|
|
This section describes how to configure Cisco AS5300 to support terminal EXEC shell services and login prompts for client modems.
The following sub sections are provided:
In this case study, Maui Onions commissions the Cisco AS5300. Local-based authentication is used. After the Cisco AS5300 is commissioned, Maui Onions configures and tests PPP as described in the section "Configuring PPP and Authentication." In the future, Maui Onions will use a AAA TACACS+ server.
 |
Note For a description of terminal EXEC shell services, see the section "Task 7. Testing Asynchronous-Shell Connections." |
Figure 2-1 shows the logical and physical system architecture for the Cisco AS5300. It illustrates the components used to process a call.
Figure 2-1 shows the following:
One synchronous PPP call consumes:
The following subsections detail the tasks required to verify that basic system components are functioning normally:
The Cisco AS5300 has a specific boot sequence. To view the boot sequence through a terminal session, you must have a console connection to the access server before it powers up.
The following boot sequence occurs. Event numbers and comments are inserted in the example to describe the boot sequence.
System Bootstrap, Version 11.2(9)XA, RELEASE SOFTWARE (fc2) Copyright (c) 1997 by cisco Systems, Inc. AS5300 platform with 65536 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0xf5914 Self decompressing the image : ################################################# ## [OK] Notice: NVRAM invalid, possibly due to write erase. program load complete, entry point: 0x80008000, size: 0x45497c Self decompressing the image : ################################################# ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ##################### [OK]
Event 1---In the previous segment, the NAS decompresses the system boot image, tests the NVRAM for validity, and decompresses the Cisco IOS image.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software IOS (tm) 5300 Software (C5300-IS-M), Version 11.3(7)AA, EARLY DEPLOYMENT MAINTENANCE RELEASE SOFTWARE () Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Fri 08-Jan-99 13:43 by jjgreen Image text-base: 0x60008920, data-base: 0x60788000 cisco AS5300 (R4K) processor (revision A.32) with 65536K/16384K bytes of memory. Processor board ID 11811596 R4700 processor, Implementation 33, Revision 1.0 (512KB Level 2 Cache) Bridging software. X.25 software, Version 3.0.0. SuperLAT software copyright 1990 by Meridian Technology Corp). Primary Rate ISDN software, Version 1.1. Backplane revision 2 Manufacture Cookie Info: EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x30, Board Hardware Version 1.64, Item Number 800-2544-2, Board Revision B0, Serial Number 11811596, PLD/ISP Version 0.0, Manufacture Date 9-Dec-1998. 1 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 96 terminal line(s) 4 Channelized T1/PRI port(s) 128K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) 8192K bytes of processor board Boot flash (Read/Write)
Event 2---The following components are detected: Cisco IOS Release, available memory, hardware interfaces, and modem lines.
If a hardware card is not recognized, verify that you are running the optimum version of Cisco IOS. Refer to the Hardware-Software Compatibility Matrix at the following URL:
http://cco-sj-1.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no
Event 3---Because the NAS has never been configured, the NAS cannot find a startup-config file. Therefore, the software asks, "Would you like to enter the initial configuration dialog? [yes/no]:"
Enter no. In this document, the Cisco IOS is configured manually. The automatic setup script is not used. Configuring the Cisco IOS manually develops your expertise.
