Network Design and Case Study Overview

Introduction

Scenario Description

Dial Planning Questionnaire

Network Service Definition

Network Topology, Hardware, and Software Selection

Configuration Design Parameters

Deployment and Operation Task Strategy

Network Design and Case Study Overview

Introduction

This case study describes how two companies set up basic modem IP services by using Cisco AS5x00 network access servers.

The two companies

Plan and design a basic IP modem dial-up network.
Deploy networking equipment by configuring, verifying, and troubleshooting the Cisco IOS.
Prepare for operations by inspecting modem call statistics and enabling basic management protocols.

This case study

Is for network engineers who work with dial-up access technologies.
Assumes that the reader has a CCNA or higher level of familiarity with Cisco IOS routers and technologies.

Note The term Cisco AS5x00 refers to the Cisco AS5300 and AS5800 network access servers. Although this case study uses two specific companies as examples and seems very specific at times, the principles in this case study can be applied on a general level.

Scenario Description

The following two companies are used in the case study:

Maui Onions---A co-operative marketing and distribution company for onions grown in Maui. The company is installing a dial-up service for their members and roaming sales force.
THEnet---A competitive Internet Service Provider (ISP) in Austin, Texas. The company is providing dial-up services to household consumers and university students. THEnet's users want to send email and surf the Internet with a web browser.

Both companies

Enable remote modem users to access IP backbone resources through the public switched telephone network (PSTN).

Build an access network foundation that scales to support larger dial implementations for the future.

Have almost identical technology requirements and business applications. Therefore, one business scenario diagram is shown for both companies. Figure 1-1 shows the business scenario.

Figure 1-1: Business Scenario

This case study describes how to set up one network access server (NAS). Setting up the following components is outside the scope of this document:

NAS stacking
AAA server setup
IP address scaling
Remote-node ISDN configuration (synchronous PPP)

Dial Planning Questionnaire

Both companies answer a planning questionnaire. Based on their design choices, both companies create a network-service definition.

The dial questionnaire in Table 1-1 shows the following:

A series of planning design questions and configuration issues
A list of design options
Maui Onions' design choices
THEnet's design choices

Table 1-1: Dial Services Questionnaire

Design Questions Design Options Maui Onions'
Design Choices THEnet's
Design Choices

What is the user-growth projection for the next 5 years.¹

3 months

1 Year

5 Years

500 users

1,000 users

2,000 users

5,000 users

20,000 users

1 million users

What is the user-to-line ratio during busy hours?

15:1

10:1

What access media is used for the dial services?

Analog lines

ISDN BRI lines

Yes

No

Yes

No

What type of remote devices will be supported?

Analog modems

Remote LANs

PCBUS ISDN
terminal adaptors

V.110

V.120

Yes

No

No

No

No

Yes

No

No

No

No

What operating systems will be supported?

Windows 95

Windows 98

Windows NT

UNIX

MacOS

Yes

Yes

Yes

No

No

Yes

Yes

Yes

Yes

Yes

Will you support dial-in modem services?

Yes or No

Yes

Yes

Rank these technology priorities.

AAA design

IP design

V.90 modem performance

#1

#2

#3

#2

#3

#1

When users connect to modems, what access service will they use?

EXEC shell sessions

PPP sessions

SLIP sessions

Yes

Yes

No

Yes

Yes

No

Will you support multilink? If yes, will you scale to a stacked multi-chassis solution?

Yes or No

No

Yes. A stacked solution.

Will you support PPP timeouts (accounting)?

Yes or No

No

No

For the short term, where are the users' passwords stored?

Local AAA database in the router

Remote AAA database in a server

Local AAA

Local AAA

In the long term, will you use a AAA server? If yes, what protocol will you use?

TACACS+

RADIUS

Yes

TACACS+

Yes

RADIUS

Will users be allowed to change their own passwords? If yes, how?

EXEC shell

CiscoSecure web page

Yes

EXEC shell

Yes

CiscoSecure web page

Will the access network use an external authentication database such as SecureID, Windows NT, or Novell NDS?

Yes or No

Yes

No

Will you support per-user attribute definitions (authorization)?

Yes or No

Yes

No

Do you have an existing accounting system to monitor call-detail records?

Yes or No

No

Yes

Are you running an existing network management system?

Yes or No

No

No

¹Three months = current deployment requirement.
One year = current design plan requirement.
Five years = future scalability plan requirement.

