated under the Group-Async1 interface. These interfaces remain in a down/down state until they are connected.

Example 6-6. Output from the PPP Dial-In Command show ip interface brief 
 3600-dialin#  show ip interface brief  Interface     IP-Address       OK?    Method    Status      Protocol Ethernet0/0   192.168.0.246    YES    manual    up          up Async1        192.168.0.249    YES    NVRAM     down        down Async2        192.168.0.249    YES    NVRAM     down        down Async3        192.168.0.249    YES    NVRAM     down        down Group-Async1  192.168.0.249    YES    unset     down        down Loopback0     192.168.0.249    YES    manual    up          up

The basic PPP dial-in configuration is now complete and Example 6-7 is the output of the full configuration.

Example 6-7. PPP Dial-In Configuration 
 3600-dialin#  show running-config  version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 3600-dialin ! boot system flash aaa new-model !  ! The authentication type is specified here:  aaa group server radius auth  server 192.168.100.1 auth-port 1645 acct-port 1646  server 192.168.100.2 auth-port 1645 acct-port 1646 ! aaa authentication ppp dial group auth aaa authentication ppp testing local group auth aaa session-id common ! ip subnet-zero ! async-bootp subnet-mask 255.255.255.248 async-bootp gateway 192.168.0.249 async-bootp dns-server 192.168.100.3 192.168.100.4 async-bootp nbns-server 192.168.100.5 192.168.100.6 !  ! Begin interface configurations:  interface Loopback0  ip address 192.168.0.249 255.255.255.248 ! interface Ethernet0/0  ip address 192.168.0.246 255.255.255.252 !  ! Notice that Async Group requires only one configuration section.   ! These configurations apply to all Async interfaces, members of the group.  interface Group-Async1  ip unnumbered Loopback0  encapsulation ppp  async mode dedicated  peer default ip address pool dialpool  ppp authentication pap dial  group-range 1 3 ! ip local pool dialpool 192.168.0.250 192.168.0.254 ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.245 !  ! Authentication server specifications:  radius-server host 192.168.100.1 auth-port 1645 acct-port 1646 timeout 18 key a10u8 radius-server host 192.168.100.2 auth-port 1645 acct-port 1646 timeout 18 key a10u8 radius-server retransmit 3 ! line con 0  exec-timeout 0 0 line 1 3  modem InOut  modem autoconfigure type usr_sportster  speed 115200 line aux 0 line vty 0 4 ! end

You can also use text authentication in conjunction with standard dial-in services to allow for modem scripts, and with any client that uses after-dial terminal windows for authentication. For the following example, the configuration from Example 6-7 on PPP dial-in services is used as the base configuration for text-based authentication; all subsequent commands are added to it.

To enable an interactive text session, you must configure the Async interface to allow interactive use. To do this, use the command async mode interactive . Again, you can use the configuration created in the last example as a base configuration: 

 3600-dialin(config)#  interface group-async1  3600-dialin(config-if)#  async mode interactive

The preceding commands enable a connecting modem to connect directly to the VTY line instead of the Async interface. Now, you must configure authentication and the lines associated with the Async interfaces that were just made interactive. First, set the same authentication for the line as previously set for PPP. You must also include the testing line in the event that you want to test or connect using a local username and password in the future: 

 3600-dialin(config)#  aaa authentication login dial group auth  3600-dialin(config)#  aaa authentication login testing local group auth

Here's an important step that's often forgotten: If you authenticated already via text, you do not want to force authentication in PPP as well. The if-needed parameter tells the router to only authenticate via PPP, as long as the user has not been authenticated by another method already. If configuring this feature, these commands replace the previous ones: 

 3600-dialin(config)#  aaa authentication ppp dial if-needed group auth  3600-dialin(config)#  aaa authentication ppp testing if-needed local group auth

Then, apply the authentication method to the VTY lines by using the following command: 

 3600-dialin(config)#  line 1 3  3600-dialin(config-line)#  login authentication dial

Next, you must configure the lines to accept a dial-in call. Because the preceding async mode interactive command sends the call to the line first, the line must be configured to automatically determine if the client is using PPP or text authentication.

The following lines determine what automatic selection criteria you want the router to use: 

 3600-dialin(config)#  line 1 3  3600-dialin(config-line)#  autoselect during-login  3600-dialin(config-line)#  autoselect ppp

First, autoselect during login tells the router to do the automatic selection at the username and password prompt. Then, autoselect ppp tells the router to check for PPP when it performs the automatic selection. You can also configure it to do automatic selection of Serial Line Internet Protocol (SLIP) and AppleTalk Remote Access Protocol (ARAP) with the commands autoselect slip and autoselect arap respectively.

