|
|
This chapter describes how to configure the Cisco 1604 router to dial out to the Cisco AS5300.
Table 3-1 provides detailed information about the end-to-end connections for the Cisco 1604. This is the network administrator's top-level design table. The Cisco 1604's WAN default gateway is 10.1.254.1, which is configured on the Cisco AS5300 as the dialer interface address.
| Site Hardware | WAN IP Address | Ethernet IP Address | Assigned Phone Number | Host Name/ User Name | Username Password |
|---|---|---|---|---|---|
Cisco 1604 | 10.1.254.4 255.255.255.0 | 10.1.4.1 255.255.255.0 | Directory number = 5125554433 | robo-austin | austin-pw |
Cisco AS5300 | 10.1.254.1 255.255.255.0 | 10.1.1.10 255.255.255.0 | 4085551234 | hq-sanjose | hq-sanjose-pw |
After you verify your start up configuration, follow these steps to configure the router:
Step 1Configuring the Host Name, Password, and Time Stamps
Step 2Configuring Local AAA Security
Step 3Configuring the Ethernet Interface
Step 4Configuring Basic Rate Interface
Step 5Configuring Dial-on-Demand Routing
Step 6Testing the Cisco 1604 Connection to the Cisco AS5300
Step 7Confirming the Cisco 1604 Final Running Configuration
Step 8Saving the Configuration
If the startup configuration of the Cisco IOS software release running inside the Cisco 1604 router is not configured, the following screen appears at bootup. The automatic setup script is engaged:
In this case study, the Cisco 1604 is manually configured. The automatic setup script is not used.
System Bootstrap, Version 11.1(7)AX [kuong (7)AX], RELEASE SOFTWARE (fc1)
Copyright (c) 1994-1996 by cisco Systems, Inc.
C1600 processor with 2048 Kbytes of main memory
program load complete, entry point: 0x4018060, size: 0x1da928
Notice: NVRAM invalid, possibly due to write erase.
%QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?program load
complete, entry point: 0x8000060, size: 0x3f5f2c
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-SY-L), Version 12.0(x)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Tue 25-Aug-98 01:45 by xxxx
Image text-base: 0x0802DA90, data-base: 0x02005000
ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Router uptime is 10 minutes
System restarted by reload
System image file is "flash:c1600-sy-l.120-x"
cisco 1604 (68360) processor (revision C) with 17920K/512K bytes of memory.
Processor board ID 08823977, with hardware revision 00972006
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
System/IO memory with parity disabled
2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
System running from FLASH
8K bytes of non-volatile configuration memory.
12288K bytes of processor board PCMCIA flash (Read ONLY)
--- System Configuration Dialog ---
When you are asked the question, "Would you like to enter the initial configuration dialog? [yes/no]:", enter no.
Would you like to enter the initial configuration dialog? [yes/no]: no Would you like to terminate autoinstall? [yes]: yes Press RETURN to get started! 00:00:17: %QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem? 00:00:17: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up 00:00:17: %LINK-3-UPDOWN: Interface Serial0, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state todown 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to down 00:00:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed stat to down 00:00:44: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down 00:00:46: %LINK-5-CHANGED: Interface Serial0, changed state to administratively down 00:00:46: %LINK-5-CHANGED: Interface Ethernet0, changed state to administratively down 00:00:47: %IP-5-WEBINST_KILL: Terminating DNS process Router>
Assign a host name to the Cisco 1604, enable basic security, and turn on time stamping.
As you configure the software, make sure that all logging dialog generated by the router appears on your terminal screen. If it does not, enter the terminal monitor EXEC command. If you are configuring the router with the console port, logging automatically appears.
You can use security measures in addition to those described in Steps 4 and 5 below to further encrypt the password. See the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference for more information.
To configure the host name, password and timestamps for the Cisco 1604, enter the following commands beginning in user EXEC mode:
Router> enable
Step 2 Enter global configuration mode.
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Step 3 Assign a host name to the router. This host name is typically used during authentication with the central site.
