Cisco AS5300 Configuration

Table 2-1: Site Characteristics
Site Hardware WAN
IP Address Ethernet
IP Address Assigned Phone Number Host Name/
Username 1 Username
Password¹

Cisco AS5300²

10.1.254.1 255.255.255.0³

10.1.1.10 255.255.255.0

4085551234⁴

hq-sanjose

hq-sanjose-pw

Cisco 766

10.1.254.3 255.255.255.0

10.1.3.1 255.255.255.0

Directory number = 5305558084

soho-tahoe

tahoe-pw

Cisco 1604

10.1.254.4 255.255.255.0

10.1.4.1 255.255.255.0
Directory number = 5125554433
robo-austin

austin-pw

¹ Make sure to use your own host names and passwords. For example soho-tahoe and tahoe-pw are for this case study's purpose only.
² The subnet 10.1.2.0 255.255.255.0 is used for the loopback interface and the local IP address pools.
³This address is configured on the Cisco AS5300's dialer interface.
⁴This is the PRI telephone number assigned to the central site (hq-sanjose). This number is often called the hunt group number, which distributes calls among the available B channels. All four PRI trunks on the Cisco AS5300 should be assigned to this number by the PRI provider.

**Table 2-1: Site Characteristics**
Site Hardware	WAN IP Address	Ethernet IP Address	Assigned Phone Number	Host Name/ Username 1	Username Password¹
Cisco AS5300²	10.1.254.1 255.255.255.0³	10.1.1.10 255.255.255.0	4085551234⁴	hq-sanjose	hq-sanjose-pw
Cisco 766	10.1.254.3 255.255.255.0	10.1.3.1 255.255.255.0	Directory number = 5305558084	soho-tahoe	tahoe-pw
Cisco 1604	10.1.254.4 255.255.255.0	10.1.4.1 255.255.255.0	Directory number = 5125554433	robo-austin	austin-pw

Cisco IOS Release 12.0 is running inside the access server. If the startup configuration is blank, the following screen is displayed at bootup. The automatic setup script is engaged. Enter no when you are asked the question, "Would you like to enter the initial configuration dialog? [yes]: no."

In this case study, the Cisco AS5300 is manually configured using the Cisco IOS software. The automatic setup script is not used.

Note To enhance readability throughout this chapter, the most important output fields are highlighted with bold font. The commands you enter are also bold but are preceded by a router prompt.

Copyright (c) 1994-1995 by cisco Systems, Inc.
AS5300 processor with 32768 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0xf4b10
Self decompressing the image : #################################################
################################################################################
################################################################################
################################################################################
################################################################################
################## [OK]
		Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco Internetwork Operating System Software 
IOS (tm) 5300 Software (C5300-JS-M), Version 12.0(x)

Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Tue 07-Jul-98 15:26 by xxxx
Image text-base: 0x600088E8, data-base: 0x608F4000
cisco AS5300 (R4K) processor (revision A.04) with 32768K/8192K bytes of memory.

Processor board ID 04614948
R4700 processor, Implementation 33, Revision 1.0 (512KB Level 2 Cache)
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
Primary Rate ISDN software, Version 1.1.
Backplane revision 1
Manufacture Cookie is not programmed.
1 Ethernet/IEEE 802.3 interface(s)

1 FastEthernet/IEEE 802.3 interface(s)

96 terminal line(s)

4 Channelized T1/PRI port(s)

128K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

4096K bytes of processor board Boot flash (Read/Write)

Cisco Internetwork Operating System Software

IOS (tm) 5300 Software (C5300-JS-M), Version 12.0(x),

Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Tue 07-Jul-98 15:26 by xxx
00:00:50: %MICA-5-BOARDWARE_RUNNING: Slot 2 is running boardware version 2.5.0.8

--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes]: no

Press RETURN to get started!
Router>

Note Use the show version command to determine if the access server is recognizing all of its modems cards. For example, the output field "96 terminal line(s)" tells you that the chassis can find all 96 integrated modems.

Overview of Tasks

Perform the following steps to configure the access server:

Step 1---Configuring the Host Name, Password, and Time Stamps

Assign a host name to the Cisco AS5300, enable basic security, and turn on time stamping. Configuring a host name allows you to distinguish between different network devices. Enable passwords allow you to prevent unauthorized configuration changes. Time stamps help you trace debug output for testing connections. Not knowing exactly when an event occurs hinders you from examining background processes.

Configure

To configure the host name, enable password, and time stamps use the following commands beginning in user EXEC mode:

Step Command Purpose

1 .

Router> enable
Enter privileged EXEC mode.

2 .

Router# configure terminal
Enter configuration commands, one per line. End
with CNTL/Z.
Enter global configuration mode¹.

3 .

Router(config)# hostname hq-sanjose
Assign a host name to the access server².

This host name is typically used during authentication with PPP peers.

4 .

hq-sanjose(config)# enable secret letmein
Enter a secret enable password, which secures privileged EXEC mode³.

5 .

hq-sanjose(config)# service password-encryption
Encrypt passwords in the configuration file for greater security⁴.

6 .

hq-sanjose(config)# service timestamps debug datetime msec hq-sanjose(config)# service timestamps log datetime msec
Enable millisecond time stamping on debug and logging output. Time stamps are useful for detailed access troubleshooting.

¹If the logging output generated by the access server interferes with your terminal screen, redisplay your current command line using the Tab key.
²The step is verified by the router prompt changing from Router(config)# to hq-sanjose(config)#.
³Make sure to change "letmein" to your own secret password.
⁴Additional measures should be used, as the passwords are not strongly encrypted by today's standards.

Verify

To verify the configuration:

Try logging in with your new enable password. Exit out of enable mode using the disable command. The prompt changes from hq-sanjose# to hq-sanjose>. Enter the enable command followed by your password. The show privilege command shows the current security privilege level.

hq-sanjose# disable

hq-sanjose> enable

Password: letmein

hq-sanjose# show privilege

Current privilege level is 15
hq-sanjose#

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hq-sanjose
!
enable secret 5 $1$.voA$9/8.Zoil3jeWJMP6hEE6U0
!
----- snip ----

Tips

If you have trouble:

Make sure Caps Lock is off.

Make sure you entered the correct passwords. Passwords are case sensitive.

Password protection is very important. Cisco highly recommends that you use the show tech-support command to report system configuration information to Cisco TAC:

hq-sanjose# show tech-support ?

  ipmulticast  IP multicast related information
  page         Page through output
  password     Include passwords
  rsvp         IP RSVP related information
  <cr>

Step 2---Configuring Local AAA Security

The Cisco IOS security model to use on all Cisco devices is authentication, authorization, and accounting (AAA). AAA provides the primary framework through which you set up access control on the access server.

Authentication---Who are you?
Authorization---What can you do?
Accounting---What did you do?

In this case study, the same authentication method is used on all interfaces. AAA is set up to use the local database configured on the router. This local database is created with the username configuration commands.

Note After you finish setting up basic security, you can enhance the security solution by extending it to an external TACACS+ or RADIUS server. This case study describes local AAA security only.

Configure

To configure local AAA security, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# username joe-admin password joe-password

Create a local login database and username for yourself¹.

This step also prevents you from getting locked out of the access server.

2 .

hq-sanjose(config)# aaa new-model

Initiate the AAA access control system.

This step immediately locks down login and PPP authentication.

3 .

hq-sanjose(config)# aaa authentication login default local

Configure AAA to perform login authentication using the local username database.

The login keyword authenticates shell/EXEC users.

4 .

hq-sanjose(config)# aaa authentication ppp default if-needed local

Configure PPP authentication to use the local database if the session was not already authenticated by login.

¹Make sure to change "joe-admin" to your own username and "joe-password" to your own password.

Verify

To verify the configuration:

Try to log in with your username:password. Enter the login command at the EXEC shell prompt. If you get in, the login authentication is working with your local username. Do not disconnect your access server session until you can log in successfully. (If you get locked out, you will need to perform password recovery by rebooting the access server.)

hq-sanjose# login

User Access Verification
Username: joe-admin

Password: joe-password

hq-sanjose#

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hq-sanjose
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed local
enable secret 5 $1$.voA$9/8.Zoil3jeWJMP6hEE6U0
!
username joe-admin password 7 <removed>
!
----- snip ----

Step 3---Configuring the Fast Ethernet 100BaseT Interface

Assign an IP address, line speed, and duplex mode to the Fast Ethernet interface. The Fast Ethernet interface supports 10- and 100-Mbps speeds.

The default priority search order for auto negotiating the line speed is as follows:

1. 100Base-TX full duplex

2. 100Base-TX half duplex

3. 10Base-T full duplex

4. 10Base-T half duplex

Configure

To configure the Fast ethernet 100BaseT interface, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# interface fastethernet 0 hq-sanjose(config-if)# ip address 10.1.1.10 255.255.255.0
Configure the IP address and subnet mask on the Fast Ethernet interface.

2 .

hq-sanjose(config-if)# speed auto
Auto negotiate the line speed based on the peer routers, hubs, and switch media.

3 .

hq-sanjose(config-if)# duplex auto
Auto negotiate duplex mode.

4 .

hq-sanjose(config-if)# no shutdown %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
Bring up the interface¹.

¹This command changes the state of the interface from administratively down to up.