To prompt for username and password from the line, the router must allow an exec session by configuring the command exec on the line: 

 3600-dialin(config)#  line 1 3  3600-dialin(config-line)#  exec

The added exec command starts an exec process, or enables you to have access to a router prompt. The prompt issued after authentication is not an enable prompt, but a user can enable it by entering the enable secret. For security purposes, an ISP uses a command that automatically executes after the user logs in, so that the user does not have access to a router prompt. In most cases, the command you want to automatically execute is ppp default , which starts a PPP session. To automatically execute this command, you need to select the preferred lines and configure the autocommand ppp default command: 

 3600-dialin(config)#  line 1 3  3600-dialin(config-line)#  autocommand ppp default

The new router configuration is shown in Example 6-8. This configuration allows dial-in using either PPP or text authentication.

Example 6-8. Text and PPP Dial-In Configuration 
 version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 3600-dialin ! boot system flash aaa new-model !  ! RADIUS authentication and server specifications  aaa group server radius auth  server 192.168.100.1 auth-port 1645 acct-port 1646  server 192.168.100.2 auth-port 1645 acct-port 1646 !  ! Local group access configuration:  aaa authentication login dial group auth aaa authentication login testing local-case group auth aaa authentication ppp dial if-needed group auth aaa authentication ppp testing if-needed local-case group auth aaa session-id common ! ip subnet-zero ! async-bootp subnet-mask 255.255.255.248 async-bootp gateway 192.168.0.249 async-bootp dns-server 192.168.100.3 192.168.100.4 async-bootp nbns-server 192.168.100.5 192.168.100.6 ! interface Loopback0  ip address 192.168.0.249 255.255.255.248 ! interface Ethernet0/0  ip address 192.168.0.246 255.255.255.252 ! interface Group-Async1  ip unnumbered Loopback0  encapsulation ppp  async mode interactive  peer default ip address pool dialpool  ppp authentication pap dial  group-range 1 3 ! ip local pool dialpool 192.168.0.250 192.168.0.254 ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.245 ! radius-server host 192.168.100.1 auth-port 1645 acct-port 1646 timeout 18 key a10u8 radius-server host 192.168.100.2 auth-port 1645 acct-port 1646 timeout 18 key a10u8 radius-server retransmit 3 ! line con 0  exec-timeout 0 0  ! Line configuration to allow dial group login:  line 1 3  login authentication dial  modem InOut  modem autoconfigure type usr_sportster  autocommand  ppp default  autoselect during-login  autoselect ppp  speed 115200 line aux 0 line vty 0 4 ! end

Large-Scale Dial-In Configuration

A large-scale dial-in configuration does not significantly differ from a regular dial-in configuration. In most cases, it just requires that you use an access server, which provides extended capacity versus any router with a few async ports.

To configure an access server such as an AS5300 or AS5400, use the same PPP or text and PPP dial-in configuration as covered in the previous section. The group range of the group-async interface must increase to include all modems in the router. The IP pool set aside for dial-in users must be increased to handle the number of digital service 0s (DS0s) terminating on the device. Also, the automatic configuration of the modem must be set to the type of modem in the server.

There is also additional configuration information that must be added for large-scale dial-in servers. The phone lines no longer attach directly to the modems; instead, a PRI circuit carries the calls from the central office (CO) to your equipment. Because of this design, the first thing to configure is the PRI. There are two sections to configure: the controller and the serial interface. Example 6-9 shows a sample T1 controller configuration.

Example 6-9. Controller T1 Configuration 
 5300-dialin(config)#  controller T1 0  5300-dialin(config-controller)#  framing esf  5300-dialin(config-controller)#  linecode b8zs  5300-dialin(config-controller)#  pri-group timeslots 1-24  5300-dialin(config-controller)#  no shutdown

To begin with, the controller must be configured according to the way that the circuit was provisioned. In most cases where the circuit is a PRI, the framing is Extended Superframe (ESF), and the linecode is bipolar 8-zero substitution (B8ZS). After framing and linecode are configured, you must specify what time slots are to be used. Generally, all time slots are used for PRI DS0s, and they are configured as stated previously. Finally, you can bring the controller up.

Non-Facility-Associated Signaling (NFAS) allows a single D channel to control multiple PRI interfaces. Allowing multiple PRIs to use a single D channel permits the use of an extra DS0 per PRI member of an NFAS group. Also, a backup D channel can be configured for use when the primary NFAS D channel fails. All NFAS members of a group must terminate on the same dial router. To configure NFAS, you must know the circuit with the primary D channel, the circuit with the backup D channel (if there is one), and all NFAS members in order.

The easiest way to configure NFAS is to plug the circuits into the router in order. For example, if you have four circuits in an NFAS group with the primary D channel plugged into controller T1 4, you plug the circuit with the backup D channel into T1 5, and the following two into T1 6 and T1 7, in the order that they are configured from the telco. The controller configuration for this example is shown in Example 6-10.

