Cisco 819 Integrated Services Routers Software Configuration Guide
Configuring Backup Data Lines and Remote Management
Downloads: This chapterpdf (PDF - 221.0KB) The complete bookPDF (PDF - 4.61MB) | Feedback

Configuring Backup Data Lines and Remote Management

Table Of Contents

Configuring Backup Data Lines and Remote Management

Configuring Backup Interfaces

Configuring Cellular Dial-on-Demand Routing Backup

Configuring DDR Backup Using Dialer Watch

Configuring DDR Backup Using Floating Static Route

Cellular Wireless Modem as Backup with NAT and IPsec Configuration

Configuring Dial Backup and Remote Management Through the Console Port

Example


Configuring Backup Data Lines and Remote Management


This chapter describes configuring backup data lines and remote management in the following sections:

Configuring Backup Interfaces

Configuring Cellular Dial-on-Demand Routing Backup

Configuring Dial Backup and Remote Management Through the Console Port.

The Cisco 819 Integrated Services Router (ISR) supports backup data connectivity with a backup data line that enables them to mitigate WAN downtime.

Cisco 819 ISRs also support remote management functions through the auxiliary port on any Cisco 819 series ISRs.


Note On the Cisco 819 ISRs, the console port and the auxiliary port are on the same physical RJ-45 port. Therefore, the two ports cannot be activated simultaneously. You must use the command-line interface (CLI) to enable the desired function.


Configuring Backup Interfaces

When the router receives an indication that the primary interface is down, the backup interface becomes enabled. After the primary connection has been restored for a specified period, the backup interface is disabled.

Even if the backup interface comes out of standby mode, the router does not enable the backup interface unless the router receives the traffic specified for that backup interface.

Table 6-1 shows the backup interfaces available for each Cisco 819 ISR, along with their port designations. Basic configurations for these interfaces are given in the "Configuring WAN Interfaces" section.

Table 6-1 Model Number and Data Line Backup Capabilities

Router Model Number
 
3G

819

 

Yes


To configure your router with a backup interface, perform these steps, beginning in global configuration mode:

SUMMARY STEPS

1. interface type number

2. backup interface interface-type interface-number

3. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

interface type number

Example:

Router(config)# interface xxx 0
Router(config-if)#
 
        

Enters interface configuration mode for the interface for which you want to configure backup.

This can be a serial interface, ISDN interface, or asynchronous interface.

Step 2 

backup interface interface-type interface-number

Example:

Router(config-if)# backup interface serial 
0
Router(config-if)#
 
        

Assigns an interface as the secondary or backup interface.

This can be a serial interface or asynchronous interface. For example, a serial 1 interface could be configured to back up a serial 0 interface.

The example shows a serial interface configured as the backup interface for the ATM 0 interface.

Step 3 

exit

Example:

Router(config-if)# exit
Router(config)#
 
        

Exits the configuration interface mode.

Configuring Cellular Dial-on-Demand Routing Backup

To monitor the primary connection and initiate the backup connection over the cellular interface when needed, the router can use one of the following methods:

Backup Interface—The backup interface that stays in standby mode until the primary interface line protocol is detected as down and then is brought up. See the "Configuring Backup Interfaces" section.

Dialer Watch—Dialer watch is a backup feature that integrates dial backup with routing capabilities. See the "Configuring DDR Backup Using Dialer Watch" section.

Floating Static Route—The route through the backup interface has an administrative distance that is greater than the administrative distance of the primary connection route and therefore would not be in the routing table until the primary interface goes down. When the primary interaface goes down, the floating static route is used. See the "Configuring DDR Backup Using Floating Static Route" section


Note You cannot configure a backup interface for the cellular interface and any other asynchronous serial interface.


Configuring DDR Backup Using Dialer Watch

To initiate dialer watch, you must configure the interface to perform dial-on-demand routing (DDR) and backup. Use traditional DDR configuration commands, such as dialer maps, for DDR capabilities. To enable dialer watch on the backup interface and create a dialer list, use the following commands in interface configuration mode.

SUMMARY STEPS

1. configure terminal

2. interface type number

3. dialer watch group group-number

4. dialer watch-list group-number ip ip-address address-mask

5. dialer-list <dialer-group> protocol <protocol name> {permit | deny | list <access list number> | access-group}

6. ip access-list <access list number> permit <ip source address>

7. interface cellular 0

8. dialer string <string>

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 2 

interface type number

Example:

Router (config)# interface 0

Specifies the interface.