00:00:18: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:18: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up 00:00:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed stp 00:00:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changen 00:00:43: %LINK-5-CHANGED: Interface Ethernet0, changed state to administrativen 00:00:43: %LINK-5-CHANGED: Interface FastEthernet0, changed state to administran 00:00:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changedn 00:00:46: %SYS-5-RESTART: System restarted --
00:01:07: %MICA-5-BOARDWARE_RUNNING: Slot 1 is running boardware version 1.3.7.0 00:01:07: %MICA-5-BOARDWARE_RUNNING: Slot 2 is running boardware version 1.3.7.0 Press RETURN to get started! Router>
Enter the show version command to check the system hardware, Cisco IOS image name, uptime, and restart reason:
Router>enable Router#show version Cisco Internetwork Operating System Software IOS (tm) 5300 Software (C5300-IS-M), Version 11.3(7)AA, EARLY DEPLOYMENT MAINTENANCE RELEASE SOFTWARE () Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Fri 08-Jan-99 13:43 by jjgreen Image text-base: 0x60008920, data-base: 0x60788000 ROM: System Bootstrap, Version 11.2(9)XA, RELEASE SOFTWARE (fc2) BOOTFLASH: 5300 Software (C5300-BOOT-M), Version 11.2(9)XA1, Router uptime is 9 minutes System restarted by power-on at 16:59:44 PST Fri Dec 31 1999 System image file is "flash:c5300-is-mz.113-7.AA" cisco AS5300 (R4K) processor (revision A.32) with 65536K/16384K bytes of memory. Processor board ID 11811596 R4700 processor, Implementation 33, Revision 1.0 (512KB Level 2 Cache) Bridging software. X.25 software, Version 3.0.0. SuperLAT software copyright 1990 by Meridian Technology Corp). Primary Rate ISDN software, Version 1.1. Backplane revision 2 Manufacture Cookie Info: EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x30, Board Hardware Version 1.64, Item Number 800-2544-2, Board Revision B0, Serial Number 11811596, PLD/ISP Version 0.0, Manufacture Date 9-Dec-1998. 1 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 96 terminal line(s) 4 Channelized T1/PRI port(s) 128K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) 8192K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102
Table 2-1 describes the significant output fields in the previous example:
| Field | Description |
|---|---|
Router uptime is 9 minutes | Watch for unscheduled reloads by inspecting this field. |
System restarted by power-on at 16:59:44 PST Fri Dec 31 1999 | Tells you why the access server last reloaded. If the field displays "power-on," a power interruption caused the reload. |
System image file is "flash:c5300-is-mz.113-7.AA" | The Cisco AS5300 booted from this image location. |
The Cisco IOS creates an initial running configuration. Inspect the configuration to get familiar with the default settings.
Router>enable Router#show running-config Building configuration... Current configuration: ! version 11.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! controller T1 0 clock source line primary ! controller T1 1 clock source line secondary ! controller T1 2 clock source internal ! controller T1 3 clock source internal ! interface Ethernet0 no ip address shutdown ! interface FastEthernet0 no ip address shutdown ! ip classless ! line con 0 transport input none line 1 96 line aux 0 line vty 0 4 ! end
Get familiar with the file system and memory storage areas. The Cisco IOS File System (IFS) feature provides a single interface to:
IFS first appeared in Cisco IOS Releases 11.3 AA and 12.0. For more information about IFS, refer to the chapter Using the Cisco IOS File System in the Release 12.0 Configuration Fundamentals Configuration Guide at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/fun_c/fcprt2/fcifs.htm
Figure 2-2 shows the memory locations inside the Cisco AS5300.
Table 2-2 describes the memory locations shown in Figure 2-2.
| Component | Description |
|---|---|
R4700 CPU | RISC 4700 central processing unit. |
Processor memory | The Cisco IOS image is initially read out of Flash memory, decompressed, and loaded into processor memory (also known as main memory or DRAM). Routing tables, call control blocks, and other data structures are also stored here. |
Packet I/O memory | Packets are temporarily stored in I/O memory. |
System Flash and Boot Flash memory | Stores Cisco IOS images, modem firmware/portware, and custom web pages. |
NVRAM memory | Non-volatile configuration memory. |
To inspect the file system, enter the show file systems command and dir comand as shown in the following bullet list:
Router#show file systems
File Systems:
Size(b) Free(b) Type Flags Prefixes
- - opaque wo modem:
- - opaque rw null:
- - opaque rw system:
- - network rw tftp:
* 16777216 12236072 flash rw flash:
8388608 7382416 flash rw bootflash:
126968 126968 nvram rw nvram:
- - opaque wo lex:
- - network rw rcp:
- - network rw ftp:
In addition, verify that you have everything that you ordered (for example, 16 MB of Flash memory). The asterisk (*) indicates the current directory.
5300-NAS#dir system: Directory of system:/ 2 dr-x 0 <no date> memory 1 -rw- 4492 <no date> running-config 13 dr-x 0 <no date> ucode
|
Note Remember to include the trailing colon (:) in dir commands. |
Router#dir bootflash: Directory of bootflash:/ 1 -rw- 1006128 <no date> c5300-boot-mz.112-9.XA1 8388608 bytes total (7382416 bytes free) In the example, the boot image is c5300-boot-mz.112-9.XA1. The compressed file size is 1,006,128 bytes. The total boot Flash memory size is 8,388,608 bytes. The number of free bytes is 7,382,416.
Router#pwd flash: Router#dir: Directory of flash:/ 1 -rw- 4541080 <no date> c5300-is-mz.113-7.AA 16777216 bytes total (12236072 bytes free) The Cisco IOS image named c5300-is-mz.113-7.AA is present.
