|
|
However, several countries in Europe (Germany, Switzerland, and some Eastern European countries) use Link Access Procedure, Balanced (LAPB) as the protocol to forward their asynchronous traffic over synchronous connections.
Your system, therefore, must be able to recognize and accept calls from these asynchronous/synchronous conversion devices. Link Access Procedure, Balanced-Terminal Adapter (LAPB-TA) peforms that function. (LAPB is sometimes referred to as "X.75," because LAPB is the link layer specified in the ITU-T X.75 recommendation for carrying asynchronous traffic over ISDN.)
LAPB-TA allows a system with an ISDN terminal adapter supporting asynchronous traffic over LAPB to call into a router and establish an asynchronous Point to Point Protocol (PPP) session. LAPB supports both local Challenge Handshake Authentication Protocol (CHAP) authentication and external RADIUS authorization on the Authentication, Authorization and Accounting (AAA) server.
LAPB-TA allows devices that use LAPB instead of the V.120 protocol to communicate with routers on the Cisco 3600 and 5300 series.
The LAPB-TA feature is closely related to the existing V.120 feature, which is documented in the chapter "Configuring V.120 Access" in the Cisco IOS Release 12.0 Dial Solutions Configuration Guide.
None.
None.
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
AAA---Authentication, authorization, and accounting.
CHAP---Challenge Handshake Authentication Protocol. Security feature supported on lines using PPP encapsulation that prevents unauthorized access. CHAP does not itself prevent unauthorized access, it merely identifies the remote end. The router or access server then determines whether that user is allowed access.
DDR---dial-on-demand routing. Technique whereby a router can automatically initiate and close a circuit-switched session as transmitting stations demand. The router spoofs keepalives so that end stations treat the session as active. DDR permits routing over ISDN or telephone lines using an external ISDN terminal adaptor or modem.
ISDN---Integrated Services Digital Network. Communication protocol that permits telephone networks to carry data, voice, and other source traffic.
LAPB---Link Access Procedure, Balanced. Data link layer protocol in X.25.
PPP---Point-to-Point Protocol. Successor to SLIP that provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. PPP works with several network layer protocols. PPP also has built-in security mechanisms, such as CHAP and PAP.
RADIUS---Database for authenticating modem and ISDN connections and for tracking connection time.
If an interface is already configured for V.120, only two additional configuration commands are required on the interface because V.120 and LAPB-TA sessions are configured in a similar way:
Perform the following tasks to configure LAPB-TA:
For more information about virtual templates and sample template configurations, see the section "Protocol Translation and Virtual Asynchronous Device Commands" in the Cisco IOS Release 12.0 Dial Solutions Command Reference.
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Router(config)#vty-async | Creates a virtual asynchronous interface. | ||
| Router(config)#vty-async virtual-template 1 | Applies virtual template to the virtual asynchronous interface. | ||
| Router(config)#interface virtual-template 1 | Creates a virtual interface template, and enters interface configuration mode. | ||
| Router(config-if)#ip unnumbered Ethernet0 | Assigns an IP address to the virtual interface template. | ||
| Router(config-if)# | Enables encapsulation on the virtual interface template. | ||
| Router(config-if)# | Disables an IP address from a pool to the device connecting to the virtual access interface | ||
| Router(config-if)# | Enables the CHAP protocol for PPP authentication. | ||
| Router(config-if)# | Exits to global configuration mode. | ||
| Router(config)# | Specifies CHAP password to be used to authenticate calls from caller "user1." | ||
| Router(config)# | Enters interface configuration mode for a D-channel serial interface1. | ||
| Router(config-if)# | Configures PPP encapsulation as the default. | ||
| Router(config-if)# | Specifies the dialer group belonging to the interface. | ||
| Router(config-if)# | Enables the CHAP protocol for PPP authentication. | ||
| Router(config-if)# | Enables autodetect encapsulation for LAPB-TA protocols. | ||
| Router(config)# | Configures a range of 32 virtual terminal (vty) lines starting with vty0. | ||
| Router(config-line)# | Defines which protocol to use to connect to a specific line of the access server. |
| 1The D channel is the signalling channel. |
