Configuring Large-Scale Dial-Out

Large-scale dial-out supports only IP over PPP encapsulation.
Large-scale dial-out does not support tunneling protocols such as Layer 2 Forwarding Protocol (L2F) or Layer 2 Tunneling Protocol (L2TP).
Virtual profiles depend on PPP authentication; however, this authentication can create a problem for Ascend devices, which do not allow devices to authenticate them when answering a call (bidirectional authentication is not supported).
The IP address of the remote device must be known prior to dialing out. Large-scale dial-out does not support dynamic IP address assignment.

For a complete description of the commands in this chapter, see the Cisco IOS Dial Services Command Reference publication; the commands are arranged alphabetically in that guide. To locate command descriptions of other commands presented in this chapter, use the master index or search online.

Large-Scale Dial-Out Overview

In previous dial-on-demand routing (DDR) networking strategies, only incoming calls could take advantage of features such as dialer and virtual profiles, Multichassis Multilink PPP (MMP) support, and the ability to use an authentication, authorization, and accounting (AAA) server to store attributes. MMP allows network access servers to be stacked together and appear as a single network access server chassis so that if one network access server fails, another network access server in the stack can accept calls. MMP also provides stacked network access servers access to a local Internet point of presence (POP) using a single telephone number. This capability allows for easy expansion and scalability, and for assured fault tolerance and redundancy. Now, with large-scale dial-out, these features are available for both outgoing and incoming calls.

Large-scale dial-out eliminates the need to configure dialer maps on every network access server for every destination. Instead, you create remote site profiles containing outgoing call attributes (telephone number, service type, and so on) on the AAA server. The profile is downloaded by the network access server when packet traffic requires a call to be placed to a remote site.

Additionally, large-scale dial-out addresses congestion management by seeking an uncongested, alternative network access server within the same POP when the designated primary network access server experiences port congestion.

Large-scale dial-out also enables scalable dial-out service to many remote sites across one or more Cisco network access servers or Cisco routers. This capability is especially beneficial to both Internet service providers (ISPs) and large-scale enterprise customers because it can simplify network configuration and management. Large-scale dial-out streamlines activities such as service maintenance and scheduled activities like application upgrades from a centralized location. Large enterprise networks such as those used by retail stores, supermarket chains, and franchise restaurants can use large-scale dial-out to easily update daily prices and inventory information from a central server to all branch locations in one process, using the same network access servers they currently use for dial in functions.

Additional benefits of using large-scale dial-out include the following:

Allows dialing the same router from any router in a stack group. Using a primary network access server, you can configure static routes for a given remote host or network. If the primary network access server is congested or has no links available, it will search for an alternate server within the stack, and force that server to dial out.
Eliminates the need to configure dialer maps in individual network access servers. The user profiles, along with dial parameters, can be centrally stored on an AAA server such as a Cisco Secure Access Control Server (ACS).
Supports extended TACACS (also TACACS+), RADIUS using Cisco attribute-value (AV) pairs, and the Ascend proprietary RADIUS extension for dial-out operation.
Provides a way to associate an IP address with a user name and user profile using the static route and host name association features. If there are no names on the IP static route, the Domain Name System (DNS) support function can be used to determine the user name that is associated with the IP address. If a name is not found, the destination IP address is used for the name.
Allows dynamic static routes to be configured on the centralized AAA server, that is, static routes stored centrally on an AAA server that can be dynamically downloaded by the router as needed.
Provides support for MMP and the Stack Group Bidding Protocol (SGBP). SGBP unites each Cisco access server in a virtual stack, which enables the access servers to become virtually tied together. If all ports on a given network access server are already being used, the other network access servers on the stack can be used for outbound calls. Single calls and multilink calls are now supported across the multichassis stack group.
Supports dial-out over an asynchronous line, when a chat script is configured.
Ports can be reserved for dial-in and dial-out.

Large-scale dial-out enables scalable dial-out service, that is, configuration information is stored in a central server and many network access servers can access this information using either the RADIUS or extended TACACS protocols. One or more network access servers can advertise summary routes to the remote destinations, then dynamically download the dial-out profile configurations as needed.