Step 3 

dialer watch-group

group-number

Example:

Router(config-if)# dialer watch-group 2

Enables dialer watch on the backup interface.

Step 4 

dialer watch-list group-number ip ip-address address-mask

Example:

Router(config-if)# dialer watch-list 2 ip 10.4.0.254 255.255.0.0

Defines a list of all IP addresses to be watched.

Step 5 

dialer-list <dialer-group> protocol <protocol-name> {permit | deny | list <access-list-number> | access-group}

Example:

Router(config)# dialer-list 2 protocol ip permit

Creates a dialer list for traffic of interest and permits access to an entire protocol.

Step 6 

ip access-list <access list number> permit <ip source address>

Example:

Router(config)# access list 2 permit 10.4.0.0

Defines traffic of interest.

Do not use the access list permit all command to avoid sending traffic to the IP network. This may result in call termination.

Step 7 

interface cellular 0
Example:

Router (config)# interface cellular 0

Specifies the cellular interface.

Step 8 

dialer string <string>

or

dialer group <dialer group number>
Example:

Router (config-if)# dialer string cdma *** cdma ***

or

Router (config-if)# dialer group 2 *** gsm ***

CDMA only. Specifies the dialer script (defined using the chat script command).

GSM only. Maps a dialer list to the dialer interface.

Configuring DDR Backup Using Floating Static Route

To configure a floating static default route on the secondary interface, use the following commands, beginning in the global configuration mode.


Note Make sure you have ip classless enabled on your router.


SUMMARY STEPS

1. configure terminal

2. ip route network-number network-mask {ip address | interface} [administrative distance] [name name]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode from the terminal.

Step 2 

ip route network-number network-mask

{ip-address | interface} [administrative distance] [name name]

Example:

Router (config)# ip route 0.0.0.0 Dialer 2 track 234

Establishes a floating static route with the configured administrative distance through the specified interface.

A higher administrative distance should be configured for the route through the backup interface, so that the backup interface is used only when the primary interface is down.

Cellular Wireless Modem as Backup with NAT and IPsec Configuration

The following example shows how to configure the 3G wireless modem as backup with NAT and IPsec on either GSM or CDMA networks.


Note The receive and transmit speeds cannot be configured. The actual throughput depends on the cellular network service.


Current configuration : 3433 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
crypto isakmp key gsm address 128.107.241.234             
!
!
crypto ipsec transform-set gsm ah-sha-hmac esp-3des        
!
crypto map gsm1 10 ipsec-isakmp                            
 set peer 128.107.241.234
 set transform-set gsm                                     
 match address 103
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.4.0.254
!
ip dhcp pool gsmpool                                       
   network 10.4.0.0 255.255.0.0
   dns-server 66.209.10.201 66.102.163.231 
   default-router 10.4.0.254 
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
chat-script gsm "" "atdt*98*1#" TIMEOUT 30 "CONNECT"        
!
!
archive
 log config
  hidekeys
!
!
interface 0
 no ip address
 ip virtual-reassembly
 load-interval 30
 no ilmi-keepalive
!
interface 0.1 point-to-point
 backup interface Cellular0
 ip nat outside
 ip virtual-reassembly
 pvc 0/35 
  pppoe-client dial-pool-number 2
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Cellular0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no ip mroute-cache
 dialer in-band
 dialer idle-timeout 0
 dialer string gsm                                      
 dialer-group 1
 async mode interactive
 no ppp lcp fast-start
 ppp chap hostname chunahayev@wwan.ccs
 ppp chap password 0 B7uhestacr
 ppp ipcp dns request
 crypto map gsm1                                       
!
interface Vlan1
 description used as default gateway address for DHCP clients
 ip address 10.4.0.254 255.255.0.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer2
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 load-interval 30
 dialer pool 2
 dialer-group 2
 ppp authentication chap callin
 ppp chap password 0 cisco
 ppp ipcp dns request
 crypto map gsm1                                       
!
ip local policy route-map track-primary-if
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer2 track 234
ip route 0.0.0.0 0.0.0.0 Cellular0 254
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map nat2cell interface Cellular0 overload
!         
ip sla 1
 icmp-echo 209.131.36.158 source-interface Dialer2
 timeout 1000
 frequency 2
ip sla schedule 1 life forever start-time now
access-list 1 permit any
access-list 2 permit 10.4.0.0 0.0.255.255
access-list 3 permit any
access-list 101 permit ip 10.4.0.0 0.0.255.255 any
access-list 102 permit icmp any host 209.131.36.158
access-list 103 permit ip host 166.136.225.89 128.107.0.0 0.0.255.255
access-list 103 permit ip host 75.40.113.246 128.107.0.0 0.0.255.255
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
!
!
route-map track-primary-if permit 10
 match ip address 102
 set interface Dialer2
!
route-map nat2cell permit 10
 match ip address 101
 match interface Cellular0
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line 3
 exec-timeout 0 0
 script dialer gsm                                    
 login
 modem InOut
 no exec
line vty 0 4
 login
!
scheduler max-task-time 5000
 