Router#dir nvram: Directory of nvram:/ 1 -rw- 0 <no date> startup-config 2 ---- 0 <no date> private-config 126968 bytes total (126968 bytes free) In the example, two files are present: startup-config and private-config. The private-config is a secure file that is part of the startup configuration. It supports encryption technologies, but it is not user accessible.
Use the show memory summary command to:
and I/O Memory Usage
|
Note Do not enter the show memory summary command with the terminal length 0 command enabled. If you do, many screens of output will appear. It might interrupt your session. |
Router#show processes cpu CPU utilization for five seconds: 1%/0%; one minute: 0%; five minutes: 0% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 0 18973 0 0.00% 0.00% 0.00% 0 Load Meter 2 44 122 360 0.57% 0.06% 0.01% 98 Virtual Exec 3 70388 12820 5490 0.00% 0.04% 0.05% 0 Check heaps 4 0 2 0 0.00% 0.00% 0.00% 0 Pool Manager 5 0 2 0 0.00% 0.00% 0.00% 0 Timers 6 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun 7 68 1876 36 0.00% 0.00% 0.00% 0 ARP Input 8 8 22758 0 0.00% 0.00% 0.00% 0 HC Counter Timer 9 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers 10 0 2 0 0.00% 0.00% 0.00% 0 Dialer event 11 4 2 2000 0.00% 0.00% 0.00% 0 Entity MIB API 12 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect 13 0 4 0 0.00% 0.00% 0.00% 0 Critical Bkgnd 14 3396 165554 20 0.00% 0.00% 0.00% 0 Net Background 15 8 43 186 0.00% 0.00% 0.00% 0 Logger 16 377776 94479 3998 0.40% 0.23% 0.24% 0 TTY Background 17 4 94488 0 0.00% 0.00% 0.00% 0 Per-Second Jobs 18 0 47432 0 0.00% 0.00% 0.00% 0 CSM periodical p 19 0 47435 0 0.00% 0.00% 0.00% 0 CSM timer proces 20 0 2 0 0.00% 0.00% 0.00% 0 CSM Tone process 21 0 6 0 0.00% 0.00% 0.00% 0 Call Management
|
Note |
Look at the top line of the output. If you see high utilization numbers, for example over 50%, inspect the columns 5Sec, 1Min, and 5Min. Find the process that uses the most CPU power. For an idle chassis, numbers larger than two percent indicate a problem.
The following subsections detail the tasks required to apply a basic-running configuration to the NAS:
 |
Tips Periodically save the configuration by using the copy running-config startup-config command. |
Assign a host name to the NAS, specify an enable secret password, and turn on time stamps:
hostname 5300-NAS enable secret 0 yourpasswordhere service password-encryption service timestamps debug datetime msec service timestamps log datetime msec
|
Note The enable password command is an obsolete command. Do not use it. |
Step 2 Log in with the enable secret password. The show privilege command shows the current security privilege level.
5300-NAS#disable 5300-NAS>enable Password: 5300-NAS#show privilege Current privilege level is 15 5300-NAS#
Configure authentication, authorization, and accounting (AAA) to perform login authentication by using the local username database. The login keyword authenticates EXEC shell users. Additionally, configure PPP authentication to use the local database if the session was not already authenticated by login.
AAA (called triple A) is the Cisco IOS security model used on all Cisco devices. AAA provides the primary framework through which you set up access control on the NAS.
In this basic case study, the same authentication method is used on all interfaces. AAA is set up to use the local database configured on the NAS. This local database is created with the username configuration commands.
!username admin password adminpasshere username dude password dudepasshere!
 |
Warning This step also prevents you from getting locked out of the NAS. If you get locked out, you must reboot the device and perform password recovery. |
Step 2 Configure local AAA security in global configuration mode. You must enter the aaa new-model command before the other two authentication commands.
!aaa new-model aaa authentication login default local aaa authentication ppp default if-needed local!
The following table describes the previous configuration snippet.
| Command | Purpose |
|---|---|
aaa new-model | Initiates the AAA access control system. This command immediately locks down login and PPP authentication. |
Configures AAA to perform login authentication by using the local username database. The login keyword authenticates EXEC shell users. | |
aaa authentication ppp default if-needed local | Configures PPP authentication to use the local database if the session was not already authenticated by login. |
Step 3 Log in with your username and password:
5300-NAS#login User Access Verification Username:admin Password: 5300-NAS#
Successfully logging in means that your local username will work on any TTY or VTY line. Do not disconnect your session until you can log in.