Router(config)# hostname robo-austin
Step 4 Enter a secret enable password that secures privileged EXEC mode. Be sure to change "guessme" to your own secret password.
robo-austin(config)# enable secret guessme
Step 5 Encrypt passwords in the configuration file for greater security.
hq-sanjose(config)# service password-encryption
Step 6 Enable millisecond time stamping on debug and logging output. Time stamps are useful for detailed access tracing.
hq-sanjose(config)# service timestamps debug datetime msec
hq-sanjose(config)# service timestamps log datetime msec
To verify configuration of the Cisco 1604's host name, password, and time stamps:
robo-austin# show running Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname robo-austin ! enable secret 5 $1$og7B$nSwMZM0NBKTPhV09KVgxl1 ! interface Ethernet0 no ip address shutdown ! interface Serial0 no ip address shutdown ! interface BRI0 no ip address shutdown ! ip classless ! ! line con 0 line vty 0 4 login !
Step 2 Log in with your new enable password.
Step 3 Exit out of enable mode by using the disable command.
The prompt changes from robo-austin# to robo-austin>.
Step 4 Enter the enable command followed by your password.
Step 5 Enter the show privilege command to show the current security privilege level, which is level 15:
robo-austin# disable robo-austin> enable Password: robo-austin# show privilege Current privilege level is 15 robo-austin#
If you have trouble:
The Cisco IOS security model to use on all Cisco devices is authentication, authorization, and accounting (AAA). AAA provides the primary framework through which you set up access control on the access server.
In this case study, the same authentication method is used on all interfaces. AAA is set up to use the local database configured on the Cisco 1604 router. This local database is created with the username configuration commands.
 |
Note Setting up your AAA security at this point in the configuration process is a matter of "best practices"; it ensures that the configuration is managed for most effectiveness. |
To configure local AAA security on the Cisco 1604, enter the following commands beginning in global configuration mode:
robo-austin(config)# username joe-admin password joe-password
Step 2 Enable AAA access control. This step immediately enables login and PPP authentication.
robo-austin(config)# aaa new-model
Step 3 Configure AAA to perform login authentication by using the local username database. The login keyword indicates authentication of EXEC (shell) users.
robo-austin(config)# aaa authentication login default local
Step 4 Configure PPP authentication to use the local database if the session was not already authenticated by login.
robo-austin(config)# aaa authentication ppp default local
|
Note After you finish setting up basic security, you can enhance the security solution by extending it to an external TACACS+ or RADIUS server. However, this case study describes only local AAA security. |
To verify the local AAA security configuration on the Cisco 1604:
Step 2 Enter the login command at the EXEC (shell) prompt. Do not disconnect your EXEC session until you can log in successfully. (If you get locked out, recover your password by rebooting the router.)
robo-austin# login User Access Verification Username: joe-admin Password: robo-austin#
Step 3 Enter the show running command to see the Cisco 1604's current configuration:
robo-austin# show running Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname robo-austin ! aaa new-model aaa authentication login default local aaa authentication ppp default local enable secret 5 $1$og7B$nSwMZM0NBKTPhV09KVgxl1 ! username joe-admin password 7 <removed> ! interface Ethernet0 no ip address shutdown ! interface Serial0 no ip address shutdown ! interface BRI0 no ip address shutdown ! ip classless ! ! line con 0 line vty 0 4 !
Assign an IP address to the Cisco 1604's Ethernet interface. Test the interface by pinging it from a PC on the LAN.
To configure the Ethernet interface, enter the following commands beginning in global configuration mode:
robo-austin(config)#interface ethernet 0robo-austin(config-if)#ip address 10.1.4.1 255.255.255.0
Step 2 Bring up the interface. This command changes the state of the interface from administratively down to up.
robo-austin(config-if)# no shutdown
To verify the Cisco 1604's Ethernet interface configuration:
The field "administratively down" means that the interface is configured with the shutdown command.