Design Questions	Design Options	Maui Onions' Design Choices	THEnet's Design Choices
What is the user-growth projection for the next 5 years.¹	3 months 1 Year 5 Years	500 users 1,000 users 2,000 users	5,000 users 20,000 users 1 million users
What is the user-to-line ratio during busy hours?		15:1	10:1
What access media is used for the dial services?	Analog lines ISDN BRI lines	Yes No	Yes No
What type of remote devices will be supported?	Analog modems Remote LANs PCBUS ISDN terminal adaptors V.110 V.120	Yes No No No No	Yes No No No No
What operating systems will be supported?	Windows 95 Windows 98 Windows NT UNIX MacOS	Yes Yes Yes No No	Yes Yes Yes Yes Yes
Will you support dial-in modem services?	Yes or No	Yes	Yes
Rank these technology priorities.	AAA design IP design V.90 modem performance	#1 #2 #3	#2 #3 #1
When users connect to modems, what access service will they use?	EXEC shell sessions PPP sessions SLIP sessions	Yes Yes No	Yes Yes No
Will you support multilink? If yes, will you scale to a stacked multi-chassis solution?	Yes or No	No	Yes. A stacked solution.
Will you support PPP timeouts (accounting)?	Yes or No	No	No
For the short term, where are the users' passwords stored?	Local AAA database in the router Remote AAA database in a server	Local AAA	Local AAA
In the long term, will you use a AAA server? If yes, what protocol will you use?	TACACS+ RADIUS	Yes TACACS+	Yes RADIUS
Will users be allowed to change their own passwords? If yes, how?	EXEC shell CiscoSecure web page	Yes EXEC shell	Yes CiscoSecure web page
Will the access network use an external authentication database such as SecureID, Windows NT, or Novell NDS?	Yes or No	Yes	No
Will you support per-user attribute definitions (authorization)?	Yes or No	Yes	No
Do you have an existing accounting system to monitor call-detail records?	Yes or No	No	Yes
Are you running an existing network management system?	Yes or No	No	No

Network Service Definition

Based on the design choices in Table 1-1, each company creates its own network-to-user service definition. Table 1-2 provides the definition for each company.

Table 1-2: User-to-Network Service Definitions

Maui Onions' Requirements THEnet's Requirements

Line requirements¹ for the next 5 years:

3 months: 25 lines

1 year: 50 lines

5 years: 100 lines

Line requirements for the next 5 years:

3 months: 500 lines

1 year: 2000 lines

5 years: 100,000 lines

One Cisco AS5300 is required for the first year.

One Cisco AS5800 is required for the first three months.

Analog lines and modems.

Analog lines and modems.

Supported operating systems: Windows 95, 98, and NT.

Maui Onions controls the client types used by its employees.

Supported operating systems: Windows 95, 98, NT, UNIX, and MacOS.

THEnet offers Internet access to all client types.

AAA is the highest technology priority.

V.90 modem performance is the highest technology priority.

Dial-in only support.

Dial-in only support.

EXEC shell and PPP session support.

EXEC shell and PPP session support.

No multilink PPP support.

Multilink PPP support in a stacked solution for deployment in a future phase of this project.

PPP timeouts will not be supported.

PPP timeouts will not be supported.

Remote AAA TACACS+ server to store users' passwords. Users can change their passwords by using the EXEC shell.

Remote AAA RADIUS server to store users' passwords. Users can change their passwords by using the Cisco Secure web page.

Per-user attribute definitions (authorization) are supported.

Per-user attribute definitions are not supported.

A network element management server is needed.

A network element management server is needed.

¹The line requirement is calculated by dividing the number of users by the user-to-line ratio during busy hours.

Maui Onions' Requirements	THEnet's Requirements
Line requirements¹ for the next 5 years: 3 months: 25 lines 1 year: 50 lines 5 years: 100 lines	Line requirements for the next 5 years: 3 months: 500 lines 1 year: 2000 lines 5 years: 100,000 lines
One Cisco AS5300 is required for the first year.	One Cisco AS5800 is required for the first three months.
Analog lines and modems.	Analog lines and modems.
Supported operating systems: Windows 95, 98, and NT. Maui Onions controls the client types used by its employees.	Supported operating systems: Windows 95, 98, NT, UNIX, and MacOS. THEnet offers Internet access to all client types.
AAA is the highest technology priority.	V.90 modem performance is the highest technology priority.
Dial-in only support.	Dial-in only support.
EXEC shell and PPP session support.	EXEC shell and PPP session support.
No multilink PPP support.	Multilink PPP support in a stacked solution for deployment in a future phase of this project.
PPP timeouts will not be supported.	PPP timeouts will not be supported.
Remote AAA TACACS+ server to store users' passwords. Users can change their passwords by using the EXEC shell.	Remote AAA RADIUS server to store users' passwords. Users can change their passwords by using the Cisco Secure web page.
Per-user attribute definitions (authorization) are supported.	Per-user attribute definitions are not supported.
A network element management server is needed.	A network element management server is needed.

