|
|
For information about the Dialer Profiles implementation of DDR, see the "Configuring Peer-to-Peer DDR with Dialer Profiles" chapter in this manual.
A DDR configuration applies to a specified router interface but serves to meet the communication needs of the network. The router configured for DDR has a function to serve in preserving communications and ensuring that routes are known to other routers at both ends of the dial link. Thus, these issues are important:
Before you configure DDR, make sure you have completed the preparations for bridging or routing as described in the "Deciding and Preparing to Configure DDR" chapter of this manual. That chapter provides information about the minimal requirements. For detailed information about bridging, routing, and wide-area networking configurations, refer to the appropriate chapters in other volumes of this documentation set.
When you configure DDR on a hub interface in a hub-and-spoke topology, you perform the following general steps:
Step 1 Specify the interface that will place calls to or receive calls from multiple sites. (See the "Configuring Legacy DDR Spokes" chapter for information about configuring an interface to place calls to or receive calls from one site only.)
Step 2 Enable DDR on the interface. This step is not required for some interfaces; for example, ISDN interfaces and passive interfaces that receive only from DTR-dialing interfaces.
Step 3 Configure the interface to receive calls only, if applicable. Receiving calls from multiple sites requires each inbound call to be authenticated.
Step 4 Configure the interface to place calls only, if applicable.
Step 5 Configure the interface to place and receive calls, if applicable.
Step 6 If the interface will place calls, specify access control for:
Step 7 Customize the interface settings (timers, interface priority, hold queues, bandwidth on demand, and disabling fast switching) as needed.
When you have configured the interface and it is operational, you can monitor its performance and its connections as described in the "Monitor DDR Connections" section.
You can also enhance DDR by configuring Multilink PPP and configuring PPP callback. The PPP configuration tasks are described in the "Configuring Media-Independent PPP" chapter of this manual.
See the "Legacy DDR Hub Configuration Examples" section later in this chapter for examples of how to configure DDR on your network.
To configure DDR on an interface, complete the tasks in the following sections. The first five bulleted items are required. The remaining tasks are not absolutely required, but might be necessary in your networking environment.
You can also monitor DDR connections. See the "Monitor DDR Connections" section for commands and other information.
You can configure any asynchronous, synchronous serial, ISDN, or dialer interface for Legacy DDR.
To specify an interface to configure for DDR, complete the following task in global configuration mode:
| Command | Purpose |
|---|---|
interface async number or interface serial slot/port:23 or interface dialer number | Specify an interface to configure for DDR.
Specify an ISDN PRI D channel (T1).
Specify a logical interface to function as a dialer rotary group leader. |
Dialer interfaces are logical or virtual entities, but they use physical interfaces to place or receive calls.
This step is required for asynchronous serial, synchronous serial, and logical dialer interfaces.
Enabling DDR on an interface usually requires you to specify the type of dialer to be used. This step is not required for ISDN interfaces because the software automatically configures ISDN interfaces to be dialer type ISDN.
To enable DDR on the interface, complete the following task in interface configuration mode:
| Command | Purpose |
|---|---|
dialer in-band [no-parity | odd-parity] | Enable DDR on an asynchronous interface or a synchronous serial interface using V.25bis modems. |
You can optionally specify parity if the modem on this interface uses the V.25bis command set. The 1984 version of the V.25bis specification states that characters must have odd parity. However, the default for the dialer in-band command is no parity.
To configure an interface to place calls to multiple destinations, complete the following tasks. The first task is required for all interface types. The second task is required only if you specified a dialer interface.
For calling multiple sites, an interface or dialer rotary group must be configured to map each next hop protocol address to the dial string (some form of a telephone number) used to reach it.
To define each dialing destination, use one of the following commands in interface configuration mode:
Repeat this step as many times as needed to ensure that all dialing destinations are reachable via some next hop address and dialed number.
If you intend to send traffic over other types of networks, see the appropriate section "Configure the Interface for Sending Traffic over a Frame Relay Network," "Configure the Interface for Sending Traffic over an X.25 Network," and "Configure the Interface for Sending Traffic over a LAPB Network."
This section applies only if you specified a dialer interface to configure for DDR.
To assign a physical interface to a dialer rotary group, use the following commands starting in global configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface serial number interface async number | Specify a physical interface to use. | ||
| dialer rotary-group number | Assign the specified physical interface to a dialer rotary group. |
Repeat these two steps for each physical interface to be used by the dialer interface.
An ISDN BRI is a rotary group of B channels. An ISDN interface can be part of a rotary group comprising other interfaces (synchronous, asynchronous, ISDN BRI, or ISDN PRI). However, Cisco supports at most one level of recursion; that is, a rotary of rotaries is acceptable, but a rotary of rotaries of rotaries is not supported.