Example 6-10. Controller Configuration for NFAS Circuits 
 5300-dialin(config)#  controller T1 4  5300-dialin(config-controller)#  framing esf  5300-dialin(config-controller)#  linecode b8zs  5300-dialin(config-controller)#  pri-group timeslots 1-24 nfas_d primary nfas_int   0 nfas_group 0  5300-dialin(config-controller)#  exit  5300-dialin(config)#  controller T1 5  5300-dialin(config-controller)#  framing esf  5300-dialin(config-controller)#  linecode b8zs  5300-dialin(config-controller)#  pri-group timeslots 1-24 nfas_d backup nfas_int   1 nfas_group 0  5300-dialin(config-controller)#  exit  5300-dialin(config)#  controller T1 6  5300-dialin(config-controller)#  framing esf  5300-dialin(config-controller)#  linecode b8zs  5300-dialin(config-controller)#  pri-group timeslots 1-24 nfas_d none nfas_int   2 nfas_group 0  5300-dialin(config-controller)#  exit  5300-dialin(config)#  controller T1 7  5300-dialin(config-controller)#  framing esf  5300-dialin(config-controller)#  linecode b8zs  5300-dialin(config-controller)#  pri-group timeslots 1-24 nfas_d none nfas_int   3 nfas_group 0

You can have up to 37 different NFAS groups on the same router. Each PRI within each group must have a unique interface number, starting with zero and increasing by one for each PRI in the group. A maximum of 20 PRIs can exist in an NFAS group. D channels are marked as primary, backup, or none.

NOTE

The NFAS considerations shown for a dial environment are fully applicable to the NFAS configuration and utilization rules as in an ISDN environment.


Each PRI and each NFAS group has a serial interface that corresponds to it and that needs to be configured. The serial interface number is the same as the controller number of the circuit with the D channel, with a :23 appended to the end of it. This is done because the D channel on a PRI is the 24 th channel, starting with channel number 0refer to Figure 2-9 in Chapter 2. In the case of an NFAS group, the only serial interface that exists is the one with the D channel. The serial interface for the previously configured NFAS group is shown here: 

 5300-dialin(config)#  interface Serial0:23  5300-dialin(config-if)#  isdn switch-type primary-4ess  5300-dialin(config-if)#  isdn incoming-voice modem  5300-dialin(config-if)#  no shutdown

The serial interface contains a few components that must be set:

  • The first component to be configured is the switch type, which needs to match what the telephone company configured on their side of the circuit.

  • Next, the command isdn incoming-voice modem is crucial, as it tells the router that any voice call (non-ISDN) must be sent to a modem.

  • Finally, you must bring the interface up with the no shutdown command. The NFAS group is configured the same way: 

     5300-dialin(config)#  interface Serial4:23  5300-dialin(config-if)#  isdn switch-type primary-4ess  5300-dialin(config-if)#  isdn incoming-voice modem  5300-dialin(config-if)#  no shutdown

That completes the configuration for a large-scale dial-in service. Example 6-11 shows the full configuration, including four PRI and one NFAS group that contains four circuits.

Example 6-11. Large-Scale Dial-In Configuration 
 version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 5300-dialin ! boot system flash aaa new-model ! aaa group server radius auth  server 192.168.100.1 auth-port 1645 acct-port 1646  server 192.168.100.2 auth-port 1645 acct-port 1646 ! aaa authentication login dial group auth aaa authentication login testing local-case group auth aaa authentication ppp dial if-needed group auth aaa authentication ppp testing if-needed local-case group auth aaa session-id common ! ip subnet-zero ! async-bootp subnet-mask 255.255.255.0 async-bootp gateway 192.168.1.1 async-bootp dns-server 192.168.100.3 192.168.100.4 async-bootp nbns-server 192.168.100.5 192.168.100.6 !  ! Begin controller configurations:  controller T1 0  framing esf  clock source line primary  linecode b8zs  pri-group timeslots 1-24 ! controller T1 1  framing esf  clock source line secondary  linecode b8zs  pri-group timeslots 1-24 ! controller T1 2  framing esf  linecode b8zs  pri-group timeslots 1-24 ! controller T1 3  framing esf  linecode b8zs  pri-group timeslots 1-24 !  ! NFAS configuration with primary and backup interfaces specified respectively:  controller T1 4  framing esf  linecode b8zs  pri-group timeslots 1-24 nfas_d primary nfas_int 0 nfas_group 0 ! controller T1 5  framing esf  clock source line primary  linecode b8zs  pri-group timeslots 1-24 nfas_d backup nfas_int 1 nfas_group 0 ! controller T1 6  framing esf  clock source line primary  linecode b8zs  pri-group timeslots 1-24 nfas_d none nfas_int 2 nfas_group 0 ! controller T1 7  framing esf  clock source line primary  linecode b8zs  pri-group timeslots 1-24 nfas_d none nfas_int 3 nfas_group 0 ! interface Loopback0  ip address 192.168.1.1 255.255.255.0 ! interface Ethernet0/0  ip address 192.168.0.246 255.255.255.252 ! interface Serial0:23  no ip address  isdn switch-type primary-4ess  isdn incoming-voice modem ! interface Serial1:23  no ip address  isdn switch-type primary-4ess  isdn incoming-voice modem ! interface Serial2:23  no ip address  isdn switch-type primary-4ess  isdn incoming-voice modem ! interface Serial3:23  no ip address  isdn switch-type primary-4ess  isdn incoming-voice modem !  ! The D-channel of this T1 is configured as a primary D-channel.   ! When this channel goes down, the T1 #5, which is configured as a   ! backup D-channel, inherits this configuration.  interface Serial4:23  no ip address  isdn switch-type primary-4ess  isdn incoming-voice modem !  ! Serial 5:23, 6:23 and 7:23 interfaces don't need to be configured, because   ! T1 5, T1 6 and T1 7 belong to the NFAS group.  interface Group-Async1  ip unnumbered Loopback0  encapsulation ppp  async mode interactive  peer default ip address pool dialpool  ppp authentication pap dial  group-range 1 240 ! ip local pool dialpool 192.168.1.2 192.168.1.254 ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.245 ! radius-server host 192.168.100.1 auth-port 1645 acct-port 1646 timeout 18 key a10u8 radius-server host 192.168.100.2 auth-port 1645 acct-port 1646 timeout 18 key a10u8 radius-server retransmit 3 ! line con 0  exec-timeout 0 0 line 1 240  login authentication dial  modem InOut  modem autoconfigure type mica  autocommand  ppp default  autoselect during-login  autoselect ppp  speed 115200 line aux 0 line vty 0 4 ! end