Step 2 To bring the interface up, you must enter the no shutdown command. In the example below, the Status column refers to the ability to physically connect the network at Layer 1---needed for getting clocks (timing signals) and carrier signals. The Protocol column refers to the ability to see traffic flow, which typically occurs at the data link layer. For example, the Ethernet interface sends a loopback Ethernet packet out to itself through the Ethernet LAN:
robo-austin# show ip interface brief Interface IP-Address OK? Method Status Protocol BRI0 unassigned YES unset administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down Ethernet0 10.1.4.1 YES manual up up Serial0 unassigned YES unset administratively down down
In the next example, note that the status is up but the protocol is down. The following logging message appears at 00:40:20: "Unit 0, lost carrier. Transceiver problem?." After the Ethernet cable is plugged into the Ethernet port, the interface comes up. See 00:40:25.
robo-austin# show ip interface brief Interface IP-Address OK? Method Status Protocol BRI0 unassigned YES unset administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down Ethernet0 10.1.4.1 YES manual up down Serial0 unassigned YES unset administratively down down robo-austin# 00:40:20: %QUICC_ETHER-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem? 00:40:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed sta te to up robo-austin#
Step 3 Establish connectivity with an Ethernet-based device. In this example, IP address 10.1.4.2 is assigned to the first external PC on this LAN to test for router-to-PC connectivity. The PC's DOS prompt application is opened and the ping 10.1.4.1 command is issued.
Microsoft(R) Windows 95 (C)Copyright Microsoft Corp 1981-1996. C:\WINDOWS> ping 10.1.4.1 Pinging 10.1.4.1 with 32 bytes of data: Reply from 10.1.4.1: bytes=32 time=3ms TTL=236 Reply from 10.1.4.1: bytes=32 time=2ms TTL=236 Reply from 10.1.4.1: bytes=32 time=3ms TTL=236 Reply from 10.1.4.1: bytes=32 time=2ms TTL=236
Step 4 Ping the PC from the Cisco 1604. If the PC has not yet used any IP services or drivers, the connection might fail. The preferred method is to ping the router from a PC on the LAN first:
robo-austin# ping 10.1.4.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
Step 5 If you know that the Ethernet interface is up but not performing correctly, enter the show interface ethernet 0 command. This example shows errors in the counters because the Ethernet cable was not plugged in:
robo-austin# show interface ethernet 0
Ethernet0 is up, line protocol is up
Hardware is QUICC Ethernet, address is 0060.834f.6626 (bia 0060.834f.6626)
Internet address is 10.1.4.1/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 234/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:08, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 644 bytes, 0 no buffer
Received 2 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
28 packets output, 2905 bytes, 0 underruns
25 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
3 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Enable the Cisco 1604's Basic Rate Interface (BRI) connectivity with the telephone company's central office switch. PPP framing is used on the B channels.
You can authenticate the remote side on any connection. The callin keyword used in Step 7 below means that all outbound connection attempts made by the Cisco 1604 will not authenticate the remote peer, which is the device at the other end of the PPP link (Cisco AS5300). Only the calls that come into the Cisco 1604 are authenticated.
|
Note On BRI interfaces, it is not necessary to configure dialer inband because the BRI interfaces are dialer inband interfaces by default. Interfaces BRI0:1 and BRI0:2 are controlled by the dialer interface interface bri 0. |
To configure BRI on the Cisco 1604, enter the following commands beginning in global configuration mode:
robo-austin(config)# isdn switch-type basic-ni1
Step 2 Configure the IP address and subnet mask on the BRI interface.
robo-austin(config)#interface bri 0robo-austin(config-if)#ip address 10.1.254.4 255.255.255.0
Step 3 Configure your SPIDs, which are required by many switch types.
robo-austin(config-if)#isdn spid1 51255544330101robo-austin(config-if)#isdn spid2 51255544340101
Step 4 Enable PPP.
robo-austin(config-if)# encapsulation ppp
Step 5 Disable fair queuing.
robo-austin(config-if)# no fair-queue
Step 6 Enable PPP multilink.
robo-austin(config-if)# ppp multilink
Step 7 Enable CHAP and PAP authentication on the interface during LCP negotiation. The access server first authenticates with CHAP. If CHAP is not used by the remote client, then the access server tries PAP. CHAP is requested first.
robo-austin(config-if)# ppp authentication chap pap callin
Step 8 Bring up the interface. The no shutdown command changes the state of the interface from administratively down to up.
robo-austin(config-if)# no shutdown
robo-austin(config-if)# no shutdown robo-austin# 00:45:01: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:45:01: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down 00:45:01: %LINK-3-UPDOWN: Interface BRI0, changed state to up robo-austin# 00:45:02: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 100 changed to up 00:45:02: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 101 changed to up robo-austin(config-if)#
This example shows the BRI0:1 and BRI0:2 states change to "down" because the previous state was "administratively down." The BRI0 D channel changes to "up" as it spoofs for the two B channels. After the D channel finds the B channels, the B channels change state to "up." The Cisco 1604 communicates with the telephone switch and receives its TEI numbers for its two B channels.