Interfaces in a dialer rotary group do not have individual addresses; when the interface is being used for dialing, it inherits the parameters configured for the dialer interface. However, if the individual interface is configured with an address and it is subsequently used to establish a connection from the user EXEC level, the individual interface address again applies.
Figure 103 illustrates how dialer interfaces work. In this configuration, serial interfaces 1, 2, and 3 are assigned to dialer rotary group 1 and thereby take on the parameters configured for dialer interface 1. When it is used for dialing, the IP address of serial interface 2 is the same as the address of the dialer interface, 131.108.1.1.
Once DDR is enabled on an asynchronous serial, synchronous serial, and ISDN interface, the interface can receive calls from multiple sites using one line or multiple lines.
However, interfaces that receive calls from multiple sites require authentication of the remote sites. In addition, dialer interfaces require at least one physical interface to be specified and added to the dialer rotary group. Complete the tasks in the following sections:
To configure Terminal Access Controller Access Control System (TACACS) as an alternative to host authentication, use one of the following command in interface configuration mode:
| Command | Purpose |
|---|---|
ppp use-tacacs [single-line] | Configure TACACS. |
Use the ppp use-tacacs command with TACACS and Extended TACACS. Use the aaa authentication ppp command with Authentication, Authorization, and Accounting (AAA)/TACACS+.
This section specifies the minimum required configuration for PPP CHAP or PAP authentication. For more detailed information, see the "Configuring Media-Independent PPP and Multilink PPP" chapter of this manual.
To use CHAP or PAP authentication, perform the following steps beginning in interface configuration mode:
After you have enabled one of these protocols, the local router or access server requires authentication of the remote devices that are calling. If the remote device does not support the enabled authentication protocol, no traffic will be passed to that device.
Step 1 For CHAP, configure host name authentication and the secret or password for each remote system with which authentication is required.
Step 2 Map the protocol address to the name of the host calling in.
To enable PPP encapsulation, use the following command in interface configuration mode:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Enable PPP on an interface. | |||
| Enable CHAP on an interface. | |||
| For any host calling in to the local router or access server, map its host name (case-sensitive) to the next hop address used to reach it. Repeat this step for each host calling in to this interface. | |||
| exit | Return to global configuration mode. | ||
| Specify the password to be used in CHAP caller identification. Repeat this step to add a username entry for each remote system from which the local router or access server requires authentication. |
| Step | Command | Purpose | ||
|---|---|---|---|---|
| interface serial number interface async number | Specify a physical interface to use. | ||
| dialer rotary-group number | Assign the specified physical interface to a dialer rotary group. |
Repeat these two steps for each physical interface to be used by the dialer interface.
You can configure an physical interface or dialer interface to both place and receive calls. For placing calls, the interface must be configured to map each next hop address to the telephone number to dial. For receiving calls from multiple sites, the interface must be configured to authenticate callers.
Figure 104 shows a configuration in which the central site is calling and receiving calls from multiple sites. In this configuration, multiple sites are calling in to a central site, and the central site might be calling one or more of the remote sites.
To configure a single line, multiple lines, or a dialer interface to place calls to and receive calls from multiple sites, perform the following steps in interface configuration mode:
Step 1 Define One or More Dialing Destinations
Step 2 Define the Traffic to be Authenticated
If you intend to send traffic over other types of networks, see the appropriate section "Configure the Interface for Sending Traffic over a Frame Relay Network," "Configure the Interface for Sending Traffic over an X.25 Network," and "Configure the Interface for Sending Traffic over a LAPB Network."
For calling multiple sites, an interface or dialer rotary group must be configured to map each next hop protocol address to the dial string (some form of a telephone number) used to reach it.
To define each dialing destination, use one of the following commands in interface configuration mode:
| Command | Purpose |
|---|---|
dialer string dial-string[:isdn-subaddress] | Define only one dialing destination (used to configure one phone number on multiple lines only). |
dialer map protocol next-hop-address dial-string[:isdn-subaddress] | Define one of several dialing destinations for a synchronous serial interface or a dialer interface. |
dialer map protocol next-hop-address [spc] [speed 56 | 64] [broadcast] [dial-string[:isdn-subaddress]] | Define one of several dialing destinations for an ISDN interface (including an ISDN PRI D channel). |
dialer map protocol next-hop-address [modem-script modem-regexp] [system-script system-regexp] dial-string[:isdn-subaddress] | Define one of several dialing destinations for an asynchronous interface. If a modem dialing chat script has not been assigned to the line or a system login chat script must be specified, define both a dialing destination and the chat scripts to use. |
Repeat this step as many times as needed to ensure that all dialing destinations are reachable via some next hop address and dialed number.