Text Dial-Out Configuration

For a text dial-out service, you must first make a decision on whether to use local authentication on the router or to use an authentication server. These users do not call into the modems, so security is probably not as much of a concern as a dial-in pool. In the case of dial-out, the user connects through text on a VTY port, which means that the type of authentication is login.

A small fictitious insurance company is used as the example. The company has eight WAN sites, all on dedicated links, and there is no backup implemented because of costs. The routers at each of the WAN sites have modems attached to the AUX ports, and an analog line attached to the modem, so that in the case of any site going down, support personnel can log into the WAN router to troubleshoot the connection from both ends. There are only four headcounts to support the network, so they choose to use local authentication on the router. For a larger company, this could easily be changed to allow for an authentication server.

The configuration lines in Example 6-12 specify the authentication component. The name given to the authentication type is dialout, and it uses local passwords. Usernames and passwords are also configured.

Example 6-12. Local Authentication Configuration 
 3600-dialout(config)#  aaa new-model  3600-dialout(config)#  aaa authentication login dialout local  3600-dialout(config)#  username jbrown password james  3600-dialout(config)#  username jbob password joe  3600-dialout(config)#  username ksmith password keith  3600-dialout(config)#  username wclark password will

Because of the size of the company, the dial numbers are in the incoming banner to make it easy for anyone to place a call to a site that is down. Therefore, when a support person logs in, that person has all the numbers for the WAN sites listed. They assume that no more than one or two sites would ever be down at once, so they planned the dial-out server to handle three outbound connections at once, thus placing three modems in the dial-out rotary (in this case, lines 1-2).

The configuration lines in Example 6-13 provide the authentication for the three dial-out lines. Also, the banner is put in place listing the office console phone numbers.

Example 6-13. Authentication and Banner Configuration 
 3600-dialout(config)#  line 1 3  3600-dialout(config-line)#  login authentication dialout  3600-dialout(config-line)#  exit  3600-dialout(config)#  Banner incoming ^  Enter TEXT message.  End with the character '^'.     Site                       Router Console Number     -----------------------    -----------------------------     Dallas Office              231-444-8282     Oakland Office             415-663-9012     Las Vegas Office           772-404-9923     Minneapolis Office         416-223-9245     St. Louis Office           314-677-4378     Chicago Office             294-229-3943     New York Office            723-655-8966     Atlanta Office             404-339-6774 Use modem AT commands to dial-out. ^

Next, configure the modem lines for a typical dial-out setup. In this case, the requirement is for databits set to 8, stopbits set to 1, and parity set to none. Also, set up the lines in rotary group number one, and set the input to be telnet, which sets the router up to allow a reverse telnet directly onto the modem. Finally, turn off exec, which does not allow a router prompt to anyone who tries to dial into this server. Example 6-14 shows dial-out modem configuration commands for a typical text dial-out router.

Example 6-14. Text Dial-Out Line Configuration 
 3600-dialout(config)#  line 1 3  3600-dialout(config-line)#  databits 8  3600-dialout(config-line)#  parity none  3600-dialout(config-line)#  stopbits 1  3600-dialout(config-line)#  modem host  3600-dialout(config-line)#  rotary 1  3600-dialout(config-line)#  transport input telnet  3600-dialout(config-line)#  no exec

Then, you must give the router an IP address and put it on the network: 

 3600-dialout(config)#  interface Ethernet0/0  3600-dialout(config-if)#  ip address 192.168.0.10 255.255.255.248

Use another IP address on the Ethernet segment to create an alias to the rotary group, by using the following command: 

 3600-dialout(config)#  ip alias 192.168.0.11 3001

Telnet to the Ethernet address on port 3001 and connect to the first available modem in rotary group 1. This command allows direct telnet to 192.168.0.11 by using the default port (23), and it connects as if they telnet to port 3001 on the Ethernet address. Port 3002 lands on rotary group number two, which is not configured.