!
webvpn cef
end
 
   

Configuring Dial Backup and Remote Management Through the Console Port

When customer premises equipment, such as a Cisco 819 ISR, is connected to an ISP, an IP address is dynamically assigned to the router or the IP address may be assigned by the router peer through the centrally managed function. The dial backup feature can be added to provide a failover route in case the primary line fails. The Cisco 819 ISRs can use the auxiliary port for dial backup and remote management.

Figure 6-1 shows the network configuration used for remote management access and for providing backup to the primary WAN line.

Figure 6-1 Dial Backup and Remote Management Through the Auxiliary Port

1

Cisco 819 router

A

Main WAN link; primary connection to Internet service provider

2

Modem

B

Dial backup; serves as a failover link for Cisco 819 routers when primary line goes down

3

PC

C

Remote management; serves as dial-in access to allow changes or updates to Cisco IOS configurations


To configure dial backup and remote management for these routers, perform these steps, beginning in global configuration mode:

SUMMARY STEPS

1. ip name-server server-address

2. ip dhcp pool name

3. exit

4. chat-script script-name expect-send

5. interface type number

6. exit

7. interface type number

8. dialer watch-group group-number

9. exit

10. ip nat inside source {list access-list-number}{interface type number | pool name} [overload]

11. ip route prefix mask {ip-address | interface-type interface-number [ip-address]}

12. access-list access-list-number {deny | permit} source [source-wildcard]

13. dialerwatch-list group-number {ip ip-address address-mask | delay route-check initial seconds}

14. line [aux | console | tty | vty] line-number [ending-line-number]

15. modem enable

16. exit

17. line [aux | console | tty | vty] line-number [ending-line-number]

18. flowcontrol {none | software [lock] [in | out] | hardware [in | out]}

DETAILED STEPS

 
Command
Purpose

Step 1 

ip name-server server-address

Example:

Router(config)#ip name-server 192.168.28.12
Router(config)#
 
        

Enters your ISP DNS IP address.

Tip You may add multiple server addresses if available.

Step 2 

ip dhcp pool name

Example:

Router(config)#ip dhcp pool 1
Router(config-dhcp)#
 
        

Creates a DHCP address pool on the router and enters DHCP pool configuration mode. The name argument can be a string or an integer.

Configure the DHCP address pool. For sample commands that you can use in DHCP pool configuration mode, see the "Example" section.

Step 3 

exit

Example:

Router(config-dhcp)#exit
Router(config)#
 
        

Exits config-dhcp mode and enters global configuration mode.

Step 4 

chat-script script-name expect-send

Example:

Router(config)# chat-script Dialout ABORT 
ERROR ABORT BUSY "" "AT" OK "ATDT 5555102 
T" TIMEOUT 45 CONNECT \c
Router(config)#
 
        

Configures a chat script used in dial-on-demand routing (DDR) to give commands for dialing a modem and for logging in to remote systems. The defined script is used to place a call over a modem connected to the PSTN.

Step 5 

interface type number

Example:

Router(config)# interface Async 1
Router(config-if)#
 
        

Creates and enters configuration mode for the asynchronous interface.

Configure the asynchronous interface. For sample commands that you can use in asynchronous interface configuration mode, see the "Example" section.

Step 6 

exit

Example:

Router(config-if)# exit
Router(config)#
 
        

Enters global configuration mode.

Step 7 

interface type number

Example:

Router(config)# interface Dialer 3
Router(config-if)#
 
        

Creates and enters configuration mode for the dialer interface.