Create a login banner. A banner shows you which unit you are connected to (or are connecting through, in the case of a console server).
5300-NAS(config)#banner login | Enter TEXT message. End with the character '|'. This is a secured device. Unauthorized use is prohibited by law. | 5300-NAS(config)#^Z 5300-NAS#
Step 2 Test the banner:
5300-NAS#loginThis is a secured device.Unauthorized use is prohibited by law.User Access Verification Username:admin Password: 5300-NAS#
To commission a basic dial access service:
!interface Loopback0 ip address 172.22.99.1 255.255.255.255!interface Loopback1 ip address 172.22.90.1 255.255.255.0!interface Ethernet0 ip address 172.22.66.23 255.255.255.0!ip route 0.0.0.0 0.0.0.0 172.22.66.1!
In this example:
Step 2 Verify that the Ethernet interface is up. Ping the default gateway to verify this.
5300-NAS#ping 172.22.66.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.22.66.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms 5300-NAS#
This step verifies that you have IP connectivity with another device on the subnet. If the ping succeeds to the default gateway, try pinging the DNS server in your backbone. Make sure the backbone routers are configured to get to the access server; otherwise, the ping will not work. Configure the backbone routers to support the routes to the networks you are using.
|
Note An 80% ping-success rate is normal for the first time you ping an external device. The NAS does not yet have an ARP entry (address resolution protocol) for the external device. A 100% success rate is achieved the next time you ping the device. |
Obtain new Cisco IOS features and more stable code by upgrading to a new Cisco IOS release.
5300-NAS#cd flash: 5300-NAS#dir Directory of flash:/ 1 -rw- 4541080 <no date> c5300-is-mz.113-7.AA 16777216 bytes total (12236072 bytes free) 5300-NAS#
Step 2 Copy the new image from the remote TFTP server into Flash memory. Make sure to specify your own TFTP server's IP address and Cisco IOS file name. In this example, Flash memory is erased before the new image is downloaded. To see the bangs (!) during the download operation, you must have line wrap enabled in your terminal emulation software.
 |
TimeSaver Leave both images in Flash memory if you have the available space. If needed, you can easily revert back to the previous image. Enter the boot system flash newiosname.bin command to point to the new image file name. By default, the first image in Flash memory is loaded. |
5300-NAS#copy tftp: flash: Address or name of remote host []? 172.22.66.18 Source filename []? goon/c5300-is-mz.120-5.T Destination filename []? c5300-is-mz.120-5.T Accessing tftp://172.22.66.18/goon/c5300-is-mz.120-5.T... Erase flash: before copying? [confirm]y Erasing the flash filesystem will remove all files! Continue? [confirm]y Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ee ...erased Erase of flash: complete Loading goon/c5300-is-mz.120-5.T from 172.22.66.18 (via Ethernet0): !!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 5633184/11266048 bytes] Verifying checksum... OK (0x1AAF) 5633184 bytes copied in 30.480 secs (187772 bytes/sec)
|
Warning Occasionally TFTP errors will occur. Make sure the verifying checksum reports "OK." Do not reload the access server if the checksum reports errors. |
Step 3 Verify that the old image was erased and the new image was downloaded. In this example, notice that the 12.0(5)T image is larger than the old 11.3(7)AA image.
5300-NAS#dir flash: Directory of flash:/ 1 -rw- 5633184 <no date> c5300-is-mz.120-5.T 16777216 bytes total (11143968 bytes free)
Step 4 Reload the NAS to run the new image. If you erased the old Cisco IOS image, make sure the boot system flash oldiosname.bin command is not enabled and pointing to the old image file name. Otherwise, the NAS will get stuck trying to reload the old image over and over again.
5300-NAS#reload Proceed with reload? [confirm] *Jan 1 04:50:32.814: %SYS-5-RELOAD: Reload requested System Bootstrap, Version 11.2(9)XA, RELEASE SOFTWARE (fc2) Copyright (c) 1997 by cisco Systems, Inc. AS5300 platform with 65536 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0xf5914 Self decompressing the image : ################################################# ## [OK]
|
Note |
Press RETURN to get started!
