Configuring Advanced Networks

Dial-on-demand routing (DDR) using snapshot routing
Leased Integrated Services Digital Network (ISDN) line
Dynamic routing using Routing Information Protocol (RIP), including triggered extensions to RIP, and Enhanced Interior Gateway Routing Protocol (EIGRP)
Windows NT (configuring Cisco 800 series routers to function in a Windows NT environment)
Dynamic Host Configuration Protocol (DHCP) relay
Dial-on-demand ISDN line activation control
Network access restrictions
Dial-in authentication and authorization
X.25 on ISDN Basic Rate Interface (BRI)
Always on/dynamic ISDN (AO/DI)
Advanced telephone features such as ISDN voice priority and distinctive ringing

Cisco recommends that you familiarize yourself with the features in the configuration examples to help you decide which features you wish to include in your network.

Note Certain protocols (IP, User Datagram Protocol [UDP], IPX, and Network Time Protocol [NTP]) send updates that can cause an ISDN line to be activated excessively. For information on preventing this situation, see the "Controlling the DDR ISDN Line Activation" section later in this chapter.

Before Configuring Advanced Networks or Features

Before configuring the advanced networks or the advanced features, you must do the following:

Step 1 Order your ISDN line from your telephone service provider. For complete information on ordering your ISDN line, see Appendix B, "Provisioning the ISDN Line."

Step 2 While ordering your ISDN line, gather the following information from your telephone service provider:

ISDN switch type.
Service profile identifiers (SPIDs). In North America only, telephone service providers assign SPIDs. SPIDs identify the ISDN B channels. The SPID format is generally an ISDN telephone number with additional numbers, such as 40855522220101. Depending on the switch type that supports your ISDN line, your ISDN line could be assigned zero, one, or two SPIDs.
ISDN local directory numbers (LDNs), which are the local ISDN telephone numbers of your routers, such as 4085552222 and 5553333.

Note The format of the LDN varies from region to region, depending on the telephone service provider. In some regions, you need to add the area code to the telephone number. Find out from your local telephone service provider whether or not you need to specify an area code for the LDN.

Step 3 If setting up an Internet connection, gather the following information from your Internet service provider (ISP):

PPP client name that the ISP assigns as your login name.
PPP authentication type, either Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP).
PPP password to access your ISP account.
IP address information: the IP address and subnet mask of the ISP ISDN interface.
ISP telephone number.

Step 4 If setting up a connection to a corporate network, you and the network administrator of the corporate network must decide on or generate the following information for the WAN interfaces of your routers and share this information:

PPP authentication type, either CHAP or PAP.
PPP client name to access the router.
PPP password to access the router.
Telephone number assigned to the telephone interface of your router.

Step 5 If setting up either IP or IPX routing, generate the following information:

IP address information: addressing scheme for your IP network.
IPX address information: addressing scheme for your IPX network.

Step 6 Decide which router configuration method to use:

To configure connecting a private IP network to the Internet and corporate network, you can use either the Cisco 800 Fast Step application or the router software command-line interface (CLI). The Cisco 800 Fast Step application is a Windows 95, Windows 98, and Windows NT based configuration tool included with the Cisco 800 series router. For more information on this application, refer the Cisco 800 Fast Step CD-ROM. For more information on using the CLI to configure this network, see the "Connecting a Private IP Network to the Internet and a Corporate Network" section later in this chapter.

Note Cisco strongly recommends that you use the
Cisco 800 Fast Step application to configure your router.

To configure connecting a remote network to two corporate networks or any of the features described in this chapter, you must use the CLI.

Connecting a Private IP Network to the Internet and a Corporate Network

In the network example shown in Figure 4-1, the Cisco 800 series router connects a private IP network to an ISP and a corporate network. In this network, the ISP assigns a registered IP address for the WAN interface only.

Figure 4-1: Connecting Private IP Network to Internet and Corporate Network

Features Used

This network uses the following features on the LAN:

IP routing
IPX routing
DHCP server (optional)

When your router is acting as a DHCP server, workstations configured as DHCP clients are automatically assigned an IP address and subnet mask.

This network uses the following features on the WAN:

IP routing
IPX routing
PPP
NAT overload
Internet Protocol Control Protocol (IPCP)
CHAP or PAP over PPP

With NAT overload configured, your router can use one address for multiple hosts. With IPCP configured, your router can automatically negotiate its IP address from the router it is attempting to connect to.

You can use CHAP or PAP as the PPP authentication protocol. Cisco recommends using CHAP, because it is more secure. For more information, see the "Selecting PPP Authentication Protocol" section in Appendix A, "Concepts."

For the ISDN connection, you can use one of the following options:

DDR using snapshot routing (the ISDN line is activated only when needed)
Permanent ISDN line lease

For complete information on these options, including how to configure them, see the "Configuring the ISDN Line" section later in this chapter.

The IP routing protocol can use either RIP or EIGRP to learn routes dynamically. For more information on the benefits and differences, see the "Selecting IP Routing Protocols" section in Appendix A, "Concepts." You can also use triggered extensions to RIP to control when RIP sends routing updates. For information on how to configure these options, see the "Configuring Dynamic Routing" section later in this chapter.

Configuring the Cisco 800 Series Router

Note Before you begin to configure your router, review "Before Configuring Advanced Networks or Features" earlier in this chapter.

Starting from global configuration mode, follow these steps to configure the Cisco 800 series router in the private IP network to connect to the Internet and the corporate network. For more information on the commands used, see the Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# hostname c804

Enter the router name.

Step 3

c804(config)# enable secret 804password

Enter the password.

Step 4

c804(config)# pots country us

Optional. If you have a Cisco 803 or 803 router that is connected to telephones, fax machines, or modems, specify the country where your router is located. Specifying a country configures the country-specific default settings for each physical characteristic.

Step 5

c804(config)# interface bri0

c804(config-if)# isdn switch-type basic-ni

c804(config-if) exit

Change to interface configuration mode, set the ISDN switch type, and return to global configuration mode.

Step 6

c804(config)# ip subnet-zero

Set the router to recognize the zero subnet range as a valid range of addresses.

Step 7

c804(config)# ip dhcp pool DHCPpoolLAN_0

Optional. Configure your router as a DHCP server. This step specifies the DHCP relay pool name.

Step 8

c804(dhcp-config)# network 10.0.0.0 255.255.255.0

For configuring DHCP only. Set the DHCP pool of addresses.

Step 9

c804(dhcp-config)# dns-server 192.168.1.100

For configuring DHCP only. Set the IP address of the DNS server.

Step 10

c804(dhcp-config)# netbios-name-server 10.1.1.2 10.1.1.3

For configuring DHCP only. Set the NetBIOS servers.

Step 11

c804(dhcp-config)# default-router 10.1.1.1

For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.

Step 12

c804(dhcp-config)# exit

For configuring DHCP only. Exit to global configuration mode.

Step 13

c804(config)# ipx routing

Enable IPX routing. The router uses the Media Access Control (MAC) address of the Ethernet port as the node address. Cisco 803 and 804 routers use the MAC address of Ethernet port 0.

Step 14

c804(config)# interface ethernet0

c804(config-if)# ipx network BEEF encapsulation SAP

Change to the Ethernet interface configuration mode to enable IPX routing on the Ethernet interface and select the type of encapsulation.

Step 15

c804(config-if)# ip address 10.0.0.1 255.255.255.0

Enter the IP address and subnet mask.

Step 16

c804(config-if)# ip nat inside

c804(config-if)# exit

Enable Network Address Translation (NAT) on your LAN, then change to global configuration mode.

Step 17

c804(config)# interface bri0

Change to interface configuration mode for BRI0.

Step 18

c804(config-if)# encapsulation ppp

Enable PPP.

Step 19

c804(config-if)# isdn incoming-voice modem

Optional. Specify that incoming voice calls are forwarded to the devices connected to the telephone ports.

Step 20

c804(config-if)# ppp authentication pap chap callin

Enable PAP or CHAP on incoming calls only.

Step 21

c804(config-if)# ppp chap hostname c804

c804(config-if)# ppp chap password 804password

For CHAP only. Define the router hostname and password to authenticate.

Step 22

c804(config-if)# ppp multilink

Enable multilink PPP.

Step 23

c804(config-if)# ip nat outside

c804(config-if)# exit

Configure a valid Internet address to which the inside network address will be translated, then change to global configuration mode.

Step 24

c804(config)# interface dialer1

Create a dialer interface.

Step 25

c804(config-if)# ip unnumbered ethernet0

Specify that no specific IP addresses are assigned for Ethernet 0.

Step 26

c804(config-if)# encapsulation ppp

Enable PPP.

Step 27

c804(config-if)# dialer remote-name corp_router

Specify the name of the corporate router.

Step 28

c804(config-if)# dialer pool 1

Assign a dialer pool.

Step 29

c804(config-if)# dialer idle-timeout 300

Specify the time in seconds that the line is idle before it is disconnected.