Step 2 Enter the show isdn status command to check the Cisco 1604's ISDN status:
robo-austin# show isdn status
Global ISDN Switchtype = basic-ni
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 100, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 101, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Spid Status:
TEI 100, ces = 1, state = 5(init)
spid1 configured, no LDN, spid1 sent, spid1 valid
Endpoint ID Info: epsf = 0, usid = 2, tid = 1
TEI 101, ces = 2, state = 5(init)
spid2 configured, no LDN, spid2 sent, spid2 valid
Endpoint ID Info: epsf = 0, usid = 4, tid = 1
Layer 3 Status:
0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
Total Allocated ISDN CCBs = 0
The fields in the output example resulting from Step 2 above are described in Table 3-2:
| Field | Description |
|---|---|
BRI0 | Basic Rate Interface. The BRI 0 interface corresponds to DSL-0, which has three channels (2B +D). |
DSL | Digital Subscriber Line. |
TEI | Terminal Equipment Identifier. |
CCB | Call Control Block. |
LDN | Local Directory Number. |
SPID | Service Profile Identifier. |
Step 3 Enter the show ip interface brief command to check the current state of the interface:
robo-austin# show ip interface brief Interface IP-Address OK? Method Status Protocol BRI0 10.1.254.4 YES manual up up BRI0:1 unassigned YES unset down down BRI0:2 unassigned YES unset down down Ethernet0 10.1.4.1 YES manual up up Serial0 unassigned YES unset administratively down down
|
Note Note that the status and protocol for BRI 0 and Ethernet 0 are both up/up, which is what is expected. The term "manual" means that you manually configured the interface since the last reboot. The two B channels (BRI0:1 and BRI0:2) are down because there are no active calls on the BRI interface at this time. |
If you have trouble:
Set up the Dial-on-Demand Routing (DDR) routing components on the Cisco 1604. In most cases, a remote site with a single LAN requires a simple DDR configuration, which supports the routing table and call control in a circuit-switched environment.
In this case study, DDR takes the standard dialer map approach. You must configure specific parameters to establish connectivity with the Cisco AS5300 by using sync PPP. Parameters include a static route, username:password, and a dialer map.
To configure DDR, enter the following commands beginning in global configuration mode:
robo-austin(config)# interface bri 0
Step 2 Define the interesting packets that activate the ISDN connection. Interesting packets reset the idle timer and trigger dialing. This dialer filter is defined by the dialer-list 2 command. See Step 7.
robo-austin(config-if)# dialer-group 2
Step 3 Disable fair queuing.
robo-austin(config-if)# no fair-queue
Step 4 Disable the Cisco discovery protocol unless you are using it for a specific purpose.
robo-austin(config-if)# no cdp enable
Step 5 Configure the interface to bring up the second B channel when the bandwidth load exceeds 60/255.
robo-austin(config-if)# dialer load-threshold 60 either
Step 6 Build a dialer map that maps to the Cisco AS5300's IP address, host name, and directory number. The static route in Step 8 points to this dialer map.
robo-austin(config-if)#dialer map ip 10.1.254.1 name hq-sanjose 14085551234robo-austin(config-if)#exit
Step 7 Define a DDR's dialer-list to allow any IP packets to establish and maintain calls.
robo-austin(config)# dialer-list 2 protocol ip permit
Step 8 Create a static route for the next hop, which is the Cisco AS5300's WAN port. IP address 10.1.254.1 is used on the Cisco AS5300's dialer interface. This static route points at the dialer map on the access server's dialer interface.