Large-scale dial-out also allows dialing the same remote network or host from any router in a stack group.You configure static routes for a particular remote host or network on a router in a stack group that you designate as the primary network access server for that remote. When a primary network access server experiences port congestion, it searches for an alternate network access server within the stack group to dial out, and when found, forces the alternate to dial the remote network. Figure 1 illustrates the large-scale dial-out solution.

Figure 1: Large Scale Dailout Components

Large-scale dial-out relies on per-user static routes in AAA, and redistributed static and redistributed connected routes to put better routes pointing to the same remote on the alternative network access server. You can use any routing protocol that supports redistributing static and connected routes, and supports flash memory updates when a routing topology changes. The Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) routing protocols are recommended.

Next Hop Definition

A next hop address or remote name that you define is used in a AAA server lookup to retrieve the user profile from the remote network or host. The name is passed to the AAA server by the router software.

Static Routes

Static routes can be dynamically downloaded from an AAA server by the network access servers, or can be manually configured on the network access servers.

Dynamic static routes are installed on the network access server by an AAA server. The routes are downloaded at system startup and updated periodically, so that route changes are reflected within a configurable interval of time. Large-scale dial-out allows multiple AAA transactions with 50 static routes per AAA server transaction.

Stack Groups

The network access server stack group redistributes the routes of the remote networks. If the number is large, the routes are summarized. Packets destined for remote networks are routed to the primary network access server for the remote network.

If the static route pointing to the next hop of the network access server has a name, that name with the -out suffix attached becomes the profile name. If no profile name is configured in the route statement defining the remote location, the router can use reverse DNS lookup to map the IP route to a profile name. The next hop address on the static route is used in reverse DNS to obtain the name of the remote network. This name is then used in the AAA server lookup to retrieve the remote user profile. If no name is returned by DNS, the network access server uses the destination IP address with the -out suffix appended as the name.

If the primary network access server is congested, an alternate network access server may dial out. The primary network access server initiates stack group bidding for the outoing call. The least congested network access server wins the bid and downloads the user profile. After a call is connected on an alternate network access server, a better per-user route from the AAA profile is installed on the alternate network access server. Subsequent packets destined for the remote network are routed to the alternate network access server while the call is connected. Packets stored in the dialer hold queue on the primary network access server are switched to the alternate network access server when the new route is distributed to the primary network access server.

Large-Scale Dial-Out Configuration Task List

The tasks to configure large-scale dial-out are described in the following sections:

Complying with Large-Scale Dial-Out Prerequisites (Required)
Establishing the Route to the Remote Network (Required)
Enabling AAA and Static Route Download (Required)
Enabling Access to the AAA Server (Required)
Enabling Reverse DNS (Required)
Enabling SGBP Dial-Out Connection Bidding (Required)
Defining a User Profile (Required)

See the section "Monitoring and Maintaining the Large-Scale Dial-Out Network" later in this chapter for tips on maintaining large-scale dial-out. See the examples in the section "Large-Scale Dial-Out Configuration Examples" at the end of this chapter for ideas on how you can implement large-scale dial-out in your network.

Complying with Large-Scale Dial-Out Prerequisites

The following prerequisites apply to large-scale dial-out:

Virtual profiles depend on PPP authentication; therefore the network access server, the remote device, or both must authenticate the connection to use virtual profiles.
You must configure SGBP to allow a primary network access server that is congested or otherwise unable to dial out to select an alternate network access server to dial out. Configure SGBP using the sgbp group and sgbp member global configuration commands before enabling the stack group to bid for dial-out connection. Configuring SGBP is described in the chapter "Configuring Multichassis Multilink PPP" in this publication. The Cisco IOS Dial Services Command Reference publication describes the commands you use to configure a stack group.

: Additionally, all members of the stack group must be in the same routing autonomous system, and the redistribute static and redistribute connected commands must already be configured. The stack group supports all routing protocols, but routing protocols such as EIGRP and OSPF, which support redistributing static and connected routes and flash memory updates when topology changes, are recommended.