The network service definition for each company is different:

Maui Onions' scaling projections are much smaller than THEnet's projections. For this reason, THEnet requires higher density network access servers (that is, THEnet requires a Cisco AS5800 instead of a Cisco AS5300).
Maui Onions cares more about security and less about billing. THEnet cares more about billing and less about security.
THEnet has a higher V.90 priority and, for this reason, will spend more time fine tuning V.90 than Maui Onions. THEnet's primary objective is to get 56K modem-connections enabled. For THEnet, higher connect speeds equate to increased sales, whereas Maui Onions' revenue stream does not depend on high modem-connect speeds. Maui Onions will use dial-up service for its employees.
AAA design is important to Maui Onions. A defined security policy protects enterprise network resources.
Maui Onions enables its network administrator users to change their own passwords by using an EXEC shell login. THEnet allows its users to change their own passwords using a web page interface.
For the short term, both companies store users' passwords in a local-username database inside the router. In the long term, Maui Onions will scale to use TACACS+ security. THEnet will use RADIUS security.
Maui Onions supports per-user attribute definitions. THEnet provides Internet access only. Maui Onions enables specific onion vendors to dial in, pass through filters, and access specific devices.

Network Topology, Hardware, and Software Selection

Figure 1-3 shows the devices that are used to build both dial-up access environments. One recommended topology is used for both companies.

Figure 1-3: Network Topology Elements

Both companies have similar network topologies. The hardware elements and software releases are described in the following tables.

Table 1-1: Hardware Elements

Element Purpose Maui Onions THEnet

Remote clients and analog modems

To access the IP backbone through the PSTN.

PCs

PCs, Macs, UNIX workstations

Cisco AS5x00 NAS

To terminate modem calls and Point-to-Point Protocol (PPP) sessions.

Cisco AS5300

Cisco AS5800

PRI lines

To provide high throughput (64K) for digital and analog calls.

In general, T1 and T3 trunks can be ISDN PRIs or channelized T1s.

T1 trunks

T3 trunks

Network element management server

To maintain and monitor the NAS.

NTP¹, syslog², SNMP³

NTP, syslog, SNMP

Remote AAA server

To perform basic user authentication.

TACACS+

RADIUS

Default gateway

To forward packets to the IP intranet and Internet.

Router

Router

Internet firewall

To protect the IP intranet from intruders and hackers.

Cisco PIX

Cisco PIX

Edge router

To provide connectivity between the access subnet and the IP backbone.

Router

Router

¹Network Time Protocol
²System logs (logging)
³Simple Network Management Protocol

Element	Purpose	Maui Onions	THEnet
Remote clients and analog modems	To access the IP backbone through the PSTN.	PCs	PCs, Macs, UNIX workstations
Cisco AS5x00 NAS	To terminate modem calls and Point-to-Point Protocol (PPP) sessions.	Cisco AS5300	Cisco AS5800
PRI lines	To provide high throughput (64K) for digital and analog calls. In general, T1 and T3 trunks can be ISDN PRIs or channelized T1s.	T1 trunks	T3 trunks
Network element management server	To maintain and monitor the NAS.	NTP¹, syslog², SNMP³	NTP, syslog, SNMP
Remote AAA server	To perform basic user authentication.	TACACS+	RADIUS
Default gateway	To forward packets to the IP intranet and Internet.	Router	Router
Internet firewall	To protect the IP intranet from intruders and hackers.	Cisco PIX	Cisco PIX
Edge router	To provide connectivity between the access subnet and the IP backbone.	Router	Router

To obtain the latest Cisco IOS features and bug fixes, the access servers are upgraded to the following software releases:

Table 1-2: Software Releases: Cisco IOS and MICA Portware

Hardware Start with Upgrade to

Cisco AS5300

Cisco IOS Release 11.3(7)AA

MICA portware 2.6.2.0

Cisco IOS Release 12.0(5)T

MICA portware 2.7.1.0

Cisco AS5800

Cisco IOS Release 11.3(9)AA2

MICA portware 2.6.2.0

Cisco IOS Release 12.0(4)XL1

MICA portware 2.6.2.0 (same)

Hardware	Start with	Upgrade to
Cisco AS5300	Cisco IOS Release 11.3(7)AA MICA portware 2.6.2.0	Cisco IOS Release 12.0(5)T MICA portware 2.7.1.0
Cisco AS5800	Cisco IOS Release 11.3(9)AA2 MICA portware 2.6.2.0	Cisco IOS Release 12.0(4)XL1 MICA portware 2.6.2.0 (same)

Use a mature Cisco IOS release whenever possible. For example, a mature release is 12.0(10)T not 12.0(1)T. Maintenance release 10 is more mature than maintenance release 1. During the development of this document, the most mature releases available are 12.0(5)T and 12.0(4)XL1.