For more information about TFTP, refer to the document "Loading and Maintaining System Images and Microcode" at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/fun_c/fcprt2/fcimages.htm
Specify the settings for the T1 controllers. T1 controller settings must match the settings on the telephone switch side. Mismatched settings cause problems that may not be detected for a long time.
Matching T1 Controller Settings
!isdn switch-type primary-5ess!
Step 2 Specify the T1 controller settings:
!controller T1 0 framing esf clock source line primary linecode b8zs pri-group timeslots 1-24!controller T1 1 framing esf clock source line secondary 1 linecode b8zs pri-group timeslots 1-24!controller T1 2 framing esf linecode b8zs pri-group timeslots 1-24!controller T1 3 framing esf linecode b8zs pri-group timeslots 1-24!
Table 2-4 describes some of the T1-controller concepts that are applied in the previous example.
| Concept | Description |
|---|---|
Defines the control bits and data bits. Cisco supports super frame (SF) and extended super frame (ESF) for T1s.
| |
An encoding method used to allow synchronous data to be transmitted in a compatible format for T1 transmission. Common line codes are RZ (return to zero), NRZ (non-return to zero), B8ZS, AMI, and HDB3 (high density bipolar order 3).
| |
Refers to both timing and synchronization of the T1 carrier. Timing is encoded within the transmitted data signal, and it ensures synchronization throughout the network. By default, the access server uses the line clock from the switch that is coming in on controller 0. Controller 0 is the primary clock source. Controllers 1 and higher are secondary clock sources. If a primary clock fails, a secondary clock steps in. | |
Timeslot assignment | Timeslots are assigned to channels. For T1 PRI scenarios, all 24 T1 timeslots are assigned as ISDN PRI channels. After the timeslots are assigned by the pri-group command, D-channel serial interfaces are automatically created in the configuration file (for example S0:23, S1:23, and so on). |
Step 3 Verify that the controllers are up and no alarms or errors are detected. Error counters are recorded over a 24-hour period in 15-minute intervals. In the display output, focus on the data in the current interval.
5300-NAS#show controller t1
T1 0 is up.
Applique type is Channelized T1
Cablelength is long gain36 0db
No alarms detected.
Version info of slot 0: HW: 4, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
Board Hardware Version 1.32, Item Number 73-2217-5,
Board Revision B16, Serial Number 09356963,
PLD/ISP Version 0.0, Manufacture Date 18-Jun-1998.
Framing is ESF, Line Code is B8ZS, Clock Source is Line Primary.
Data in current interval (28 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 1 15 minute intervals):
12 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 323 Fr Loss Secs, 5 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 323 Unavail Secs
|
Note |
After each controller is correctly set up, clear the counters and look for ongoing line violations and errors. To do this, enter the clear controller t1 number command followed by the show controller t1 command. In the display output, focus on the data in the current interval. Error counters stop increasing when the controller is configured correctly.
|
Tips The clear controller t1 number command does not reset or bring down the controller. The T1 stays up. Only the counters are cleared. |
If the counters are increasing on a specific T1 controller, look closely at the error statistics. Refer to the commands in Table 2-5.
| Command | Purpose |
|---|---|
show controller t1 | Provides brief output statistics for the current interval and the last 24 hours. |
show controller t1 | Displays counters for all 96 intervals. |
show controller t1 | Modifies the output as described in the Cisco IOS configuration guides. The "T" in Total is case sensitive. (Release 12.0 T is required.) |
Table 2-6 provides a list of T1 alarm conditions and descriptions from the reference point of the NAS.
| Alarm | Description |
|---|---|
CRC Errors | Occurs only in ESF format when a CRC bit has an error. |
Excessive CRC Error Indication (ECRCEI) | Reported in ESF format when 32 of any 33 consecutive CRCs are in error. |
Out of Frame (OOF) | Occurs when the framing pattern for a T1 line has been lost, and data cannot be extracted. This is a red alarm. In SF and ESF formats, OOF occurs when any two of four consecutive frame-synchronization bits are in error. |
Loss of Signal (LOS) | Occurs when 175 consecutive 0s are detected in the MC. This is a red alarm. The signal is recovered if the density of 1s reaches 12.5%. The recovery happens when four 1s are received within a 32-bit period. |
Remote Frame Alarm (RHEA) | Indicates that an OOF framing pattern occurred at the remote end. This is a yellow alarm. |
Alarm Indication Signal (AIS) | Indicates to the remote end that the received signal is lost. This is a blue alarm. AIS occurs when a stream of 1s is received. |
Loop Back | Indicates that a remotely initiated loopback (from the network) is in progress. |
Errored Seconds | Depending on the framing format, indicates OOF conditions, frame slip conditions, or error events. For SF, errored seconds reports the number of seconds the frame was in the OOF or slip condition. For ESF, errored seconds reports error events in seconds. |
Bursty Errored Seconds | Reports CRC error conditions in seconds (ESF format only). |
Severely Errored Seconds | Reports error events or frame slip conditions in seconds. |
For more information about controllers, see the section "Channelized E1 & Channelized T1 Setup Commands" at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_r/drprt1/index.htm
Step 4 Verify that the individual serial D channels and B channels are present. In the following example, B channels S0:0 through S0:22 are rotary members of the signaling D channel S0:23.