Calls from the multiple sites must be authenticated. Authentication can be done through CHAP or PAP. In addition, the interface must be configured to map a host's protocol address to the name to use for authenticating the remote host.
To enable CHAP or PAP on an interface and authenticate sites that are calling in, use the following commands in interface configuration mode:
If the dial string is not used in , the interface will be able to receive calls from the host, but will not be able to place calls to the host.
Repeat for each site from which the router will receive calls.
Protocol access lists and dialer access lists are central to the operation of DDR. In general, access lists are used as the screening criteria for determining when to initiate DDR calls. All packets are tested against the dialer access list. Packets that match a permit entry are deemed interesting or packets of interest. Packets that do not match a permit entry or that do match a deny entry are deemed uninteresting. When a packet is found to be interesting, either the dialer idle timer is reset (if the line is active) or a connection is attempted (assuming the line is available but not active). If a tested packet is deemed uninteresting, it will be forwarded if it is intended for a destination known to be on a specific interface and the link is active. However, such a packet will not initiate a DDR call and will not reset the idle timer.
When you completed preparations for bridging over DDR, you entered global access lists to specify the protocol packets to be permitted or denied, and global dialer lists to specify which access list to use and which dialer group will place the outgoing calls.
Now you must tie those global lists to an interface configured for DDR. You accomplish that by assigning selected interfaces to a bridge group. Because packets are bridged only among interfaces that belong to the same bridge group, you need to assign this interface and others to the same bridge group.
To assign an interface to a bridge group, complete the following task in interface configuration mode:
| Command | Purpose |
|---|---|
Assign the specified interface to a bridge group. |
For examples of bridging over DDR, see the "Transparent Bridging over DDR Examples" section later in this chapter.
Before you perform the tasks outlined in this section, you should have completed the preparations for routing a protocol over DDR as described briefly in the "Deciding and Preparing to Configure DDR" chapter in this manual and as described in greater detail in the Network Protocols Configuration Guide, Part 1, Network Protocols Configuration Guide, Part 2, and Network Protocols Configuration Guide, Part 3.
An interface can be associated only with a single dialer access group; multiple dialer access group assignments are not allowed. To specify the dialer access group to which you want to assign an access list, use the following commands in interface configuration mode:
| Command | Purpose |
|---|---|
dialer-group group-number | Specify the number of the dialer access group to which the specific interface belongs. |
Perform the tasks in the following sections as needed to customize DDR in your network:
Perform the tasks in the following sections as needed to configure DDR interface timers:
| Command | Purpose |
|---|---|
dialer idle-timeout seconds | Set line-idle time. |
The dialer fast idle timer is activated if there is contention for a line. Contention occurs when a line is in use, a packet for a different next hop address is received, and the busy line is required to send the competing packet.
If the line has been idle for the configured amount of time, the current call is disconnected immediately and the new call is placed. If the line has not yet been idle as long as the fast idle timeout period, the packet is dropped because there is no way to get through to the destination. (After the packet is dropped, the fast idle timer remains active and the current call is disconnected as soon as it has been idle for as long as the fast idle timeout). If, in the meantime, another packet is transmitted to the currently connected destination, and it is classified as interesting, the fast-idle timer is restarted.
To specify the amount of time a line for which there is contention will stay idle before the line is disconnected and the competing call is placed, use the following command in interface configuration mode:
| Command | Purpose |
|---|---|
dialer fast-idle seconds | Set idle time for high traffic lines. |
This command applies both to inbound and outbound calls.
| Command | Purpose |
|---|---|
dialer enable-timeout seconds | Set the interface downtime. |
This command applies both to inbound and outbound calls.
To set the length of time an interface waits for the telephone service (carrier), use the following command in interface configuration mode:
| Command | Purpose |
|---|---|
dialer wait-for-carrier-time seconds | Set the length of time the interface waits for the carrier to come up when a call is placed. |
For asynchronous interfaces, this command sets the total time to wait for a call to connect. This time is set to allow for running the chat script.
You can assign dialer priority to an interface. Priority indicates which interface in a dialer rotary group will get used first. To assign priority to a dialer interface, use the following command in interface configuration mode:
| Command | Purpose |
|---|---|
Specify which dialer interfaces will be used first. |
For example, you might give one interface in a dialer rotary group higher priority than another if it is attached to faster, more reliable modem. In this way, the higher-priority interface will be used as often as possible.
The range of values for number is 0 through 255. Zero is the default value and lowest priority; 255 is the highest priority. This command applies to outgoing calls only.