Verify

To verify the configuration:

Enter the show ip interface brief command to view the interface's status. The "up" display field should appear under the Status and Protocol columns. The display fields "down" or "administratively down" signify a connection problem.

hq-sanjose# show ip interface brief fastethernet 0

Interface                            IP-Address                OK?                Method              Status                Protocol

FastEthernet0                   10.1.1.10                  YES                manual                up                      up

Try pinging a device in your network, such as a backhaul router or the backbone gateway:

hq-sanjose# ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

Enter the show interface fastethernet 0 command to see detailed interface information. Look for the display field "FastEthernet 0 is up, line protocol is up." This means that the access server sees its own sent and received keepalives.

hq-sanjose# show interface fastethernet 0

FastEthernet0 is up, line protocol is up

  Hardware is DEC21140AE, address is 00e0.1e6b.2ffb (bia 00e0.1e6b.2ffb)
  Internet address is 10.1.1.10 /24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec), auto duplex,

   100BaseTX/FX, auto speed

  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:05, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/120, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     282 packets input, 68476 bytes, 0 no buffer
     Received 282 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     176 packets output, 16936 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
----- snip ----
!
interface FastEthernet0
 ip address 10.1.1.10 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!
----- snip ----

Tips

If you have trouble:

Make sure the cable connections are not loose or disconnected.
Make sure you are using the correct IP address.

Step 4---Commissioning the T1 Controllers

Configure the T1 controllers to allow calls to come into the access server. You must specify the following information for each controller: framing type, line code type, clock source, and timeslot assignments.

Configure

To configure the controllers, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# isdn switch-type primary-ni

Enter your telco's switch type.

This example uses primary national ISDN 1.

2 .

hq-sanjose(config)# controller t1 0
Enter controller configuration mode for the first T1 controller, which is 0. The controller ports are labeled 0 through 3 on the quad T1/PRI card.

3 .

hq-sanjose(config-controller)# framing esf
Enter the T1 framing type.

This example uses extended super frame.

4 .

hq-sanjose(config-controller)# linecode b8zs
Enter the T1 line code type.

This example uses B8ZS.

5 .

hq-sanjose(config-controller)# clock source line primary
Configure the access server to get its primary clocking from the T1 line assigned to controller 0.

Line clocking comes from the remote switch.

6 .

hq-sanjose(config-controller)# pri-group timeslots 1-24
Assign all 24 T1 timeslots as ISDN PRI channels¹.

7 .

hq-sanjose(config-controller)# exit
Exit back to global configuration mode.

8 .

hq-sanjose(config#) controller t1 1
hq-sanjose(config-controller)# framing esf
hq-sanjose(config-controller)# linecode b8zs
hq-sanjose(config-controller)# clock source line secondary
hq-sanjose(config-controller)# pri-group timeslots 1-24
hq-sanjose(config-controller)# exit
Configure the second controller, controller T1 1.

Set the clocking to secondary. If the line clocking from controller T1 0 fails, the access server will receive its clocking from controller T1 1.

9 .

hq-sanjose(config#) controller t1 2
hq-sanjose(config-controller)# framing esf
hq-sanjose(config-controller)# linecode b8zs
hq-sanjose(config-controller)# clock source internal
hq-sanjose(config-controller)# pri-group timeslots 1-24
hq-sanjose(config-controller)# exit
hq-sanjose(config#) controller t1 3
hq-sanjose(config-controller)# framing esf
hq-sanjose(config-controller)# linecode b8zs
hq-sanjose(config-controller)# clock source internal
hq-sanjose(config-controller)# pri-group timeslots 1-24
hq-sanjose(config-controller)# exit
hq-sanjose(config#)
Configure the remaining two controllers.

Set both clocking entries to internal. The primary and secondary clock sources have already been assigned.

¹After you enter this command, a D-channel serial interface is instantly created (for example S0:23, S1:23, and so on) in the configuration file as well as the individual B-channel serial interfaces (for example S0:0, S0:1, ...). The D-channel interface functions like a dialer for all the 23 B channels using the controller.

Verify

To verify the configuration:

Use the show controller t1 command. The output from this command enables you to determine when and where errors occur. See the display field "Data in current interval."

hq-sanjose# show controller t1

T1 0 is up.

  No alarms detected.

  Version info of slot 0:  HW: 2, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
 EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
 Board Hardware Version 1.0, Item Number 73-2217-4,
 Board Revision A0, Serial Number 07557185,
 PLD/ISP Version 0.0, Manufacture Date 17-Dec-1997.
  Framing is ESF, Line Code is B8ZS, Clock Source is Line Primary.
  Data in current interval (25 seconds elapsed):

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
  Total Data (last 24 hours)
     0 Line Code Violations, 0 Path Code Violations,
     0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 1 is up.

  No alarms detected.

  Version info of slot 0:  HW: 2, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
 EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
 Board Hardware Version 1.0, Item Number 73-2217-4,
 Board Revision A0, Serial Number 07557185,
 PLD/ISP Version 0.0, Manufacture Date 17-Dec-1997.
  Framing is ESF, Line Code is B8ZS, Clock Source is Line Secondary.
  Data in current interval (827 seconds elapsed):

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
  Total Data (last 24 hours)

     0 Line Code Violations, 0 Path Code Violations,
     0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
T1 2 is administratively down.

  Transmitter is sending remote alarm.
  Receiver has loss of signal.
  Version info of slot 0:  HW: 2, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
 EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
 Board Hardware Version 1.0, Item Number 73-2217-4,
 Board Revision A0, Serial Number 07557185,
 PLD/ISP Version 0.0, Manufacture Date 17-Dec-1997.
  Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
  Data in current interval (868 seconds elapsed):
     3 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 868 Fr Loss Secs, 2 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 868 Unavail Secs
  Total Data (last 24 hours)
     182 Line Code Violations, 0 Path Code Violations,
     1 Slip Secs, 86400 Fr Loss Secs, 125 Line Err Secs, 0 Degraded Mins,
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
T1 3 is administratively down.

  Transmitter is sending remote alarm.
  Receiver has loss of signal.
  Version info of slot 0:  HW: 2, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
 EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
 Board Hardware Version 1.0, Item Number 73-2217-4,
 Board Revision A0, Serial Number 07557185,
 PLD/ISP Version 0.0, Manufacture Date 17-Dec-1997.
  Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
  Data in current interval (142 seconds elapsed):
     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 142 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 142 Unavail Secs
  Total Data (last 24 hours)
     12 Line Code Violations, 0 Path Code Violations,
     0 Slip Secs, 86400 Fr Loss Secs, 8 Line Err Secs, 0 Degraded Mins,
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs

Enter the show controller t1 number command. If counters are increasing on a specific T1 controller, look more closely at the error statistics. Error counters are recorded for a 24-hour period in 15-minute intervals. You must specify a specific controller number to see this detailed information. Focus on the current interval.

: In the following example, notice that the frame loss and line errors present in data intervals 1 through 4 were eventually cleared up in the current data interval.

Note

clear controller t1

number

hq-sanjose# show controller t1 0

T1 0 is up.
  No alarms detected.

  Version info of slot 0:  HW: 2, Firmware: 16, PLD Rev: 0
Manufacture Cookie Info:
 EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x42,
 Board Hardware Version 1.0, Item Number 73-2217-4,
 Board Revision A0, Serial Number 07557185,
 PLD/ISP Version 0.0, Manufacture Date 17-Dec-1997.
  Framing is ESF, Line Code is B8ZS, Clock Source is Line Primary.
  Data in current interval (72 seconds elapsed):

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

  Data in Interval 1:

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 405 Fr Loss Secs, 14 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 405 Unavail Secs

  Data in Interval 2:

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 450 Fr Loss Secs, 1 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 450 Unavail Secs

  Data in Interval 3:

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 450 Fr Loss Secs, 1 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 450 Unavail Secs

  Data in Interval 4:

     0 Line Code Violations, 0 Path Code Violations
     0 Slip Secs, 450 Fr Loss Secs, 2 Line Err Secs, 0 Degraded Mins
     0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 450 Unavail Secs

-------------------------------- snip ------------------------------------------

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
----- snip ----
!
isdn switch-type primary-ni
!
controller T1 0
 framing esf
 clock source line primary
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 1
 framing esf
 clock source line secondary 
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 2
 framing esf
  clock source internal
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 3
 framing esf
  clock source internal
 linecode b8zs
 pri-group timeslots 1-24
!
----- snip ----

Tips

If you have trouble:

Make sure the controller reports "up."
No errors should be reported in the current interval.

Step 5---Configuring the Serial Channels to Let Modem Calls Come in

The async shell service is the first service to enable. Configure the D channels to allow incoming voice calls to be routed to the integrated modems.

In the section "Configuration DDR," the D channel configuration is expanded to also accept ISDN synchronous PPP calls from the remote offices. Cisco recommends getting modem users up first.

Configure

To configure the serial channels, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# interface serial 0:23
Enter configuration mode for the D-channel serial interface that corresponds to controller T1 0¹.

The behavior of S0:0 through S0:22 is controlled by the configuration instructions provided for S0:23. This concept is also true for the other remaining D channel configurations.

2 .

hq-sanjose(config-if)# isdn incoming-voice modem hq-sanjose(config-if)# no shutdown
Enable analog modem voice calls coming in over the B channels to be connected to the integrated modems.

3 .

hq-sanjose(config-if)# exit

Exit back to global configuration mode.

4 .

hq-sanjose(config)# interface serial 1:23
hq-sanjose(config-if)# isdn incoming-voice modem
hq-sanjose(config-if)# no shutdown
hq-sanjose(config-if)# exit
hq-sanjose(config)# interface serial 2:23
hq-sanjose(config-if)# isdn incoming-voice modem
hq-sanjose(config-if)# no shutdown
hq-sanjose(config-if)# exit
hq-sanjose(config)# interface serial 3:23
hq-sanjose(config-if)# isdn incoming-voice modem
hq-sanjose(config-if)# no shutdown
hq-sanjose(config-if)# exit
hq-sanjose(config)#

Configure the three remaining D channels with the same settings.

¹The D channel is the signaling channel.

Verify

To verify the configuration:

Launch a voice call into the access server using a standard POTS telephone. If you hear modem squelch (tone) from the access server's internal modem, the configuration works. See Figure 2-2.

Figure 2-2: Voice
Test Call

Enter the show interface serial 0:23 command. The term "spoofing" means that the interface is presenting itself to the Cisco IOS software as up and operational. This interface can now receive routes. There are 23 more channels behind this interface that you do not see (for example, S0:0, S0:1, and so on). The D channel decides which serial channel to assign to an incoming call.

hq-sanjose# show interface serial 0:23

Serial0:23 is up, line protocol is up (spoofing)

  Hardware is DSX1
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
  Encapsulation PPP, loopback not set
  DTR is pulsed for 1 seconds on reset
  Last input 00:00:12, output 00:00:12, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/1/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
         5 minute input rate 0 bits/sec, 0 packets/sec
         5 minute output rate 0 bits/sec, 0 packets/sec
     937 packets input, 19612 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 2 giants, 0 throttles
     2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     945 packets output, 4263 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 output buffer failures, 0 output buffers swapped out
     3 carrier transitions
  Timeslot(s) Used:24, Transmitter delay is 0 flags

Note

interface serial 0:23

Enter the show isdn status command to view the ISDN layer information. This output shows that layer 1 and layer 2 are enabled and active. Layer 3 shows the number of active ISDN calls, which there are none currently.

hq-sanjose# show isdn status

The current ISDN Switchtype = primary-ni
ISDN Serial0:23 interface

    Layer 1 Status:

        ACTIVE

    Layer 2 Status:

        TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED

    Layer 3 Status:

        No Active Layer 3 Call(s)

    Activated dsl 0 CCBs = 0
    Total Allocated ISDN CCBs = 0
ISDN Serial1:23 interface
    Layer 1 Status:
        ACTIVE
    Layer 2 Status:
        TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED
    Layer 3 Status:
        No Active Layer 3 Call(s)
    Activated dsl 1 CCBs = 0
    Total Allocated ISDN CCBs = 0
ISDN Serial2:23 interface
    Layer 1 Status:
        ACTIVE
    Layer 2 Status:
        TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED
    Layer 3 Status:
        No Active Layer 3 Call(s)
    Activated dsl 2 CCBs = 0
    Total Allocated ISDN CCBs = 0
ISDN Serial3:23 interface
    Layer 1 Status:
        ACTIVE
    Layer 2 Status:
        TEI = 0, State = MULTIPLE_FRAME_ESTABLISHED
    Layer 3 Status:
        No Active Layer 3 Call(s)
    Activated dsl 3 CCBs = 0
    Total Allocated ISDN CCBs = 0

Note the following information:

Layer 1 Status should be "Active."
Layer 2 Status should be "Multiple_Frame_Established." (It might take several seconds for Layer 2 status to appear.)
Layer 3 Status should be "No Active Layer 3 Call(s)."

Enter the show isdn service command to determine which channels have active calls and if all the individual channels are in service. In this example notice there are 8 serial channels under each D channel that calls cannot use. T1 lines are used in this case study (not E1).

hq-sanjose# show isdn service

PRI Channel Statistics:
ISDN Se0:23, Channel (1-31)
  Activated dsl 0
  State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint)

    0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 3 3 3 3 3 3 3
  Channel (1-31) Service (0=Inservice 1=Maint 2=Outofservice)

    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2
ISDN Se1:23, Channel (1-31)
  Activated dsl 0
  State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint)
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 3 3 3 3 3 3 3
  Channel (1-31) Service (0=Inservice 1=Maint 2=Outofservice)
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2
ISDN Se2:23, Channel (1-31)
  Activated dsl 0
  State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint)
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 3 3 3 3 3 3 3
  Channel (1-31) Service (0=Inservice 1=Maint 2=Outofservice)
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2
ISDN Se3:23, Channel (1-31)
  Activated dsl 0
  State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint)
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 3 3 3 3 3 3 3
  Channel (1-31) Service (0=Inservice 1=Maint 2=Outofservice)
    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2

Enter the show ip interface brief command to view the individual serial B channel interfaces. In the following example, Serial 0:0 through Serial 0:22 are B channels and associated to Serial 0:23.

hq-sanjose# show ip interface brief

Interface              IP-Address      OK? Method Status                Protocol
Ethernet0                            unassigned            YES NVRAM   administratively down down
FastEthernet0                    10.1.1.10              YES  manual  up                                        up
Serial0:0              unassigned      YES unset  down                  down
Serial0:1              unassigned      YES unset  down                  down
Serial0:2              unassigned      YES unset  down                  down
Serial0:3              unassigned      YES unset  down                  down
Serial0:4              unassigned      YES unset  down                  down
Serial0:5              unassigned      YES unset  down                  down
Serial0:6              unassigned      YES unset  down                  down
Serial0:7              unassigned      YES unset  down                  down
Serial0:8              unassigned      YES unset  down                  down
Serial0:9              unassigned      YES unset  down                  down
Serial0:10             unassigned      YES unset  down                  down
Serial0:11             unassigned      YES unset  down                  down
Serial0:12             unassigned      YES unset  down                  down
Serial0:13             unassigned      YES unset  down                  down
Serial0:14             unassigned      YES unset  down                  down
Serial0:15             unassigned      YES unset  down                  down
Serial0:16             unassigned      YES unset  down                  down
Serial0:17             unassigned      YES unset  down                  down
Serial0:18             unassigned      YES unset  down                  down
Serial0:19             unassigned      YES unset  down                  down
Serial0:20             unassigned      YES unset  down                  down
Serial0:21             unassigned      YES unset  down                  down
Serial0:22             unassigned      YES unset  down                  down
Serial0:23                          unassigned      YES unset  down                  down

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
---- snip ----
!
interface Serial0:23
  no ip address
 no ip directed-broadcast
 isdn incoming-voice modem
!
interface Serial1:23
  no ip address
 no ip directed-broadcast
 isdn incoming-voice modem
!
interface Serial2:23
  no ip address
 no ip directed-broadcast
 isdn incoming-voice modem
!
interface Serial3:23
  no ip address
 no ip directed-broadcast
 isdn incoming-voice modem
!
---- snip ----

Tips

If you have trouble:

Be sure you have the correct ISDN switch type configured.
Make sure no wires or cables are loose.
The framing or line code types you entered might not match your telco's settings. A Layer 2 error indicates that the access server cannot communicate with the telco.
Make sure the show controller t1 command's current output shows no errors occurring.

Step 6---Configuring the Modems and Lines

Modems and lines are configured after the ISDN channels are operational, and voice calls are successfully routed to the modems. Each modem is directly mapped to a dedicated async line in the access server. After this configuration is set up, the access server is ready to take modem calls.

The modem speed 115200 bps and hardware flow control are the defaults for integrated modems.

Configure

To configure the modems and asynchronous lines, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# line 1 96
Enter the range of modem lines to configure.

In this example, the access server has 96 integrate modems.

2 .

hq-sanjose(config-line)# autoselect ppp hq-sanjose(config-line)# autoselect during-login
Enable remote PPP users to dial in, bypass the EXEC facility, and automatically launch PPP on the line.¹

Enter the autoselect during-login command to display the username:password prompt after modems connect.

3 .

hq-sanjose(config-line)# modem inout
Support incoming and outgoing modem calls.

¹ These two autoselect commands provide for transparent launching of shell and PPP services on the same lines.

Verify

Enter the show running command to verify the configuration:

hq-sanjose# show running

Building configuration...
Current configuration:
---- snip ----
!
line 1 96
 autoselect during-login
 autoselect ppp
 modem InOut
---- snip ----

Step 7---Testing Async Shell Connections

Now you are ready to send the first modem call into the Cisco AS5300. This step shows you how to perform the test and track the async data path taken by a single modem call.

Conduct this test using a shell service, which verifies that the physical async data path is working. This is the most efficient way to get quick test results in a simple test environment.

At this step, many administrators try to make complex services work such as PPP-based Web browsing. Do not jump ahead. Many other elements still need to be configured. This step is provided to ensure that the basic modem link is functioning and that the shell/EXEC prompt can be accessed from a remote location. To avoid problems, take a layered approach to building a network.

Note To enhance readability of debug output messages, the significant display output fields are highlighted with bold font.

Figure 2-3 shows the test lab environment used for this test case. The test PC is running a terminal emulation program, such as Hyper Terminal. This program enables the test PC to make a modem-to-modem connection with the Cisco AS5300 via the PSTN/ISDN network.

Figure 2-3: Test Lab Environment

Step 1 Enter the following debug commands on the Cisco AS5300 to debug calls landing on the integrated modems. These commands capture the call-switching module and ISDN connection messages. After you are finished with the test, turn off all debugging with the undebug all command.

hq-sanjose#

debug modem csm

Modem Management Call Switching Module debugging is on
hq-sanjose#

debug isdn q931

ISDN Q931 packets debugging is on
hq-sanjose#

terminal monitor % Console already monitors

Note

Step 2 From a terminal emulation program running on the test PC, enter atdt followed by the primary rate interface (PRI) phone number assigned to the Cisco AS5300. In this case test, 5551234 is used.

If the modem successfully connects, you will see a connect message followed by the terminal service EXEC login prompt. This is displayed on the test PC.

atdt5551234

CONNECT 24000/REL - MNP

User Access Verification

Username: joe-admin Password: joe-password

hq-sanjose>

Note

CONNECT 24000/REL - MNP

User Access Verification

Username:

Password:

Step 3 For educational purposes, look at and interpret the debug messages that appear on the administrator's terminal screen as a result of Step 2. As the modem call came into the access server, this debug output was created.

The following comments apply to the debug output example:

(a) See 20:43:35.906 through 20:43:35.918.
The setup message is received. The bearer capability is a voice call as indicated by 0x8090A2. The calling party number is 5551111, the test PC's phone number. The called party number is 5551234, the access server's dialed hunt group number.

(b) See 20:43:35.938.
Modem 1/1 is assigned to the incoming voice call.

(c) See 20:43:36.754 and 20:43:36.782.
The call successfully connects as indicated by the fields "TX -> CONNECT" and "RX <- CONNECT_ACK."

(d) See 20:43:36.806.
The integrated modem waits to negotiate carrier with the remote modem.

*Mar 1 20:43:35.906: ISDN Se0:23: RX <- SETUP pd = 8 callref = 0x0001

*Mar 1 20:43:35.906: Bearer Capability i = 0x8090A2

*Mar 1 20:43:35.910: Channel ID i = 0xA98381

*Mar 1 20:43:35.914: Calling Party Number i = '!', 0x80, '5551111'

*Mar 1 20:43:35.918: Called Party Number i = 0xA1, '5551234'

*Mar 1 20:43:35.934: EVENT_FROM_ISDN::dchan_idb=0x27C878, call_id=0xB, ces=0x1

bchan=0x0, event=0x1, cause=0x0

*Mar 1 20:43:35.938: VDEV_ALLOCATE: slot 1 and port 1 is allocated.

*Mar 1 20:43:35.938: EVENT_FROM_ISDN:(000B): DEV_INCALL at slot 1 and port 1

*Mar 1 20:43:35.942: CSM_PROC_IDLE: CSM_EVENT_ISDN_CALL at slot 1, port 1

*Mar 1 20:43:35.946: Fast Ringing On at modem slot 1, port 1

*Mar 1 20:43:35.966: ISDN Se0:23: TX -> CALL_PROC pd = 8 callref = 0x8001

*Mar 1 20:43:35.970: Channel ID i = 0xA98381

*Mar 1 20:43:35.978: ISDN Se0:23: TX -> ALERTING pd = 8 callref = 0x8001

*Mar 1 20:43:36.742: Fast Ringing Off at modem slot 1, port 1

*Mar 1 20:43:36.742: CSM_PROC_IC1_RING: CSM_EVENT_MODEM_OFFHOOK at slot 1, port

1

*Mar 1 20:43:36.754: ISDN Se0:23: TX -> CONNECT pd = 8 callref = 0x8001

*Mar 1 20:43:36.782: ISDN Se0:23: RX <- CONNECT_ACK pd = 8 callref = 0x0001

*Mar 1 20:43:36.798: EVENT_FROM_ISDN::dchan_idb=0x27C878, call_id=0xB, ces=0x1

bchan=0x0, event=0x4, cause=0x0

*Mar 1 20:43:36.802: EVENT_FROM_ISDN:(000B): DEV_CONNECTED at slot 1 and port 1

*Mar 1 20:43:36.806: CSM_PROC_IC4_WAIT_FOR_CARRIER: CSM_EVENT_ISDN_CONNECTED at

slot 1, port 1

Every Q.931 message indicates whether the message was transmitted by the access server (TX ->) or received by the access server (RX <-). Table 2-2 shows the most common message types used for opening and closing connections. Information elements exist within each message type, as described in Table 2-3.

Table 2-2: Debug Q.931 ISDN Messages
Message Type Description

SETUP

Indicates that a SETUP message has been received to initiate call establishment between PSTN end devices.

A key element to observe within the call setup message is the bearer capability.

CALL_PROC

Call proceeding. The network attempts to service the call. The switch is attempting to set up a call through the ISDN network backbone.

CONNECT

The called side transmits "CONNECT" when the connection is made. The side that transmits "CONNECT" is usually the side that receives the call, which is the called party.

CONNECT_ACK

Connect acknowledgment. Transmitted by the calling side to indicate that the "CONNECT" message was received.

DISCONNECT

Indicates that the transmitting side is ending the call. This messages indicates who dropped the call.

RELEASE

Indicates that the sending equipment is releasing the call and the associated channel.

RELEASE_COMP

Release complete. Indicates that the ISDN network has received the "RELEASE" message.

**Table 2-2: Debug Q.931 ISDN Messages**
Message Type	Description
`SETUP`	Indicates that a SETUP message has been received to initiate call establishment between PSTN end devices. A key element to observe within the call setup message is the bearer capability.
CALL_PROC	Call proceeding. The network attempts to service the call. The switch is attempting to set up a call through the ISDN network backbone.
CONNECT	The called side transmits "`CONNECT`" when the connection is made. The side that transmits "`CONNECT`" is usually the side that receives the call, which is the called party.
CONNECT_ACK	Connect acknowledgment. Transmitted by the calling side to indicate that the "`CONNECT`" message was received.
DISCONNECT	Indicates that the transmitting side is ending the call. This messages indicates who dropped the call.
RELEASE	Indicates that the sending equipment is releasing the call and the associated channel.
RELEASE_COMP	Release complete. Indicates that the ISDN network has received the "`RELEASE`" message.

ISDN setup messages contain different information elements. See Table 2-3.

Table 2-3: Information Elements within an ISDN Setup Message
Message Description

Bearer Capability

Indicates what kind of service the caller is requesting. For example, a 64K data call is indicated by the bearer capability of 0x8890. An analog voice call is indicated by the value 0x8090A2.

pd

Indicates the protocol discriminator number, which is 8 for Q.931 messages.

callref

A number used by the access server and the switch to reference the call. Indicates the call reference number in hexadecimal format. The field value indicates the number of calls made from the router (outgoing calls) or the network (incoming calls). Note that the originator of the SETUP message sets the high-order bit of the call reference number to 0.

The destination of the connection sets the high-order bit to 1 in subsequent call control messages, such as the CONNECT message. For example, callref = 0x04 in the request becomes callref = 0x84 in the response.

Cause i

Indicates the Information Element Identifier. The value depends on the field with which it is associated. Refer to the ITU-T Q.931 specification for details about the possible values associated with each field for which this identifier is relevant.

Channel ID

Indicates the Channel Identifier. The value 83 indicates any channel, 89 indicates the B1 channel, and 8A indicates the B2 channel. For more information about the Channel Identifier, refer to ITU-T Recommendation Q.931.

Calling Party Number

Identifies the phone number of the device that initiated the call.

In this case study, 5551111 is the directory number assigned to the telephone line used by the test PC.

Called Party Number

Identifies the called phone number that is used to reach another device.

In this case study, 5551234 is the directory number assigned to the Cisco AS5300. The test PC dialed this number to make a modem connection.

**Table 2-3: Information Elements within an ISDN Setup Message**
Message	Description
`Bearer Capability`	Indicates what kind of service the caller is requesting. For example, a 64K data call is indicated by the bearer capability of 0x8890. An analog voice call is indicated by the value 0x8090A2.
`pd`	Indicates the protocol discriminator number, which is 8 for Q.931 messages.
`callref`	A number used by the access server and the switch to reference the call. Indicates the call reference number in hexadecimal format. The field value indicates the number of calls made from the router (outgoing calls) or the network (incoming calls). Note that the originator of the SETUP message sets the high-order bit of the call reference number to 0. The destination of the connection sets the high-order bit to 1 in subsequent call control messages, such as the `CONNECT` message. For example, callref = 0x04 in the request becomes callref = 0x84 in the response.
`Cause i`	Indicates the Information Element Identifier. The value depends on the field with which it is associated. Refer to the ITU-T Q.931 specification for details about the possible values associated with each field for which this identifier is relevant.
`Channel ID`	Indicates the Channel Identifier. The value 83 indicates any channel, 89 indicates the B1 channel, and 8A indicates the B2 channel. For more information about the Channel Identifier, refer to ITU-T Recommendation Q.931.
`Calling Party Number`	Identifies the phone number of the device that initiated the call. In this case study, 5551111 is the directory number assigned to the telephone line used by the test PC.
`Called Party Number`	Identifies the called phone number that is used to reach another device. In this case study, 5551234 is the directory number assigned to the Cisco AS5300. The test PC dialed this number to make a modem connection.

Step 4 To determine the status of the modem call connected to the Cisco AS5300, use the following modem management commands.

Enter the show user command to see which TTY line the call landed on:

hq-sanjose# show user

Line User Host(s) Idle Location

* 0 con 0 joe-admin idle 0

2 tty 2 joe-admin Async interface 1

Enter the show line 2 command. Note that TTY 2 is associated with modem 1/1. The state is currently idle because this command was entered after the user disconnected.

hq-sanjose# show line 2

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns

2 TTY 115200/115200 - inout - - - 0 0 0/0

Line 2, Location: "", Type: ""

Length: 24 lines, Width: 80 columns

Baud rate (TX/RX) is 115200/115200, no parity, 1 stopbits, 8 databits

Status: No Exit Banner

Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out

Modem Callout, Modem RI is CD

Modem state: Idle

modem(slot/port)=1/1, state=IDLE

dsx1(slot/unit/channel)=NONE, status=VDEV_STATUS_UNLOCKED

Group codes: 0

Modem hardware state: CTS noDSR DTR RTS

Special Chars: Escape Hold Stop Start Disconnect Activation

^^x none - - none

Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch

00:10:00 never none not set

Idle Session Disconnect Warning

never

Login-sequence User Response

00:00:30

Autoselect Initial Wait

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns

not set

Modem type is unknown.

Session limit is not set.

Time since activation: never

Editing is enabled.

History is enabled, history size is 10.

DNS resolution in show commands is enabled

Full user help is disabled

Allowed transports are lat pad telnet rlogin v120. Preferred is lat.

No output characters are padded

No special data dispatching characters

Enter the show modem log 1/1 command to view the information logged for modem 1/1. The time stamps show when the event occurred. The most current events begin at the bottom of the output.

hq-sanjose# show modem log 1/1

Modem 1/1 Events Log:

20:40:45: Startup Response: Microcom (Managed)

Modem (boot) firmware = 2.2(8) (1.0(5))

---- snip ----

00:02:19: ISDN incoming calling number: 5551111

00:02:19: ISDN incoming called number: 5551234

00:02:13: Modem State event: Dialing/Answering

00:02:13: Modem State event: Incoming ring

00:02:13: Modem State event: Waiting for Carrier

00:02:13: RS232 event: RTS DTR CTS DSR noDCD noRI* noTST

00:02:01: Modem State event: Connected

00:02:01: Connection event: TX/RX Speed = 33600/33600, Modulation = V34

Direction = Answer, Protocol = reliable/LAPM, Compression = V42bis

00:02:02: RS232 event: RTS DTR CTS DSR DCD* noRI noTST

00:01:50: Modem Analog signal event: TX = -21, RX = -18, Signal to noise = 43

00:00:15: DTR event: DTR Off

00:00:15: Modem State event: Connected

00:00:15: End connection event: Retransmits for EC block (TX/RX) = 0/0

Duration = 0:01:43, Number of TX/RX char = 159/0

Local Disc Reason = DTR Drop

Remote Disc Reason = Unknown

00:00:15: Modem State event: Disconnecting

00:00:15: DTR event: DTR On

00:00:15: RS232 event: RTS DTR* CTS* DSR* noDCD* noRI* noTST*

Enter the show modem command. In the following example, the current active call is on modem 1/1, which is functioning properly at 100%. An active call is indicated by an asterisk (*).

hq-sanjose# show modem

Inc calls Out calls Busied Failed No Succ

Mdm Usage Succ Fail Succ Fail Out Dial Answer Pct.

1/0 0% 0 0 0 0 0 0 0 0%

* 1/1 0% 1 0 0 0 0 0 0 100%

1/2 0% 0 0 0 0 0 0 0 0%

1/3 0% 0 0 0 0 0 0 0 0%

1/4 0% 0 0 0 0 0 0 0 0%

1/5 0% 0 0 0 0 0 0 0 0%

1/6 0% 0 0 0 0 0 0 0 0%

1/7 0% 0 0 0 0 0 0 0 0%

1/8 0% 0 0 0 0 0 0 0 0%

1/9 0% 0 0 0 0 0 0 0 0%

1/10 0% 0 0 0 0 0 0 0 0%

1/11 0% 0 0 0 0 0 0 0 0%

---- snip -----

Enter the show controller t1 0 call-counters command, which shows you the DS0 timeslot used to carry the modem call. This example shows that timeslot 1 has accepted one call for a total duration of 1 minute 30 seconds.

hq-sanjose# show controller t1 0 call-counters

T1 0:

DS0's Active: 0

DS0's Active High Water Mark: 0

TimeSlot Type TotalCalls TotalDuration

Total DS0's Active High Water Mark: 0

To further troubleshoot modem problems, connect to a modem's out-of-band management port. For Microcom modems, use the modem at-mode slot/port command. For MICA modems, use the show modem operational-status slot/port command and the show modem configuration slot/port command.

hq-sanjose# modem at-mode 2/15

You are now entering AT command mode on modem (slot 2 / port 15).

Please type CTRL-C to exit AT command mode.

at@e1

MNP Class 10 K56flex Modem

MODEM HW: OEM 2W United States

Firmware Rev 3.3.20/85

Bootstrap Rev 3.0.4

DSP C36 Part/Rev 3635 4241

DSP C58 Part/Rev 3635 2041

DSP Controller Rev 42

DSP Data Pump Rev 4.2

NET ADDR: FFFFFFFFFFFF

Connect Time 000:06:41

4 RTS 5 CTS 6 DSR 8 CD 20 DTR - RI

Disconnect Remote - Local -

Mod Type V.34

TX/RX Spd 24000 26400 BPS

TX/RX Spd Mask NA BFFF Hex

Symbol Rate 3200 Hz

TX/RX Carrier Freq 1829 1829 Hz

TX/RX States 16 16

TX/RX NLE ON ON

TX/RX Precoding ON ON

TX/RX Shaping ON ON

TX Preemphasis Index 0

TX Lvl REG - 13 dBm

Lower/Upper Edge 150 3675 Hz

Phase Jitter Freq 139 Hz

Phase Jitter Amp 0.0 deg

Far Echo Lvl 138 N

Round Trip Delay 0 msec

Dropouts > 5dB 0

RTRNs Init/Accept 0 0

RRENs Init/Accept 0 0

BLER 0000 Hex

RBS Counter 0000 Hex

Digital Pad Detected 0 dB

Max SECRXB 67

Max SECTXB 67

V8BIS STATUS NAK

OK

Step 8---Setting Up IP Address Pools

Create a pool of IP address to support remote nodes dialing in. As remote node devices connect, they request an IP address from the central site.

It is important to determine how your intranet/Internet backbone will route packets to the addresses in this pool. There are several ways to do this, such as using addresses off a subnet defined on the access server (for example, on the loopback or Ethernet interface).

Note Administrators commonly create a loopback interface and new subnet if their existing Ethernet subnet has all its IP addresses already consumed. Loopback interfaces are very stable and do not go up and down as LAN interfaces may.

Configure

To set up the address pool, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# interface loopback 0
Create loopback interface 0.

2 .

hq-sanjose(config-if)# ip address 10.1.2.1 255.255.255.0
Assign an IP subnet and address to loopback 0. This subnet is used for the creation of your IP address pool¹.

3 .

hq-sanjose(config-if)# exit
Exit back to global configuration mode.

4 .

hq-sanjose(config)# ip local pool dialin_pool 10.1.2.2 10.1.2.97

Create a pool of IP addresses for assigning to the remote nodes².

5 .

hq-sanjose(config)# async-bootp dns-server 10.2.2.3 10.2.3.1

Specify the domain name servers on the network, which can be used for clients dialing in with PPP.

¹This subnet is now dedicated to this Cisco AS5300 for remote node support. This subnet cannot be used in other places in your network.
²A remote LAN is typically a router that has a next hop address and its own IP subnet. It also requires IP routing support from the backbone, which is commonly accomplished with a static IP route. A remote node gets an IP address out of a central pool of IP addresses. Remote LANs and remote nodes are primarily differentiated by this IP addressing scheme. Remote LANs can appear as remote nodes by using PAT.

Verify

Enter the show ip local pool command to verify the configuration:

hq-sanjose# show ip local pool

 Pool              Begin           End             Free    In use   Cache Size
 dialin_pool   10.1.2.2        10.1.2.97         96       0          20

Step 9---Configuring the Group-Async Interface

The group-async interface is a template, which is used to control the configuration of all the async interfaces on the access server. Async interfaces are lines that are running in PPP mode. An async interface uses the same number as its corresponding line. Configuring the asynchronous interfaces as a group-async saves you time and configuration file size.

Configure

To configure the group-async interface, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# interface group-async 1
Create the group-async interface.

2 .

hq-sanjose(config-if)# ip unnumbered loopback 0
To conserve IP address space, configure the asynchronous interfaces as unnumbered.

3 .

hq-sanjose(config-if)# encapsulation ppp
Enable PPP.

4 .

hq-sanjose(config-if)# async mode interactive
Configure interactive mode on the asynchronous interfaces. Interactive means that users can dial in and get to a shell or PPP session on that line.

5 .

hq-sanjose(config-if)# ppp authentication chap pap
Enable CHAP and PAP authentication on the interface during LCP negotiation.

The access server first requests to authenticate with CHAP. If CHAP is rejected by the remote client (modem), then PAP authentication is requested.

6 .

hq-sanjose(config-if)# peer default ip address pool dialin_pool
Assign dial-in clients IP addresses from the pool named dialin_pool.

7 .

hq-sanjose(config-if)# no cdp enable

Disable the Cisco discovery protocol.

8 .

hq-sanjose(config-if)# group-range 1 96
Specify the range of asynchronous interfaces to include in the group, which is usually equal to the number of modems you have in the access server.

Verify

Enter the show running command. After completing Steps 1 through 9, the configuration looks like this:

hq-sanjose# show running

Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hq-sanjose
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed local
enable secret 5 $1$.voA$9/8.Zoil3jeWJMP6hEE6U0
!
username joe-admin password 7 <removed>
!
async-bootp dns-server 10.2.2.3 10.2.3.1
isdn switch-type primary-ni
!
!
controller T1 0
 framing esf
 clock source line primary
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 1
 framing esf
 clock source line secondary 
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 2
 framing esf
  clock source internal
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 3
 framing esf
  clock source internal
 linecode b8zs
 pri-group timeslots 1-24
!
interface Loopback0
 ip address 10.1.2.1 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet0
 no ip address
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface Serial0:23
  no ip address
 no ip directed-broadcast
  isdn incoming-voice modem
  no fair-queue
 no cdp enable
!
interface Serial1:23
  no ip address
 no ip directed-broadcast
  isdn incoming-voice modem
  no fair-queue
 no cdp enable
!
interface Serial2:23
  no ip address
 no ip directed-broadcast
  isdn incoming-voice modem
 no fair-queue
 no cdp enable
!
interface Serial3:23
  no ip address
 no ip directed-broadcast
  isdn incoming-voice modem
  no fair-queue
 no cdp enable
!
interface FastEthernet0
 ip address 10.1.1.10 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!
interface Group-Async1
 ip unnumbered Loopback0
 no ip directed-broadcast
 encapsulation ppp
 async mode interactive
 peer default ip address pool dialin_pool
 no cdp enable
 ppp authentication chap pap
 group-range 1 96
!
ip local pool dialin_pool 10.1.2.2 10.1.2.97
!
!
line con 0
line 1 96
 autoselect during-login
 autoselect ppp
 modem InOut
line aux 0
line vty 0 4
!
end

Step 10---Testing Async PPP Connections

Now you are ready to send the first async PPP modem call into the Cisco AS5300. This step provides you with a picture of the test lab followed by debug output for a successful connection.

Figure 2-3 shows the test lab environment used for this test. A test PC makes a PPP modem-to-modem connection with the Cisco AS5300 via the PSTN/ISDN network.

Figure 2-4:
Test Lab Environment

Step 1 Enter the following debugging commands on the Cisco AS5300:

hq-sanjose# debug ppp negotiation

PPP protocol negotiation debugging is on
hq-sanjose#

debug ppp authentication

PPP authentication debugging is on
hq-sanjose#

debug modem

Modem control/process activation debugging is on
hq-sanjose#

debug ip peer

IP peer address activity debugging is on

hq-sanjose#

show debug

General OS:
Modem control/process activation debugging is on
Generic IP:
IP peer address activity debugging is on
PPP:
PPP authentication debugging is on
PPP protocol negotiation debugging is on

hq-sanjose# terminal monitor

Step 2 From a terminal emulation program running on the test PC, enter atdt followed by the telephone number assigned to the Cisco AS5300. In this case test, 5551234 is used.

atdt5551234

CONNECT 24000/REL - MNP

User Access Verification

Username: joe-admin Password: joe-password

hq-sanjose>

Step 3 Interpret the debug messages that appear on the administrator's terminal screen as a result of Step 2. As the modem call comes into the access server, debug output is created.

Note

The following comments apply to the debug output example, which spans over the next few pages. Locate the time stamps in the debug output then interpret the call behavior.

(a) See 21:34:56.958.
A modem call comes into the access server on TTY line 4.

(b) See 21:34:59.722 through 21:34:59.734.
An incoming PPP frame is recognized, so PPP is launched on TTY line 4.

(c) See 21:34:59.790.
The test PC gets assigned an IP address from the address pool set up on the access server. The address is 10.1.2.2.

(d) See 21:35:01.798.
Interface async 4 comes up. After PPP launches, TTY line 4 becomes async interface 4.

(e) See 21:35:02.718.
Incoming config request (I CONFREQ). The remote test PC requests a set of options to be negotiated. The PC asks the Cisco AS5300 to support the callback option.

(f) See 21:35:02.738.
Outgoing config reject (O CONFREJ). The Cisco AS5300 rejects this option, because the access server is not configured to support Microsoft Callback in this case study.

(g) See 21:35:02.850.
Incoming config request (I CONFREQ). The test PC requests a new set of options.

(h) See 21:35:02.862.
Outgoing config acknowledgment (O CONFACK). The Cisco AS5300 accepts the new set of options.

(i) See 21:35:03.978.
LCP is now open (LCP: State is Open). Both sides have acknowledged (CONFACK) the other side's configuration request (CONFREQ).

(j) See 21:35:03.978.
After LCP negotiates, authentication starts. Authentication must happen before any network protocols, such as IP, are delivered. Both sides authenticate with the method negotiated during LCP. The Cisco AS5300 is authenticating the test PC using CHAP. The test PC is not authenticating the access server in this test case.

(k) See 21:35:03.982.
Outgoing challenge from hq-sanjose.

(l) See 21:35:04.162.
Incoming CHAP response from the test PC, which is shows the username joe-admin.

(m) See 21:35:04.182.
An outgoing success is sent from the NAS---authentication is successful.

(n) See 21:35:04.186.
PPP is up. The Cisco AS5300 PPP link is now open and available to negotiate any network protocols supported by both peers.

(o) See 21:35:04.314 through 21:35:04.322.
The test PC requests support for Microsoft Point-to-Point Compression (MPPC). The Cisco AS5300 rejects this request. The access server's integrated modems already support hardware compression, and the Cisco IOS is not configured to support software compression.

(p) See 21:35:07.274 through 21:35:07.478.
The primary and secondary DNS addresses are negotiated. At first, the test PC asks for 0.0.0.0. addresses. The access server sends out a CONFNAK and supplies the correct values. Values include an IP address from the pool, the primary DNS address, and the backup DNS address.

(q) See 21:35:07.426.
The test PC sends an incoming request saying that the new values are accepted. Whenever the access server sends out a CONFNAK that includes values, the test PC still needs to come back and report acceptance of the new values.

(r) See 21:35:07.458 through 21:35:07.490.
An outgoing CONFACK is sent for IPCP. The state is open for IPCP. A route is negotiated for the IPCP peer, which is 10.1.2.2.

Note To enhance readability of debug output messages, significant display output fields are highlighted with bold font.

hq-sanjose#
*Mar  1 21:34:56.958: TTY4: DSR came up

*Mar  1 21:34:56.962: TTY4: Modem: IDLE->READY
*Mar  1 21:34:56.970: TTY4: EXEC creation
*Mar  1 21:34:56.978: TTY4: set timer type 10, 30 seconds
*Mar  1 21:34:59.722: TTY4: Autoselect(2) sample 7E

*Mar  1 21:34:59.726: TTY4: Autoselect(2) sample 7EFF

*Mar  1 21:34:59.730: TTY4: Autoselect(2) sample 7EFF7D

*Mar  1 21:34:59.730: TTY4: Autoselect(2) sample 7EFF7D23

*Mar  1 21:34:59.734: TTY4 Autoselect cmd: ppp negotiate

*Mar  1 21:34:59.746: TTY4: EXEC creation
*Mar  1 21:34:59.746: TTY4: create timer type 1, 600 seconds
*Mar  1 21:34:59.786: ip_get_pool: As4: using pool default
*Mar  1 21:34:59.790: ip_get_pool: As4: returning address = 10.1.2.2

*Mar  1 21:34:59.794: TTY4: destroy timer type 1 (OK)
*Mar  1 21:34:59.794: TTY4: destroy timer type 0
*Mar  1 21:35:01.798: %LINK-3-UPDOWN: Interface Async4, changed state to up

*Mar  1 21:35:01.834: As4 PPP: Treating connection as a dedicated line
*Mar  1 21:35:01.838: As4 PPP: Phase is ESTABLISHING, Active Open
*Mar  1 21:35:01.842: As4 LCP: O CONFREQ [Closed] id 1 len 25

*Mar  1 21:35:01.846: As4 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  1 21:35:01.850: As4 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 21:35:01.854: As4 LCP:    MagicNumber 0x64E923A8 (0x050664E923A8)
*Mar  1 21:35:01.854: As4 LCP:    PFC (0x0702)
*Mar  1 21:35:01.858: As4 LCP:    ACFC (0x0802)
*Mar  1 21:35:02.718: As4 LCP: I CONFREQ [REQsent] id 3 len 23

*Mar  1 21:35:02.722: As4 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  1 21:35:02.726: As4 LCP:    MagicNumber 0x00472467 (0x050600472467)
*Mar  1 21:35:02.726: As4 LCP:    PFC (0x0702)
*Mar  1 21:35:02.730: As4 LCP:    ACFC (0x0802)
*Mar  1 21:35:02.730: As4 LCP:    Callback 6  (0x0D0306)
*Mar  1 21:35:02.738: As4 LCP: O CONFREJ [REQsent] id 3 len 7

*Mar  1 21:35:02.738: As4 LCP:    Callback 6  (0x0D0306)
*Mar  1 21:35:02.850: As4 LCP: I CONFREQ [REQsent] id 4 len 20

*Mar  1 21:35:02.854: As4 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  1 21:35:02.854: As4 LCP:    MagicNumber 0x00472467 (0x050600472467)
*Mar  1 21:35:02.858: As4 LCP:    PFC (0x0702)
*Mar  1 21:35:02.858: As4 LCP:    ACFC (0x0802)
*Mar  1 21:35:02.862: As4 LCP: O CONFACK [REQsent] id 4 len 20

*Mar  1 21:35:02.866: As4 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  1 21:35:02.870: As4 LCP:    MagicNumber 0x00472467 (0x050600472467)
*Mar  1 21:35:02.870: As4 LCP:    PFC (0x0702)
*Mar  1 21:35:02.874: As4 LCP:    ACFC (0x0802)
*Mar  1 21:35:03.842: As4 LCP: TIMEout: State ACKsent
*Mar  1 21:35:03.842: As4 LCP: O CONFREQ [ACKsent] id 2 len 25

*Mar  1 21:35:03.846: As4 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  1 21:35:03.850: As4 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 21:35:03.854: As4 LCP:    MagicNumber 0x64E923A8 (0x050664E923A8)
*Mar  1 21:35:03.854: As4 LCP:    PFC (0x0702)
*Mar  1 21:35:03.858: As4 LCP:    ACFC (0x0802)
*Mar  1 21:35:03.962: As4 LCP: I CONFACK [ACKsent] id 2 len 25

*Mar  1 21:35:03.966: As4 LCP:    ACCM 0x000A0000 (0x0206000A0000)
*Mar  1 21:35:03.966: As4 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 21:35:03.970: As4 LCP:    MagicNumber 0x64E923A8 (0x050664E923A8)
*Mar  1 21:35:03.974: As4 LCP:    PFC (0x0702)
*Mar  1 21:35:03.974: As4 LCP:    ACFC (0x0802)
*Mar  1 21:35:03.978: As4 LCP: State is Open

*Mar  1 21:35:03.978: As4 PPP: Phase is AUTHENTICATING, by this end

*Mar  1 21:35:03.982: As4 CHAP: O CHALLENGE id 1 len 26 from "hq-sanjose"

*Mar  1 21:35:04.162: As4 CHAP: I RESPONSE id 1 len 26 from "joe-admin"

*Mar  1 21:35:04.170: As4 AUTH: Started process 0 pid 47
*Mar  1 21:35:04.182: As4 CHAP: O SUCCESS id 1 len 4

*Mar  1 21:35:04.186: As4 PPP: Phase is UP

*Mar  1 21:35:04.190: As4 IPCP: O CONFREQ [Not negotiated] id 1 len 10

*Mar  1 21:35:04.194: As4 IPCP:    Address 10.1.2.1 (0x03060A010201)

*Mar  1 21:35:04.282: As4 IPCP: I CONFREQ [REQsent] id 1 len 28

*Mar  1 21:35:04.282: As4 IPCP:    CompressType VJ 15 slots CompressSlotID (0x02
06002D0F01)
*Mar  1 21:35:04.286: As4 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar  1 21:35:04.290: As4 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar  1 21:35:04.298: As4 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar  1 21:35:04.306: As4 IPCP: O CONFREJ [REQsent] id 1 len 10

*Mar  1 21:35:04.310: As4 IPCP:    CompressType VJ 15 slots CompressSlotID (0x02
06002D0F01)
*Mar  1 21:35:04.314: As4 CCP: I CONFREQ [Not negotiated] id 1 len 15

*Mar  1 21:35:04.318: As4 CCP:    MS-PPC supported bits 0x00000001 (0x1206000000

01)

*Mar  1 21:35:04.318: As4 CCP:    Stacker history 1 check mode EXTENDED (0x11050
00104)
*Mar  1 21:35:04.322: As4 LCP: O PROTREJ [Open] id 3 len 21 protocol CCP

*Mar  1 21:35:04.326: As4 LCP:  (0x80FD0101000F12060000000111050001)
*Mar  1 21:35:04.330: As4 LCP:  (0x04)
*Mar  1 21:35:04.334: As4 IPCP: I CONFACK [REQsent] id 1 len 10

*Mar  1 21:35:04.338: As4 IPCP:    Address 10.1.2.1 (0x03060A010201)
*Mar  1 21:35:05.186: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async4, ch
anged state to up
*Mar  1 21:35:07.274: As4 IPCP: I CONFREQ [ACKrcvd] id 2 len 22

*Mar  1 21:35:07.278: As4 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar  1 21:35:07.282: As4 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar  1 21:35:07.286: As4 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar  1 21:35:07.294: As4 IPCP: O CONFNAK [ACKrcvd] id 2 len 22

*Mar  1 21:35:07.298: As4 IPCP:    Address 10.1.2.2 (0x03060A010202)
*Mar  1 21:35:07.302: As4 IPCP:    PrimaryDNS 10.2.2.3 (0x81060A020203)
*Mar  1 21:35:07.310: As4 IPCP:    SecondaryDNS 10.2.3.1 (0x83060A020301)
*Mar  1 21:35:07.426: As4 IPCP: I CONFREQ [ACKrcvd] id 3 len 22

*Mar  1 21:35:07.430: As4 IPCP:    Address 10.1.2.2 (0x03060A010202)
*Mar  1 21:35:07.434: As4 IPCP:    PrimaryDNS 10.2.2.3 (0x81060A020203)
*Mar  1 21:35:07.442: As4 IPCP:    SecondaryDNS 10.2.3.1 (0x83060A020301)
*Mar  1 21:35:07.446: ip_get_pool: As4: validate address = 10.1.2.2
*Mar  1 21:35:07.450: ip_get_pool: As4: using pool default
*Mar  1 21:35:07.450: ip_get_pool: As4: returning address = 10.1.2.2
*Mar  1 21:35:07.454: set_ip_peer_addr: As4: address = 10.1.2.2 (3) is redundant
*Mar  1 21:35:07.458: As4 IPCP: O CONFACK [ACKrcvd] id 3 len 22

*Mar  1 21:35:07.462: As4 IPCP:    Address 10.1.2.2 (0x03060A010202)
*Mar  1 21:35:07.466: As4 IPCP:    PrimaryDNS 10.2.2.3 (0x81060A020203)
*Mar  1 21:35:07.474: As4 IPCP:    SecondaryDNS 10.2.3.1 (0x83060A020301)
*Mar  1 21:35:07.478: As4 IPCP: State is Open

*Mar  1 21:35:07.490: As4 IPCP: Install route to 10.1.2.2

hq-sanjose# undebug all

All possible debugging has been turned off

Note After you finish testing, turn off all debugging with the undebug all command. Isolating the display of debug output helps you efficiently build a network. Debug only at the components that you have built so far.

Step 11---Configuring DDR

Dial-on-demand routing (DDR) provides a mechanism to establish and maintain connectivity over a circuit switched network, such as the PSTN. DDR also supports remote LANs by maintaining IP routes to the remote sites when they are not connected.

Configure

To configure the dialer interfaces, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# interface dialer 1
hq-sanjose(config-if)# ip address 10.1.254.1 255.255.255.0

Create interface dialer 1 and enable IP routing.

2 .

hq-sanjose(config-if)# exit

Exit back to global configuration mode.

3 .

hq-sanjose(config)# interface serial 0:23
hq-sanjose(config-if)# dialer rotary-group 1
hq-sanjose(config-if)# exit

Group serial 0's channels into dialer 1.

4 .

hq-sanjose(config)# interface serial 1:23
hq-sanjose(config-if)# dialer rotary-group 1
hq-sanjose(config-if)# exit
hq-sanjose(config)# interface serial 2:23
hq-sanjose(config-if)# dialer rotary-group 1
hq-sanjose(config-if)# exit
hq-sanjose(config)# interface serial 3:23
hq-sanjose(config-if)# dialer rotary-group 1
hq-sanjose(config-if)# exit

Group the remaining serial channels into dialer 1.

5 .

hq-sanjose(config)# interface dialer 1

Now with all the D channels grouped together, return to dialer 1.

6 .

hq-sanjose(config-if)# encapsulation ppp

Encapsulate the packets with PPP.

7 .

hq-sanjose(config-if)# peer default ip address pool dialin_pool

Assign an address pool to interface dialer 1. This step supports remote node ISDN devices, such as those running Easy IP and PAT¹.

8 .

hq-sanjose(config-if)# dialer in-band

Specify that this is an in-band dialer interface, which enables passing the phone number across the D channel.

9 .

hq-sanjose(config-if)# dialer idle-timeout 1800

Configure the idle timeout, which is set to 1800 seconds (30 minutes) in this example².

10 .

hq-sanjose(config-if)# dialer-group 2

Define the interesting packets, which are packets that reset the idle timer or trigger calls.

This dialer filter is defined by the dialer-list 2 command. See Step 17 ³.

11 .

hq-sanjose(config-if)# ppp multilink

Enable PPP multilink, which fragments and reassembles packets among bundled B channels.

12 .

hq-sanjose(config-if)# ppp authentication chap pap

Enable CHAP and PAP authentication. CHAP is used first. PAP is the second choice.

13 .

hq-sanjose(config-if)# no fair-queue

Disable fair queuing.

14 .

hq-sanjose(config-if)# no cdp enable

Disable the Cisco discovery protocol, unless you are using it for a specific purpose.

15 .

hq-sanjose(config-if)# no ip mroute-cache

Turn off multicast route caching.

16 .

hq-sanjose(config-if)# exit

Return to global configuration mode.

17 .

hq-sanjose(config)# dialer-list 2 protocol ip permit

Define a DDR dialer-list to allow any IP traffic to maintain the connection. Any IP packet will maintain the DDR session.

Minor or extensive tuning of your dialer list might be required to control costs in your environment.3

¹These users will also need a username and password.
²Other environments might require shorter timeouts. The default is 120 seconds.
³ The dialer-group command and dialer-list command must use the same number. To monitor the idle timer value and the packets that reset it, use the debug dialer packet command and show dialer command.

Verify

To verify the configuration:

Enter the show dialer command. This command shows you the state associated with each IP interface. Notice that each individual serial channel is actually a dialer interface.

hq-sanjose# show dialer

Dialer1 - dialer type = IN-BAND SYNC NO-PARITY
Idle timer (1800 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dial String      Successes   Failures    Last called   Last status
Serial0:0 - dialer type = ISDN

Idle timer (1800 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle

Serial0:1 - dialer type = ISDN

Idle timer (1800 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle

Serial0:2 - dialer type = ISDN

Idle timer (1800 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle

----- snip -----

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
---- snip ----
!
interface Serial0:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
 isdn incoming-voice modem
!
interface Serial1:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
 isdn incoming-voice modem
!
interface Serial2:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
 isdn incoming-voice modem
!
interface Serial3:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
 isdn incoming-voice modem
!
---- snip ----
!
interface Dialer1
 ip address 10.1.254.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 1800
  dialer-group 2
 peer default ip address pool dialin_pool
 no fair-queue
 no cdp enable
 ppp authentication chap pap
 ppp multilink
!
dialer-list 2 protocol ip permit
!
---- snip ----

Step 12---Configuring Definitions for Remote LAN Sites

You must configure additional parameters to enable synchronous PPP services for the remote sites. Each remote site must have the following three entries configured on the Cisco AS5300:

Username and password
Static route
Dialer map to support IP connectivity with the remote peer

Table 2-4 summarizes the critical parameters used by DDR, which works primarily at the addressing layer. These routes are stored in the routing table when the sites are not connected.

Table 2-4: Site Characteristics
Router Name Password WAN
IP Address Ethernet
IP Address Assigned Phone Number Site Hardware

hq-sanjose

hq-sanjose-pw

10.1.254.1 255.255.255.0

10.1.1.10 255.255.255.0

4085551234

Cisco AS5300

soho-tahoe

tahoe-pw

10.1.254.3 255.255.255.0

10.1.3.1 255.255.255.0

5305558084

Cisco 766

robo-austin

austin-pw

10.1.254.4 255.255.255.0

10.1.4.1 255.255.255.0
5125554433
Cisco 1604

Configure

To enable the remote LANs to dial into the Cisco AS5300, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# username robo-austin password austin-pw

Specify the robo-austin username and password¹.

2 .

hq-sanjose(config)# ip route 10.1.4.0 255.255.255.0 10.1.254.4 permanent

Enable IP routing for the robo-austin subnet.

3 .

hq-sanjose(config)# username soho-tahoe password tahoe-pw

Specify the soho-tahoe username and password1.

4 .

hq-sanjose(config)# ip route 10.1.3.0 255.255.255.0 10.1.254.3 permanent

Enable IP routing for the soho-tahoe subnet.

5 .

hq-sanjose(config)# interface dialer 1

Enter interface dialer 1.

6 .

hq-sanjose(config-if)# dialer map ip 10.1.254.4 name robo-austin #

Create a dialer map entry to the robo-austin router2.

7 .

hq-sanjose(config-if)# dialer map ip 10.1.254.3 name soho-tahoe #

Create a dialer map entry to the soho-tahoe router².

¹ Make sure to use your own usernames and passwords for the remote sites.
² In this case study, hq-sanjose does not dial out to the remote sites. The pound sign (#) is used to map the remote site's name to the IP address.

Verify

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
---- snip ----
!
username joe-admin password 7 <removed>
username robo-austin password 7 <removed>
username soho-tahoe password 7 <removed>
!
---- snip ----
!
interface Dialer1
 ip address 10.1.254.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 1800
 dialer map ip 10.1.254.3 name soho-tahoe #
 dialer map ip 10.1.254.4 name robo-austin #
 dialer-group 2
 peer default ip address pool dialin_pool
 no fair-queue
 no cdp enable
 ppp authentication chap pap
 ppp multilink
!
---- snip ----
!
ip local pool dialin_pool 10.1.2.2 10.1.2.97
ip route 10.1.3.0 255.255.255.0 10.1.254.3 permanent
ip route 10.1.4.0 255.255.255.0 10.1.254.4 permanent
!
dialer-list 2 protocol ip permit
!
---- snip ----

Tips

Dialer mapping provides layer 3 to layer 2 address resolution for a telephone network. This is done by mapping a host name and IP address to a telephone number.
To display the static and dynamic dialer maps, enter the show dialer map command on the Cisco AS5300.

Note If you want the Cisco AS5300 to initiate calls to the remote sites, you must define a dialer map phone number. This case study does not cover this option. See the Dial Solutions Configuration Guide for more information.

Step 13---Configuring a Backhaul Routing Protocol

Assign a routing protocol and configure its related configuration parameters to integrate with the IP backbone. The dialer network uses static routing.

Configure

To configure the routing protocol, use the following commands beginning in global configuration mode:

Step Command Purpose

1 .

hq-sanjose(config)# router eigrp 10
hq-sanjose(config-router)# network 10.0.0.0
hq-sanjose(config-router)# passive-interface dialer 1
hq-sanjose(config-router)# redistribute static
hq-sanjose(config-router)# no auto-summary
hq-sanjose(config-router)# exit

Configure the Enhanced IGRP routing protocol, enable IP routing, turn off routing updates on the dialer interface, and advertise remote LAN static routes.

2 .

hq-sanjose(config)# interface fastethernet 0 hq-sanjose(config-if)# ip summary-address eigrp 10 10.1.2.0 255.255.255.0
Configure a summary aggregate address on the Fast Ethernet interface 0.

This step summarizes the IP addresses that are advertised to the backbone.

Verify

To verify the configuration:

Enter the show ip eigrp topology command:

hq-sanjose# show ip eigrp topology

IP-EIGRP Topology Table for process 10
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - Reply status
P 10.1.3.0/24, 1 successors, FD is 46226176
         via Redistributed (46226176/0)
P 10.1.2.0/24, 1 successors, FD is 128256
         via Connected, Loopback0
P 10.1.4.0/24, 1 successors, FD is 46226176
         via Redistributed (46226176/0)
P 10.1.254.0/24, 1 successors, FD is 46226176
         via Connected, Dialer1

Enter the show running command:

hq-sanjose# show running

Building configuration...
Current configuration:
!
---- snip ----
!
router eigrp 10
 redistribute static
 passive-interface Dialer1
 network 10.0.0.0
 no auto-summary
!
---- snip ----

Step 14---Confirming the Final Running Configuration

Here is the final running configuration:

hq-sanjose# show running

Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hq-sanjose
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed local
enable secret 5 $1$.voA$9/8.Zoil3jeWJMP6hEE6U0
!
username joe-admin password 7 <removed>
username robo-austin password 7 <removed>
username soho-tahoe password 7 <removed>
!
async-bootp dns-server 10.2.2.3 10.2.3.1
isdn switch-type primary-ni
!
!
controller T1 0
 framing esf
 clock source line primary
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 1
 framing esf
 clock source line secondary 
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 2
 framing esf
  clock source internal
 linecode b8zs
 pri-group timeslots 1-24
!
controller T1 3
 framing esf
  clock source internal
 linecode b8zs
 pri-group timeslots 1-24
!
interface Loopback0
 ip address 10.1.2.1 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet0
 no ip address
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
 shutdown
!
interface Serial0:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
  isdn incoming-voice modem
!
interface Serial1:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
  isdn incoming-voice modem
!
interface Serial2:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
  isdn incoming-voice modem
!
interface Serial3:23
  no ip address
 no ip directed-broadcast
  dialer rotary-group 1
  isdn incoming-voice modem
!
interface FastEthernet0
 ip address 10.1.1.10 255.255.255.0
 no ip directed-broadcast
 ip summary-address eigrp 10 10.1.2.0 255.255.255.0
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!
interface Group-Async1
 ip unnumbered Loopback0
 no ip directed-broadcast
 encapsulation ppp
 async mode interactive
 peer default ip address pool dialin_pool
 no cdp enable
 ppp authentication chap pap
 group-range 1 96
!
interface Dialer1
 ip address 10.1.254.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 1800
 dialer map ip 10.1.254.3 name soho-tahoe #
 dialer map ip 10.1.254.4 name robo-austin #
 dialer-group 2
 peer default ip address pool dialin_pool
 no fair-queue
 no cdp enable
 ppp authentication chap pap
 ppp multilink
!
router eigrp 10
 redistribute static
 passive-interface Dialer1
 network 10.0.0.0
 no auto-summary
!
ip local pool dialin_pool 10.1.2.2 10.1.2.97
ip route 10.1.3.0 255.255.255.0 10.1.254.3 permanent
ip route 10.1.4.0 255.255.255.0 10.1.254.4 permanent
!
dialer-list 2 protocol ip permit
!
!
line con 0
line 1 96
 autoselect during-login
 autoselect ppp
 modem InOut
line aux 0
line vty 0 4
!
end

Caution Do not expect your final configuration to look exactly like this one. You must localize for your own network environment. Additionally, most Cisco IOS software versions have different default settings. However, this final configuration provides a good basis for comparison.

Step 15---Saving the Configuration

Save the configuration to NVRAM by entering the copy running-config startup-config command.

Step 16---Testing Sync PPP Connections to Remote LANs

You must configure the remote ISDN routers before you can test DDR connections. For configuration tasks and end-to-end test examples, see the following chapters:

Chapter 4, "Cisco 1604 Configuration"
Chapter 5, "Cisco 766 Configuration"

Step 17---Adding More Remote LAN Sites as Needed

After you bring up your remote LANs and remote nodes, you might decide to expand the solution to a larger dial implementation. The following key items must be configured on the Cisco AS5300 to support each additional remote LAN router:

One dialer map
One IP route
One username:password

Note The italic variables in Table 2-5 must be replaced with the actual WAN IP address, host name, IP subnet address, subnet mask, and password for each additional remote LAN router.

Table 2-5:

Command Purpose

dialer map ip peer-wan-addr name hostname #

A dialer map. Create a user entity in the security database for the remote site, which is appended to a dialer map¹.

ip route subnet mask wan-addr

A static route that points to the dialer map IP address.

username hostname password password

A username and password that matches the name on the dialer map.

¹If no phone number is used in the dialer map, this will prevent the central site from dialing out to the remote site.

Required Commands for Each Additional Site

Router Name	Password	WAN IP Address	Ethernet IP Address	Assigned Phone Number	Site Hardware
hq-sanjose	hq-sanjose-pw	10.1.254.1 255.255.255.0	10.1.1.10 255.255.255.0	4085551234	Cisco AS5300
soho-tahoe	tahoe-pw	10.1.254.3 255.255.255.0	10.1.3.1 255.255.255.0	5305558084	Cisco 766
robo-austin	austin-pw	10.1.254.4 255.255.255.0	10.1.4.1 255.255.255.0	5125554433	Cisco 1604

Command	Purpose
dialer map ip peer-wan-addr name hostname #	A dialer map. Create a user entity in the security database for the remote site, which is appended to a dialer map¹.
ip route subnet mask wan-addr	A static route that points to the dialer map IP address.
username hostname password password	A username and password that matches the name on the dialer map.

Table of Contents

Cisco AS5300 Configuration

Tips

Tips

Tips

Tips

Tips