Step 30

c804(config-if)# dialer string 7771111

Set up the dialer string.

Step 31

c804(config-if)# dialer hold-queue 10

Specify the maximum number of packets to be held in the outgoing queue.

Step 32

c804(config-if)# dialer load-threshold 150 either

Define the load level that must be exceeded on the first ISDN B channel before the second B channel is brought up. The load-threshold variable is a number from 1 to 255 representing a utilization percentage.

Enter outbound to calculate the load using outbound data only, inbound to use inbound data only, and either to set the maximum load as the larger of the two loads.

Step 33

c804(config-if)# dialer-group 1

Assign the interface to dialer access group 1.

Step 34

c804(config-if)# ipx network AAAA

Define the IPX network.

Step 35

c804(config-if)# ppp authentication chap pap callin

Configure CHAP and PAP to authenticate incoming calls.

Step 36

c804(config-if)# ppp chap hostname c804

c804(config-if)# ppp chap password 804password

Specify the CHAP hostname and password.

Step 37

c804(config-if)# ppp pap sent-username c804 password 804password

Specify the PAP username and password.

Step 38

c804(config)# interface dialer2

Create a second dialer interface.

Step 39

c804(config-if)# ip address negotiated

Specify that IP addresses are negotiated.

Step 40

c804(config-if)# encapsulation ppp

Enable PPP.

Step 41

c804(config-if)# dialer remote-name isp

Specify the name of the corporate router.

Step 42

c804(config-if)# dialer pool 2

Assign a dialer pool.

Step 43

c804(config-if)# dialer idle-timeout 300

Specify the time in seconds that the line is idle before it is disconnected.

Step 44

c804(config-if)# dialer string 18001234567

Set up the dialer string.

Step 45

c804(config-if)# dialer hold-queue 10

Specify the maximum number of packets to be held in the outgoing queue.

Step 46

c804(config-if)# dialer load-threshold 150 either

Define the load level that must be exceeded on the first ISDN B channel before the second B channel is brought up. The load-threshold variable is a number from 1 to 255 representing a utilization percentage.

Enter outbound to calculate the load using outbound data only, inbound to use inbound data only, and either to set the maximum load as the larger of the two loads.

Step 47

c804(config-if)# dialer-group 1

Assign the interface to dialer access group 1.

Step 48

c804(config-if)# ppp authentication chap pap callin

Configure CHAP and PAP to authenticate incoming calls.

Step 49

c804(config-if)# ppp chap hostname
generic user

c804(config-if)# password user pass

Specify the CHAP username and password.

Step 50

c804(config-if)# ppp pap sent-username generic_user password user pass

Specify the PAP username and password.

Step 51

c804(config-if)# ppp multilink

Enable multilink PPP.

Step 52

c804(config-if)# exit

Change to global configuration mode.

Step 53

c804(config)# access-list 1 permit 10.0.0.1 255.255.255.0

c804(config)# dialer-list 1 protocol ip permit

Specify an access list and a dialer list to control IP traffic.

Step 54

c804(config)# ip route 10.1.0.0 255.255.0.0 bri0

Add a default route and interface.

Step 55

c804(config)# dial-peer voice 1 pots

c804(config-dial-peer)# destination-pattern 5551212

c804(config-dial-peer)# port 1

Create a dial peer to determine how incoming calls are routed to the telephone port 1.

Step 56

c804(config-dial-peer)# exit

Return to global configuration mode.

Step 57

c804(config)# dial-peer voice 2 pots

c804(config-dial-peer)# destination-pattern 5551313

c804(config-dial-peer)# port 2

Create a second dial peer for the telephone port 2.

Step 58

c804(config-dial-peer)# exit

Change to global configuration mode.

Step 59

c804(config)# ip nat inside source list 1 interface bri0 overload

c804(config)# access-list 1 permit 10.0.0.0 0.0.0.255

Set global NAT commands. In this example, all inside network addresses assigned to interface BRI0 are configured for translation, and the access list that contains the inside network addresses is defined.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# hostname c804	Enter the router name.
Step 3	c804(config)# enable secret 804password	Enter the password.
Step 4	c804(config)# pots country us	Optional. If you have a Cisco 803 or 803 router that is connected to telephones, fax machines, or modems, specify the country where your router is located. Specifying a country configures the country-specific default settings for each physical characteristic.
Step 5	c804(config)# interface bri0 c804(config-if)# isdn switch-type basic-ni c804(config-if) exit	Change to interface configuration mode, set the ISDN switch type, and return to global configuration mode.
Step 6	c804(config)# ip subnet-zero	Set the router to recognize the zero subnet range as a valid range of addresses.
Step 7	c804(config)# ip dhcp pool DHCPpoolLAN_0	Optional. Configure your router as a DHCP server. This step specifies the DHCP relay pool name.
Step 8	c804(dhcp-config)# network 10.0.0.0 255.255.255.0	For configuring DHCP only. Set the DHCP pool of addresses.
Step 9	c804(dhcp-config)# dns-server 192.168.1.100	For configuring DHCP only. Set the IP address of the DNS server.
Step 10	c804(dhcp-config)# netbios-name-server 10.1.1.2 10.1.1.3	For configuring DHCP only. Set the NetBIOS servers.
Step 11	c804(dhcp-config)# default-router 10.1.1.1	For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.
Step 12	c804(dhcp-config)# exit	For configuring DHCP only. Exit to global configuration mode.
Step 13	c804(config)# ipx routing	Enable IPX routing. The router uses the Media Access Control (MAC) address of the Ethernet port as the node address. Cisco 803 and 804 routers use the MAC address of Ethernet port 0.
Step 14	c804(config)# interface ethernet0 c804(config-if)# ipx network BEEF encapsulation SAP	Change to the Ethernet interface configuration mode to enable IPX routing on the Ethernet interface and select the type of encapsulation.
Step 15	c804(config-if)# ip address 10.0.0.1 255.255.255.0	Enter the IP address and subnet mask.
Step 16	c804(config-if)# ip nat inside c804(config-if)# exit	Enable Network Address Translation (NAT) on your LAN, then change to global configuration mode.
Step 17	c804(config)# interface bri0	Change to interface configuration mode for BRI0.
Step 18	c804(config-if)# encapsulation ppp	Enable PPP.
Step 19	c804(config-if)# isdn incoming-voice modem	Optional. Specify that incoming voice calls are forwarded to the devices connected to the telephone ports.
Step 20	c804(config-if)# ppp authentication pap chap callin	Enable PAP or CHAP on incoming calls only.
Step 21	c804(config-if)# ppp chap hostname c804 c804(config-if)# ppp chap password 804password	For CHAP only. Define the router hostname and password to authenticate.
Step 22	c804(config-if)# ppp multilink	Enable multilink PPP.
Step 23	c804(config-if)# ip nat outside c804(config-if)# exit	Configure a valid Internet address to which the inside network address will be translated, then change to global configuration mode.
Step 24	c804(config)# interface dialer1	Create a dialer interface.
Step 25	c804(config-if)# ip unnumbered ethernet0	Specify that no specific IP addresses are assigned for Ethernet 0.
Step 26	c804(config-if)# encapsulation ppp	Enable PPP.
Step 27	c804(config-if)# dialer remote-name corp_router	Specify the name of the corporate router.
Step 28	c804(config-if)# dialer pool 1	Assign a dialer pool.
Step 29	c804(config-if)# dialer idle-timeout 300	Specify the time in seconds that the line is idle before it is disconnected.
Step 30	c804(config-if)# dialer string 7771111	Set up the dialer string.
Step 31	c804(config-if)# dialer hold-queue 10	Specify the maximum number of packets to be held in the outgoing queue.
Step 32	c804(config-if)# dialer load-threshold 150 either	Define the load level that must be exceeded on the first ISDN B channel before the second B channel is brought up. The load-threshold variable is a number from 1 to 255 representing a utilization percentage. Enter outbound to calculate the load using outbound data only, inbound to use inbound data only, and either to set the maximum load as the larger of the two loads.
Step 33	c804(config-if)# dialer-group 1	Assign the interface to dialer access group 1.
Step 34	c804(config-if)# ipx network AAAA	Define the IPX network.
Step 35	c804(config-if)# ppp authentication chap pap callin	Configure CHAP and PAP to authenticate incoming calls.
Step 36	c804(config-if)# ppp chap hostname c804 c804(config-if)# ppp chap password 804password	Specify the CHAP hostname and password.
Step 37	c804(config-if)# ppp pap sent-username c804 password 804password	Specify the PAP username and password.
Step 38	c804(config)# interface dialer2	Create a second dialer interface.
Step 39	c804(config-if)# ip address negotiated	Specify that IP addresses are negotiated.
Step 40	c804(config-if)# encapsulation ppp	Enable PPP.
Step 41	c804(config-if)# dialer remote-name isp	Specify the name of the corporate router.
Step 42	c804(config-if)# dialer pool 2	Assign a dialer pool.
Step 43	c804(config-if)# dialer idle-timeout 300	Specify the time in seconds that the line is idle before it is disconnected.
Step 44	c804(config-if)# dialer string 18001234567	Set up the dialer string.
Step 45	c804(config-if)# dialer hold-queue 10	Specify the maximum number of packets to be held in the outgoing queue.
Step 46	c804(config-if)# dialer load-threshold 150 either	Define the load level that must be exceeded on the first ISDN B channel before the second B channel is brought up. The load-threshold variable is a number from 1 to 255 representing a utilization percentage. Enter outbound to calculate the load using outbound data only, inbound to use inbound data only, and either to set the maximum load as the larger of the two loads.
Step 47	c804(config-if)# dialer-group 1	Assign the interface to dialer access group 1.
Step 48	c804(config-if)# ppp authentication chap pap callin	Configure CHAP and PAP to authenticate incoming calls.
Step 49	c804(config-if)# ppp chap hostname generic user c804(config-if)# password user pass	Specify the CHAP username and password.
Step 50	c804(config-if)# ppp pap sent-username generic_user password user pass	Specify the PAP username and password.
Step 51	c804(config-if)# ppp multilink	Enable multilink PPP.
Step 52	c804(config-if)# exit	Change to global configuration mode.
Step 53	c804(config)# access-list 1 permit 10.0.0.1 255.255.255.0 c804(config)# dialer-list 1 protocol ip permit	Specify an access list and a dialer list to control IP traffic.
Step 54	c804(config)# ip route 10.1.0.0 255.255.0.0 bri0	Add a default route and interface.
Step 55	c804(config)# dial-peer voice 1 pots c804(config-dial-peer)# destination-pattern 5551212 c804(config-dial-peer)# port 1	Create a dial peer to determine how incoming calls are routed to the telephone port 1.
Step 56	c804(config-dial-peer)# exit	Return to global configuration mode.
Step 57	c804(config)# dial-peer voice 2 pots c804(config-dial-peer)# destination-pattern 5551313 c804(config-dial-peer)# port 2	Create a second dial peer for the telephone port 2.
Step 58	c804(config-dial-peer)# exit	Change to global configuration mode.
Step 59	c804(config)# ip nat inside source list 1 interface bri0 overload c804(config)# access-list 1 permit 10.0.0.0 0.0.0.255	Set global NAT commands. In this example, all inside network addresses assigned to interface BRI0 are configured for translation, and the access list that contains the inside network addresses is defined.