5300-NAS#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0 172.22.66.23 YES NVRAM up up FastEthernet0 unassigned YES NVRAM administratively down down Loopback0 172.22.99.1 YES NVRAM up up Loopback1 172.22.90.1 YES NVRAM up up Serial0:0 unassigned YES unset down down Serial0:1 unassigned YES unset down down Serial0:2 unassigned YES unset down down Serial0:3 unassigned YES unset down down Serial0:4 unassigned YES unset down down Serial0:5 unassigned YES unset down down Serial0:6 unassigned YES unset down down Serial0:7 unassigned YES unset down down Serial0:8 unassigned YES unset down down Serial0:9 unassigned YES unset down down Serial0:10 unassigned YES unset down down Serial0:11 unassigned YES unset down down Serial0:12 unassigned YES unset down down Serial0:13 unassigned YES unset down down Serial0:14 unassigned YES unset down down Serial0:15 unassigned YES unset down down Serial0:16 unassigned YES unset down down Serial0:17 unassigned YES unset down down Serial0:18 unassigned YES unset down down Serial0:19 unassigned YES unset down down Serial0:20 unassigned YES unset down down Serial0:21 unassigned YES unset down down Serial0:22 unassigned YES unset down down Serial0:23 unassigned YES unset up up
|
Note |
Configure the serial D channels to route incoming voice calls from the PSTN to the integrated modems. The behavior of the B channels is controlled by the D channels' configuration instructions. The D channel is the signaling channel.
Table 2-7 describes the relationship between T1 controllers and serial interfaces.
| T1 Controllers | D Channels | B Channels |
|---|---|---|
Controller T1 0 | Interface serial 0:23 | S0:0 through S0:22 |
Controller T1 1 | Interface serial 1:23 | S1:0 through S1:22 |
Controller T1 2 | Interface serial 2:23 | S2:0 through S2:22 |
Controller T1 3 | Interface serial 3:23 | S3:0 through S3:22 |
... | ... | ... |
!interface Serial0:23 isdn incoming-voice modem!interface Serial1:23 isdn incoming-voice modem!interface Serial2:23 isdn incoming-voice modem!interface Serial3:23 isdn incoming-voice modem!
Different versions of Cisco IOS enables different default commands. Release 12.0(5)T enables the commands in Table 2-8.
| Command | Purpose |
|---|---|
no ip directed-broadcast | Enhances security by preventing broadcasts to this subnet from unauthorized sources. |
isdn switch-type primary-5ess |
Per interface switch-types are first introduced in Release 11.3AA. |
no cdp enable | Turns off the cisco discovery protocol (cdp). Otherwise, the protocol attempts to be negotiated on the PPP links. |
Step 2 Verify that ISDN is functioning properly, and the serial channels are up:
5300-NAS#show isdn status
Global ISDN Switchtype = primary-5ess
ISDN Serial0:23 interface
dsl 0, interface ISDN Switchtype = primary-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
The Free Channel Mask: 0x807FFFFF
|
Note |
5300-NAS#debug isdn q921 ISDN Q921 packets debugging is on 5300-NAS# Sep 23 04:19:07.887: ISDN Se0:23: TX -> RRp sapi = 0 tei = 0 nr = 23 Sep 23 04:19:07.891: ISDN Se0:23: RX <- RRf sapi = 0 tei = 0 nr = 23 5300-NAS#undebug isdn q921 ISDN Q921 packets debugging is off
Step 3 Test the configuration by sending a standard telephone (POTS) call into the NAS. The configuration works if the modem answers (that is, you hear modem squelch), the configuration works. Figure 2-5 shows how this step works.