A dialer hold queue can be configured on any type of dialer, including in-band synchronous, asynchronous, DTR, and ISDN dialers. Also, hunt group leaders can be configured with a dialer hold queue. If a hunt group leader (of a rotary dialing group) is configured with a hold queue, all members of the group will be configured with a dialer hold queue and no individual member's hold queue can be altered.
To establish a dialer hold queue, use the following command in interface configuration mode:
| Command | Purpose |
|---|---|
Create a dialer hold queue and specify the number of packets to be held in it. |
As many as 100 packets can be held in an outgoing dialer hold queue.
You can configure a dialer rotary group to use additional bandwidth by placing additional calls to a single destination if the load for the interface exceeds a specified weighted value. Parallel communication links are established based on traffic load. The number of parallel links that can be established to one location is not limited.
To set the dialer load threshold for bandwidth on demand, use the following command in interface configuration mode:
| Command | Purpose |
|---|---|
Configure the dialer rotary group to place additional calls to a destination, as indicated by interface load. |
Once multiple links are established, they are still governed by the load threshold. If the total load falls below the threshold, an idle link will be torn down.
Fast switching can be disabled and reenabled on a protocol-by-protocol basis. To disable fast switching and reenable it, complete one of the following protocol-specific tasks:
| Command | Purpose |
|---|---|
no ip route-cache no ip route-cache distributed | Disable IP fast switching over a DDR interface. Reenable IP fast switching over a DDR interface. Disable distributed IP fast switching over a DDR interface. This feature works in Cisco 7500 routers with a Versatile Interface Processor (VIP) card. Enable distributed IP fast switching over a DDR interface. This feature works in Cisco 7500 routers with a Versatile Interface Processor (VIP) card. |
no ipx route-cache ipx route-cache |
An interface configured for DDR can send traffic over networks that require LAPB, X.25, or Frame Relay encapsulation. To configure an interface for those networks, complete the tasks in the following sections:
Frame Relay supports multiple PVC connections over the same serial interface or ISDN B channel, but only one physical interface can be used (dialed, connected, and active) in a rotary group or with ISDN.
The following restrictions apply to DDR used over Frame Relay:
No new commands are required to support DDR over Frame Relay. In general, you configure Frame Relay and configure DDR. In general, complete the following steps to configure an interface for DDR over Frame Relay:
For examples of configuring various interfaces for DDR over Frame Relay, see the "Frame Relay Support Examples" section later in this chapter.
X.25 interfaces can now be configured to support DDR. Synchronous serial and ISDN interfaces on our routers and access servers can be configured for X.25 addresses, X.25 encapsulation, and mapping of protocol addresses to a remote host's X.25 address. In-band, DTR, and ISDN dialers can be configured to support X.25 encapsulation, but rotary groups cannot. On ISDN dialers configured for X.25 encapsulation, only one B channel can be used.
To configure an interface to support X.25, use the following X.25-specific commands in interface configuration mode and also complete the DDR configuration of the interface:
| Step | Command | Purpose | ||
|---|---|---|---|---|
| Configure the interface to use X.25 encapsulation. | |||
| x25 address x.121-address | Assign an X.25 address to the interface. | ||
| x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address [option] |
The order of DDR and X.25 configuration tasks is not critical; you can configure DDR before or after X.25, and you can even mix the DDR and X.25 commands.
For an example of configuring an interface for X.25 encapsulation and then completing the DDR configuration, see the section "X.25 Support Configuration Example" later in this chapter.
LAPB encapsulation is supported on synchronous serial, ISDN, and dialer rotary group interfaces, but not on asynchronous dialers.
Because the default encapsulation is HDLC, you must explicitly configure LAPB encapsulation. To configure an interface to support LAPB encapsulation, use the following command in interface configuration mode and also complete the DDR configuration of the interface:
| Command | Purpose |
|---|---|
Specify LAPB encapsulation. |
For more information about the serial connections on which LAPB encapsulation is appropriate, see the encapsulation lapb command in the "X.25 and LAPB Commands" chapter of the Wide-Area Networking Command Reference.
For an example of configuring an interface for DDR over LAPB, see the "X.25 Support Configuration Example" section later in this chapter.