robo-austin(config) ip route 0.0.0.0 0.0.0.0 10.1.254.1 permanent
Step 9 Enter the password used by the Cisco 1604 for when the Cisco AS5300 (hq-sanjose) authenticates by using CHAP. On Cisco IOS devices, the PPP name is determined by one of the following commands: hostname, sgbp group, ppp pap sent-username, or ppp chap hostname.
robo-austin(config)# username hq-sanjose password austin-pw
Step 10 Ensure that all unknown subnets use the default route.
robo-austin(config)# ip classless
To verify the Cisco 1604's DDR configuration:
robo-austin# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 10.1.254.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.4.0 is directly connected, Ethernet0
C 10.1.254.0 is directly connected, BRI0
S* 0.0.0.0/0 [1/0] via 10.1.254.1
|
Note The static route is the first software building block that receives the packet routed to the dialer map. The route must direct the packets to the dialer map before the DDR features can establish connectivity. |
Step 2 Enter the show dialer command. The following example shows that the Cisco 1604 has not placed any calls yet, and there have been no failures. An ISDN interface is a dialer interface. Key statistics are shown for each B channel:
robo-austin# show dialer BRI0 - dialer type = ISDN Dial String Successes Failures Last called Last status 14085551234 0 0 never - 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle BRI0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle
Step 3 Enter the show dialer map command to see the static dialer map that was built to the Cisco AS5300. This map is built by using the phone number and WAN IP address of the access server:
robo-austin# show dialer map Static dialer map ip 10.1.254.1 name hq-sanjose (14085551234) on BRI0
Step 4 Enter the show running command to see the Cisco 1604's current configuration:
robo-austin# show running Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname robo-austin ! aaa new-model aaa authentication login default local aaa authentication ppp default if-needed local enable secret 5 $1$aZ1D$wNO71EpS6y5zRYuW9qFEr. ! username joe-admin password 0 6y5zRYuW9qFEr$wNO71EpS6$aZ1 username hq-sanjose password 0 $wNO71EpS6y5zy5zRYuW9aZ1D$w isdn switch-type basic-ni ! interface Ethernet0 ip address 10.1.4.1 255.255.255.0 ! interface Serial0 no ip address shutdown ! interface BRI0 ip address 10.1.254.4 255.255.255.0 encapsulation ppp dialer map ip 10.1.254.1 name hq-sanjose 14085551234 dialer load-threshold 60 either dialer-group 2 isdn switch-type basic-ni isdn spid1 51255544330101 isdn spid2 51255544340101 no cdp enable ppp authentication chap pap callin ppp multilink hold-queue 75 in ! ip classless ip route 0.0.0.0 0.0.0.0 10.1.254.1 permanent ! dialer-list 2 protocol ip permit ! line con 0 line vty 0 4 ! end
The test strategy is to ping the Cisco AS5300's WAN port; then, ping the backbone behind the access server. Cisco recommends you ping the domain name server (DNS) on the backbone since this device should always be up and operating.
Pinging a next-hop IP address can have complications in an IP-unnumbered environment. For example, complications arise when WAN interfaces are configured with unnumbered IPs.
|
Note The typical low-level test to verify connectivity in a sync PPP environment is to ping a device on the other end of the WAN link. In a modem environment (async PPP), the low-level test is to establish an EXEC shell on the router. |
robo-austin# undebug all All possible debugging has been turned off robo-austin# terminal monitor robo-austin# debug dialer Dial on demand events debugging is on robo-austin# debug isdn q931 ISDN Q931 packets debugging is on robo-austin# debug ppp negotiation PPP protocol negotiation debugging is on robo-austin# debug ppp authentication PPP authentication debugging is on robo-austin# debug ip peer IP peer address activity debugging is on
Step 2 Verify that your routing table points to the Cisco AS5300 at headquarters---the hq-sanjose network access server (NAS):
robo-austin# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 10.1.254.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.4.0 is directly connected, Ethernet0
C 10.1.254.0 is directly connected, BRI0
S* 0.0.0.0/0 [1/0] via 10.1.254.1
Step 3 Verify that the correct dialer map exists:
robo-austin# show dialer map Static dialer map ip 10.1.254.1 name hq-sanjose (14085551234) on BRI0
Step 4 Ping the IP address assigned to the Cisco AS5300's dialer interface. Note that the Cisco 1604 (robo-austin) quickly gets 4 of 5 pings back from the Cisco AS5300 (hq-sanjose). After the ping is sent, examine the background processes in the debug output that follows the ping example shown below:
robo-austin# ping 10.1.254.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.254.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 116/182/372ms robo-austin#
The following comments apply to the debug output example that follows:
a. See 08:03:55.