Configu ration Design Parameters

Before the equipment is deployed at the customer sites, both companies define the following configuration design parameters:

IP subnetting and address strategy
Device parameters
Network dial plan

Figure 1-4: IP Subnetting Diagram

Note This case study uses private RFC 1918 IP addresses. For more information, refer to the following URL:

http://www.ietf.org/rfc/rfc1918.txt

For Maui Onions and THEnet, Table 1-5 through Table 1-7 describe the following:

IP subnetting plan
Device parameters
Dial plan

Table 1-5: IP Subnetting Plan

Network Name Assigned Subnet Description

Headquarters Block

172.22.0.0/17¹

The block of IP addresses reserved for the devices inside the corporate network.

Remote block

172.22.128.0/17

The block of IP addresses reserved for the incoming remote-node modem clients.

Hq-access

172.22.66.0/26

The headquarter's access Ethernet subnet. All the access devices are directly connected to this subnet.

If additional access servers and POP-management devices are needed, they are assigned to this IP subnet. This approach simplifies network design.

NAS loopback 0

172.22.99.0/24

Identifies the router with a unique and stable IP address for network management purposes. One IP address from a common address block is assigned to each network device. This technique enables the network operations center (NOC) to more easily perform security filtering.

One class C subnet that used to identify devices can support 254 distinct nodes with unique loopback IP addresses.

NAS loopback 1

172.22.90.0/24

Used to host a pool of IP addresses for the remote nodes. In this way, one route is summarized and propagated to the backbone instead of 254 host routes.

Setting up interior gateway protocols (IGP) is outside the scope of this document. For example, OSPF and EIGRP.

¹The /17 means there are 17 bits in the subnet mask. For /26, there are 26 bits in the subnet mask and so on.

Network Name	Assigned Subnet	Description
Headquarters Block	172.22.0.0/17¹	The block of IP addresses reserved for the devices inside the corporate network.
Remote block	172.22.128.0/17	The block of IP addresses reserved for the incoming remote-node modem clients.
Hq-access	172.22.66.0/26	The headquarter's access Ethernet subnet. All the access devices are directly connected to this subnet. If additional access servers and POP-management devices are needed, they are assigned to this IP subnet. This approach simplifies network design.
NAS loopback 0	172.22.99.0/24	Identifies the router with a unique and stable IP address for network management purposes. One IP address from a common address block is assigned to each network device. This technique enables the network operations center (NOC) to more easily perform security filtering. One class C subnet that used to identify devices can support 254 distinct nodes with unique loopback IP addresses.
NAS loopback 1	172.22.90.0/24	Used to host a pool of IP addresses for the remote nodes. In this way, one route is summarized and propagated to the backbone instead of 254 host routes. Setting up interior gateway protocols (IGP) is outside the scope of this document. For example, OSPF and EIGRP.

Note A simple IP address strategy is used for this case study. Scaling IP addresses is outside the scope of this document.

Table 1-6: Device Parameters

Device Parameters

Router host names

5300-NAS
5800-NAS

Interface ethernet 0

172.22.66.23 255.255.255.0

Interface loopback 0

172.22.99.1 255.255.255.255

Interface loopback 1

172.22.90.1 255.255.255.0

IP local address pool

5300-NAS = 172.22.90.2 through 172.22.90.97

5800-NAS = 172.22.90.2 through 172.22.90.254

Primary and secondary name servers

172.22.11.10
172.22.12.11

Default gateway

172.22.66.1

IP domain names

mauionions.com
the.net

Network element management server

(NTP, SNMP, syslog)

172.22.66.18

SNMP community strings

Read only (RO) = poptarts

Read write (RW) = pixysticks

Device	Parameters
Router host names	5300-NAS 5800-NAS
Interface ethernet 0	172.22.66.23 255.255.255.0
Interface loopback 0	172.22.99.1 255.255.255.255
Interface loopback 1	172.22.90.1 255.255.255.0
IP local address pool	5300-NAS = 172.22.90.2 through 172.22.90.97 5800-NAS = 172.22.90.2 through 172.22.90.254
Primary and secondary name servers	172.22.11.10 172.22.12.11
Default gateway	172.22.66.1
IP domain names	mauionions.com the.net
Network element management server (NTP, SNMP, syslog)	172.22.66.18
SNMP community strings	Read only (RO) = poptarts Read write (RW) = pixysticks

Table 1-7: Dial Plan

Item Value Description

PRI telephone numbers

4085551234
4085556789

Telephone numbers assigned to the T1 trunks.