Router# show running configuration Building configuration... Current configuration: ! version 12.0 service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router ...(output omitted) interface Serial0:23 description ENG PBX BRI num.:81063 no ip address no ip directed-broadcast encapsulation ppp no ip route-cache dialer pool-member 1 autodetect encapsulation ppp lapb-ta isdn switch-type primary-5ess no peer default ip address no fair-queue no cdp enable ppp authentication chap ...(output omitted) ! end
The following example configures a virtual-template LAPB-TA connection capable of running PPP. It assumes you have already configured usernames and passwords for PPP authentication:
Router(config)#vty-async Router(config)#vty-async virtual-template 1 Router(config)#interface virtual-template 1 Router(config-if)#ip unnumbered Ethernet0 Router(config-if)#encapsulation ppp Router(config-if)#no peer default ip address Router(config-if)#ppp authentication chap Router(config-if)#exit Router(config)#interface Serial0:23 Router(config-if)#autodetect encapsulation lapb-ta
The following configuration example treats the LAPB-TA and V.120 calls identically, by immediately starting a PPP session without asking for username and password, and relying on PPP authentication to identify the caller:
Router(config)#vty-async Router(config)#vty-async virtual-template 1 Router(config)#interface Loopback0 Router(config-if)#ip address 10.2.2.1 255.255.255.0 Router(config-if)#exit Router(config)#interface BRI3/0 Router(config-if)#encapsulation ppp Router(config-if)#autodetect encapsulation ppp lapb-ta v120 Router(config-if)#exit Router(config)#interface Virtual-Template1 Router(config-if)#ip unnumbered Loopback0 Router(config)-if#ppp authentication chap Router(config-if)#exit Router(config)#ip local pool default 10.2.2.64 10.2.2.127 Router(config)#line vty 0 2 Router(config-line)#password <removed> Router(config-line)#login Router(config-line)#transport input telnet Router(config-line)#exit Router(config)#line vty 3 4 Router(config-line)#no login Router(config-line)#transport input lapb-ta v120 Router(config-line)#autocommand ppp neg Router(config-line)#exit Router(config)#end
lapb-ta | Automatically detects LAPB for an ISDN terminal adapter. |
ppp | Automatically detects PPP encapsulation on the interface. |
v120 | Automatically detects V.120 encapsulation on B channels. |
No default behavior or values.
Interface configuration.
| Release | Modification |
|---|---|
11.2 | This command was first introduced. |
12.0(4)T | lapb-ta was added as a keyword. |
At least one encapsulation type is required in the command, but you can specify additional encapsulation types.
Use this command to enable the specified serial or ISDN interface to accept calls and dynamically change the encapsulation in effect on the interface when the remote device does not signal the call type. For example, if an ISDN call does not identify the call type in the Lower Layer Compatibility fields and is using an encapsulation that is different from the one configured on the interface, the interface can change its encapsulation type dynamically.
This command enables interoperation with ISDN terminal adapters that use V.120 encapsulation but do not signal V.120 in the call setup message. An ISDN interface that by default answers a call as synchronous serial with PPP encapsulation can change its encapsulation and answer such calls.
Autodetection of LAPB traffic on an ISDN terminal adapter is now possible, by adding the keyword lapb-ta to the command line. This allows recognition of incoming LAPB-TA calls.
Automatic detection is attempted for the first 10 seconds after the link is established or the first five packets exchanged over the link, whichever is first.
The following example enables the LAPB-TA and V.120 protocols for autodetection on interface serial0:23 after you have configured the virtual terminals to handle asynchronous traffic:
Router(config)#vty-async
Router(config)#interface serial0:23
Router(config-if)#
| Command | Description |
encapsulation | Sets the encapsulation method for a serial interface. |
all | Selects all protocols. Restores the default configuration. |
lapb-ta | Selects the LAPB terminal adapter. |
lat | Selects the digital LAT protocol and specifies both incoming reverse LAT and host-initiated connections. |
mop | Selects Maintenance Operation Protocol (MOP). |
nasi | Selects NetWare Access Servers Interface (NASI) as the input transport protocol. |
none | Prevents any protocol selection on the line. This makes the port unusable by incoming connections. |
pad | Selects X.3 PAD incoming connections. |
rlogin | Selects the UNIX rlogin protocol. |
telnet | Specifies all types of incoming TCP/IP connections. |
v120 | Selects the V.120 protocol for incoming asynchronous traffic over ISDN connections. |
The default is none.
Line configuration.
| Release | Modification |
|---|---|
10.0 | This command was first introduced. |
11.1 | lat, pad, all, and v120 keywords first appeared, and none became the default. |
12.0(4)T | lapb-ta keyword was added. |
 | Caution Cisco routers do not accept incoming network connections to asynchronous ports (TTY lines) by default. You must specify an incoming transport protocol, or use the transport input all command before the line will accept incoming connections. For example, if you are using your router as a terminal server to make console-port connections to routers or other devices, you will not be able to establish a Telnet to these devices. You will receive the message "Connection Refused." This behavior was introduced in Cisco IOS Release 11.1. Previous to this release, the default was all. If you are upgrading to Cisco IOS Release 11.1(1) or later from Cisco IOS Release 11.0 or earlier, you must add the transport input {protocol | all} command, or you will be locked out of your router. |
You can specify one protocol, multiple protocols, all protocols, or no protocols. To specify multiple protocols, enter the keyword for each protocol, separated by a space.
This command can be useful in distributing resources among different types of users, or making certain that only specific hosts can access a particular port. When using two-step protocol translation, the transport input command is useful in controlling exactly which protocols can be translated to other protocols.
Access lists for each individual protocol can be defined in addition to the allowances created by the transport input command. Any settings made with the transport input command override settings made with the transport preferred command.
Adding the keyword lapb-ta to the command line allows any incoming LAPB-TA call to be connected to the specified virtual terminal.
The following example sets the incoming protocol to Telnet and LAPB-TA for virtual terminals 0 through 32:
Router(config)# line vty 0 32 Router(config-line)#transport input telnet lapb-ta
| Command | Description |
transport output | Determines the protocols that can be used for outgoing connections from a line. |
transport preferred | Specifies the transport protocol the router uses if you does not specify one. |
This section documents the new debug lapb-ta command related to the LAPB-TA feature.
error | (Optional) Displays LAPB-TA errors. |
event | (Optional) Displays LAPB-TA normal events. |
traffic | (Optional) Displays LAPB-TA in/out traffic data. |
Debugging for LAPB-TA is not enabled.
| Release | Modification |
|---|---|
12.0(4)T | This command was first introduced. |
The following is sample output from the debug lapb-ta command with the error, event, and traffic keywords activated:
Router# debug lapb-ta error LAPB-TA error debugging is on Router# debug lapb-ta event LAPB-TA event debugging is on Router# debug lapb-ta traffic LAPB-TA traffic debugging is on Mar 9 12:11:36.464:LAPB-TA:Autodetect trying to detect LAPB on BR3/0:1 Mar 9 12:11:36.464: sampled pkt: 2 bytes: 1 3F.. match Mar 9 12:11:36.468:LAPBTA:get_ll_config:BRI3/0:1 Mar 9 12:11:36.468:LAPBTA:line 130 allocated for BR3/0:1 Mar 9 12:11:36.468:LAPBTA:process 79 Mar 9 12:11:36.468:BR3/0:1:LAPB-TA started Mar 9 12:11:36.468:LAPBTA:service change:LAPB physical layer up, context 6183E144 interface up, protocol down Mar 9 12:11:36.468:LAPBTA:service change:, context 6183E144 up Mar 9 12:11:36.468:LAPB-TA:BR3/0:1, 44 sent 2d14h:%LINEPROTO-5-UPDOWN:Line protocol on Interface BRI3/0:1, changed state to up 2d14h:%ISDN-6-CONNECT:Interface BRI3/0:1 is now connected to 60213 Mar 9 12:11:44.508:LAPB-TA:BR3/0:1, 1 rcvd Mar 9 12:11:44.508:LAPB-TA:BR3/0:1, 3 sent Mar 9 12:11:44.700:LAPB-TA:BR3/0:1, 1 rcvd Mar 9 12:11:44.700:LAPB-TA:BR3/0:1, 3 sent Mar 9 12:11:44.840:LAPB-TA:BR3/0:1, 1 rcvd Mar 9 12:11:44.840:LAPB-TA:BR3/0:1, 14 sent Mar 9 12:11:45.852:LAPB-TA:BR3/0:1, 1 rcvd Mar 9 12:11:46.160:LAPB-TA:BR3/0:1, 2 rcvd Mar 9 12:11:47.016:LAPB-TA:BR3/0:1, 1 rcvd Mar 9 12:11:47.016:LAPB-TA:BR3/0:1, 10 sent
Posted: Tue Apr 20 14:34:26 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.