Example 6-15 shows the final configuration used for this small company to access their WAN routers in the event that the WAN links are down.

Example 6-15. Text Dial-Out Configuration 
 version 12.2 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname 3600-dialout ! aaa new-model ! ! aaa authentication login dialout local aaa session-id common enable secret 5 $VzVJ$B6sbqGo8e2HJDBQ.gxGZp/ !  ! Local username and password files for local login as specified by   ! aaa authentication login dialout local configuration command.  username jbrown password 7 000E120B0148 username jbob password 7 020C0B5E username ksmith password 7 050003063544 username wclark password 7 02110D5707 ! ip subnet-zero ! interface Ethernet0/0  ip address 192.168.0.10 255.255.255.248 ! ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0/0 192.168.0.9 ip alias 192.168.0.11 3001 no ip http server ! banner incoming ^     Site                       Router Console Number     -----------------------    -----------------------------     Dallas Office              231-444-8282     Oakland Office             415-663-9012     Las Vegas Office           772-404-9923     Minneapolis Office         416-223-9245     St. Louis Office           314-677-4378     Chicago Office             294-229-3943     New York Office            723-655-8966     Atlanta Office             404-339-6774 Use modem AT commands to dial-out. ^ ! line con 0 line 1 3  no exec  login authentication dialout  modem autoconfigure type nextport  rotary 1  transport input telnet  stopbits 1  speed 115200 line aux 0 line vty 0 4 ! end

Now that the router is configured, it must be tested . If you do not see characters appearing when you type AT and press Enter, but you do see OK being returned, the modem is not echoing local commands, but all else works correctly. Consult the owner's manual for the modem to turn this feature on. Example 6-16 shows the dial-out test being performed. In the example, a call is placed to the WAN router in Atlanta.

Example 6-16. Text Dial-Out Test to Verify Functionality 
 Trying 192.168.0.11 ... Open User Access Verification Username:  jbrown  Password:     Site                       Router Console Number     -----------------------    -----------------------------     Dallas Office              231-444-8282     Oakland Office             415-663-9012     Las Vegas Office           772-404-9923     Minneapolis Office         416-223-9245     St. Louis Office           314-677-4378     Chicago Office             294-229-3943     New York Office            723-655-8966     Atlanta Office             404-339-6774 Use modem AT commands to dial-out. at OK atdt14043396774 CONNECT 26400/REL atlanta-wan line 65 User Access Verification Username:  jbrown  Password: atlanta-wan>  exit  NO CARRIER

The call was placed when user jbrown typed atdt14043396774. It was successfully answered when the modem echoed CONNECT 26400/REL. At that point, the atlanta-wan router asked for authentication. User jbrown logged in and everything worked as planned.

PPP Dial-Out Configuration

The following PPP dial-out configuration section refers to the second type of PPP dial-out mentioned earlier in this chapter, where the router dials into a service provider to gain access to the LAN behind the router.

First, a fixed password is required for this type of configuration, and you must gather a few pieces of information about your service provider. Dialup the provider with a PC and gather the DNS server addresses, the WINS server addresses (if any), and the domain name assigned to you.

Unless you previously arranged to route a network to the service provider, you must use NAT on the router to provide all the computers on your LAN access to the Internet. This example uses NAT and the modem is an external US Robotics Sportster that is attached to the AUX port of a router. Start by assigning an RFC 1918 subnet to your local network. Give an IP address from this network to the Ethernet interface, and set up Dynamic Host Configuration Protocol (DHCP) for the client computers as shown in Example 6-17.

Example 6-17. Configuration of DHCP on a Local LAN Segment 
 2500-dialout(config)#  interface Ethernet 0/0  2500-dialout(config-if)#  ip address 192.168.1.1 255.255.255.0  2500-dialout(config-if)#  no shutdown  2500-dialout(config-if)#  ip dhcp pool pool1  2500-dialout(dhcp-config)#  network 192.168.1.0 255.255.255.0  2500-dialout(dhcp-config)#  default-router 192.168.1.1  2500-dialout(dhcp-config)#  dns-server 207.217.126.41 207.217.77.42  2500-dialout(dhcp-config)#  domain-name earthlink.net

In this case, no WINS servers are configured because the ISP does not offer these services. If they had assigned WINS servers, you would use the DHCP configuration command netbios-name-server ip_address_1 ip_address_2 to configure them on your router.

The next action is to put the service provider information into the async interface. The phone number to dial, along with a username and password, is also required. In this example, the router dials up to a typical service provider where the IP address is supplied. The interface is set up to be in dialer-group 1. Also, a dialer hold-queue is added to queue packets in case the modem speedshifts, retrains, or needs to completely reconnect . Example 6-18 shows the configuration lines needed to dial into the provider's network.