To monitor DDR connections and snapshot routing, use the following commands in privileged EXEC mode:
| Command | Purpose |
|---|---|
show dialer [interface type number] | Display general diagnostics about the DDR interface. |
show dialer map | Display current dialer maps, next-hop protocol addresses, user names, and the interfaces on which they are configured. |
Display information about the ISDN interface. | |
show ipx interface [type number] | Display status about the IPX interface. |
Display information about the IPX packets transmitted by the router or access server, including watchdog counters. | |
Display information about the AppleTalk packets transmitted by the router or access server. | |
Display information about the Banyan VINES packets transmitted by the router or access server. | |
Display information about the DECnet packets transmitted by the router or access server. | |
Display information about the XNS packets transmitted by the router or access server. | |
Clear the values of the general diagnostic statistics. |
The following examples show various DDR configurations as follows:
The first example configures serial interface 1 for DDR bridging. Any bridge packet is permitted to cause a call to be placed.
no ip routing ! interface Serial1 no ip address encapsulation ppp dialer in-band dialer enable-timeout 3 dialer map bridge name urk broadcast 8985 dialer hold-queue 10 dialer-group 1 ppp authentication chap bridge-group 1 pulse-time 1 ! dialer-list 1 protocol bridge permit bridge 1 protocol ieee bridge 1 hello 10
no ip routing ! interface Serial1 no ip address encapsulation ppp dialer in-band dialer enable-timeout 3 dialer map bridge name urk broadcast 8985 dialer hold-queue 10 dialer-group 1 ppp authentication chap bridge-group 1 pulse-time 1 ! access-list 200 permit 0x0800 0xFFF8 ! dialer-list 1 protocol bridge list 200 bridge 1 protocol ieee bridge 1 hello 10
The following example illustrates how to configure DDR to call one site from a synchronous serial interface in an IP environment. You could use the same configuration on an asynchronous serial interface by changing interface serial 1 to specify an asynchronous interface (for example, interface async 0).
interface serial 1 ip address 131.108.126.1 255.255.255.0 dialer in-band dialer idle-timeout 600 dialer string 5551234 pulse-time 1 ! The next command adds this interface to the dialer access group defined with ! the dialer-list command dialer-group 1 ! !The first access list statement, below, specifies that IGRP updates are not !interesting packets. The second access-list statement specifies that all !other IP traffic such as Ping, Telnet, or any other IP packet is interesting. !The dialer-list command then creates dialer access group 1 and states that !access list 101 is to be used to classify packets as interesting or !uninteresting. The ip route commands specify that there is a route to network !131.108.29.0 and to network 131.108.1.0 via 131.108.126.2. This means that !several destination networks are available through a router that is dialed !from interface serial 1. ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ip route 131.108.29.0 131.108.126.2 ip route 131.108.1.0 131.108.126.2 ip local pool dialin 101.102.126.2 101.102.126.254
With many modems, the pulse-time command must be used so that DTR is dropped for sufficient time to allow the modem to disconnect.
In the following example, DDR is configured for AppleTalk access using an ISDN BRI. Two access lists are defined: one for IP and IGRP, and one for AppleTalk. AppleTalk packets from network 2141 only (except broadcast packets) can initiate calls.
interface BRI0 ip address 130.1.20.107 255.255.255.0 encapsulation ppp appletalk cable-range 2141-2141 2141.65 appletalk zone SCruz-Eng no appletalk send-rtmps dialer map ip 130.1.20.106 broadcast 1879 dialer map appletalk 2141.66 broadcast 1879 dialer-group 1 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 601 permit cable-range 2141-2141 broadcast-deny access-list 601 deny other-access ! dialer-list 1 list 101 dialer-list 1 list 601
In the following example, a router is configured for VINES and IP DDR with in-band dialing. The VINES access list does not allow RTP routing updates to place a call, but any other data packet is interesting.
vines routing BBBBBBBB:0001 ! hostname RouterA ! username RouterB password 7 030752180500 username RouterC password 7 00071A150754 ! interface serial 0 ip address 131.108.170.19 255.255.255.0 encapsulation ppp vines metrics 10 vines neighbor AAAAAAAA:0001 0 dialer in-band dialer map ip 131.108.170.151 name RouterB broadcast 4155551234 dialer map vines AAAAAAAA:0001 name RouterC broadcast 4155551212 dialer-group 1 ppp authentication chap pulse-time 1 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ! vines access-list 107 deny RTP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF vines access-list 107 permit IP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF ! dialer-list 1 protocol ip list 101 dialer-list 1 protocol vines list 107
In the following example, a router is configured for DECnet DDR with in-band dialing:
decnet routing 10.19 ! username RouterB password 7 030752180531 ! interface serial 0 no ip address decnet cost 10 encapsulation ppp dialer in-band dialer map decnet 10.151 name RouterB broadcast 4155551212 dialer-group 1 ppp authentication chap pulse-time 1 ! access-list 301 permit 10.0 0.1023 0.0 63.1023 ! dialer-list 1 protocol decnet list 301
In the following example, a router is configured for CLNS DDR with in-band dialing:
username RouterB password 7 111C140B0E clns net 47.0004.0001.0000.0c00.2222.00 clns routing clns filter-set ddrline permit 47.0004.0001.... ! interface serial 0 no ip address encapsulation ppp dialer in-band dialer map clns 47.0004.0001.0000.0c00.1111.00 name RouterB broadcast 1212 dialer-group 1 ppp authentication chap clns enable pulse-time 1 ! clns route default serial 0 dialer-list 1 protocol clns list ddrline
In the following example, a router is configured for XNS DDR with in-band dialing. The access lists deny broadcast traffic to any host on any network, but allow all other traffic.