You must configure AAA network security services using the aaa new-model, aaa authentication, aaa authorization, and aaa accounting global configuration commands. For more information about AAA, see the chapter "AAA Overview" in the Cisco IOS Security Configuration Guide publication. The Cisco IOS Security Command Reference publication describes the commands you use to configure AAA.

: You will also need to configure your network access server to communicate with the applicable security server, either an extended TACACS or RADIUS daemon.

Establishing the Route to the Remote Network

The task in this section is optional; you only need to perform it when routes will not be downloaded statically from the AAA server.

To establish a route to the remote network or host (next hop) holding the user profile, use the ip route command in global configuration mode:

Command Purpose

Router(config)#ip route network-number [network-mask]
{address | interface} [distance] [name name]
Establishes a static route to a remote network to obtain a user profile.

Command	Purpose
Router(config)#ip route network-number [network-mask] {address \| interface} [distance] [name name]	Establishes a static route to a remote network to obtain a user profile.

The name you define is used in a AAA server lookup to retrieve the AAA profile of the remote network.

Enabling AAA and Static Route Download

AAA network security must be enabled before you perform the tasks in this section. For more information about enabling AAA, see the chapter "AAA Overview" in the Cisco IOS Security Configuration Guide publication.

Enabling the static route download feature allows static routes to be configured at a centrally located AAA server. Static routes are downloaded when the system is started, and you define a period of time between route updates when you enable the feature.

NoteStatic route download is not mandatory for the large-scale dial-out feature; however, it makes configuration of static routes more manageable by allowing the configuration to be centralized on a server.

To enable the static route download feature, use the following commands in global configuration mode:

Command Purpose

Step1

aaa new-model
Enables the AAA server.

Step2

aaa route download [time]
Downloads static routes from the AAA server periodically using the hostname of the router.

Step3

aaa authorization configuration default
[radius | tacacs+]
Downloads configuration information from AAA server.

	Command	Purpose
Step1	aaa new-model	Enables the AAA server.
Step2	aaa route download [time]	Downloads static routes from the AAA server periodically using the hostname of the router.
Step3	aaa authorization configuration default [radius \| tacacs+]	Downloads configuration information from AAA server.

Use the show ip route command to see the routes installed by these commands.

Enabling Access to the AAA Server

To configure the dialer interface to be able to access the AAA server and retrieve the user profile, use the following command in interface configuration mode for a dialer rotary group leader:

Command Purpose

dialer aaa
Allows the dialer to use the AAA server to locate profiles for dialing information.

Command	Purpose
dialer aaa	Allows the dialer to use the AAA server to locate profiles for dialing information.

Enabling Reverse DNS

To instruct the dialer to use reverse DNS on dial out, use the following command in interface configuration mode:

Command Purpose

dialer dns
Uses reverse DNS to obtain the name of the user profile of the remote network.

Command	Purpose
dialer dns	Uses reverse DNS to obtain the name of the user profile of the remote network.

The user profile name passed to the AAA server by the system is reverse-dns-name-out; the -out suffix is automatically appended to the DNS name, and is required to create unique dial-out and dial in profiles.

Enabling SGBP Dial-Out Connection Bidding

You must configure SGBP before performing the tasks in this section. The chapter "Configuring Multichassis Multilink PPP" in this publication describes the tasks you perform to configure a stack group.

To configure stack group bidding, use the following command in global configuration mode:

Command Purpose

sgbp dial-bids
Allows the stack group to bid for the dial-out call.

Command	Purpose
sgbp dial-bids	Allows the stack group to bid for the dial-out call.

Once the stack group has been configured and enabled for dial-out connection bidding, configure the dialer interface to search for an alternate network access server in the event of port congestion. Use the following commands in interface configuration mode:

Command Purpose

Step1

dialer congestion-threshold links
Forces the dialer to search for another uncongested system in the stack group.

Step2

dialer reserved-links {dialin-link |
dialout-link}
Reserves links for dial in and dial-out.