Example 6-18. Async Interface Configuration for PPP Dial-Out Access 
 2500-dialout(config)#  interface async65  2500-dialout(config-if)#  ip address negotiated  2500-dialout(config-if)#  dialer in-band  2500-dialout(config-if)#  dialer string 6222230  2500-dialout(config-if)#  encapsulation ppp  2500-dialout(config-if)#  ppp pap sent-username jhuegen password test  2500-dialout(config-if)#  dialer-group 1  2500-dialout(config-if)#  dialer hold-queue 100

Configure the line for dial-out and set up the modem through the autoconfigure command. Additionally, you might include the no exec command for security reasons. This prevents someone from connecting if they try to dial into the router: 

 2500-dialout(config)#  line aux 0  2500-dialout(config-line)#  modem autoconfigure type usr_sportster  2500-dialout(config-line)#  modem InOut  2500-dialout(config-line)#  no exec

Next, configure NAT so that traffic on the Ethernet interface translates to the IP address negotiated for the async interface: 

 2500-dialout(config)#  access-list 1 permit 192.168.1.0 0.0.0.31  2500-dialout(config)#  ip nat inside source list 1 interface asy65 overload

Then, assign NAT as either inside or outside to all configured interfaces, and configure a default route to the service provider, as shown in Example 6-19.

Example 6-19. NAT Inside, NAT Outside, and Default Route Configuration Commands 
 2500-dialout(config)#  interface async65  2500-dialout(config-if)#  ip nat outside  2500-dialout(config-if)#  exit  2500-dialout(config)#  interface ethernet0/0  2500-dialout(config-if)#  ip nat inside  2500-dialout(config-if)#  exit  2500-dialout(config)#  ip route 0.0.0.0 0.0.0.0 async65

Finally, identify on the router what traffic to mark as interesting, which limits the traffic allowed to bring up the line. In this example, all IP traffic is identified as interesting. You can use an access control list (ACL) to only allow certain types of traffic with the command dialer-list 1 protocol ip list access-list-number : 

 2500-dialout(config-if)#  dialer-list 1 protocol ip permit

This completes the configuration for PPP dial-out to a service provider. The full configuration is shown in Example 6-20.

Example 6-20. PPP Dial-Out Configuration for Connecting to a Service Provider 
 version 12.2 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname 2500-dialout ! boot system flash ! enable secret 5 $VzVJ$B6sbqGo8e2HJDBQ.gxGZp/ ! ip subnet-zero !  ! local DHCP service configuration parameters:  ip dhcp pool pool1    network 192.168.1.0 255.255.255.0    default-router 192.168.1.1    dns-server 207.217.126.41 207.217.77.42    netbios-name-server 207.217.126.42 207.217.77.43    domain-name earthlink.net ! interface Ethernet0/0  ip address 192.168.1.1 255.255.255.0  ip nat inside ! interface Async65  ip address negotiated  ip nat outside  encapsulation ppp  dialer in-band  dialer string 6222230  dialer hold-queue 100  dialer-group 1  ppp pap sent-username jhuegen password 7 044F0E151B !  ! NAT configuration with default route identified:  ip nat inside source list 1 interface Async65 overload ip classless ip route 0.0.0.0 0.0.0.0 Async65 !  ! Access list configured to allow traffic to/from your Ethernet interface:  access-list 1 permit 192.168.1.0 0.0.0.31 dialer-list 1 protocol ip permit ! line con 0 line aux 0  no exec  modem InOut  modem autoconfigure type usr_sportster line vty 0 4 ! end

Large-Scale Dial-Out Configuration

Two types of large-scale dial-out configurations exist. The first uses static dialer maps put into a dialer interface, where they exist within the router configuration. The second type uses the AAA system for storing the dialer maps.

In the first example that follows , static dialer maps dial out to each individual client. The number of configurable clients is limited by the size of the configuration. After the configuration is full, no more clients can be added. Although this limitation exists, it is still the easiest way to prepare for large-scale dial-out.

Example 6-21 shows a sample Group-Async interface configuration with dialer maps for large-scale dial-out.

Example 6-21. Large-Scale Dial-Out Interface Configuration with Dialer Map Statements 
 5300-dialout(config)#  interface Group-Async1  5300-dialout(config-if)#  ip address 64.221.12.1  5300-dialout(config-if)#  encapsulation ppp  5300-dialout(config-if)#  dialer in-band  5300-dialout(config-if)#  dialer idle-timeout 30  5300-dialout(config-if)#  dialer map ip 64.221.12.2 name ID127361 16632047789  5300-dialout(config-if)#  dialer map ip 64.221.12.3 name ID127364 17366224431  5300-dialout(config-if)#  dialer map ip 64.221.12.4 name ID127365 12232718341  5300-dialout(config-if)#  dialer map ip 64.221.12.5 name ID127367 12812123434  <output omitted> 5300-dialout(config-if)#  dialer map ip 64.221.12.253 name ID196458 14732812238  5300-dialout(config-if)#  dialer map ip 64.221.12.254 name ID196459 15123848161  5300-dialout(config-if)#  dialer hold-queue 100  5300-dialout(config-if)#  dialer-group 1

As you can see, this can take up much space in the configuration. There is also a manageability issue with removing old customers and adding new ones because it is a manual and time-consuming process. Unfortunately, there's no easy way to keep a configuration like this up to date.