xns routing 0000.0c01.d8dd username RouterB password 7 111B210A0F interface serial 0 no ip address encapsulation ppp xns network 10 dialer in-band dialer map xns 10.0000.0c01.d877 name RouterB broadcast 4155551212 dialer-group 1 ppp authentication chap pulse-time 1 access-list 400 deny -1 -1.ffff.ffff.ffff 0000.0000.0000 access-list 400 permit -1 10 dialer-list 1 protocol xns list 400
You can set up dial-on-demand routing (DDR) to provide service to multiple remote sites. In a hub-and-spoke configuration, you can use a generic configuration script to set up each remote connection. Figure 105 illustrates a typical hub-and-spoke configuration.
This configuration is demonstrated in the following two subsections.
The following example, configuration is performed on the spoke side of the connection. (A different "spoke" password must be specified for each remote client.) It provides authentication by identifying a password that must be provided on each end of the connection.
interface ethernet 0 ip address 172.30.44.1 255.255.255.0 ! interface async 7 async mode dedicated async default ip address 128.150.45.1 ip address 1172.30.45.2 255.255.255.0 encapsulation ppp ppp authentication chap dialer in-band dialer map ip 172.30.45.1 name hub system-script hub 1234 dialer map ip 172.30.45.255 name hub system-script hub 1234 dialer-group 1 ! ip route 172.30.43.0 255.255.255.0 172.30.45.1 ip default-network 172.30.0.0 chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT chat-script hub "" "" name: spoke1 word" <spoke1-passwd> PPP dialer-list 1 protocol ip permit ! username hub password <spoke1-passwd> ! router igrp 109 network 172.30.0.0 passive-interface async 7 ! line 7 modem InOut speed 38400 flowcontrol hardware modem chat-script generic
In the following example, configuration is performed on the local side of the connection---the hub router. It configures the router for communication with three clients and provides authentication by identifying a unique password for each "spoke" in the hub-and-spoke configuration.
interface ethernet 0 ip address 172.30.43.1 255.255.255.0 ! interface async 7 async mode interactive async dynamic address dialer rotary-group 1 ! interface async 8 async mode interactive async dynamic address dialer rotary-group 1 ! interface dialer 1 ip address 172.30.45.2 255.255.255.0 no ip split-horizon encapsulation ppp ppp authentication chap dialer in-band dialer map ip 172.30.45.2 name spoke1 3333 dialer map ip 172.30.45.2 name spoke2 4444 dialer map ip 172.30.45.2 name spoke3 5555 dialer map ip 172.30.45.255 name spoke1 3333 dialer map ip 172.30.45.255 name spoke2 4444 dialer map ip 172.30.45.255 name spoke3 5555 dialer-group 1 ! ip route 172.30.44.0 255.255.255.0 172.30.45.2 ip route 172.30.44.0 255.255.255.0 172.30.45.3 ip route 172.30.44.0 255.255.255.0 172.30.45.4 dialer-list 1 protocol ip list 101 access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT ! username spoke1 password <spoke1-passwd> username spoke2 password <spoke2-passwd> username spoke3 password <spoke3-passwd> username spoke1 autocommand ppp 172.30.45.2 username spoke2 autocommand ppp 172.30.45.3 username spoke3 autocommand ppp 172.30.45.4 ! router igrp 109 network 172.30.0.0 redistribute static ! line 7 login tacacs modem InOut speed 38400 flowcontrol hardware modem chat-script generic
The redistribute static command can be used to advertise static route information for DDR applications. Without this command, static routes to the hosts or network that the router can access with DDR will not be advertised to other routers with which the router is communicating. This behavior can block communication because some routes will not be known. See the redistribute static ip command, described in the "IP Routing Protocol-Independent Commands" chapter in the Network Protocols Command Reference, Part 1.
Assume that your configuration is as shown in Figure 106 and your router receives a packet with a next hop address of 1.1.1.1.