	Command	Purpose
Step1	dialer congestion-threshold links	Forces the dialer to search for another uncongested system in the stack group.
Step2	dialer reserved-links {dialin-link \| dialout-link}	Reserves links for dial in and dial-out.

See the section "Stack Group and Static Route Download Configuration" at the end of this chapter for an example of how to configure stack groups and static routes.

Defining a User Profile

Attributes are used to define specific AAA elements in a user profile. Large-scale dial-out supports a subset of Ascend AV pairs, RADIUS attributes, and a map class attribute providing outbound dialing services, as described in Table 3.

The only required attribute is the Cisco AV pair outbound:dial-number; all others are optional. If the AAA server does not support Cisco AV pairs, attribute #227, Ascend-Dial-Number, can be substituted. In cases where there are equivalent Cisco AV pairs and Ascend-specific attributes, Cisco recommends using the Cisco AV pairs.

For additional information about defining user profiles, see the chapter "RADIUS Attribute-Pairs" in the CiscoSecure ACS for Windows NT User Guide 2.0 publication, and the chapter "TACACS+ Attribute-Value Pairs" in the Cisco IOS Security Configuration Guide publication.

For an example of a user profile using the supported attributes, see the section "User Profile on an Ascend RADIUS Server for NAS1" at the end of this chapter.

NoteIn the following attributes, the value of a string is 0 to 253 octects; the value of an integer is a 32-bit value ordered high byte first.

Table3: Large-Scale Dial-Out Outbound Service Attributes

Number Attribute Description

Ascend AV Pairs

#214

Ascend-Send-Secret

Specifies the password the network access server uses when the remote site challenges the network access server to authenticate using either the Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP).
Cisco AV Pair:
None

TACACS+ Support:
service = outbound {
send-secret = VALUE
}
Value:
Password string

NoteThe password is encrypted. This attribute requires a special RADIUS daemon that supports CHAP or PAP authentication.

#227

Ascend-Dial-Number

Defines the number to dial.
Cisco AV Pair:
cisco-avpair="outbound:dial-number=VALUE"

TACACS+ Support:
service = outbound {
dial-number = VALUE
}
Value:
Dial string

NoteThis attribute defines the plain dial number. It can be used in different profiles, whereas the callback-dialstring attribute is only for callbacks.

#231

Ascend-Send-Auth

Specifies the authentication protocol that the network access server requests when initiating a connection using PPP. The answering side of the connection determines which authentication protocol, if any, the connection uses. The network access server will refuse to negotiate PAP if CHAP is selected, but will negotiate CHAP if PAP is selected.
Cisco AV Pair:
cisco-avpair="outbound:send-auth=VALUE"

TACACS+ Support:
service = outbound {
send-auth = none/pap/chap
}
Value:
0: Send-Auth-None
1: Send-Auth-PAP
2: Send-Auth-CHAP

#247

Ascend-Data-SVC

Specifies the type of data service the link uses for outgoing calls.
Cisco AV Pair:
cisco-avpair="outbound:data-service=VALUE"

TACACS+ Support:
service = outbound {
data-service = VALUE
}
Value:
0: Switched-Voice-Bearer

#248

Ascend-Force-56

Determines whether the network access server uses only the 56K portion of a channel, even when all 64K appear to be available.
Cisco AV Pair:
cisco-avpair="outbound:force-56=VALUE"

TACACS+ Support:
service = outbound {
force-56 = VALUE
}
Value:
0: Force-56-No
1: Force-56-Yes

RADIUS (IETF) Attributes

#10

Framed-Routing

Indicates a routing method when a router is used to access a network.
Cisco AV Pair:
None

TACACS+ Support:
service = outbound {
routing = VALUE
}
Value:
0: None
1: Broadcast
2: Listen
3: Broadcast-Listen

NoteThis attribute is currently supported only for PPP service.

#19

Callback-Number

Defines a dialing string to be used for call back. (Service is both outbound and PPP.)
Cisco AV Pair:
cisco-avpir="outbound:callback-dialstring=VALUE"

TACACS+ Support:
Equivalent to the existing callback-dialstring attribute.