The source and destination IP addresses of the DDR dial cause display.
(s=10.1.254.4, d=10.1.254.1)
b. See 08:03:55.
Hq-sanjose's hunt group number is dialed.
(Attempting to dial 14085551234)
c. See 08:03:55.
ISDN Setup is transmitted.
(TX -> SETUP pd = 8 callref = 0x2F)
d. See 08:03:55.
A synchronous data bearer capability displays.
(Bearer Capability i = 0x8890)
e. See 08:03:55.
The outgoing LCP configuration request is made.
(BR0:1 LCP: O CONFREQ [Closed] id 42 len 28)
f. See 08:03:55.
The incoming LCP configuration request wants to authenticate with CHAP.
(AuthProto CHAP (0x0305C22305))
g. See 08:03:55.
The outgoing acknowledgment says this peer will do CHAP.
(LCP: O CONFACK [REQsent])
h. See 08:03:55.
Both PPP peers have received LCP CONFACK. LCP is now open.
(BR0:1 LCP: State is Open)
i. See 08:03:55.
Authentication phase is initiated by robo-austin.
(BR0:1 PPP: Phase is AUTHENTICATING, by the peer)
j. See 08:03:55.
Robo-austin accepts a CHAP challenge initiated by hq-sanjose. The device robo-austin is not authenticating hq-sanjose, which is the desired behavior for this scenario.
(BR0:1 CHAP: I CHALLENGE id 5 len 31 from "hq-sanjose")
(BR0:1 CHAP: O RESPONSE id 5 len 32 from "robo-austin")
k. See 08:03:55.
The robo-austin PPP peer is successfully authenticated by the hq-sanjose peer.
(BR0:1 CHAP: I SUCCESS id 5 len 4)
l. See 08:03:55.
MultiLink PPP uses a virtual-access interface to host the bundle.
(BR0:1 PPP: Phase is VIRTUALIZED)
m. See 08:03:56.
LCP on Virtual-Access2 is forced up as it was already negotiated on the physical interface. For more information, enter the show interface virtual-access2 conf and debug vtemp commands.
(%LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up)
(Vi2 PPP: Phase is UP)
n. See 08:03:56.
IPCP negotiation begins.
(Vi2 IPCP: O CONFREQ [Closed] id 1 len 10)
(Vi2 IPCP: Address 10.1.254.4 (0x03060A01FE04))
o. See 08:03:56.
IP can now be used across this PPP connection.
(Vi2 IPCP: I CONFACK [ACKsent] id 1 len 10)
(Vi2 IPCP: State is Open)
p. See 08:03:57.
A route is installed to 10.1.254.1 to match the IP address negotiated by the peer.
(BR0 IPCP: Install route to 10.1.254.1)
q. See 08:03:57 and 08:04:01.
The connection is made to hq-sanjose.