If the interface on your router is configured to call a single site with phone number 5555555, it will send the packet to that site, assuming that the next hop address 1.1.1.1 indicates the same remote device as phone number 5555555. The dialer string command is used to specify the string (telephone number) to be called.
interface serial 1 dialer in-band dialer string 5555555
If the interface is configured to dial multiple sites, the interface or dialer rotary group must be configured so that the correct phone number, 5555555, is mapped to the address 1.1.1.1. If this mapping is not configured, the interface or dialer rotary group does not know what phone number to call to deliver the packet to its correct destination, which is the address 1.1.1.1. In this way, a packet with a destination of 2.2.2.2 will not be sent to 5555555. The dialer map command is used to map next hop addresses to phone numbers.
interface serial 1 dialer in-band dialer map ip 1.1.1.1 5555555 dialer map ip 2.2.2.2 6666666
The following example demonstrates how to specify multiple destination numbers to dial for outgoing calls:
interface serial 1 ip address 131.108.126.1 255.255.255.0 dialer in-band dialer wait-for-carrier-time 100 pulse-time 1 dialer-group 1 dialer map ip 131.108.126.10 5558899 dialer map ip 131.108.126.15 5555555 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 protocol ip list 101
As in the "Configuring DDR in an IP Environment Example" section, a pulse time is assigned and a dialer access group specified.
The first dialer map command specifies that the number 555-8899 is to be dialed for IP packets with a next-hop-address value of 131.108.126.10. The second dialer map then specifies that the number 5555555 will be called when an IP packet with a next-hop-address value of 131.108.126.15 is detected.
The following configuration places serial interfaces 1 and 2 into dialer rotary group 1, defined by the interface dialer 1 command:
!PPP encapsulation is enabled for interface dialer 1. interface dialer 1 encapsulation ppp dialer in-band ip address 131.108.2.1 255.255.255.0 ip address 131.126.2.1 255.255.255.0 secondary !The first dialer map command allows remote site YYY and the central site to
!call each other. The second dialer map command, with no dialer string, allows
!remote site ZZZ to call the central site but the central site cannot call
!remote site ZZZ (no phone number). ! dialer map ip 131.108.2.5 nameYYY 1415553434dialer map ip 131.126.2.55 name ZZZ ! !The DTR pulse signals for three seconds on the interfaces in dialer group 1.
!This holds the DTR low so the modem can recognize that DTR has been dropped. pulse-time 3 !Serial interfaces 1 and 2 are placed in dialer rotary group 1. All the
!interface configuration commands (the encapsulation and dialer map commands
!shown earlier in this example) that applied to interface dialer 1 also apply
!to these interfaces. interface serial 1 dialer rotary-group 1 interface serial 2 dialer rotary-group 1
The following example shows a configuration for XXX, the local router shown in Figure 107. In this example, remote Routers YYY and ZZZ can call Router XXX. Router XXX has dialing information only for Router YYY and cannot call Router ZZZ.
username YYY password theirsystem username ZZZ password thatsystem !Create a dialer interface with PPP encapsulation and CHAP authentication. interface dialer 1 ip address 131.108.2.1 255.255.255.0 ip address 131.126.4.1 255.255.255.0 secondary encapsulation ppp ppp authentication chap dialer in-band dialer group 1 !The first dialer map command indicates that calls between the remote site
!YYY and the central site will be placed at either end. The second dialer
!map command, with no dialer string, indicates that remote site ZZZ will call
!the central site but the central site will not call out. dialer map ip 131.108.2.5 nameYYY 1415553434dialer map ip 131.126.4.5 name ZZZ !The DTR pulse holds the DTR low for three seconds, so the modem can recognize
!that DTR has been dropped. pulse-time 3 ! !Place asynchronous serial interfaces 1 and 2 in dialer group 1.
!The interface commands applied to dialer group 1 (for example,
!PPP encapsulation and CHAP) apply to these interfaces. ! interface async 1 dialer rotary-group 1 interface async 2 dialer rotary-group 1
You can set up two-way dial-on-demand routing (DDR) with authentication in which both the client and server have dial-in access to each other. This configuration is demonstrated in the following two subsections.
The following example configuration is performed on the remote side of the connection. It provides authentication by identifying a password that must be provided on each end of the connection.
username local password secret1 username remote password secret2 ! interface ethernet 0 ip address 172.30.44.1 255.255.255.0 ! interface async 7 ip address 172.30.45.2 255.255.255.0 async mode dedicated async default ip address 172.30.45.1 encapsulation ppp dialer in-band dialer string 1234 dialer-group 1 ! ip route 172.30.43.0 255.255.255.0 async 7 ip default-network 172.30.0.0 chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT dialer-list 1 protocol ip permit ! line 7 no exec modem InOut speed 38400 flowcontrol hardware modem chat-script generic
The following example configuration is performed on the local side of the connection. As with the remote side configuration, it provides authentication by identifying a password for each end of the connection.
username remote password secret1 username local password secret2 ! interface ethernet 0 ip address 172.30.43.1 255.255.255.0 ! interface async 7 async mode dedicated async default ip address 172.30.45.2 dialer rotary-group 1 ! interface async 8 async mode dedicated async default ip address 172.30.45.2 dialer rotary-group 1 ! interface dialer 1 ip address 172.30.45.2 255.255.255.0 encapsulation ppp ppp authentication chap dialer in-band dialer map ip 172.30.45.2 name remote 4321 dialer load-threshold 80 ! ip route 172.30.44.0 255.255.255.0 172.30.45.2 chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT ! router igrp 109 network 172.30.0.0 redistribute static passive-interface async 7 ! line 7 modem InOut speed 38400 flowcontrol hardware modem chat-script generic
The examples in this section present various combinations of interfaces, Frame Relay features, and DDR features.