This limitation is where a AAA large-scale dial-out setup is an alternative because AAA is already in a database format. Therefore, you can add information to this database that can be used for other purposes, such as billing and running reports against active and non-active customers.

To set up a large scale dial-out in this manner, the AAA database must be populated with the phone numbers and IP addresses of the remote hosts . The router must be set up for either TACACS+ or RADIUS authentication. TACACS+ is used in the following example: 

 5300-dialout(config)#  aaa new-model  5300-dialout(config)#  aaa authentication ppp default group tacacs+  5300-dialout(config)#  aaa authorization network default group tacacs+  5300-dialout(config)#  aaa authorization configuration default group tacacs+

The Group-Async interface is configured as in the earlier example; however, instead of the dialer map statements, you use the command dialer aaa . Example 6-22 shows the configuration of the Group-Async interface using AAA for large-scale dial-out.

Example 6-22. Group-Async Interface Using AAA for Large-Scale Dial-Out 
 5300-dialout(config)#  interface Group-Async1  5300-dialout(config-if)#  ip address 64.221.12.1  5300-dialout(config-if)#  encapsulation ppp  5300-dialout(config-if)#  dialer in-band  5300-dialout(config-if)#  dialer idle-timeout 30  5300-dialout(config-if)#  dialer aaa  5300-dialout(config-if)#  dialer hold-queue 100  5300-dialout(config-if)#  dialer-group 1

Finally, use the following command to download all the routes from the AAA server. In the example, it's set to update the downloaded table every 60 minutes; however, you might opt for a different frequency (remember that the size of the table can make this an intensive process): 

 5300-dialout(config)#  aaa route download 60

To verify that everything works correctly, turn on terminal monitoring. A temporary debug comes up with the important information about this particular call. Example 6-23 shows the temporary debug. If this does not happen, turn on other AAA debugs to determine the problem.

Example 6-23. Large-Scale Dial-Out Temporary Debug 
 5300-dialout#  ping 64.221.12.253  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 64.221.12.253, timeout is 2 seconds: Mar  9 03:59:35.173: %LSdialout: temporary debug to verify the data integrity Mar  9 03:59:35.177:     dial number = 14732812238 Mar  9 03:59:35.177:     dialnum_count = 1 Mar  9 03:59:35.177:     force_56 = 0 Mar  9 03:59:35.181:     routing = 0 Mar  9 03:59:35.181:     data_svc = -1 Mar  9 03:59:35.181:     port_type = -1 Mar  9 03:59:35.185:     map_class = Mar  9 03:59:35.185:     ip_address = 64.221.12.253 Mar  9 03:59:35.189:     send_secret = hs7BsL1p Mar  9 03:59:35.189:     send_auth = 3

You have now verified that the dial-out server is collecting the correct information from the AAA server to perform a successful dial-out. From here, basic PPP dial-out must take place for traffic to pass.

Dial-On-Demand Backup Configuration

In the configuration example provided, a WAN router is used with a fractional T1 to the main office and a modem for DDR. When the fractional T1 goes down, you want the modem to place a call to the DDR server at the main office and continue to support the flow of traffic.

Although it is not the easiest to configure, using dialer watch is an effective way to perform dial-on-demand backup. Dialer watch checks on a route that is supposed to be in the routing table, and if the route disappears for any reason, the router believes it is disconnected from the network and dials.

First, you want the router to watch a route that is up as long as the circuit back to head- quarters is up. The easiest way to do this is to put a loopback address on the router on the other end of the circuit. Then, use a routing protocol to propagate that route through the fractional T1 to the router at the WAN site (the one you are configuring). In this case, EIGRP 68 propagates the route for the loopback address 64.213.9.10: 

 <output omitted> D       64.213.9.10/32 [90/409600] via 64.213.8.41, 00:05:20, Serial0/2.10 <output omitted>

Then set up dial-on demand with a dialer-map statement to connect to the hq-ddr router that accepts calls for backup. The router uses Challenge-Handshake Authentication Protocol (CHAP) authentication with a local username and password. Example 6-24 shows the configuration for dialing and authenticating through CHAP to the hq-ddr router.

Example 6-24. Configuration to Dial and Authenticate to hq-ddr 
 3600-ddr(config)#  aaa authentication ppp default local   ! Local username and password for hq-ddr:  3600-ddr(config)#  username hq-ddr password helpme  3600-ddr(config)#  interface async65  3600-ddr(config-if)#  ip address 64.213.10.12 255.255.255.240  3600-ddr(config-if)#  encapsulation ppp  3600-ddr(config-if)#  dialer in-band   ! Maps ip for hq-ddr with calling number for access:  3600-ddr(config-if)#  dialer map ip 64.213.10.1 name hq-ddr 16686222230  3600-ddr(config-if)#  dialer hold-queue 100  3600-ddr(config-if)#  dialer-group 1  3600-ddr(config-if)#  ppp authentication chap

Next, verify that the route you want to monitor is in the routing table. To do this, issue the command show ip route ip address . After it is verified, proceed with configuring the rest of the dialer watch commands.