(Line protocol on Interface Virtual-Access2, changed state to up)
(Interface BRI0:1 is now connected to 14085551234 hq-sanjose)
robo-austin# ping 10.1.254.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.254.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 116/182/372ms robo-austin# 08:03:55: BRI0: Dialing cause ip (s=10.1.254.4, d=10.1.254.1) 08:03:55: BRI0: Attempting to dial 14085551234 08:03:55: ISDN BR0: TX -> SETUP pd = 8 callref = 0x2F 08:03:55: Bearer Capability i = 0x8890 08:03:55: Channel ID i = 0x83 08:03:55: Keypad Facility i = '14085551234' 08:03:55: ISDN BR0: RX <- CALL_PROC pd = 8 callref = 0xAF 08:03:55: Channel ID i = 0x89 08:03:55: ISDN BR0: RX <- CONNECT pd = 8 callref = 0xAF 08:03:55: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x2F 08:03:55: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 08:03:55: BR0:1 PPP: Treating connection as a callout 08:03:55: BR0:1 PPP: Phase is ESTABLISHING, Active Open 08:03:55: BR0:1 PPP: No remote authentication for call-out 08:03:55: BR0:1 LCP: O CONFREQ [Closed] id 42 len 28 08:03:55: BR0:1 LCP: MagicNumber 0x623E5C69 (0x0506623E5C69) 08:03:55: BR0:1 LCP: MRRU 1524 (0x110405F4) 08:03:55: BR0:1 LCP: EndpointDisc 1 Local (0x130E01726F626F2D61757374696E) 08:03:55: BR0:1 LCP: I CONFREQ [REQsent] id 7 len 32 08:03:55: BR0:1 LCP: AuthProto CHAP (0x0305C22305) 08:03:55: BR0:1 LCP: MagicNumber 0xE16A73E6 (0x0506E16A73E6) 08:03:55: BR0:1 LCP: MRRU 1524 (0x110405F4) 08:03:55: BR0:1 LCP: EndpointDisc 1 Local (0x130D0168712D73616E6A6F7365) 08:03:55: BR0:1 LCP: O CONFACK [REQsent] id 7 len 32 08:03:55: BR0:1 LCP: AuthProto CHAP (0x0305C22305) 08:03:55: BR0:1 LCP: MagicNumber 0xE16A73E6 (0x0506E16A73E6) 08:03:55: BR0:1 LCP: MRRU 1524 (0x110405F4) 08:03:55: BR0:1 LCP: EndpointDisc 1 Local (0x130D0168712D73616E6A6F7365) 08:03:55: BR0:1 LCP: I CONFACK [ACKsent] id 42 len 28 08:03:55: BR0:1 LCP: MagicNumber 0x623E5C69 (0x0506623E5C69) 08:03:55: BR0:1 LCP: MRRU 1524 (0x110405F4) 08:03:55: BR0:1 LCP: EndpointDisc 1 Local (0x130E01726F626F2D61757374696E). 08:03:55: BR0:1 LCP: State is Open 08:03:55: BR0:1 PPP: Phase is AUTHENTICATING, by the peer 08:03:55: BR0:1 CHAP: I CHALLENGE id 5 len 31 from "hq-sanjose" 08:03:55: BR0:1 CHAP: O RESPONSE id 5 len 32 from "robo-austin" 08:03:55: BR0:1 CHAP: I SUCCESS id 5 len 4 08:03:55: BR0:1 PPP: Phase is VIRTUALIZED 08:03:55: BR0:1 IPCP: Packet buffered while building MLP bundle interface 08:03:56: Vi2 PPP: Phase is DOWN, Setup 08:03:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 08:03:56: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up 08:03:56: Vi2 PPP: Treating connection as a callout 08:03:56: Vi2 PPP: Phase is ESTABLISHING, Active Open 08:03:56: Vi2 PPP: No remote authentication for call-out 08:03:56: Vi2 LCP: O CONFREQ [Closed] id 1 len 28 08:03:56: Vi2 LCP: MagicNumber 0x623E60D6 (0x0506623E60D6) 08:03:56: Vi2 LCP: MRRU 1524 (0x110405F4) 08:03:56: Vi2 LCP: EndpointDisc 1 Local (0x130E01726F626F2D61757374696E) 08:03:56: Vi2 PPP: Phase is UP 08:03:56: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10 08:03:56: Vi2 IPCP: Address 10.1.254.4 (0x03060A01FE04) 08:03:56: Vi2 PPP: Pending ncpQ size is 1 08:03:56: BR0:1 IPCP: Redirect packet to Vi2 08:03:56: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10 08:03:56: Vi2 IPCP: Address 10.1.254.1 (0x03060A01FE01) 08:03:56: set_ip_peer_addr: Vi2: address = 10.1.254.1 (7) 08:03:56: Vi2 IPCP: O CONFACK [REQsent] id 1 len 10 08:03:56: Vi2 IPCP: Address 10.1.254.1 (0x03060A01FE01) 08:03:57: Vi2 IPCP: I CONFACK [ACKsent] id 1 len 10 08:03:57: Vi2 IPCP: Address 10.1.254.4 (0x03060A01FE04) 08:03:57: Vi2 IPCP: State is Open 08:03:57: dialer Protocol up for Vi2 08:03:57: BR0 IPCP: Install route to 10.1.254.1 08:03:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up 08:04:01: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 14085551234 hq-sanjose
Step 5 Ping the DNS server behind hq-sanjose. The DNS server is the first backbone device that Cisco 1604 will try to use. The DNS server in this case study uses 10.2.2.3.