These numbers are used for:

Testing new modem firmware

Isolating debugs for specific users

ISDN PRI
switch type

5ESS

The telco's switch type that connects to the T1 PRI trunks. In this case study, the T1 trunks are not using channel associated signaling (CAS).

Framing type

ESF is used for Maui Onions' T1 trunks.

M23 is used for THEnet's T3 trunk.

Defines the control bits and data bits.

Line code type

B8ZS is used for Maui Onions' T1 trunks.

No line code is used for THEnet's T3 trunk.

An encoding method used to allow synchronous data to be transmitted in a compatible format.

Test call login

username = dude
password = dude-pw

Username password for sending test calls into the NAS.

Item	Value	Description
PRI telephone numbers	4085551234 4085556789	Telephone numbers assigned to the T1 trunks. These numbers are used for: Testing new modem firmware Isolating debugs for specific users
ISDN PRI switch type	5ESS	The telco's switch type that connects to the T1 PRI trunks. In this case study, the T1 trunks are not using channel associated signaling (CAS).
Framing type	ESF is used for Maui Onions' T1 trunks. M23 is used for THEnet's T3 trunk.	Defines the control bits and data bits.
Line code type	B8ZS is used for Maui Onions' T1 trunks. No line code is used for THEnet's T3 trunk.	An encoding method used to allow synchronous data to be transmitted in a compatible format.
Test call login	username = dude password = dude-pw	Username password for sending test calls into the NAS.

Deployment and Operation Task Strategy

Table 1-8 describes the deployment and operation task strategy used in this case study. Maui Onions and THEnet use a common strategy.

Table 1-8: Deployment and Operation Task Strategy

Section Task Description

2

Commissioning the Cisco AS5300 Hardware

Understanding the Cisco AS5300 basic hardware architecture.

Supporting EXEC terminal shell services and login prompts for modem clients.

3

Commissioning the Cisco AS5800 Hardware

Understanding the Cisco AS5800 basic hardware architecture.

Supporting EXEC terminal shell services and login prompts for modem clients.

4

Verifying Modem Performance

Understanding and troubleshooting basic modem connectivity.

Optimizing modem connect speeds.

5

Configuring PPP and Authentication

Configuring PPP authentication for local AAA.

Configuring IP Control Protocol (IPCP) options.

Configuring Link Control Protocol (LCP) options.

Enabling PPP autoselect.

Testing asynchronous PPP connections.

Inspecting active call states.

6

Modem Management Operations

Managing modem firmware.

Configuring modems by using modem autoconfigure.

Gathering and viewing call statistics.

7

Enabling Management Protocols: NTP, SNMP, and Syslog

Enabling the following management protocols as part of commissioning a dial access service:

NTP

SNMP

Syslog

8

Inspecting the Final Running Configuration for the Cisco AS5300 and AS5800

Referencing and editing full-function Cisco IOS NAS configurations.

Section	Task	Description
2	Commissioning the Cisco AS5300 Hardware	Understanding the Cisco AS5300 basic hardware architecture. Supporting EXEC terminal shell services and login prompts for modem clients.
3	Commissioning the Cisco AS5800 Hardware	Understanding the Cisco AS5800 basic hardware architecture. Supporting EXEC terminal shell services and login prompts for modem clients.
4	Verifying Modem Performance	Understanding and troubleshooting basic modem connectivity. Optimizing modem connect speeds.
5	Configuring PPP and Authentication	Configuring PPP authentication for local AAA. Configuring IP Control Protocol (IPCP) options. Configuring Link Control Protocol (LCP) options. Enabling PPP autoselect. Testing asynchronous PPP connections. Inspecting active call states.
6	Modem Management Operations	Managing modem firmware. Configuring modems by using modem autoconfigure. Gathering and viewing call statistics.
7	Enabling Management Protocols: NTP, SNMP, and Syslog	Enabling the following management protocols as part of commissioning a dial access service: NTP SNMP Syslog
8	Inspecting the Final Running Configuration for the Cisco AS5300 and AS5800	Referencing and editing full-function Cisco IOS NAS configurations.

Table of Contents

Network Design and Case Study Overview