Configuring the Router at the Corporate Site

Starting from global configuration mode, follow these steps to configure the router that is connected to the Cisco 800 series router. This procedure assumes that this router is a Cisco router that supports Cisco IOS software, such as a Cisco 3600 router.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# hostname 3600

Specify a name for the router.

Step 3

3600(config)# enable secret secret

Set an encrypted password to gain access to privileged EXEC mode commands.

Step 4

3600(config)# username c800 password c800 pass

Specify the username and password of the Cisco 800 series router.

Step 5

3600(config)# ip subnet-zero

Set router to recognize the zero subnet range as a valid range of addresses.

Step 6

3600(config)# no ip domain-lookup

Disable router from translating unfamiliar words entered during a console session into IP addresses.

Step 7

3600(config)# ip dhcp pool DHCPpoolLAN_1

Optional. Configure your router as a DHCP server. This step specifies the DHCP relay pool name.

Step 8

3600(dhcp-config)# network 192.168.1.0 255.255.255.0

For configuring DHCP only. Set the DHCP pool of addresses.

Step 9

3600(dhcp-config)# dns-server 192.168.1.2

For configuring DHCP only. Set the IP address of the DNS server.

Step 10

3600(dhcp-config)# netbios-name-server 192.168.1.11 192.168.1.12

For configuring DHCP only. Set the NetBIOS servers.

Step 11

3600(dhcp-config)# default-router 192.168.1.1

For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.

Step 12

3600(dhcp-config)# exit

For configuring DHCP only. Exit to global configuration mode.

Step 13

3600(config)# ip local pool POOL1 192.168.1.10 192.168.1.20

Set a local pool of IP addresses to be used when Cisco 800 series router attempts to connect.

Step 14

3600(config)# interface e0

Change to interface configuration mode for Ethernet 0.

Step 15

3600(config-if)# ip address 192.168.1.1 255.255.255.0

3600(config-if)# exit

Set IP address and subnet mask for the Ethernet interface, then return to global configuration mode.

Step 16

3600(config)# interface bri0

3600(config-if)# isdn switch-type basic-net3

Change to interface configuration mode for BRI0 and specify the ISDN switch type.

Step 17

3600(config-if)# encapsulation ppp

Enable PPP.

Step 18

3600(config-if)# isdn spid1 0155533330101

3600(config-if)# isdn spid2 0155544440101

North America only. Specify SPID numbers assigned to B channels by telephone service provider.

Step 19

3600(config-if)# peer default ip address pool POOL1

Specify address from a particular IP address pool be returned to the connected router. Use pool name specified in ip local pool command.

Step 20

3600(config-if)# ppp authentication chap callin
or
3600(config-if)# ppp authentication pap callin

Enable PAP or CHAP and specify authentication in incoming calls only.

Step 21

3600(config-if)# ppp multilink

Enable multilink PPP.

Step 22

3600(config-if)# no cdp enable

Disable CDP.

Step 23

3600(config-if)# exit

3600(config)# ip classless

Change to global configuration mode and set IP addresses to be treated as classless.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# hostname 3600	Specify a name for the router.
Step 3	3600(config)# enable secret secret	Set an encrypted password to gain access to privileged EXEC mode commands.
Step 4	3600(config)# username c800 password c800 pass	Specify the username and password of the Cisco 800 series router.
Step 5	3600(config)# ip subnet-zero	Set router to recognize the zero subnet range as a valid range of addresses.
Step 6	3600(config)# no ip domain-lookup	Disable router from translating unfamiliar words entered during a console session into IP addresses.
Step 7	3600(config)# ip dhcp pool DHCPpoolLAN_1	Optional. Configure your router as a DHCP server. This step specifies the DHCP relay pool name.
Step 8	3600(dhcp-config)# network 192.168.1.0 255.255.255.0	For configuring DHCP only. Set the DHCP pool of addresses.
Step 9	3600(dhcp-config)# dns-server 192.168.1.2	For configuring DHCP only. Set the IP address of the DNS server.
Step 10	3600(dhcp-config)# netbios-name-server 192.168.1.11 192.168.1.12	For configuring DHCP only. Set the NetBIOS servers.
Step 11	3600(dhcp-config)# default-router 192.168.1.1	For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.
Step 12	3600(dhcp-config)# exit	For configuring DHCP only. Exit to global configuration mode.
Step 13	3600(config)# ip local pool POOL1 192.168.1.10 192.168.1.20	Set a local pool of IP addresses to be used when Cisco 800 series router attempts to connect.
Step 14	3600(config)# interface e0	Change to interface configuration mode for Ethernet 0.
Step 15	3600(config-if)# ip address 192.168.1.1 255.255.255.0 3600(config-if)# exit	Set IP address and subnet mask for the Ethernet interface, then return to global configuration mode.
Step 16	3600(config)# interface bri0 3600(config-if)# isdn switch-type basic-net3	Change to interface configuration mode for BRI0 and specify the ISDN switch type.
Step 17	3600(config-if)# encapsulation ppp	Enable PPP.
Step 18	3600(config-if)# isdn spid1 0155533330101 3600(config-if)# isdn spid2 0155544440101	North America only. Specify SPID numbers assigned to B channels by telephone service provider.
Step 19	3600(config-if)# peer default ip address pool POOL1	Specify address from a particular IP address pool be returned to the connected router. Use pool name specified in ip local pool command.
Step 20	3600(config-if)# ppp authentication chap callin or 3600(config-if)# ppp authentication pap callin	Enable PAP or CHAP and specify authentication in incoming calls only.
Step 21	3600(config-if)# ppp multilink	Enable multilink PPP.
Step 22	3600(config-if)# no cdp enable	Disable CDP.
Step 23	3600(config-if)# exit 3600(config)# ip classless	Change to global configuration mode and set IP addresses to be treated as classless.

Connecting a Remote Network to Two Corporate Networks

In the network example shown in Figure 4-2, the Cisco 800 series router and two other routers, such as Cisco 3600 routers, connect a remote network to two corporate networks.

Figure 4-2: Connecting Remote Network to Two Corporate Networks

Features Used

This network uses the following features on the LAN:

IP routing (Cisco recommends for management purposes, such as Telnet)
IPX routing
DHCP server (optional)

When your router is acting as a DHCP server, workstations configured as DHCP clients are automatically assigned an IP address and subnet mask.