In the following example, a router is configured for IP over Frame Relay using in-band dialing. A Frame Relay static map is used to associate the next-hop protocol address to the DLCI. The dialer string allows dialing to only one destination.
interface Serial0 ip address 1.1.1.1 255.255.255.0 encapsulation frame-relay frame-relay map ip 1.1.1.2 100 broadcast dialer in-band dialer string 4155551212 dialer-group 1 ! access-list 101 deny igrp any host 255.255.255.255 access-list 101 permit ip any any ! dialer-list 1 protocol ip list 101
The following example shows a BRI interface configured for Frame Relay and for IP, IPX, and AppleTalk routing. No static maps are defined because this setup relies on Frame Relay local management interface (LMI) signaling and Inverse ARP to determine the network addresses-to-DLCI mappings dynamically. (Because Frame Relay Inverse ARP is enabled by default, no command is required.)
interface BRI0 ip address 1.1.1.1 255.255.255.0 ipx network 100 appletalk cable-range 100-100 100.1 appletalk zone ISDN no appletalk send-rtmps encapsulation frame-relay IETF dialer map ip 1.1.1.2 broadcast 4155551212 dialer map apple 100.2 broadcast 4155551212 dialer map ipx 100.0000.0c05.33ed broadcast 4085551234 dialer-group 1 ! access-list 101 deny igrp any host 255.255.255.255 access-list 101 permit ip any any access-list 901 deny -1 FFFFFFFF 452 access-list 901 deny -1 FFFFFFFF 453 access-list 901 deny -1 FFFFFFFF 457 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 452 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 453 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 457 access-list 901 permit -1 access-list 601 permit cable-range 100-100 broadcast-deny access-list 601 deny other-access ! dialer-list 1 protocol ip list 101 dialer-list 1 protocol novell list 901 dialer-list 1 protocol apple list 601
The following example shows a BRI interface configured for Frame Relay and for IP, IPX, and AppleTalk routing. Two logical subnets are used; a point-to-point subinterface and a multipoint subinterface are configured. Frame Relay Annex A (LMI type Q933a) and Inverse ARP are used for dynamic routing.
interface BRI0 no ip address encapsulation frame-relay dialer string 4155551212 dialer-group 1 frame-relay lmi-type q933a ! interface BRI0.1 multipoint ip address 1.1.100.1 255.255.255.0 ipx network 100 appletalk cable-range 100-100 100.1 appletalk zone ISDN no appletalk send-rtmps frame-relay interface-dlci 100 frame-relay interface-dlci 110 frame-relay interface-dlci 120 ! interface BRI0.2 point-to-point ip address 1.1.200.1 255.255.255.0 ipx network 200 appletalk cable-range 200-200 200.1 appletalk zone ISDN no appletalk send-rtmps frame-relay interface-dlci 200 broadcast IETF ! access-list 101 deny igrp any host 255.255.255.255 access-list 101 permit ip any any access-list 901 deny -1 FFFFFFFF 452 access-list 901 deny -1 FFFFFFFF 453 access-list 901 deny -1 FFFFFFFF 457 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 452 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 453 access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 457 access-list 901 permit -1 access-list 601 permit cable-range 100-100 broadcast-deny access-list 601 permit cable-range 200-200 broadcast-deny access-list 601 deny other-access dialer-list 1 protocol ip list 101 dialer-list 1 protocol novell list 901 dialer-list 1 protocol apple list 601
In the following example, a router is configured to support X.25 and DTR dialing:
interface serial 0 ip address 131.108.170.19 255.255.255.0 encapsulation x25 x25 address 12345 x25 map ip 131.108.171.20 67890 broadcast dialer dtr dialer-group 1 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ! dialer-list 1 protocol ip list 101
In the following example, the router is configured for LAPB encapsulation and in-band dialing:
interface serial 0 ip address 131.108.170.19 255.255.255.0 encapsulation lapb dialer in-band dialer string 4155551212 dialer-group 1 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ! dialer-list 1 protocol ip list 101
Posted: Mon May 3 12:03:49 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.