A different telephone number is associated with each end of the connection. In Figure 2-5, the called number 555-1234 is assigned to the PRI trunk. This number is dialed from the POTS telephone. The calling number 444-1234 is assigned to the POTS telephone line.
Modems and lines are configured after:
Each modem is mapped to a dedicated asynchronous line inside the NAS. After the modem inout command is applied to the lines, the NAS is ready to accept modem calls.
AAA security is applied to the lines by the aaa new-model command and aaa authentication login default local command. AAA performs login authentication by using the local username database. The login keyword authenticates EXEC shell users.
|
Note The modem speed 115200 bps and hardware flow control are the default settings for integrated modems. |
!line 1 96 modem InOut!
Step 2 Verify that the asynchronous TTY lines support incoming and outgoing calls. These lines are simulated R2-232 ports.
5300-NAS#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 CTY - - - - - 0 0 0/0 -
1 TTY - inout - - - 0 0 0/0 -
2 TTY - inout - - - 0 0 0/0 -
3 TTY - inout - - - 0 0 0/0 -
4 TTY - inout - - - 0 0 0/0 -
5 TTY - inout - - - 0 0 0/0 -
6 TTY - inout - - - 0 0 0/0 -
7 TTY - inout - - - 0 0 0/0 -
8 TTY - inout - - - 0 0 0/0 -
9 TTY - inout - - - 0 0 0/0 -
10 TTY - inout - - - 0 0 0/0 -
|
Note |
Step 3 (Optional) Choose a specific line and inspect the modem-to-TTY association. In this example, TTY 1 is associated with modem 1/0. The modem state is idle because no users have dialed in yet.
5300-NAS#show line 1
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
1 TTY - inout - - - 0 0 0/0 -
Line 1, Location: "", Type: ""
Length: 24 lines, Width: 80 columns
Status: No Exit Banner
Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out
Modem Callout, Modem RI is CD, Integrated Modem
Modem state: Idle
modem(slot/port)=1/0, state=IDLE
dsx1(slot/unit/channel)=NONE, status=VDEV_STATUS_UNLOCKED
Modem hardware state: CTS noDSR DTR noRTS
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
00:10:00 never none not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:30
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: never
Editing is enabled.
History is enabled, history size is 10.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed transports are pad telnet rlogin udptn v120 lapb-ta. Preferred is pad t
elnet rlogin udptn v120 lapb-ta.
No output characters are padded
No special data dispatching characters
5300-NAS#
Fine tune the IP routing functions and domain-name services for EXEC shell users.
ip subnet-zero no ip source-route ip classless
Table 2-9 describes the previous commands.
| Command | Purpose |
|---|---|
ip subnet-zero | Specifies that 172.22.0.0 is a legal subnet. |
no ip source-route | Tightens security by ensuring that IP-header packets cannot define their own paths through the network access server (NAS). |
ip classless | Ensures that all unknown subnets use the default route. |
Step 2 In global configuration mode, enter domain-name service commands to support EXEC shell users:
ip domain-lookup ip host guessme 172.22.100.9 ip domain-name mauionions.com ip name-server 172.22.11.10 ip name-server 172.22.11.11
Table 2-10 describes the previous commands.
| Command | Purpose |
|---|---|
Enables IP domain-name lookups. | |
ip host guessme 172.22.100.9 | Creates a local name-to-address map. When the NAS is not entered in a DNS server, this map is useful. |
Tells the NAS how to qualify DNS lookups. In this example, mauonions.com is appended to the end of each looked-up name. | |
ip name-server 172.22.11.10 ip name-server 172.22.12.11 | Specifies the primary and secondary name servers. The ip name-server command is used for mapping names to IP addresses. |
This task verifies that the following components are working:
The Cisco IOS provides a command-line interface (CLI) called the EXEC.
The EXEC:
During this task, some administrators try to make complex services function such as PPP-based Web browsing. Do not jump ahead. Many other elements still need to be configured (for example, PPP and IPCP). The asynchronous-shell test ensures that the EXEC's login prompt can be accessed by a client modem. Taking a layered approach to building a network isolates problems and saves you time.
Step 2 From a terminal-emulation program, test your RS-232 connection to the client modem. Enter the at command. The modem returns the prompt "OK."
at OK
Step 3 Dial the PRI telephone number assigned to the NAS (in this example the number is 5551234). After the modem successfully connects, a connect message appears.
atdt5551234 CONNECT 28800 V42bis
|
Note Many modems support the a/ command, which recalls the last AT command. The ath command hangs up a modem call. The atdl command dials the last telephone number. |
Step 4 Log into the EXEC session:
This is a secured device.Unauthorized use is prohibited by law.User Access Verification Username: dude Password: 5300-NAS>
Step 5 Identify the line where the call landed. The following example shows that line TTY 1 accepted the call. The call has been up and active for 48 seconds.