This network uses the following features on the WAN:

IP routing
IPX routing
PPP
NAT overload
IPCP
CHAP or PAP over PPP

You can use either CHAP or PAP as the PPP authentication protocol. Cisco recommends using CHAP because it is the more secure of the two protocols. For more information, see the "Selecting PPP Authentication Protocol" section in Appendix A, "Concepts."

For the ISDN connection, you can use one of the following options:

DDR using snapshot routing (the ISDN line is activated only when needed)
Permanently leased ISDN line

For complete information on these options, including how to configure them, see the "Configuring the ISDN Line" section later in this chapter.

The IP routing protocol can use either RIP or EIGRP to learn routes dynamically. You can use either one of these options. For more information on the benefits and differences between the two, see the "Selecting IP Routing Protocols" section in Appendix A, "Concepts." You can also use triggered extensions to RIP to control when RIP sends routing updates. For information on how to configure these options, see the "Configuring Dynamic Routing" section later in this chapter.

Configuring the Cisco 800 Series Router

Note Before you begin to configure your router, review the section titled "Before Configuring Advanced Networks or Features" in this chapter.

Starting from global configuration mode, follow these steps to configure the Cisco 800 series router in the remote network to two corporate networks. For information on the commands used in this table, see Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# hostname c804

Enter the router name.

Step 3

c804(config)# enable secret 804password

Enter the password.

Step 4

c804(config)# pots country us

Optional. If you have a Cisco 803 or 804 router that are connected to telephones, fax machines, or modems, specify the country where your router is located. Specifying a country configures the country-specific default settings for each physical characteristic.

Step 5

c804(config)# ip subnet-zero

Set the router to recognize the zero subnet range as a valid range of addresses.

Step 6

c804(config)# ip dhcp pool DHCPpoolLAN_0

Optional. Configure your router as a DHCP server. In this step, specify the DHCP relay pool name.

Step 7

c804(dhcp-config)# network 192.168.1.0 255.255.255.0

Optional. Set the DHCP pool of addresses.

Step 8

c804(dhcp-config)# dns-server 172.29.20.41 172.29.20.51

For DHCP configuration only. Set the IP address of the DNS servers.

Step 9

c804(dhcp-config)# netbios-name-server 172.29.20.41 172.29.20.51

For DHCP configuration only. Set the NetBIOS servers.

Step 10

c804(dhcp-config)# default-router 192.168.1.1

For DHCP configuration only. Set the Ethernet 0 IP address as the default gateway.

Step 11

c804(dhcp-config)# exit

For DHCP configuration only. Exit to global configuration mode.

Step 12

c804(config)# ipx routing

Enable IPX routing. The router uses the Media Access Control (MAC) address of the Ethernet port as the node address. Cisco 803 and 804 routers use the MAC address of Ethernet port 0.

Step 13

c804(config)# interface ethernet0

Change to the Ethernet interface configuration mode.

Step 14

c804(config-if)# ip nat inside

Enable NAT on the inside network.

Step 15

c804(config-if)# ipx network BEEF encapsulation SAP

Enable IPX routing on the Ethernet interface and select the type of encapsulation.

Step 16

c804(config-if)# ip address 192.168.2.2 255.255.255.0

c804(config-if)# exit

Assign the IP addresses for Ethernet 0, then change to global configuration mode.

Step 17

c804(config)# interface dialer1

Create a dialer interface.

Step 18

c804(config-if)# encapsulation ppp

Enable PPP.

Step 19

c804(config-if)# dialer remote-name corp1

Specify the name of the corporate router.

Step 20

c804(config-if)# dialer pool 1

Assign a dialer pool.

Step 21

c804(config-if)# dialer idle-timeout 300

Specify the time in seconds that the line is idle before it is disconnected.

Step 22

c804(config-if)# dialer string 7771111

Set up the dialer string.

Step 23

c804(config-if)# dialer hold-queue 10

Specify the maximum number of packets to be held in the outgoing queue.

Step 24

c804(config-if)# dialer-group 1

Assign the interface to dialer access group 1.

Step 25

c804(config-if)# ipx network C0FFEE

Define the IPX network.

Step 26

c804(config-if)# ppp authentication chap pap callin

Configure CHAP and PAP to authenticate incoming calls.

Step 27

c804(config-if)# ppp chap hostname c804

Specify the CHAP hostname.

Step 28

c804(config-if)# ppp chap password 804password

Specify the CHAP password.

Step 29

c804(config-if)# ppp pap sent-username c804 password 804password

Specify the PAP username and password.

Step 30

c804(config)# interface dialer2

Create a second dialer interface.

Step 31

c804(config-if)# ip address 192.168.3.1 255.255.255.0

Assign the IP addresses for Ethernet 0.

Step 32

c804(config-if)# encapsulation ppp

Enable PPP.

Step 33

c804(config-if)# dialer remote-name corp2

Specify the name of the corporate router.

Step 34

c804(config-if)# dialer pool 1

Assign a dialer pool.

Step 35

c804(config-if)# dialer idle-timeout 300

Specify the time in seconds that the line is idle before it is disconnected.

Step 36

c804(config-if)# dialer string 7772222

Set up the dialer string.

Step 37

c804(config-if)# dialer hold-queue 10

Specify the maximum number of packets to be held in the outgoing queue.

Step 38

c804(config-if)# dialer-group 2

Assign the interface to a dialer access group.

Step 39

c804(config-if)# ppp authentication chap pap callin

Configure CHAP and PAP to authenticate incoming calls.

Step 40

c804(config-if)# ppp chap hostname c804

Specify the CHAP hostname.

Step 41

c804(config-if)# ppp chap password 804password

Specify the CHAP password.

Step 42

c804(config-if)# ppp pap sent-username c804 password 804password

Configure PAP username and password.

Step 43

c804(config-if)# exit

c804(config)#

Change to global configuration mode.

Step 44

c804(config)# dialer-list 1 protocol ip permit

c804(config) dialer-list 2 protocol ip permit

Specify dialer-list protocol permissions.

Step 45

c804(config)# interface bri0

c804(config-if)# isdn switch-type basic-ni

Change to the interface BRI0 configuration mode and set the ISDN switch type.

Step 46

c804(config-if)# ip address 192.168.1.1. 255.255.255.0

Enter the IP address and subnet mask.

Step 47

c804(config-if)# ip nat outside

Configure a valid Internet address to which the inside network address will be translated.

Step 48

c804(config-if)# encapsulation ppp

Enable PPP.

Step 49

c804(config-if)# dialer rotary-group 1

c804(config-if)# dialer rotary-group 2

Create dialer rotary groups 1 and 2, specifying a number between 0 and 255 for each.

Step 50

c804(config-if)# isdn spid1 0 4085551212

c804(config-if)# isdn spid2 0 4085551313

North America only. Associate the ISDN LDNs provided by your telephone service provider to the first and second SPIDs and configure the SPID numbers to be automatically detected.

Step 51

c804(config-if)# ppp authentication pap chap callin

Enable PAP or CHAP for incoming data.

Step 52

c804(config-if)# isdn incoming-voice modem

Specify that voice calls are forwarded to the devices connected to the analog telephone ports.

Step 53

c804(config-if)# exit

Change to global configuration mode.

Step 54

c804(config)# dial-peer voice 1 pots

c804(config-dial-peer)# destination-pattern 5551212

c804(config-dial-peer)# port 1

Create a dial peer to determine how incoming calls are routed to the telephone port 1.

Step 55

c804(config-dial-peer)# exit

Return to global configuration mode.

Step 56

c804(config)# dial-peer voice 2 pots

c804(config-dial-peer)# destination-pattern 5551313

c804(config-dial-peer)# port 2

Create a second dial peer to determine how incoming calls are routed to the telephone port 2.

Step 57

c804(config-dial-peer)# exit

Change to global configuration mode.

Step 58

c804(config)# ip nat inside source list 1 interface bri0 overload

c804(config)# access-list 1 permit 192.168.1.0 0.0.0.255

Set global NAT commands. In this example, all inside network addresses assigned to interface BRI0 are configured for translation, and the access list that contains the inside network addresses is defined.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# hostname c804	Enter the router name.
Step 3	c804(config)# enable secret 804password	Enter the password.
Step 4	c804(config)# pots country us	Optional. If you have a Cisco 803 or 804 router that are connected to telephones, fax machines, or modems, specify the country where your router is located. Specifying a country configures the country-specific default settings for each physical characteristic.
Step 5	c804(config)# ip subnet-zero	Set the router to recognize the zero subnet range as a valid range of addresses.
Step 6	c804(config)# ip dhcp pool DHCPpoolLAN_0	Optional. Configure your router as a DHCP server. In this step, specify the DHCP relay pool name.
Step 7	c804(dhcp-config)# network 192.168.1.0 255.255.255.0	Optional. Set the DHCP pool of addresses.
Step 8	c804(dhcp-config)# dns-server 172.29.20.41 172.29.20.51	For DHCP configuration only. Set the IP address of the DNS servers.
Step 9	c804(dhcp-config)# netbios-name-server 172.29.20.41 172.29.20.51	For DHCP configuration only. Set the NetBIOS servers.
Step 10	c804(dhcp-config)# default-router 192.168.1.1	For DHCP configuration only. Set the Ethernet 0 IP address as the default gateway.
Step 11	c804(dhcp-config)# exit	For DHCP configuration only. Exit to global configuration mode.
Step 12	c804(config)# ipx routing	Enable IPX routing. The router uses the Media Access Control (MAC) address of the Ethernet port as the node address. Cisco 803 and 804 routers use the MAC address of Ethernet port 0.
Step 13	c804(config)# interface ethernet0	Change to the Ethernet interface configuration mode.
Step 14	c804(config-if)# ip nat inside	Enable NAT on the inside network.
Step 15	c804(config-if)# ipx network BEEF encapsulation SAP	Enable IPX routing on the Ethernet interface and select the type of encapsulation.
Step 16	c804(config-if)# ip address 192.168.2.2 255.255.255.0 c804(config-if)# exit	Assign the IP addresses for Ethernet 0, then change to global configuration mode.
Step 17	c804(config)# interface dialer1	Create a dialer interface.
Step 18	c804(config-if)# encapsulation ppp	Enable PPP.
Step 19	c804(config-if)# dialer remote-name corp1	Specify the name of the corporate router.
Step 20	c804(config-if)# dialer pool 1	Assign a dialer pool.
Step 21	c804(config-if)# dialer idle-timeout 300	Specify the time in seconds that the line is idle before it is disconnected.
Step 22	c804(config-if)# dialer string 7771111	Set up the dialer string.
Step 23	c804(config-if)# dialer hold-queue 10	Specify the maximum number of packets to be held in the outgoing queue.
Step 24	c804(config-if)# dialer-group 1	Assign the interface to dialer access group 1.
Step 25	c804(config-if)# ipx network C0FFEE	Define the IPX network.
Step 26	c804(config-if)# ppp authentication chap pap callin	Configure CHAP and PAP to authenticate incoming calls.
Step 27	c804(config-if)# ppp chap hostname c804	Specify the CHAP hostname.
Step 28	c804(config-if)# ppp chap password 804password	Specify the CHAP password.
Step 29	c804(config-if)# ppp pap sent-username c804 password 804password	Specify the PAP username and password.
Step 30	c804(config)# interface dialer2	Create a second dialer interface.
Step 31	c804(config-if)# ip address 192.168.3.1 255.255.255.0	Assign the IP addresses for Ethernet 0.
Step 32	c804(config-if)# encapsulation ppp	Enable PPP.
Step 33	c804(config-if)# dialer remote-name corp2	Specify the name of the corporate router.
Step 34	c804(config-if)# dialer pool 1	Assign a dialer pool.
Step 35	c804(config-if)# dialer idle-timeout 300	Specify the time in seconds that the line is idle before it is disconnected.
Step 36	c804(config-if)# dialer string 7772222	Set up the dialer string.
Step 37	c804(config-if)# dialer hold-queue 10	Specify the maximum number of packets to be held in the outgoing queue.
Step 38	c804(config-if)# dialer-group 2	Assign the interface to a dialer access group.
Step 39	c804(config-if)# ppp authentication chap pap callin	Configure CHAP and PAP to authenticate incoming calls.
Step 40	c804(config-if)# ppp chap hostname c804	Specify the CHAP hostname.
Step 41	c804(config-if)# ppp chap password 804password	Specify the CHAP password.
Step 42	c804(config-if)# ppp pap sent-username c804 password 804password	Configure PAP username and password.
Step 43	c804(config-if)# exit c804(config)#	Change to global configuration mode.
Step 44	c804(config)# dialer-list 1 protocol ip permit c804(config) dialer-list 2 protocol ip permit	Specify dialer-list protocol permissions.
Step 45	c804(config)# interface bri0 c804(config-if)# isdn switch-type basic-ni	Change to the interface BRI0 configuration mode and set the ISDN switch type.
Step 46	c804(config-if)# ip address 192.168.1.1. 255.255.255.0	Enter the IP address and subnet mask.
Step 47	c804(config-if)# ip nat outside	Configure a valid Internet address to which the inside network address will be translated.
Step 48	c804(config-if)# encapsulation ppp	Enable PPP.
Step 49	c804(config-if)# dialer rotary-group 1 c804(config-if)# dialer rotary-group 2	Create dialer rotary groups 1 and 2, specifying a number between 0 and 255 for each.
Step 50	c804(config-if)# isdn spid1 0 4085551212 c804(config-if)# isdn spid2 0 4085551313	North America only. Associate the ISDN LDNs provided by your telephone service provider to the first and second SPIDs and configure the SPID numbers to be automatically detected.
Step 51	c804(config-if)# ppp authentication pap chap callin	Enable PAP or CHAP for incoming data.
Step 52	c804(config-if)# isdn incoming-voice modem	Specify that voice calls are forwarded to the devices connected to the analog telephone ports.
Step 53	c804(config-if)# exit	Change to global configuration mode.
Step 54	c804(config)# dial-peer voice 1 pots c804(config-dial-peer)# destination-pattern 5551212 c804(config-dial-peer)# port 1	Create a dial peer to determine how incoming calls are routed to the telephone port 1.
Step 55	c804(config-dial-peer)# exit	Return to global configuration mode.
Step 56	c804(config)# dial-peer voice 2 pots c804(config-dial-peer)# destination-pattern 5551313 c804(config-dial-peer)# port 2	Create a second dial peer to determine how incoming calls are routed to the telephone port 2.
Step 57	c804(config-dial-peer)# exit	Change to global configuration mode.
Step 58	c804(config)# ip nat inside source list 1 interface bri0 overload c804(config)# access-list 1 permit 192.168.1.0 0.0.0.255	Set global NAT commands. In this example, all inside network addresses assigned to interface BRI0 are configured for translation, and the access list that contains the inside network addresses is defined.

Configuring the Routers at the Corporate-Site

Starting from global configuration mode, follow these steps to configure the routers that connect the Cisco 800 series router. This procedure assumes that these routers are Cisco routers that support Cisco IOS software, such as a
Cisco 3600 router.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# hostname 3600

Define the corporate router hostname.

Step 3

3600(config)# enable secret secret

Enter an encrypted password to gain access to privileged EXEC mode commands.

Step 4

3600(config)# username c800 password c800_pass

Specify the username and password of the Cisco 800 series router.

Step 5

3600(config)# ip subnet-zero

Set router to recognize the zero subnet range as a valid range of addresses.

Step 6

3600(config)# no ip domain-lookup

Disable router from translating unfamiliar words entered during a console session into IP addresses.

Step 7

3600(config)# ip local pool POOL1 1.1.2.1 1.1.2.7

Set a local pool of IP addresses to be used when the Cisco 800 series router attempts to connect. Define the pool name and the range of IP addresses in the pool.

Step 8

3600(config)# ip dhcp pool DHCPpoolLAN_1

Optional if configuring your router as a DHCP server. If DHCP is not being configured, go to step 14.

This step specifies the DHCP relay pool name.

Step 9

3600(dhcp-config)# network 1.1.2.0 255.255.255.0

For configuring DHCP only. Set the DHCP pool of addresses.

Step 10

3600(dhcp-config)# dns-server 1.1.2.2

For configuring DHCP only. Set the IP address of the DNS server.

Step 11

3600(dhcp-config)# netbios-name-server 1.2.2.2 1.2.2.3

For configuring DHCP only. Set the NetBIOS servers.

Step 12

3600(dhcp-config)# default-router 1.1.2.1

For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.

Step 13

3600(dhcp-config)# exit

For configuring DHCP only. Exit to global configuration mode.

Step 14

3600(config)# ip address 1.1.1.1 255.255.255.0

Set IP address and subnet mask.

Step 15

3600(config)# interface bri0

3600(config-if)# isdn switch-type basic-net3

Change to interface configuration mode for BRI0 and specify ISDN switch type.

Step 16

3600(config-if)# encapsulation ppp

Enable PPP.

Step 17

3600(config-if)# isdn spid1 0155533330101

3600(config-if)# isdn spid2 0155544440101

North America only. Specify SPID numbers assigned to B channels by telephone service provider.

Step 18

3600(config-if)# peer default ip address pool POOL1

Specify address from a particular IP address pool be returned to the connected router. Use pool name specified in ip local pool command.

Step 19

3600(config-if)# ppp authentication chap
or
3600(config-if)# ppp authentication pap

Enable PAP or CHAP.

Step 20

3600(config-if)# ppp multilink

Enable multilink PPP.

Step 21

3600(config-if)# no cdp enable

Disable CDP.

Step 22

3600(config-if)# exit

Change to global configuration mode.

Step 23

3600(config)# ip classless

Set the IP addresses to be treated as classless.

Step 24

3600(config)# ipx routing

Enable IPX routing. Router uses MAC address of first Ethernet port as node address.

Step 25

3600(config)# ipx network A.A.A.A

Enable IPX routing on Ethernet and ISDN interfaces.

Step 26

3600(config)# no ipx route-cache

Disable IPX fast switching.

Step 27

3600(config)# ipx watchdog-spoof

Set the software to respond to watchdog packets of a server on behalf of a remote client.

Step 28

3600(config)# ipx sap 4 SanJoseFS 1000.0000.0000.0001 451 2

Specify static SAP entries (from left to right) for the service type, network name, network number and node address of the server, socket number for the service, and the hop count to the server.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# hostname 3600	Define the corporate router hostname.
Step 3	3600(config)# enable secret secret	Enter an encrypted password to gain access to privileged EXEC mode commands.
Step 4	3600(config)# username c800 password c800_pass	Specify the username and password of the Cisco 800 series router.
Step 5	3600(config)# ip subnet-zero	Set router to recognize the zero subnet range as a valid range of addresses.
Step 6	3600(config)# no ip domain-lookup	Disable router from translating unfamiliar words entered during a console session into IP addresses.
Step 7	3600(config)# ip local pool POOL1 1.1.2.1 1.1.2.7	Set a local pool of IP addresses to be used when the Cisco 800 series router attempts to connect. Define the pool name and the range of IP addresses in the pool.
Step 8	3600(config)# ip dhcp pool DHCPpoolLAN_1	Optional if configuring your router as a DHCP server. If DHCP is not being configured, go to step 14. This step specifies the DHCP relay pool name.
Step 9	3600(dhcp-config)# network 1.1.2.0 255.255.255.0	For configuring DHCP only. Set the DHCP pool of addresses.
Step 10	3600(dhcp-config)# dns-server 1.1.2.2	For configuring DHCP only. Set the IP address of the DNS server.
Step 11	3600(dhcp-config)# netbios-name-server 1.2.2.2 1.2.2.3	For configuring DHCP only. Set the NetBIOS servers.
Step 12	3600(dhcp-config)# default-router 1.1.2.1	For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.
Step 13	3600(dhcp-config)# exit	For configuring DHCP only. Exit to global configuration mode.
Step 14	3600(config)# ip address 1.1.1.1 255.255.255.0	Set IP address and subnet mask.
Step 15	3600(config)# interface bri0 3600(config-if)# isdn switch-type basic-net3	Change to interface configuration mode for BRI0 and specify ISDN switch type.
Step 16	3600(config-if)# encapsulation ppp	Enable PPP.
Step 17	3600(config-if)# isdn spid1 0155533330101 3600(config-if)# isdn spid2 0155544440101	North America only. Specify SPID numbers assigned to B channels by telephone service provider.
Step 18	3600(config-if)# peer default ip address pool POOL1	Specify address from a particular IP address pool be returned to the connected router. Use pool name specified in ip local pool command.
Step 19	3600(config-if)# ppp authentication chap or 3600(config-if)# ppp authentication pap	Enable PAP or CHAP.
Step 20	3600(config-if)# ppp multilink	Enable multilink PPP.
Step 21	3600(config-if)# no cdp enable	Disable CDP.
Step 22	3600(config-if)# exit	Change to global configuration mode.
Step 23	3600(config)# ip classless	Set the IP addresses to be treated as classless.
Step 24	3600(config)# ipx routing	Enable IPX routing. Router uses MAC address of first Ethernet port as node address.
Step 25	3600(config)# ipx network A.A.A.A	Enable IPX routing on Ethernet and ISDN interfaces.
Step 26	3600(config)# no ipx route-cache	Disable IPX fast switching.
Step 27	3600(config)# ipx watchdog-spoof	Set the software to respond to watchdog packets of a server on behalf of a remote client.
Step 28	3600(config)# ipx sap 4 SanJoseFS 1000.0000.0000.0001 451 2	Specify static SAP entries (from left to right) for the service type, network name, network number and node address of the server, socket number for the service, and the hop count to the server.

Configuring the ISDN Line

For the ISDN line, you can use one of the following features:

DDR using snapshot routing (the ISDN line is activated only when needed.)
Permanent ISDN line lease

This section provides further information on these features and how to configure them.

Dial-on-Demand Routing Using Snapshot Routing

You can configure the DDR feature on your ISDN line. The ISDN line is then activated by traffic demands, including sending updates to other routers. You can configure snapshot routing to control the duration and frequency of the routing updates.

Note Some protocols (IP, UDP, IPX, and NTP) send updates that can cause an ISDN line to be activated excessively. For information on preventing this situation, see "Controlling the DDR ISDN Line Activation" later in this chapter.

Configuration

Starting from interface configuration mode, follow these steps to configure DDR using snapshot routing. For information on the commands used in this configuration, see the Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

router(config)# interface bri0

Enter global configuration mode, then interface configuration mode.

Step 2

router(config-if)# dialer rotary-group 1

Create a dialer rotary-group, useful in environments that require multiple calling destinations. Only the rotary group needs to be configured with dialer map commands.

Step 3

router(config-if)# interface dialer 0

Create a dialer rotary group leader.

Step 4

router(config-if)# ppp multilink

Enable multilink PPP.

Step 5

router(config-if)# dialer in-band

Enable DDR.

Step 6

router(config-if)# dialer idle-timeout 150

Specify amount of time that line is idle before it is disconnected.

Step 7

router(config-if)# dialer hold-queue 10

Set number of packets held in outgoing queue.

Step 8

router(config-if)# dialer load-threshold 150 either

Define load level that must be exceeded on first ISDN B channel before second B channel is brought up, and whether the load level is defined for inbound or outbound traffic, or either.

Step 9

router(config-if)# dialer-group 2

Assign interface to dialer access group.

Step 10

router(config-if)# dialer-list 2 protocol ip permit

Define the traffic types that trigger and sustain an ISDN call on interfaces sharing the same dialer-group number.

Step 11

router(config-if)# map-class dialer class1

Optional. Define a class of shared configuration parameters for outgoing calls.

Step 12

router(config-map-class)# dialer isdn speed 56

Optional. If 64 kbps calling is not supported, enter 56 kbps as speed for the B channel.

Step 13

router(config-map-class)# exit

router(config)# interface bri0

Change to global configuration, then to interface configuration mode for BRI0.

Step 14

router(config-if)# dialer map 3.3.3.3 name name1 5551000

Create a dialer map used by the WAN interface.

Step 15

router(config-if)# exit

router(config)# interface dialer0

Change to global configuration mode, then to interface configuration for dialer 0.

Step 16

router(config-if)# snapshot server 5

or

router(config-if)# snapshot client 5

Set up one of the following options for snapshot routing:

A server router and the active time interval in minutes (from 5 to 1000)

A client router, the active time interval in minutes (from 5 to 1000), and the quiet time interval in minutes (from 8 to 100,000)

Step 17

router(config-if)# exit

router(config)# interface bri0

Change to global configuration mode, then to interface configuration for BRI0.

Step 18

router(config-if)# dialer map snapshot 2 5551000

Define a dialer map for snapshot routing on a client router connected to a DDR interface.

	Command	Purpose
Step 1	router# configure terminal router(config)# interface bri0	Enter global configuration mode, then interface configuration mode.
Step 2	router(config-if)# dialer rotary-group 1	Create a dialer rotary-group, useful in environments that require multiple calling destinations. Only the rotary group needs to be configured with dialer map commands.
Step 3	router(config-if)# interface dialer 0	Create a dialer rotary group leader.
Step 4	router(config-if)# ppp multilink	Enable multilink PPP.
Step 5	router(config-if)# dialer in-band	Enable DDR.
Step 6	router(config-if)# dialer idle-timeout 150	Specify amount of time that line is idle before it is disconnected.
Step 7	router(config-if)# dialer hold-queue 10	Set number of packets held in outgoing queue.
Step 8	router(config-if)# dialer load-threshold 150 either	Define load level that must be exceeded on first ISDN B channel before second B channel is brought up, and whether the load level is defined for inbound or outbound traffic, or either.
Step 9	router(config-if)# dialer-group 2	Assign interface to dialer access group.
Step 10	router(config-if)# dialer-list 2 protocol ip permit	Define the traffic types that trigger and sustain an ISDN call on interfaces sharing the same dialer-group number.
Step 11	router(config-if)# map-class dialer class1	Optional. Define a class of shared configuration parameters for outgoing calls.
Step 12	router(config-map-class)# dialer isdn speed 56	Optional. If 64 kbps calling is not supported, enter 56 kbps as speed for the B channel.
Step 13	router(config-map-class)# exit router(config)# interface bri0	Change to global configuration, then to interface configuration mode for BRI0.
Step 14	router(config-if)# dialer map 3.3.3.3 name name1 5551000	Create a dialer map used by the WAN interface.
Step 15	router(config-if)# exit router(config)# interface dialer0	Change to global configuration mode, then to interface configuration for dialer 0.
Step 16	router(config-if)# snapshot server 5 or router(config-if)# snapshot client 5	Set up one of the following options for snapshot routing: A server router and the active time interval in minutes (from 5 to 1000) A client router, the active time interval in minutes (from 5 to 1000), and the quiet time interval in minutes (from 8 to 100,000)
Step 17	router(config-if)# exit router(config)# interface bri0	Change to global configuration mode, then to interface configuration for BRI0.
Step 18	router(config-if)# dialer map snapshot 2 5551000	Define a dialer map for snapshot routing on a client router connected to a DDR interface.

Verifying the DDR Configuration

You can test your DDR configuration by making an ISDN data call through the CLI listed in the following steps. For more information on the commands listed, see the Cisco IOS documentation set.

Command Purpose

Step 1

router# isdn call interface bri0 5551000

Initiate the data call and specify the interface and dial string.

Step 2

router# isdn disconnect interface bri0 all

Disconnect the data call without bringing down the interface.

	Command	Purpose
Step 1	router# isdn call interface bri0 5551000	Initiate the data call and specify the interface and dial string.
Step 2	router# isdn disconnect interface bri0 all	Disconnect the data call without bringing down the interface.

Configuring a Leased ISDN Line

This section describes how to configure the router so that it uses the ISDN line as a leased-line connection to the routers at the corporate site. Use the following steps to ensure that the ISDN line is always active and connected to the corporate office switch. For more information, see the Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# isdn leased-line bri0 128

Configure the BRI interface to use the ISDN physical connection as a leased-line service. Select one of the following line speeds:

128 combines the two B channels at 128 kbps. Offered in Japan only.

144 combines the two B channels and D channel at 144 kbps.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# isdn leased-line bri0 128	Configure the BRI interface to use the ISDN physical connection as a leased-line service. Select one of the following line speeds: 128 combines the two B channels at 128 kbps. Offered in Japan only. 144 combines the two B channels and D channel at 144 kbps.

Configuring Dynamic Routing

The IP routing protocol can use RIP or EIGRP to learn routes dynamically. You can configure either one of these options. For more information on the benefits and differences between the two, see the "Selecting IP Routing Protocols" section in Appendix A, "Concepts." This section also provide information on triggered extensions to RIP.

Routing Information Protocol

RIP is a commonly used Interior Gateway Protocol (IGP) for use in small networks.

Configuration

Starting in global configuration mode, follow these steps to configure RIP. For information on the commands used in this configuration, see the IOS documentation set.

Command Purpose

Step 1

router(config)# router rip

Enable the RIP routing process.

Step 2

router(config-router)# network network-number

Associate a network with the RIP routing process.

Step 3

router(config-router)# version
{1 | 2}

Set the software to receive and send only RIP version 1 or only RIP version 2 packets.

	Command	Purpose
Step 1	router(config)# router rip	Enable the RIP routing process.
Step 2	router(config-router)# network network-number	Associate a network with the RIP routing process.
Step 3	router(config-router)# version {1 \| 2}	Set the software to receive and send only RIP version 1 or only RIP version 2 packets.

Triggered Extensions to RIP

Triggered extensions to RIP cause RIP to send updates only when the routing data base is updated.

Configuration

For complete information on this feature, see the Cisco IOS documentation. For information on accessing the feature documentation, see "References to Cisco IOS Documentation Set" in "About This Guide."

EIGRP

EIGRP is an advanced Cisco-proprietary distance-vector routing protocol that uses hop count rather than distance as a metric for route selection.

Configuration

Configuring Windows NT

Figure 4-3 shows a Cisco 800 series router that is configured to function in a Windows NT environment.

Figure 4-3: Cisco 800 Series Router forwarding UDP Broadcasts

The router forwards UDP broadcasts containing PC addresses, so that PCs in network A can learn about PCs in network B and vice versa. However, if your network uses a DDR ISDN line, the UDP broadcasts might activate this line too often.

If keeping monthly ISDN costs low is a concern, you can control when your DDR ISDN line is activated. For more information on this option, see "Controlling the DDR ISDN Line Activation" in this chapter.

Configuration

Starting from the ISDN interface configuration mode, use the following steps to configure the router to forward UDP broadcasts. For more information on the commands listed, see the Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# interface bri0

Change to interface configuration mode for BRI0.

Step 3

router(config-if)# ip helper-address address

Set the router to forward UDP broadcasts, including broadcasts of IP addresses and IP configuration requests to the NT server.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri0	Change to interface configuration mode for BRI0.
Step 3	router(config-if)# ip helper-address address	Set the router to forward UDP broadcasts, including broadcasts of IP addresses and IP configuration requests to the NT server.

Note By default, eight other UDP ports including 137 (NetBIOS name server) and 138 (NetBIOS datagram service) are enabled. For more information, see the Cisco IOS documentation.

Configuring DHCP Relay

With DHCP, devices on an IP network (DHCP clients) can request configuration information from a DHCP server. DHCP allocates IP addresses from a central pool as needed.

With the DHCP relay feature configured, the Cisco 800 series routers can relay IP configuration information from the LAN interface, over the ISDN interface, and to a specified DHCP server as shown in Figure 4-4.

Figure 4-4: DHCP Relay

DHCP relay configures the router to forward UDP broadcasts, including IP configuration requests, from DHCP clients. However, if your network uses a DDR ISDN line, you might find that this line is activated excessively by the IP configuration requests and other UDP broadcasts. If keeping monthly ISDN costs low is a concern, you can control the activation of your ISDN line. For more information, see "UDP Broadcasts in DHCP Relay Environment" in this chapter.

For complete information on DHCP relay, see the Cisco IOS documentation. For information on accessing the feature documentation, see "References to Cisco IOS Documentation Set" in "About This Guide" in this publication.

Configuration of DHCP Relay

Starting from global configuration mode, use the following steps to configure DHCP relay. For more information on the commands listed, see the Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# ip dhcp-server ip-address

Specify which DHCP server to use on your network.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# ip dhcp-server ip-address	Specify which DHCP server to use on your network.

Controlling the DDR ISDN Line Activation

The following types of traffic can activate your ISDN line and increase your monthly ISDN line cost:

UDP broadcasts associated with networks running Windows NT
UDP broadcasts associated with networks running DHCP relay
UDP broadcasts associated with NTP
IP broadcasts, including RIP and EIGRP broadcasts
IPX

The following sections describe how to control these types of traffic.

UDP Broadcasts in Windows NT Environment

The "Configuring Windows NT" section earlier in this chapter describes how to configure the router to forward UDP broadcasts.

To control monthly costs, you can configure an extended access list so that UDP broadcasts do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.

Configuration of an Extended Access List

Starting from global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts do not activate the ISDN line. For more information on the commands listed, see the Cisco IOS documentation.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri0	Change to interface configuration mode for the WAN interface.
Step 3	router(config-if)# dialer-group 1	Create a dialer list.
Step 4	router(config-if)# exit	Return to global configuration mode.
Step 5	router(config)# access-list 100 deny udp any any eq netbios-nm	Set NetBIOS name service packets not to activate the ISDN line.
Step 6	router(config)# access-list 100 deny udp any any eq netbios-dgm	Set NetBIOS datagram service packets not to activate the ISDN line.
Step 7	router(config)# access-list 100 permit ip any any	Permit all other IP traffic.
Step 8	router(config)# dialer-list 1 protocol ip list 100	Set IP packets to activate the ISDN line.

Note This example of an extended access list includes commonly anticipated restrictions. The information in this section is meant to be used as a base from which you can add or delete restrictions as they relate to your particular network. The extended access list that you create depends on your particular network.

UDP Broadcasts in DHCP Relay Environment

The "Configuring DHCP Relay" section earlier in this chapter describes how to configure the router to forward UDP broadcasts.

To control costs, you can configure an extended access list so that UDP broadcasts do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.

Configuration

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri0	Change to interface configuration mode for the WAN interface.
Step 3	router(config-if)# dialer-group 1	Create a dialer list.
Step 4	router(config-if)# exit	Return to global configuration mode.
Step 5	router(config)# access-list 100 deny udp any any eq 135	Set location services packets not to activate the ISDN line.
Step 6	router(config)# access-list 100 permit ip any any	Permit all other IP traffic.
Step 7	router(config)# dialer-list 1 protocol ip list 100	Set IP packets to activate the ISDN line.

UDP Broadcasts in NTP Environment

You can configure an extended access list so that UDP broadcasts associated with NTP do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.

Configuration

Starting from global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts associated with NTP do not activate the ISDN line. For more information on the commands listed, see the
Cisco IOS documentation.

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# interface bri0

Specify parameters for the WAN interface.

Step 3

router(config-if)# dialer-group 1

Create a dialer list.

Step 4

router(config-if)# exit

Return to global configuration mode.

Step 5

router(config)# access-list 100 deny udp any any eq ntp

Set NTP packets not to activate the ISDN line.

Step 6

router(config)# access-list 100 permit ip any any

Permit all other IP traffic.

Step 7

router(config)# dialer-list 1 protocol ip list 100

Specify that extended access list 100 defines which IP packets activate the ISDN line.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri0	Specify parameters for the WAN interface.
Step 3	router(config-if)# dialer-group 1	Create a dialer list.
Step 4	router(config-if)# exit	Return to global configuration mode.
Step 5	router(config)# access-list 100 deny udp any any eq ntp	Set NTP packets not to activate the ISDN line.
Step 6	router(config)# access-list 100 permit ip any any	Permit all other IP traffic.
Step 7	router(config)# dialer-list 1 protocol ip list 100	Specify that extended access list 100 defines which IP packets activate the ISDN line.

IP Traffic

You can configure an extended access list so that IP broadcasts, including RIP and EIGRP broadcasts, do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.

Configuration

Starting from global configuration mode, use the following steps to configure an extended access list so that IP packets do not activate the ISDN line. For more information on the commands listed, see the Cisco IOS documentation.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri0	Change to interface configuration mode for the WAN interface.
Step 3	router(config-if)# dialer-group 1	Create a dialer list.
Step 4	router(config-if)# exit	Return to global configuration mode.
Step 5	router(config)# access-list 100 deny eigrp any any	Set EIGRP packets not to activate the ISDN line.
Step 6	router(config)# access-list 100 deny udp any any eq rip	Set RIP packets not to activate the ISDN line.
Step 7	router(config)# access-list 100 permit ip any any	Allow other packets to activate the ISDN line.

IPX Traffic

The following IPX protocols send updates that can cause the ISDN line to be activated excessively:

SAP
RIP
Serialization

To control costs, you can configure an extended access list so that SAP, RIP, and serialization packets do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.

Configuration

Starting from global configuration mode, use the following steps to configure an extended access list so that IPX packets do not activate the ISDN line.

Note Before you begin this configuration, verify that the Cisco IOS image loaded on your router supports IPX.

For more information on the commands listed, see the Cisco IOS documentation.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri 0	Change to interface configuration mode for the WAN interface.
Step 3	router(config-if)# dialer-group 1	Create a dialer list.
Step 4	router(config-if)# exit	Return to global configuration mode.
Step 5	router(config)# access-list 900 deny any any all any sap	Set SAP packets not to activate the ISDN line.
Step 6	router(config)# access-list 900 deny any any all any rip	Set RIP packets not to activate the ISDN line.
Step 7	router(config)# access-list 900 deny any any all any 457	Set Novell serialization packets not to activate the ISDN line.
Step 8	router(config)# access-list 900 permit any	Set all IPX packets other than SAP, RIP, and Novell serialization to activate the ISDN line.
Step 9	router(config)# dialer-list 1 protocol ipx list 900	Specify that extended access list 900 defines which IPX packets activate or not activate the ISDN line.

Restricting Access to Your Network

You can restrict access to your network by creating an extended access list. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.

Figure 4-5 shows an example of a network with restricted access. See Table 4-1 for instructions on how to restrict network access.

Note This network example and extended access list include commonly anticipated restrictions. The information in this section is meant to be used as a base from which you can add or delete restrictions as they relate to your particular network. The extended access list that you create depends on your particular network.

Figure 4-5: Restricting Access to IP Network

Table 4-1: Restrictions on IP Network-to-Internet Example

Access Permitted Access Denied

Permit any host on network 192.168.1.0 to access any Internet host.

Prevent any Internet host from spoofing any host on the network. (Spoofing is illegally misrepresenting the address of the sender.)

Permit the outside Internet Domain Name System (DNS) server to send TCP replies to any host on the network 192.168.1.0.

Deny any Internet host from making a remote terminal connection (Telnet) to any host on network.

Permit the outside Internet DNS server to send UDP replies to any host on the network 192.168.1.0.

Permit any Internet host to access the Simple Mail Transport Protocol (SMTP) mail server 192.168.1.2.

Permit any Internet host to access the Web server 192.168.1.3.

Permit any Internet host to access the File Transport Protocol (FTP) server with IP address 192.168.1.4.

Access Permitted	Access Denied
Permit any host on network 192.168.1.0 to access any Internet host.	Prevent any Internet host from spoofing any host on the network. (Spoofing is illegally misrepresenting the address of the sender.)
Permit the outside Internet Domain Name System (DNS) server to send TCP replies to any host on the network 192.168.1.0.	Deny any Internet host from making a remote terminal connection (Telnet) to any host on network.
Permit the outside Internet DNS server to send UDP replies to any host on the network 192.168.1.0.
Permit any Internet host to access the Simple Mail Transport Protocol (SMTP) mail server 192.168.1.2.
Permit any Internet host to access the Web server 192.168.1.3.
Permit any Internet host to access the File Transport Protocol (FTP) server with IP address 192.168.1.4.

For information on how to configure this access list, see the "Configuration" section in this chapter. For more information on extended access lists, see the Cisco IOS documentation. For information on accessing the feature documentation, see "References to Cisco IOS Documentation Set" in "About This Guide" in this publication.

Configuration

Starting in global configuration mode, use the examples in the following steps to set up an extended access list based on the restrictions in Table 4-1.

For information on the commands used in this table, see the Cisco IOS documentation. For information on TCP and UDP port assignments, see Appendix F, "Common Port Assignments."

Command Purpose

Step 1

router# configure terminal

Enter global configuration mode.

Step 2

router(config)# interface bri0

Change to interface configuration mode for the WAN interface.

Step 3

router(config-if)# dialer-group 1

Create a dialer list.

Step 4

router(config-if)# exit

Return to global configuration mode.

Step 5

router(config)# access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established

Permit any host on the specified network to access any Internet host if it has an established connection.

Step 6

router(config)# access-list 100 deny ip any 192.168.1.0 0.0.0.255

Prevent IP spoofing using the specified network.

Step 7

router(config)# access-list 100 permit tcp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domain

Permit the DNS server to send TCP replies to the specified network.

Step 8

router(config)# access-list 100 permit udp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domain

Permit the DNS server to send UDP replies to the specified network.

Step 9

router(config)# access-list 100 permit tcp any host 192.168.1.2 eq smtp

Permit any host to access the mail server through SMTP.

Step 10

router(config)# access-list 100 permit tcp any host 192.168.1.3 eq www

Permit any host to access the mail server through Hypertext Transfer Protocol (HTTP).

Step 11

router(config)# access-list 100 permit tcp any host 192.168.1.4 eq ftp

Allow access to the FTP server from any Internet host through FTP.

Step 12

router(config)# access-list 100 deny tcp any 192.168.1.0 0.0.0.255 eq telnet

Restrict any Internet host from making a Telnet connection to any host on the specified network.

Step 13

router(config)# interface dialer 1

Change to dialer interface configuration mode.

Step 14

router(config-if)# ip access-group 100 in

Activate access list 100.

	Command	Purpose
Step 1	router# configure terminal	Enter global configuration mode.
Step 2	router(config)# interface bri0	Change to interface configuration mode for the WAN interface.
Step 3	router(config-if)# dialer-group 1	Create a dialer list.
Step 4	router(config-if)# exit	Return to global configuration mode.
Step 5	router(config)# access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established	Permit any host on the specified network to access any Internet host if it has an established connection.
Step 6	router(config)# access-list 100 deny ip any 192.168.1.0 0.0.0.255	Prevent IP spoofing using the specified network.
Step 7	router(config)# access-list 100 permit tcp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domain	Permit the DNS server to send TCP replies to the specified network.
Step 8	router(config)# access-list 100 permit udp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domain	Permit the DNS server to send UDP replies to the specified network.
Step 9	router(config)# access-list 100 permit tcp any host 192.168.1.2 eq smtp	Permit any host to access the mail server through SMTP.
Step 10	router(config)# access-list 100 permit tcp any host 192.168.1.3 eq www	Permit any host to access the mail server through Hypertext Transfer Protocol (HTTP).
Step 11	router(config)# access-list 100 permit tcp any host 192.168.1.4 eq ftp	Allow access to the FTP server from any Internet host through FTP.
Step 12	router(config)# access-list 100 deny tcp any 192.168.1.0 0.0.0.255 eq telnet	Restrict any Internet host from making a Telnet connection to any host on the specified network.
Step 13	router(config)# interface dialer 1	Change to dialer interface configuration mode.
Step 14	router(config-if)# ip access-group 100 in	Activate access list 100.

Configuring Dial-In Authentication and Authorization

If you want to restrict who can access your network and what services are authorized for each user, you can purchase and install CiscoSecure ACS for Windows NT. For complete information, see the documentation that accompanies the CiscoSecure software.

Table of Contents

Configuring Advanced Networks