Value:
Dial string

NoteThis is an alternate way of setting a callback number using a standard RADIUS attribute.

#61

NAS-Port-Type

Indicates the type of physical port the network access server is using to authenticate the user.
Cisco AV Pair:
None

TACACS+ Support:
None

Value:
0: Asynchronous
1: Synchronous
2: ISDN-Synchronous

NoteThis attribute is currently supported only for PPP service.

Map Class Attribute

(unnumbered)

map-class

Allows the user profile to reference information configured in a map class of the same name on the network access server that dials out.
Cisco AV Pair:
cisco-avpair="outbound:map-class=VALUE"

TACACS+ Support:
service = outbound {
map-class = VALUE
}
Value:
Name string, which must match the name of a map class on the dial-out network access server.

Monitoring and Maintaining the Large-Scale Dial-Out Network

To monitor and maintain a large-scale dial-out network, use any of the following commands in EXEC mode:

Command Purpose

clear dialer sessions
Removes all dialer sessions and disconnects links.

clear ip route download {* | network-number network mask | reload}
Removes all or specified IP routes on the router. With reload option, forces reload of dynamic static routes before the update timer expires.

show dialer sessions
Displays all dialer sessions.

show ip route [static [download]]
Displays all static IP routes, or those installed using the AAA route download function.

Command	Purpose
clear dialer sessions	Removes all dialer sessions and disconnects links.
clear ip route download {* \| network-number network mask \| reload}	Removes all or specified IP routes on the router. With reload option, forces reload of dynamic static routes before the update timer expires.
show dialer sessions	Displays all dialer sessions.
show ip route [static [download]]	Displays all static IP routes, or those installed using the AAA route download function.

Large-Scale Dial-Out Configuration Examples

This section provides the following examples of how you can configure large-scale dial-out in your network:

Stack Group and Static Route Download Configuration

The following example configures NAS1 as the primary network access server and NAS2 as the secondary network access server, in a stack group for dial-out. The remote router is configured to answer calls. Figure 2 illustrates the configuration.

Figure2: Stack Group and Static Route Download Configuration

At the console for NAS1, ping 20.1.1.1. This action creates a multilink bundle with two links. NAS1 dials out the first link, and NAS2 dials out the second link. The router named Remote is using the CHAP hostname echo-8.cisco.com.

A user profile for NAS1 on an Ascend RADIUS server is listed in the section "User Profile on an Ascend RADIUS Server for NAS1" later in this chapter.

Primary Network Access Server Configuration for NAS1

version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname NAS1
!
aaa new-model
aaa authentication ppp default radius local
aaa authorization network default radius none
aaa authorization configuration default radius
aaa route download 720
enable password 7 1236173C1B0F
!
username NAS2 password 7 05080F1C2243
username NAS1 password 7 030752180500
username dialbid password 7 121A0C041104
username echo-8.cisco.com password 7 02050D480809
ip subnet-zero
ip domain-name cisco.com
ip name-server 172.31.2.132
ip name-server 172.22.30.32
!
virtual-profile virtual-template 2
!
sgbp group dialbid
sgbp seed-bid offload
sgbp member NAS2 172.21.17.17
sgbp dial-bids 
isdn switch-type basic-5ess
!
!
interface Ethernet0
 ip address 172.21.17.18 255.255.255.0
 no ip directed-broadcast
 no ip mroute-cache
 media-type 10BaseT
 no cdp enable
!
interface Virtual-Template1
 ip address 1.1.1.1 255.255.255.252
 no ip directed-broadcast
!
interface Virtual-Template2
 ip unnumbered Virtual-Template1
 no ip directed-broadcast
 ppp multilink
 multilink load-threshold 1 outbound
!
interface BRI0
 description PBX 60043
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer rotary-group 1
 isdn switch-type basic-5ess
 no fair-queue
!
interface Dialer1
 ip unnumbered Ethernet0
 no ip directed-broadcast
 encapsulation ppp
 no ip mroute-cache
 dialer in-band
 dialer dns
 dialer aaa
 dialer hold-queue 5
 dialer congestion-threshold 5
 dialer reserved-links 1 0
 dialer-group 1
 no fair-queue
 ppp authentication chap callin
 ppp multilink
!
router eigrp 200
 redistribute connected
 redistribute static
 network 172.21.0.0
!
ip default-gateway 172.21.17.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.21.17.1
!
dialer-list 1 protocol ip permit
radius-server host 172.31.61.87 auth-port 1645 acct-port 1646
radius-server key foobar
!
end