The first of the commands required for dialer watch sets the idle-timeout on the link to 30 seconds. The link does not disconnect every 30 seconds, but instead checks to determine if the route to the watched IP address specified is in place every 30 seconds: 

 3600-ddr(config-if)#  dialer idle-timeout 30

Next, add a dialer map for the watched IP address by using the same name and phone number as the one configured earlier. This tells the router where to dial when the watched IP address is removed from the routing table: 

 3600-ddr(config-if)#  dialer map ip 64.213.9.10 name hq-ddr 16686222230

Then, add the interface to a watch group. Because no watch groups were defined before, start with group number 1 (one): 

 3600-ddr(config-if)#  dialer watch-group 1

Create a dialer watch list that includes the IP address that you want to watch: 

 3600-ddr(config)#  dialer watch-list 1 ip 64.213.9.10 255.255.255.255

Finally, set all traffic to non-interesting: 

 3600-ddr(config)#  dialer-list 1 protocol ip deny

The interface dials based on whether or not the watched IP address is in the routing table, not based on whether the traffic is interesting or not. This is an added measure to keep the dial-on-demand link down whenever it is not needed. Example 6-25 shows the final configuration of this WAN router using dial-on-demand backup.

Example 6-25. Dial-on-Demand Configuration Using Dialer Watch 
 version 12.2 service timestamps debug datetime msec service timestamps log uptime service password-encryption ! hostname 3600-ddr ! boot system flash aaa new-model ! aaa authentication ppp default local ! enable secret 5 $VzVJ$B6sbqGo8e2HJDBQ.gxGZp/ ! username hq-ddr password 7 08294942191400 ! ip subnet-zero ! interface Ethernet0/0  ip address 64.213.11.193 255.255.255.192  no keepalive ! interface Serial0/2  bandwidth 256  no ip address  encapsulation frame-relay IETF  frame-relay lmi-type ansi ! interface Serial0/2.10 point-to-point  bandwidth 256  ip address 64.213.8.42 255.255.255.252  no arp frame-relay  frame-relay interface-dlci 20 !  ! Specifies watch-group and hq-ddr numbers for backup:  interface Async65  ip address 64.213.10.12 255.255.255.240  encapsulation ppp  dialer in-band  dialer idle-timeout 30  dialer map ip 64.213.10.1 name hq-ddr broadcast 16686222230  dialer map ip 64.213.9.10 name hq-ddr broadcast 16686222230  dialer hold-queue 100  dialer watch-group 1  dialer-group 1  ppp authentication chap ! router eigrp 68  network 64.213.8.0 0.0.3.255  no auto-summary ! ip classless ! no ip http server !  ! Watch-list to match watch-group already specified on Async interface:  access-list 1 permit 192.168.0.0 0.0.0.31 dialer watch-list 1 ip 64.213.9.10 255.255.255.255 dialer-list 1 protocol ip deny ! line con 0  exec-timeout 0 0 line aux 0  modem InOut  modem autoconfigure type usr_sportster  speed 115200 line vty 0 4 ! end

Example 6-26 is a debug to show you what happens during an outage , and what happens when the primary circuit comes back up. To simulate this force, the serial interface goes down by unplugging the cable.

Example 6-26. Dial-on-Demand Routing DebugPart I 
 00:12:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2.10, changed   state to down Mar  1 00:12:38.023: DDR: Dialer Watch: watch-group = 1 Mar  1 00:12:38.023: DDR:        network 64.213.9.10/255.255.255.255 DOWN, Mar  1 00:12:38.023: DDR:        primary DOWN Mar  1 00:12:38.023: DDR: Dialer Watch: Dial Reason: Primary of group 1 DOWN Mar  1 00:12:38.023: DDR: Dialer Watch: watch-group = 1, Mar  1 00:12:38.023: DDR:       dialing secondary by dialer map 64.213.9.10 on As65 Mar  1 00:12:38.023: As65 DDR: Attempting to dial 16686222230

This starts a typical PPP dial-out connection and after it is authenticated, the network continues passing traffic through the DDR system. Example 6-27 shows what occurs when the serial interface is fixed and comes back up; in this case, you plug the cable back in.

Example 6-27. Dial-on-Demand Routing DebugPart II 
 00:13:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2.10, changed   state to up Mar  1 00:13:21.819: DDR: Dialer Watch: watch-group = 1 Mar  1 00:13:21.819: DDR:        network 64.213.9.10/255.255.255.255 UP, Mar  1 00:13:21.819: DDR:        primary UP

Shortly following, the call is disconnected and traffic resumes over the serial interface.



Previous page
Table of content
Next page
Troubleshooting Remote Access Networks CCIE Professional Development
Troubleshooting Remote Access Networks (CCIE Professional Development)
ISBN: 1587050765
EAN: 2147483647
Year: 2002
Pages: 235
Authors: Plamen Nedeltchev
BUY ON AMAZON
MySQL Stored Procedure Programming
Managing Enterprise Systems with the Windows Script Host
MySQL Clustering
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy