Home

Cisco Systems 1604 Network Router User Manual

1. Ping the IP address assigned to the Cisco AS5300 s dialer interface Note that the Cisco 1604 robo austin quickly gets 4 of 5 pings back from the Cisco AS5300 hq sanjose After the ping is sent examine the background processes in the debug output that follows the ping example shown below robo austin ping 10 1 254 1 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 10 1 254 1 timeout is 2 seconds Success rate is 80 percent 4 5 round trip min avg max 116 182 372ms robo austin The following comments apply to the debug output example that follows a See 08 03 55 The source and destination IP addresses of the DDR dial cause display s 10 1 254 4 d 10 1 254 1 b See 08 03 55 Hq sanjose s hunt group number is dialed Attempting to dial 14085551234 c See 08 03 55 ISDN Setup is transmitted TX gt SETUP pd 8 callref 0x2F d See 08 03 55 A synchronous data bearer capability displays Bearer Capability i 0x8890 e See 08 03 55 The outgoing LCP configuration request is made BRO 1 LCP O CONFREQ Closed id 42 len 28 f See 08 03 55 The incoming LCP configuration request wants to authenticate with CHAP AuthProto CHAP 0x0305C22305 g See 08 03 55 The outgoing acknowledgment says this peer will do CHAP LCP O CONFACK REQsent h See 08 03 55 Both PPP peers have received LCP CONFACK LCP is now open BRO 1 LCP State is Open i See 08 03 55 Authenticat
2. Field Description BRIO Basic Rate Interface The BRI 0 interface corresponds to DSL 0 which has three channels 2B D DSL Digital Subscriber Line TEI Terminal Equipment Identifier CCB Call Control Block LDN Local Directory Number SPID Service Profile Identifier Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HZ Step 5 Configuring Dial on Demand Routing Step 3 Tips Enter the show ip interface brief command to check the current state of the interface robo austin show ip interface brief Interface IP Address OK Method Status Protocol BRIO 10 1 254 4 YES manual up up BRIO 1 unassigned YES unset down down BRIO 2 unassigned YES unset down down Ethernet0 10 1 4 1 YES manual up up Serial0 unassigned YES unset administratively down down amp Note Note that the status and protocol for BRI 0 and Ethernet 0 are both up up which is what is expected The term manual means that you manually configured the interface since the last reboot The two B channels BRIO 1 and BRIO 2 are down because there are no active calls on the BRI interface at this time If you have trouble e Make sure the correct ISDN switch type and SPIDs are configured e Make sure your BRI line is connected to the correct port Step 5 Configuring Dial on Demand Routing Step 1 Step 2 Step 3 Step 4 Step 5 Set up the Dial on Demand Routing DDR routing compo
3. dialer type IN BAND SYNC NO PARITY Rotary group 0 priority 0 Idle timer 120 secs Fast idle timer 20 secs Wait for carrier 30 secs Re enable 15 secs Dialer state is data link layer up Time until disconnect 105 secs Connected to 14085551234 hq sanjose robo austin show ppp multilink Bundle hq sanjose 1 member Master link is Virtual Access2 Dialer Interface is BRIO 0 lost fragments 0 reordered 0 unassigned sequence 0x0 0x0 revd sent 0 discarded 0 lost received 1 255 load Member Link 1 max not set min not set BRIO 1 robo austin show interface bri 0 1 BRIO 1 is up line protocol is up Hardware is BRI MTU 1500 bytes BW 64 Kbit DLY 20000 usec rely 255 255 load 1 255 Encapsulation PPP loopback not set keepalive set 10 sec LCP Open multilink Open Last input 00 00 07 output 00 00 07 output hang never Last clearing of Show interface counters never Queueing strategy fifo Output queue 0 40 0 drops input queue 0 75 0 drops 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 472 packets input 13496 bytes 0 no buffer Received 469 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 abort 504 packets output 18013 bytes 0 underruns 0 output errors 0 collisions 0 interface resets 0 output buffer failures 0 output buffers swapped out 104 carrier transitions Cisco 10S Dial Services Quick Configuration Gu
4. Make sure to change joe admin to your own username and joe password to your own password This step prevents you from getting locked out of the router when you enable AAA robo austin config username joe admin password joe password Enable AAA access control This step immediately enables login and PPP authentication robo austin config aaa new model Configure AAA to perform login authentication by using the local username database The login keyword indicates authentication of EXEC shell users robo austin config aaa authentication login default local Configure PPP authentication to use the local database if the session was not already authenticated by login robo austin config aaa authentication ppp default local Note After you finish setting up basic security you can enhance the security solution by extending it to an external TACACS or RADIUS server However this case study describes only local AAA security Verifying Local AAA Security Configuration Step 1 Step 2 To verify the local AAA security configuration on the Cisco 1604 Log in with your username password Enter the login command at the EXEC shell prompt Do not disconnect your EXEC session until you can log in successfully If you get locked out recover your password by rebooting the router robo austin login User Access Verification Username joe admin Password robo austin Cisco 10S Dial Services Quick Configu
5. Cisco 1604 Connection to the Cisco AS5300 W dialer group 2 isdn switch type basic ni isdn spid1 51255544330101 isdn spid2 51255544340101 no cdp enable ppp authentication chap pap callin ppp multilink hold queue 75 in ip classless ip route 0 0 0 0 0 0 0 0 10 1 254 1 permanent dialer list 2 protocol ip permit line con 0 line vty 0 4 end e To see the load currently assigned to the interface enter the show interface bri 0 1 command Search for the output field load x 255 Use SNMP to monitor the load on an interface How you set the threshold depends on each site s characteristics such as traffic patterns and WAN costs If you are in an environment where all calls are local then you can set up the connections full time e Large ISDN phone bills arise due to failure to appropriately tune filters and load thresholds Filters are dialer lists which are applied with dialer groups The dialer list command and dialer group command control the first B channel The dialer load threshold command controls the behavior when additional B channels are connected e In this case study the Cisco AS5300 does not dial out to the remote sites Therefore do not tune the central site s dialer threshold setting Only the remote side is in charge of opening and closing channels based on the settings of the dialer commands e Make sure you configured the correct SPID numbers on the BRI interface Step 6 Testing the Cisc
6. by the peer BRO IPCP Install route to 10 1 254 1 q See 08 03 57 and 08 04 01 The connection is made to hq sanjose Line protocol on Interface Virtual Access2 changed state to up Interface BRIO 1 is now connected to 14085551234 hq sanjose robo austin ping 10 1 254 1 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 10 1 254 1 timeout is 2 seconds Success rate is 80 percent 4 5 round trip min avg max 116 182 372ms robo austin 08 03 55 BRIO Dialing cause ip s 10 1 254 4 d 10 1 254 1 08 03 55 BRIO Attempting to dial 14085551234 08 03 55 ISDN BRO TX gt SETUP pd 8 callref 0x2F 08 03 55 Bearer Capability i 0x8890 08 03 55 Channel ID i 0x83 08 03 55 Keypad Facility i 14085551234 08 03 55 ISDN BRO RX lt CALL PROC pd 8 callref OxAF 08 03 55 Channel ID i 0x89 08 03 55 ISDN BRO RX lt CONNECT pd 8 callref OxAF 08 03 55 ISDN BRO TX gt CONNECT_ACK pd 8 callref 0x2F 08 03 55 SLINK 3 UPDOWN Interface BRIO 1 changed state to up 08 03 55 BRO 1 PPP Treating connection as a callout 08 03 55 BRO 1 PPP Phase is ESTABLISHING Active Open 08 03 55 BRO 1 PPP No remote authentication for call out 08 03 55 BRO 1 LCP O CONFREQ Closed id 42 len 28 08 03 55 BRO 1 LCP MagicNumber 0x623E5C69 0x0506623E5C69 08 03 55 BRO 1 LCP MRRU 1524 0x110405F4 08 03 55 BR0 1 LCP EndpointDisc 1 Local 0x130E01726F626F2D61757374696E 08 03 55 BRO 1 L
7. interface resets 0 babbles 0 late collision 0 deferred 3 lost carrier 0 no carrier 0 output buffer failures 0 output buffers swapped out Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HZ Step 4 Configuring Basic Rate Interface Step 4 Configuring Basic Rate Interface Enable the Cisco 1604 s Basic Rate Interface BRI connectivity with the telephone company s central office switch PPP framing is used on the B channels You can authenticate the remote side on any connection The callin keyword used in Step 7 below means that all outbound connection attempts made by the Cisco 1604 will not authenticate the remote peer which is the device at the other end of the PPP link Cisco AS5300 Only the calls that come into the Cisco 1604 are authenticated Note Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 On BRI interfaces it is not necessary to configure dialer inband because the BRI interfaces are dialer inband interfaces by default Interfaces BRIO 1 and BRIO 2 are controlled by the dialer interface interface bri 0 To configure BRI on the Cisco 1604 enter the following commands beginning in global configuration mode Configure the ISDN switch type which is basic nil in this example robo austin config isdn switch type basic nil Configure the IP address and subnet mask on the BRI interface robo austin config inte
8. packets sec 5 minute output rate 0 bits sec 0 packets sec 23 packets input 722 bytes 0 no buffer Received 23 broadcasts 0 runts 0 giants 0 input errors 0 CRC 0 frame 0 overrun 22 packets output 727 bytes 0 underruns 0 output errors 0 collisions 0 interface 0 output buffer failures 0 output buffers 2 carrier transitions output 00 09 36 output h show interface counters nev robo austin show user Line User Host s 0 con 0 admin idle BRO 1 hq sanjoe Sync PPP Cisco 10S Dial Services Quick Configuration Guide d Status Protocol 1 up up up up down down 1 up up administratively down down up up ly 255 255 load 1 255 set 10 sec output hang never er 0 drops 0 throttles 0 ignored 0 abort s resets swapped out ly 255 255 load 1 255 set 10 sec ang never er 0 drops 0 throttles 0 ignored 0 abort resets swapped out Idle Location 0 00 00 38 Chapter3 Configuring the Cisco 1604 Router HZ Step 7 Confirming the Cisco 1604 Final Running Configuration Step 7 Confirming the Cisco 1604 Final Running Configuration Enter the show running command to see the Cisco 1604 final running configuration robo austin show running Building configuration Current configuration version 12 0 service timestamps debug uptime service timestamps log uptime service password encryption hostname robo austin aaa new model aaa authentication login default loc
9. 0 changed to up 00 45 02 ISDN 6 LAYER2UP Layer 2 for Interface BRO TEI 101 changed to up robo austin config if This example shows the BRIO 1 and BRIO 2 states change to down because the previous state was administratively down The BRIO D channel changes to up as it spoofs for the two B channels After the D channel finds the B channels the B channels change state to up The Cisco 1604 communicates with the telephone switch and receives its TEI numbers for its two B channels Enter the show isdn status command to check the Cisco 1604 s ISDN status robo austin show isdn status Global ISDN Switchtype basic ni ISDN BRIO interface dsl 0 interface ISDN Switchtype basic ni Layer 1 Status ACTIVE Layer 2 Status TEI 100 Ces TEI 101 Ces Spid Status TEI 100 ces 1 state 5 init spidl configured no LDN spidl sent spidl valid Endpoint ID Info epsf 0 usid 2 tid 1 101 ces 2 state 5 init spid2 configured no LDN spid2 sent spid2 valid Endpoint ID Info epsf 0 usid 4 tid 1 Layer 3 Status 0 Active Layer 3 Call s Activated dsl 0 CCBs 0 Total Allocated ISDN CCBs 0 1 SAPI 0 State MULTIPLE_FRAME ESTABLISHED 2 SAPI 0 State MULTIPLE_FRAME_ ESTABLISHED GI H The fields in the output example resulting from Step 2 above are described in Table 3 2 Table 3 2 Field Descriptions for the show isdn status Command Output
10. 14085551234 hq sanjose LINEPROTO 5 UPDOWN Line protocol on Interface Ping the DNS server behind hq sanjose The DNS server is the first backbone device that Cisco 1604 will try to use The DNS server in this case study uses 10 2 2 3 robo austin ping 10 2 2 3 Type escape sequence to abort 100 byte ICMP Echos to 10 2 2 3 timeout is 2 seconds Sending 5 Success rate is 100 percent 5 5 round trip min avg max 4 7 12 ms Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HI Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 Step6 Enter additional commands as illustrated below to verify robo austin s connection with hq sanjose robo austin show dialer map Static dialer map ip 10 1 254 1 name hq sanjose 14085551234 on BRIO robo austin show dialer BRIO dialer type ISDN Dial String Successes Failures Last called Last status 14085551234 1 0 00 00 30 successful 0 incoming call s have been screened 0 incoming call s rejected for callback BRIO 1 dialer type ISDN Idle timer 120 secs Fast idle timer 20 secs Wait for carrier 30 secs Re enable 15 secs Dialer state is multilink member Dial reason ip s 10 1 254 4 d 10 1 254 1 Connected to 14085551234 hq sanjose BRIO 2 dialer type ISDN Idle timer 120 secs Fast idle timer 20 secs Wait for carrier 30 secs Re enable 15 secs Dialer state is idle Virtual Access2
11. 3 56 SLINEPROTO 5 UPDOWN Line protocol on Interface BRIO 1 changed state to up 08 03 56 LINK 3 UPDOWN Interface Virtual Access2 changed state to up 56 Vi2 PPP Treating connection as a callout 56 Vi2 PPP Phase is ESTABLISHING Active Open 56 Vi2 PPP No remote authentication for call out 08 08 08 08 08 08 08 03 03 03 03 03 03 03 0x130E01726F626F2D61757374696E 56 Vi2 LCP O CONFREQ Closed id 1 len 28 56 Vi2 LCP MagicNumber 0x623E60D6 0x0506623E60D6 56 Vi2 LCP MRRU 1524 0x110405F4 56 Vi2 LCP EndpointDisc 1 Local 08 03 56 Vi2 PPP Phase is UP 08 03 56 vi2 IPCP O CONFREQ Closed id 1 len 10 08 03 56 Vi2 IPCP Address 10 1 254 4 0x03060A01FE04 08 03 56 Vi2 PPP Pending ncpQ size is 1 08 03 56 BR0 1 IPCP Redirect packet to Vi2 08 03 56 Vi2 IPCP I CONFREQ REQsent id 1 len 10 08 03 56 Vi2 IPCP Address 10 1 254 1 0x03060A01FE01 08 03 56 set_ip_peer_addr Vi2 address 10 1 254 1 7 08 03 56 Vi2 IPCP O CONFACK REQsent id 1 len 10 08 03 56 Vi2 IPCP Address 10 1 254 1 0x03060A01FE01 08 03 57 Vi2 IPCP I CONFACK ACKsent id 1 len 10 08 03 57 Vi2 IPCP Address 10 1 254 4 0x03060A01FE04 08 03 57 Vi2 IPCP State is Open 08 03 57 dialer Protocol up for Vi2 08 03 57 BRO IPCP Install route to 10 1 254 1 08 03 57 Virtual Access2 changed state to up 08 04 01 ISDN 6 CONNECT Interface BRI0 1 is now connected to
12. ARS sec 252 227 7013 cisco Systems Inc 170 West Tasman Drive San Jose California 95134 1706 Cisco Internetwork Operating System Software Ios tm 1600 Software C1600 SY L Version 12 0 x Copyright c 1986 1998 by cisco Systems Inc Compiled Tue 25 Aug 98 01 45 by xxxx Image text base 0x0802DA90 data base 0x02005000 ROM System Bootstrap Version 11 1 10 AA EARLY DEPLOYMENT RELEASE SOFTWARE fc1 Router uptime is 10 minutes System restarted by reload System image file is flash c1600 sy 1 120 x Cisco 10S Dial Services Quick Configuration Guide 3 2 Chapter3 Configuring the Cisco 1604 Router Step 1 Configuring the Host Name Password and Time Stamps W cisco 1604 68360 processor revision C with 17920K 512K bytes of memory Processor board ID 08823977 with hardware revision 00972006 Bridging software X 25 software Version 3 0 0 Basic Rate ISDN software Version 1 1 1 Ethernet IEEE 802 3 interface s 1 ISDN Basic Rate interface s System IO memory with parity disabled 2048K bytes of DRAM onboard 16384K bytes of DRAM on SIMM System running from FLASH 8K bytes of non volatile configuration memory 12288K bytes of processor board PCMCIA flash Read ONLY System Configuration Dialog When you are asked the question Would you like to enter the initial configuration dialog yes no enter no Would you like to enter the initial configuration dialog yes no no Wou
13. BRI0 2 dialer type ISDN Idle timer 120 secs Fast idle timer 20 secs Wait for carrier 30 secs Re enable 15 secs Dialer state is idle Step3 Enter the show dialer map command to see the static dialer map that was built to the Cisco AS5300 This map is built by using the phone number and WAN IP address of the access server robo austin show dialer map Static dialer map ip 10 1 254 1 name hq sanjose 14085551234 on BRIO Step4 Enter the show running command to see the Cisco 1604 s current configuration robo austin show running Building configuration Current configuration I version 12 0 service timestamps debug uptime service timestamps log uptime service password encryption I hostname robo austin aaa new model aaa authentication login default local aaa authentication ppp default if needed local enable secret 5 1 aZ1DSwNO71EpS6y5zRYuW9QFEr username joe admin password 0 6y5zRYuW9qQFEr wNO71EpS6 aZ1 username hq sanjose password 0 SwNO71EpS6y5zy5zRYuW9aZ1DSw isdn switch type basic ni interface Ethernet0 ip address 10 1 4 1 255 255 255 0 I interface Serialo no ip address shutdown I interface BRIO ip address 10 1 254 4 255 255 255 0 encapsulation ppp dialer map ip 10 1 254 1 name hq sanjose 14085551234 dialer load threshold 60 either Cisco 10S Dial Services Quick Configuration Guide Ea Chapter3 Configuring the Cisco 1604 Router Tips Step 6 Testing the
14. CHAPTER Configuring the Cisco 1604 Router This chapter describes how to configure the Cisco 1604 router to dial out to the Cisco AS5300 Network Topology Hardware and Software Selections Figure 3 1 Case Study Scenario Network Topology from the Perspective of the Cisco 1604 Branch office server cal Headquarters 10 1 254 1 10 1 4 1 S 255 255 255 0 255 255 255 0 A f T o PSTN ISDN Cisco AS5300 7 lt 7 Cisco 1604 E 10 1 2544 ie 255 255 255 0 _ a R Table 3 1 provides detailed information about the end to end connections for the Cisco 1604 This is the network administrator s top level design table The Cisco 1604 s WAN default gateway is 10 1 254 1 which is configured on the Cisco AS5300 as the dialer interface address Table 3 1 Network Device Characteristics Ethernet IP Host Name Username Site Hardware WAN IP Address Address Assigned Phone Number User Name Password Cisco 1604 10 1 254 4 10 1 4 1 Directory number robo austin austin pw 255 255 255 0 255 255 255 0 5125554433 Cisco AS5300 10 1 254 1 10 1 1 10 4085551234 hq sanjose hq sanjose pw 255 255 255 0 Dialer Interface 255 255 255 0 Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HI Overview of Steps Overview of Steps After you verify your start up configuration follow these steps to configure the router Step 1 Configur
15. CP I CONFREQ REQsent id 7 len 32 08 03 55 BRO 1 LCP AuthProto CHAP 0x0305C22305 08 03 55 BRO 1 LCP MagicNumber O0xE16A73E6 0x0506E16A73E6 Cisco 10S Dial Services Quick Configuration Guide 3 18 _ Chapter 3 Configuring the Cisco 1604 Router Step 5 Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 W 08 03 55 BRO 1 LCP MRRU 1524 0x110405F4 08 03 55 BRO 1 LCP EndpointDisc 1 Local 0x130D0168712D73616E6A6F7365 08 03 55 BRO 1 LCP O CONFACK REQsent id 7 len 32 08 03 55 BRO 1 LCP AuthProto CHAP 0x0305C22305 08 03 55 BRO 1 LCP MagicNumber 0xE16A73E6 0x0506E16A73E6 08 03 55 BRO 1 LCP MRRU 1524 0x110405F4 08 03 55 BRO 1 LCP EndpointDisc 1 Local 0x130D0168712D73616E6A6F7365 08 03 55 BRO 1 LCP I CONFACK ACKsent id 42 len 28 08 03 55 BRO 1 LCP MagicNumber 0x623E5C69 0x0506623E5C69 08 03 55 BRO 1 LCP MRRU 1524 0x110405F4 08 03 55 BRO 1 LCP EndpointDisc 1 Local 0x130E01726F626F2D61757374696E 08 03 55 BRO 1 LCP State is Open 08 03 55 BRO 1 PPP Phase is AUTHENTICATING by the peer 08 03 55 BRO 1 CHAP I CHALLENGE id 5 len 31 from hq sanjose 08 03 55 BRO 1 CHAP O RESPONSE id 5 len 32 from robo austin 08 03 55 BRO 1 CHAP I SUCCESS id 5 len 4 08 03 55 BRO 1 PPP Phase is VIRTUALIZED 08 03 55 BRO 1 IPCP Packet buffered while building MLP bundle interface 08 03 56 Vi2 PPP Phase is DOWN Setup 08 0
16. This command changes the state of the interface from administratively down to up robo austin config if no shutdown Verifying the Ethernet Interface Configuration To verify the Cisco 1604 s Ethernet interface configuration Step1 Enter the show ip interface brief command which enables you to quickly check the status of all router interfaces The field administratively down means that the interface is configured with the shutdown command Step2 To bring the interface up you must enter the no shutdown command In the example below the Status column refers to the ability to physically connect the network at Layer 1 needed for getting clocks timing signals and carrier signals The Protocol column refers to the ability to see traffic flow which typically occurs at the data link layer For example the Ethernet interface sends a loopback Ethernet packet out to itself through the Ethernet LAN robo austin show ip interface brief Interface IP Address OK Method Status Protocol BRIO unassigned YES unset administratively down down BRIO 1 unassigned YES unset administratively down down BRI0 2 unassigned YES unset administratively down down Ethernet0O 10 1 4 1 YES manual up up Serial0 unassigned YES unset administratively down down In the next example note that the status is up but the protocol is down The following logging message appears at 00 40 20 unit 0 lost carrier Transceiver problem After the Ethernet cable i
17. al aaa authentication ppp default if needed local enable secret 5 1 aZ1DS SwNO71EpS6y5zRYuW9QFEr username joe admin password 7 lt removed gt username hq sanjose password 7 lt removed gt isdn switch type basic ni interface Ethernet0 ip address 10 1 4 1 255 255 255 0 interface BRIO ip address 10 1 254 4 255 255 255 0 encapsulation ppp no ip route cache dialer map ip 10 1 254 1 name hq sanjose 14085551234 dialer load threshold 60 either dialer group 2 isdn switch type basic ni isdn spid1 51255544330101 isdn spid2 51255544340101 no cdp enable ppp authentication chap callin ppp multilink hold queue 75 in ip classless ip route 0 0 0 0 255 0 0 0 10 1 254 1 permanent I dialer list 2 protocol ip permit line con 0 line vty 0 4 t end Step 8 Saving the Configuration Save the configuration to the Cisco 1604 s NVRAM by entering the copy running config startup config command robo austin copy running config startup config Cisco 10S Dial Services Quick Configuration Guide
18. essme Encrypt passwords in the configuration file for greater security hq sanjose config service password encryption Enable millisecond time stamping on debug and logging output Time stamps are useful for detailed access tracing hq sanjose config service timestamps debug datetime msec hq sanjose config service timestamps log datetime msec Verifying Host Name Password and Time Stamp Configuration Step 1 To verify configuration of the Cisco 1604 s host name password and time stamps Enter the show running command robo austin show running Building configuration Current configuration version 12 0 service timestamps debug uptime service timestamps log uptime service password encryption hostname robo austin I enable secret 5 1 0g7B nSwMZMONBKTPhV09KVgx11 interface Ethernet0 no ip address shutdown E Cisco 10S Dial Services Quick Configuration Guide _ Chapter 3 Configuring the Cisco 1604 Router Step 2 Step 3 Step 4 Step 5 Tips Step 2 Configuring Local AAA Security W interface Serialo no ip address shutdown interface BRIO no ip address shutdown ip classless line con 0 line vty 0 4 login Log in with your new enable password Exit out of enable mode by using the disable command The prompt changes from robo austin to robo austin gt Enter the enable command followed by your password Enter the show privilege command to
19. he PC has not yet used any IP services or drivers the connection might fail The preferred method is to ping the router from a PC on the LAN first robo austin ping 10 1 4 2 Type escape sequence to abort Sending 5 100 byte ICMP Echos to 10 1 4 2 timeout is 2 seconds Success rate is 100 percent 5 5 round trip min avg max 4 5 8 ms If you know that the Ethernet interface is up but not performing correctly enter the show interface ethernet 0 command This example shows errors in the counters because the Ethernet cable was not plugged in robo austin show interface ethernet 0 EthernetO is up line protocol is up Hardware is QUICC Ethernet address is 0060 834f 6626 bia 0060 834f 6626 Internet address is 10 1 4 1 24 MTU 1500 bytes BW 10000 Kbit DLY 1000 usec rely 234 255 load 1 255 Encapsulation ARPA loopback not set keepalive set 10 sec ARP type ARPA ARP Timeout 04 00 00 Last input 00 00 08 output 00 00 04 output hang never Last clearing of Show interface counters never Queueing strategy fifo Output queue 0 40 0 drops input queue 0 75 0 drops 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 2 packets input 644 bytes 0 no buffer Received 2 broadcasts 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 overrun 0 ignored 0 abort 0 input packets with dribble condition detected 28 packets output 2905 bytes 0 underruns 25 output errors 0 collisions 2
20. ide ET _ Chapter 3 Configuring the Cisco 1604 Router Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 W robo austin show ip interface brief Interface IP Address OK Metho BRIO 10 1 254 4 YES manua BRIO 1 unassigned YES unset BRIO 2 unassigned YES unset Ethernet0 10 1 3 1 YES manua Serial0 unassigned YES unset Virtual Access2 unassigned YES unset robo austin show interface bri 0 1 2 BRIO 1 is up line protocol is up Hardware is BRI MTU 1500 bytes BW 64 Kbit DLY 20000 usec re Encapsulation PPP loopback not set keepalive LCP Open multilink Open Last input 00 00 00 output 00 00 00 Last clearing of Show interface counters nev Queueing strategy fifo Output queue 0 40 0 drops input queue 0 75 5 minute input rate 0 bits sec 0 packets sec 5 minute output rate 0 bits sec 0 packets sec 478 packets input 13592 bytes 0 no buffer Received 474 broadcasts 0 runts 0 giants 0 input errors 0 CRC 0 frame 0 overrun 509 packets output 18093 bytes 0 underrun 0 output errors 0 collisions 0 interface 0 output buffer failures 0 output buffers 104 carrier transitions BRIO 2 is down line protocol is down Hardware is BRI MTU 1500 bytes BW 64 Kbit DLY 20000 usec re Encapsulation PPP loopback not set keepalive LCP Closed multilink Closed Closed IPCP Last input 00 09 36 Last clearing of Queueing strategy fifo Output queue 0 40 0 drops input queue 0 75 5 minute input rate 0 bits sec 0
21. ing the Host Name Password and Time Stamps Step 2 Configuring Local AAA Security Step 3 Configuring the Ethernet Interface Step 4 Configuring Basic Rate Interface Step 5 Configuring Dial on Demand Routing Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 Step 7 Confirming the Cisco 1604 Final Running Configuration Step 8 Saving the Configuration Verifying Your Start Up Configuration If the startup configuration of the Cisco IOS software release running inside the Cisco 1604 router is not configured the following screen appears at bootup The automatic setup script is engaged In this case study the Cisco 1604 is manually configured The automatic setup script is not used System Bootstrap Version 11 1 7 AX kuong 7 AX RELEASE SOFTWARE fc1 Copyright c 1994 1996 by cisco Systems Inc C1600 processor with 2048 Kbytes of main memory program load complete entry point 0x4018060 size 0x1da928 Notice NVRAM invalid possibly due to write erase SQUICC_ETHER 1 LOSTCARR Unit 0 lost carrier Transceiver problem program load complete entry point 0x8000060 size Ox3f5f2c Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DF
22. ion phase is initiated by robo austin BRO 1 PPP Phase is AUTHENTICATING by the peer j See 08 03 55 Robo austin accepts a CHAP challenge initiated by hq sanjose The device robo austin is not authenticating hq sanjose which is the desired behavior for this scenario BRO 1 CHAP I CHALLENGE id 5 len 31 from hq sanjose BRO 1 CHAP O RESPONSE id 5 len 32 from robo austin Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HI Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 k See 08 03 55 The robo austin PPP peer is successfully authenticated by the hq sanjose peer BRO 1 CHAP I SUCCESS id 5 len 4 l See 08 03 55 MultiLink PPP uses a virtual access interface to host the bundle BRO 1 PPP Phase is VIRTUALIZED m See 08 03 56 LCP on Virtual Access2 is forced up as it was already negotiated on the physical interface For more information enter the show interface virtual access2 conf and debug vtemp commands SLINK 3 UPDOWN Interface Virtual Access2 changed state to up vi2 PPP Phase is UP n See 08 03 56 IPCP negotiation begins vi2 IPCP O CONFREQ Closed id 1 len 10 vi2 IPCP Address 10 1 254 4 0x03060A01FE04 o See 08 03 56 IP can now be used across this PPP connection vi2 IPCP I CONFACK ACKsent id 1 len 10 vi2 IPCP State is Open p See 08 03 57 A route is installed to 10 1 254 1 to match the IP address negotiated
23. l O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 E EGP i IS IS L1 IS IS level 1 L2 IS IS level 2 candidate default U per user static route o ODR Gateway of last resort is 10 1 254 1 to network 0 0 0 0 10 0 0 0 24 is subnetted 2 subnets le 10 1 4 0 is directly connected Ethernet0 C 10 1 254 0 is directly connected BRIO s 0 0 0 0 0 1 0 via 10 1 254 1 S Note The static route is the first software building block that receives the packet routed to the dialer map The route must direct the packets to the dialer map before the DDR features can establish connectivity Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router W Verifying DDR Configuration Step2 Enter the show dialer command The following example shows that the Cisco 1604 has not placed any calls yet and there have been no failures An ISDN interface is a dialer interface Key statistics are shown for each B channel robo austin show dialer BRIO dialer type ISDN Dial String Successes Failures Last called Last status 14085551234 0 0 never 0 incoming call s have been screened 0 incoming call s rejected for callback BRIO 1 dialer type ISDN Idle timer 120 secs Fast idle timer 20 secs Wait for carrier 30 secs Re enable 15 secs Dialer state is idle
24. l monitor robo austin debug dialer Dial on demand events debugging is on robo austin debug isdn q931 ISDN Q931 packets debugging is on robo austin debug ppp negotiation PPP protocol negotiation debugging is on robo austin debug ppp authentication PPP authentication debugging is on robo austin debug ip peer IP peer address activity debugging is on Step2 Verify that your routing table points to the Cisco AS5300 at headquarters the hq sanjose network access server NAS robo austin show ip route Codes C connected S static I IGRP R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 El OSPF external type 1 E2 OSPF external type 2 E EGP i IS IS L1 IS IS level 1 L2 IS IS level 2 candidate default U per user static route o ODR Gateway of last resort is 10 1 254 1 to network 0 0 0 0 10 0 0 0 24 is subnetted 2 subnets c 10 1 4 0 is directly connected Ethernet0 C 10 1 254 0 is directly connected BRIO s 0 0 0 0 0 1 0 via 10 1 254 1 Cisco 10S Dial Services Quick Configuration Guide 3 16 Chapter3 Configuring the Cisco 1604 Router Step 3 Step 4 Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 W Verify that the correct dialer map exists robo austin show dialer map Static dialer map ip 10 1 254 1 name hq sanjose 14085551234 on BRIO
25. ld you like to terminate autoinstall yes yes Press RETURN to get started 00 00 17 SQUICC_ETHER 1 LOSTCARR Unit 0 lost carrier Transceiver problem 00 00 17 SLINK 3 UPDOWN Interface Ethernet0 changed state to up 00 00 17 SLINK 3 UPDOWN Interface Serial0 changed state to down 00 00 17 SLINEPROTO 5 UPDOWN Line protocol on Interface BRIO changed state todown 00 00 17 SLINEPROTO 5 UPDOWN Line protocol on Interface BRI0 1 changed state to down 00 00 17 SLINEPROTO 5 UPDOWN Line protocol on Interface BRI0 2 changed state to down 00 00 17 SLINEPROTO 5 UPDOWN Line protocol on Interface Ethernet0O changed state to down 00 00 17 SLINEPROTO 5 UPDOWN Line protocol on Interface Serial0 changed stat to down 00 00 44 SLINK 5 CHANGED Interface BRIO changed state to administratively down 00 00 46 SLINK 5 CHANGED Interface Serial0 changed state to administratively down 00 00 46 SLINK 5 CHANGED Interface Ethernet0 changed state to administratively down 00 00 47 IP 5 WEBINST_KILL Terminating DNS process Router gt Step 1 Configuring the Host Name Password and Time Stamps Assign a host name to the Cisco 1604 enable basic security and turn on time stamping e Assigning a host name helps you to distinguish between different network devices e Enabling passwords helps you to prevent unauthorized configuration changes e Setting time stamps helps you to trace debug outpu
26. nents on the Cisco 1604 In most cases a remote site with a single LAN requires a simple DDR configuration which supports the routing table and call control in a circuit switched environment In this case study DDR takes the standard dialer map approach You must configure specific parameters to establish connectivity with the Cisco AS5300 by using sync PPP Parameters include a static route username password and a dialer map To configure DDR enter the following commands beginning in global configuration mode Enter the configuration mode for the BRI interface robo austin config interface bri 0 Define the interesting packets that activate the ISDN connection Interesting packets reset the idle timer and trigger dialing This dialer filter is defined by the dialer list 2 command See Step 7 robo austin config if dialer group 2 Disable fair queuing robo austin config if no fair queue Disable the Cisco discovery protocol unless you are using it for a specific purpose robo austin config if no cdp enable Configure the interface to bring up the second B channel when the bandwidth load exceeds 60 255 robo austin config if dialer load threshold 60 either Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router Step 6 Step7 Step 8 Step 9 Step 10 Verifying DDR Configuration W Build a dialer map that maps to the Cisco AS5300 s IP addres
27. o 1604 Connection to the Cisco AS5300 The test strategy is to ping the Cisco AS5300 s WAN port then ping the backbone behind the access server Cisco recommends you ping the domain name server DNS on the backbone since this device should always be up and operating Pinging a next hop IP address can have complications in an IP unnumbered environment For example complications arise when WAN interfaces are configured with unnumbered IPs Note The typical low level test to verify connectivity in a sync PPP environment is to ping a device on the other end of the WAN link In a modem environment async PPP the low level test is to establish an EXEC shell on the router Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HI Step 6 Testing the Cisco 1604 Connection to the Cisco AS5300 Figure 3 2 Case Study Lab Environment for Testing the Cisco 1604 s Connection to the Cisco AS5300 10 1 254 1 ro EJ y _ Cisco AS5300 hq sanjose DNS server 10 2 2 3 Cee Ethernet Jasco 1604 10 1 254 4 robo austin RS 232 console Administrator s PC configuration and logging 2 988 Step 1 Enter the following commands to start debugging Use the following example as a guide Examining the background processes is essential for effective troubleshooting robo austin undebug all All possible debugging has been turned off robo austin termina
28. ration Guide Chapter3 Configuring the Cisco 1604 Router Step 3 Step 3 Configuring the Ethernet Interface Hi Enter the show running command to see the Cisco 1604 s current configuration robo austin show running Building configuration Current configuration version 12 0 service timestamps debug uptime service timestamps log uptime service password encryption hostname robo austin aaa new model aaa authentication login default local aaa authentication ppp default local enable secret 5 1S 0og7B SnSwMZMONBKTPhV09KVgx11 username joe admin password 7 lt removed gt interface Ethernet0 no ip address shutdown interface Serialo no ip address shutdown interface BRIO no ip address shutdown ip classless line con 0 line vty 0 4 Step 3 Configuring the Ethernet Interface Step 1 Assign an IP address to the Cisco 1604 s Ethernet interface Test the interface by pinging it from a PC on the LAN To configure the Ethernet interface enter the following commands beginning in global configuration mode Configure the IP address and subnet mask on the Ethernet interface robo austin config interface ethernet 0 robo austin config if ip address 10 1 4 1 255 255 255 0 Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HZ Verifying the Ethernet Interface Configuration Step2 Bring up the interface
29. rface bri 0 robo austin config if ip address 10 1 254 4 255 255 255 0 Configure your SPIDs which are required by many switch types robo austin config if isdn spid1 51255544330101 robo austin config if isdn spid2 51255544340101 Enable PPP robo austin config if encapsulation ppp Disable fair queuing robo austin config if no fair queue Enable PPP multilink robo austin config if ppp multilink Enable CHAP and PAP authentication on the interface during LCP negotiation The access server first authenticates with CHAP If CHAP is not used by the remote client then the access server tries PAP CHAP is requested first robo austin config if ppp authentication chap pap callin Bring up the interface The no shutdown command changes the state of the interface from administratively down to up robo austin config if no shutdown Cisco 10S Dial Services Quick Configuration Guide _ Chapter 3 Configuring the Cisco 1604 Router Verifying BRI Configuration W Verifying BRI Configuration Step 1 Step 2 Enter the no shutdown command The following output messages appear robo austin config if no shutdown robo austin 00 45 01 SLINK 3 UPDOWN Interface BRI0 1 changed state to down 00 45 01 SLINK 3 UPDOWN Interface BRI0 2 changed state to down 00 45 01 SLINK 3 UPDOWN Interface BRIO changed state to up robo austin 00 45 02 ISDN 6 LAYER2UP Layer 2 for Interface BRO TEI 10
30. s host name and directory number The static route in Step 8 points to this dialer map robo austin config if dialer map ip 10 1 254 1 name hq sanjose 14085551234 robo austin config if exit Define a DDR s dialer list to allow any IP packets to establish and maintain calls robo austin config dialer list 2 protocol ip permit Create a static route for the next hop which is the Cisco AS5300 s WAN port IP address 10 1 254 1 is used on the Cisco AS5300 s dialer interface This static route points at the dialer map on the access server s dialer interface robo austin config ip route 0 0 0 0 0 0 0 0 10 1 254 1 permanent Enter the password used by the Cisco 1604 for when the Cisco AS5300 hq sanjose authenticates by using CHAP On Cisco IOS devices the PPP name is determined by one of the following commands hostname sgbp group ppp pap sent username or ppp chap hostname robo austin config username hq sanjose password austin pw Ensure that all unknown subnets use the default route robo austin config ip classless Verifying DDR Configuration Step 1 To verify the Cisco 1604 s DDR configuration Enter the show ip route command to confirm that the static route is installed and pointing at your dialer map address Configure the static IP default route before you enter this command robo austin show ip route Codes C connected S static I IGRP R RIP M mobile B BGP D EIGRP EX EIGRP externa
31. s plugged into the Ethernet port the interface comes up See 00 40 25 robo austin show ip interface brief Interface IP Address OK Method Status Protocol BRIO unassigned YES unset administratively down down BRIO 1 unassigned YES unset administratively down down BRI0 2 unassigned YES unset administratively down down Ethernet0 10 1 4 1 YES manual up down Serial0 unassigned YES unset administratively down down robo austin 00 40 20 SQUICC_ETHER 1 LOSTCARR Unit 0 lost carrier Transceiver problem 00 40 25 SLINEPROTO 5 UPDOWN Line protocol on Interface Ethernet0 changed sta te to up robo austin Cisco 10S Dial Services Quick Configuration Guide 3 8 _ Chapter 3 Configuring the Cisco 1604 Router Step 3 Step 4 Step 5 Verifying the Ethernet Interface Configuration W Establish connectivity with an Ethernet based device In this example IP address 10 1 4 2 is assigned to the first external PC on this LAN to test for router to PC connectivity The PC s DOS prompt application is opened and the ping 10 1 4 1 command is issued Microsoft R Windows 95 C Copyright Microsoft Corp 1981 1996 C WINDOWS gt ping 10 1 4 1 Pinging 10 1 4 1 with 32 bytes of data Reply from 10 1 4 1 bytes 32 time 3ms TTL 236 Reply from 10 1 4 1 bytes 32 time 2ms TTL 236 Reply from 10 1 4 1 bytes 32 time 3ms TTL 236 Reply from 10 1 4 1 bytes 32 time 2ms TTL 236 Ping the PC from the Cisco 1604 If t
32. show the current security privilege level which is level 15 robo austin disable robo austin gt enable Password robo austin show privilege Current privilege level is 15 robo austin If you have trouble e Make sure the Caps Lock key is off e Make sure you entered the correct password Passwords are case sensitive Step 2 Configuring Local AAA Security The Cisco IOS security model to use on all Cisco devices is authentication authorization and accounting AAA AAA provides the primary framework through which you set up access control on the access server e Authentication Who are you e Authorization What can you do e Accounting What did you do In this case study the same authentication method is used on all interfaces AAA is set up to use the local database configured on the Cisco 1604 router This local database is created with the username configuration commands Note Setting up your AAA security at this point in the configuration process is a matter of best practices it ensures that the configuration is managed for most effectiveness Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HZ Verifying Local AAA Security Configuration Step 1 Step 2 Step 3 Step 4 amp To configure local AAA security on the Cisco 1604 enter the following commands beginning in global configuration mode Create a local username for yourself
33. t for testing connections not knowing exactly when an event occurs hinders you from examining background processes As you configure the software make sure that all logging dialog generated by the router appears on your terminal screen If it does not enter the terminal monitor EXEC command If you are configuring the router with the console port logging automatically appears You can use security measures in addition to those described in Steps 4 and 5 below to further encrypt the password See the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference for more information Cisco 10S Dial Services Quick Configuration Guide Chapter3 Configuring the Cisco 1604 Router HZ Verifying Host Name Password and Time Stamp Configuration Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 To configure the host name password and timestamps for the Cisco 1604 enter the following commands beginning in user EXEC mode Enter privileged EXEC mode Router gt enable Enter global configuration mode Router configure terminal Enter configuration commands one per line End with CNTL Z Assign a host name to the router This host name is typically used during authentication with the central site Router config hostname robo austin Enter a secret enable password that secures privileged EXEC mode Be sure to change guessme to your own secret password robo austin config enable secret gu

Cisco Systems 1604 Network Router User Manual

Contents

Download Pdf Manuals

Related Search

Related Contents