Secondary Network Access Server Configuration for NAS2

version 12.0
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
!
hostname NAS2
!
boot system flash 
aaa new-model
aaa authentication ppp default radius local
aaa authorization network default radius none
aaa authorization configuration default radius
enable password 7 022916700202
!
username NAS1 password 7 104D000A0618
username dialbid password 7 070C285F4D06
username echo-8.cisco.com password 7 0822455D0A16
ip subnet-zero
ip domain-name cisco.com
ip name-server 172.22.30.32
ip name-server 172.31.2.132
!
virtual-profile virtual-template 2
!
sgbp group dialbid
sgbp member NAS1 172.21.17.18
sgbp dial-bids 
isdn switch-type basic-5ess
!
interface Ethernet0
 ip address 172.21.17.17 255.255.255.0
 no ip directed-broadcast
 media-type 10BaseT
!
interface Virtual-Template1
 ip address 1.1.1.1 255.255.255.252
 no ip directed-broadcast
!
interface Virtual-Template2
 ip unnumbered Virtual-Template1
 no ip directed-broadcast
 ppp multilink
 multilink load-threshold 1 outbound
!
interface BRI0
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer rotary-group 0
 isdn switch-type basic-5ess
 no fair-queue
!
interface Dialer0
 ip unnumbered Ethernet0
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer dns
 dialer aaa
dialer hold-queue 5
 dialer congestion-threshold 5
 dialer reserved-links 1 0
 dialer-group 1
 no fair-queue
 ppp authentication chap callin
 ppp multilink
!
router eigrp 200
 redistribute connected
 redistribute static
 network 172.21.0.0
!
ip default-gateway 172.21.17.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.21.17.1
!
dialer-list 1 protocol ip permit
!
radius-server host 172.31.61.87 auth-port 1645 acct-port 1646
radius-server key foobar
!
end

Router Remote Configuration

version 12.0
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Remote
!
boot system flash 
enable password 7 002B012D0D5F
!
username dialbid password 7 14141B180F0B
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-5ess
!
interface Loopback0
 ip address 172.31.229.41 255.255.255.255
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
!
interface Loopback1
 ip address 20.1.1.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
!
interface Loopback2
 ip address 20.1.2.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
!
interface Loopback3
 ip address 40.1.1.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
!
interface Ethernet0
 ip address 172.21.12.15 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 no ip mroute-cache
!
interface BRI0
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer rotary-group 3
 dialer-group 1
 isdn switch-type basic-5ess
 no fair-queue
!
interface Dialer3
 ip unnumbered Loopback0
 no ip directed-broadcast
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 10000
 dialer-group 1
 no fair-queue
 ppp authentication chap callin
 ppp chap hostname echo-8.cisco.com
 ppp chap password 7 045802150C2E
 ppp multilink
!
ip default-gateway 172.21.12.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.1
!
dialer-list 1 protocol ip permit

User Profile on an Ascend RADIUS Server for NAS1

The following example shows a dial-out profile and a static route download profile in AAA. The dial-out profile username must have "-out" appended to it. The static route download profile username always has "-N" appended. The router downloads NAS1-1, NAS1-2, through NAS1-N. When NAS1-N fails, the router does not try NAS1-N+1. The static route download profile cannot have more than 50 static routes defined.