robo-austin# ping 10.2.2.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/12 ms
Step 6 Enter additional commands as illustrated below to verify robo-austin's connection with hq-sanjose:
robo-austin# show dialer map
Static dialer map ip 10.1.254.1 name hq-sanjose (14085551234) on BRI0
robo-austin# show dialer
BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last status
14085551234 1 0 00:00:30 successful
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is multilink member
Dial reason: ip (s=10.1.254.4, d=10.1.254.1)
Connected to 14085551234 (hq-sanjose)
BRI0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
Virtual-Access2 - dialer type = IN-BAND SYNC NO-PARITY
Rotary group 0, priority 0
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Time until disconnect 105 secs
Connected to 14085551234 (hq-sanjose)
robo-austin# show ppp multilink
Bundle hq-sanjose, 1 member, Master link is Virtual-Access2
Dialer Interface is BRI0
0 lost fragments, 0 reordered, 0 unassigned, sequence 0x0/0x0 rcvd/sent
0 discarded, 0 lost received, 1/255 load
Member Link: 1 (max not set, min not set)
BRI0:1
robo-austin# show interface bri 0:1
BRI0:1 is up, line protocol is up
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open, multilink Open
Last input 00:00:07, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
472 packets input, 13496 bytes, 0 no buffer
Received 469 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
504 packets output, 18013 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
104 carrier transitions
robo-austin# show ip interface brief
Interface IP-Address OK? Method Status Protocol
BRI0 10.1.254.4 YES manual up up
BRI0:1 unassigned YES unset up up
BRI0:2 unassigned YES unset down down
Ethernet0 10.1.3.1 YES manual up up
Serial0 unassigned YES unset administratively down down
Virtual-Access2 unassigned YES unset up up
robo-austin# show interface bri 0 1 2
BRI0:1 is up, line protocol is up
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Open, multilink Open
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
478 packets input, 13592 bytes, 0 no buffer
Received 474 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
509 packets output, 18093 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
104 carrier transitions
BRI0:2 is down, line protocol is down
Hardware is BRI
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)
LCP Closed, multilink Closed
Closed: IPCP
Last input 00:09:36, output 00:09:36, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
23 packets input, 722 bytes, 0 no buffer
Received 23 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
22 packets output, 727 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
2 carrier transitions
robo-austin# show user
Line User Host(s) Idle Location
* 0 con 0 admin idle 0
BR0:1 hq-sanjoe Sync PPP 00:00:38
Enter the show running command to see the Cisco 1604 final running configuration:
robo-austin# show running Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname robo-austin ! aaa new-model aaa authentication login default local aaa authentication ppp default if-needed local enable secret 5 $1$aZ1D$wNO71EpS6y5zRYuW9qFEr. ! username joe-admin password 7 <removed> username hq-sanjose password 7 <removed> isdn switch-type basic-ni! ! interface Ethernet0 ip address 10.1.4.1 255.255.255.0 ! interface BRI0 ip address 10.1.254.4 255.255.255.0 encapsulation ppp no ip route-cache dialer map ip 10.1.254.1 name hq-sanjose 14085551234 dialer load-threshold 60 either dialer-group 2 isdn switch-type basic-ni isdn spid1 51255544330101 isdn spid2 51255544340101 no cdp enable ppp authentication chap callin ppp multilink hold-queue 75 in ! ip classless ip route 0.0.0.0 255.0.0.0 10.1.254.1 permanent ! ! dialer-list 2 protocol ip permit ! line con 0 line vty 0 4 ! end
Save the configuration to the Cisco 1604's NVRAM by entering the copy running-config startup-config command.
robo-austin# copy running-config startup-config
Posted: Wed Mar 22 16:20:00 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.