5300-NAS>show caller
Active Idle
Line User Service Time Time
con 0 admin TTY 00:05:33 00:00:00
tty 1 dude TTY 00:00:48 00:00:22
5300-NAS>show caller user dude
User: dude, line tty 1, service TTY
Active time 00:01:12, Idle time 00:00:46
Timeouts: Absolute Idle Idle
Session Exec
Limits: - - 00:10:00
Disconnect in: - - 00:09:13
TTY: Line 1
DS0: (slot/unit/channel)=0/0/0
Line: Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 databits
Status: Ready, Active, No Exit Banner
Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out
Modem Callout, Modem RI is CD, Integrated Modem
Modem State: Ready
|
Note The show caller command is added to the Cisco IOS software in Release 11.3 AA and 12.0 T. If your software release does not support this command, use the show user command. |
Step 6 Test the IP functionality to support shell sessions. From the NAS, telnet to another device in your network.
5300-NAS>telnet 172.22.66.26 Trying 172.22.66.26 ... Open User Access Verification Username: admin Password: 5800-NAS> 5800-NAS>telnet guessme Translating "guessme"...domain server (172.22.11.10) [OK] Trying guessme.cisco.com (172.22.2.2)... Open SunOS 5.6 login: dude Password: Last login: Wed Oct 6 08:57:46 from dhcp-aus-163-236 Sun Microsystems Inc. SunOS 5.6 Generic August 1997 /cms/resource/.cmsrc: No such file or directory guessme%
The final running configuration looks like this:
5300-NAS#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname 5300-NAS ! aaa new-model aaa authentication login default local aaa authentication ppp default if-needed local enable secret 5 $1$Ec9Q$KsERiSHdKGL/rGaewXeIz. ! username admin password 7 045802150C2E username dude password 7 070C285F4D06 spe 1/0 1/7 firmware location bootflash:mica-modem-pw.2.7.1.0.bin spe 2/0 2/7 firmware location bootflash:mica-modem-pw.2.7.1.0.bin ! resource-pool disable ! ip subnet-zero no ip source-route ip host guessme 172.22.100.9 ip domain-name mauionions.com ip name-server 172.22.11.10 ip name-server 172.22.12.11 ! isdn switch-type primary-5ess mta receive maximum-recipients 0 ! controller T1 0 framing esf clock source line primary linecode b8zs pri-group timeslots 1-24 ! controller T1 1 framing esf clock source line secondary 1 linecode b8zs pri-group timeslots 1-24 ! controller T1 2 framing esf linecode b8zs pri-group timeslots 1-24 ! controller T1 3 framing esf linecode b8zs pri-group timeslots 1-24 ! process-max-time 200 ! interface Loopback0 ip address 172.22.99.1 255.255.255.255 no ip directed-broadcast ! interface Loopback1 ip address 172.22.90.1 255.255.255.0 no ip directed-broadcast ! interface Ethernet0 ip address 172.22.66.23 255.255.255.0 no ip directed-broadcast ! interface Serial0:23 no ip address no ip directed-broadcast isdn switch-type primary-5ess isdn incoming-voice modem fair-queue 64 256 0 no cdp enable ! interface Serial1:23 no ip address no ip directed-broadcast isdn switch-type primary-5ess isdn incoming-voice modem fair-queue 64 256 0 no cdp enable ! interface Serial2:23 no ip address no ip directed-broadcast isdn switch-type primary-5ess isdn incoming-voice modem fair-queue 64 256 0 no cdp enable ! interface Serial3:23 no ip address no ip directed-broadcast isdn switch-type primary-5ess isdn incoming-voice modem fair-queue 64 256 0 no cdp enable ! interface FastEthernet0 no ip address no ip directed-broadcast shutdown ! no ip http server ip classlessip route 0.0.0.0 0.0.0.0 172.22.66.1!banner login ^CThis is a secured device.Unauthorized use is prohibited by law.^C!line con 0transport input none line 1 96 modem InOut line aux 0 line vty 0 4 ! end
Perform the tasks in the section "Verifying Modem Performance."
Posted: Mon May 22 13:05:50 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.