echo-8.cisco.com-out  Password = "cisco", User-Service-Type = Outbound-User
     cisco-avpair = "outbound:addr*172.31.229.41",
     cisco-avpair = "outbound:dial-number=60039",
     cisco-avpair = "ip:route=20.1.1.0 255.255.255.0 172.31.229.41",
     cisco-avpair = "ip:route=20.1.2.0 255.255.255.0 172.31.229.41",
     cisco-avpair = "ip:route=20.1.3.0 255.255.255.0 172.31.229.41",
     cisco-avpair = "ip:route=40.1.1.0 255.255.255.0 172.31.229.41",
 
NAS1-1 Password = "cisco" User-Service-Type = Outbound-User,
     cisco-avpair = "ip:route=20.1.3.0 255.255.255.0 172.31.229.41 200",
     cisco-avpair = "ip:route=20.1.2.0 255.255.255.0 172.31.229.41 200",
     cisco-avpair = "ip:route=20.1.1.0 255.255.255.0 172.31.229.41 200",
     cisco-avpair = "ip:route=172.31.229.41 255.255.255.255 Dialer1 200 name
echo-8.cisco.com"

NoteNote that all text between quotation marks must be typed on one line.

Static routes can also be defined using the Framed-Route Internet Engineering Task Force (IETF) standard. The following shows how the previous example for NAS1 would look using the Framed-Route IETF standard:

NAS1-1 Password = "cisco" User-Service-Type = Outbound-User,
Framed-Route = "20.1.3.0/24 172.31.229.41.200",
Framed-Route = "20.1.2.0/24 172.31.229.41.200",
Framed-Route = "20.1.1.0/24 172.31.229.41.200",
Framed-Route = "172.31.229.41/32 Dialer1 200 name echo-8.cisco.com"

Asynchronous Dialing Configuration Examples

Large-scale dial-out supports dialing out using an asynchronous line. This type of dialing requires that a chat script be configured, and that the script dialer command be configured in the line commands for any asynchronous interface that may be dialing out. The following examples are provided in this section:

Asynchronous Dialing

The following example shows an asynchronous dialing configuration:

chat-script dial "" "ATZ" OK "ATDT\T" TIMEOUT 60 CONNECT
!
interface Async1
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer rotary-group 0
 async dynamic address
 async dynamic routing
 async mode dedicated
 no cdp enable
!
interface Dialer0
 ip address 172.21.30.32 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 no ip mroute-cache
 bandwidth 64
 dialer in-band
 dialer idle-timeout 60
 dialer enable-timeout 10
 dialer hold-queue 50
 dialer-group 1
 no cdp enable
!
line 1
 script dialer dial
 modem InOut
 transport input all

Asynchronous and Synchronous Dialing

The following example creates a dialer rotary group for the asynchronous interfaces, and a dialer rotary group for the PRI interfaces. Any dialin or dial-out reservations are applied only to the PRI dialer interface. In the following configuration example:

Destinations that require modem calls have static routes pointing to Dialer0.
Destinations requiring digital connections have static routes pointing to Dialer1.
The dialer reserved-links command applies to all connections made over the PRI interfaces in dialer rotary group 1, even if they come from an asynchronous interface.

chat-script dial "" "ATZ" OK "ATDT\T" TIMEOUT 60 CONNECT
!
interface Serial0:23
 no ip address
 no ip directed-broadcast
 no keepalive
 dialer rotary-group 1
 isdn switch-type primary-5ess
 isdn incoming-voice modem
 no cdp enable
!
interface Async1
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer rotary-group 0
 async dynamic address
 async dynamic routing
 async mode dedicated
 no cdp enable
!
interface Dialer0
 ip address 172.21.30.32 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 no ip mroute-cache
 bandwidth 64
 dialer in-band
 dialer dns
 dialer aaa
 dialer idle-timeout 60
 dialer enable-timeout 10
 dialer hold-queue 50
 dialer-group 1
 no cdp enable
!
interface Dialer1
 ip address unnumbered eth0
 no ip directed-broadcast
 dialer in-band
 dialer dns
 dialer aaa
 dialer reserved-links 22 0
 no cdp enable
!
line 1
 script dialer dial
 modem InOut
 transport input all

Table of Contents

Configuring Large-Scale Dial-Out