Step 8 

dialer watch-group group-number

Example:

Router(config-if)# dialer watch-group 1
Router(config-if)#
 
        

Specifies the group number for the watch list.

Step 9 

exit

Example:

Router(config-if)# exit
Router(config)#
 
        

Exits the interface configuration mode.

Step 10 

ip nat inside source {list access-list-number} {interface type number | pool name} [overload]

Example:

Router(config)# ip nat inside source list 
101 interface Dialer 3 overload
 
        

Enables dynamic translation of addresses on the inside interface.

Step 11 

ip route prefix mask {ip-address | interface-type interface-number [ip-address]}

Example:

Router(config)# ip route 0.0.0.0 0.0.0.0 
22.0.0.2
Router(config)#
 
        

Sets the IP route to point to the dialer interface as a default gateway.

Step 12 

access-list access-list-number {deny | permit} source [source-wildcard]

Example:

Router(config)# access-list 1 permit 
192.168.0.0 0.0.255.255 any
 
        

Defines an extended access list that indicates which addresses need translation.

Step 13 

dialerwatch-list group-number {ip ip-address address-mask | delay route-check initial seconds}

Example:

Router(config)# dialer watch-list 1 ip 
22.0.0.2 255.255.255.255
Router(config)#
 
        

Evaluates the status of the primary link, based on the existence of routes to the peer. The address 22.0.0.2 is the peer IP address of the ISP.

Step 14 

line [aux | console | tty | vty] line-number [ending-line-number]

Example:

Router(config)# line console 0
Router(config-line)#
 
        

Enters configuration mode for the line interface.

Step 15 

modem enable

Example:

Router(config-line)# modem enable
Router(config-line)#
 
        

Switches the port from console to auxiliary port function.

Step 16 

exit

Example:

Router(config-line)# exit
Router(config)#
 
        

Exits the configure interface mode.

Step 17 

line [aux | console | tty | vty] line-number [ending-line-number]

Example:

Router(config)# line aux 0
Router(config)#
 
        

Enters configuration mode for the auxiliary interface.

Step 18 

flowcontrol {none | software [lock] [in | out] | hardware [in | out]}

Example:

Router(config)# flowcontrol hardware
Router(config)#
 
        

Enables hardware signal flow control.

Example

The following configuration example specifies an IP address for the interface through PPP and IPCP address negotiation and dial backup over the console port:

!
ip name-server 192.168.28.12
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool 1
 import all
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
!
! Need to use your own correct ISP phone number.
modemcap entry MY-USER_MODEM:MSC=&F1S0=1
chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555102\T"
TIMEOUT 45 CONNECT \c
!
!
!
!
interface vlan 1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
! Dial backup and remote management physical interface.
interface Async1
 no ip address
 encapsulation ppp
 dialer in-band
 dialer pool-member 3
 async default routing
 async dynamic routing
 async mode dedicated
 ppp authentication pap callin
!
interface ATM0
 mtu 1492
 no ip address
 no atm ilmi-keepalive
 pvc 0/35
 pppoe-client dial-pool-number 1
!
! Primary WAN link.
interface Dialer1
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 ppp authentication pap callin
 ppp pap sent-username account password 7 pass
 ppp ipcp dns request
 ppp ipcp wins request
 ppp ipcp mask request
!
! Dialer backup logical interface.
interface Dialer3
 ip address negotiated
 ip nat outside
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool 3
 dialer idle-timeout 60
 dialer string 5555102 modem-script Dialout
 dialer watch-group 1
!
! Remote management PC IP address.
peer default ip address 192.168.2.2
no cdp enable
!
! Need to use your own ISP account and password.
ppp pap sent-username account password 7 pass
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp mask request
!
! IP NAT over Dialer interface using route-map.
ip nat inside source route-map main interface Dialer1 overload
ip nat inside source route-map secondary interface Dialer3 overload
ip classless
!
! When primary link is up again, distance 50 will override 80 if dial backup 
! has not timed out. Use multiple routes because peer IP addresses are alternated 
! among them when the CPE is connected.
ip route 0.0.0.0 0.0.0.0 64.161.31.254 50
ip route 0.0.0.0 0.0.0.0 66.125.91.254 50
ip route 0.0.0.0 0.0.0.0 64.174.91.254 50
ip route 0.0.0.0 0.0.0.0 63.203.35.136 80
ip route 0.0.0.0 0.0.0.0 63.203.35.137 80
ip route 0.0.0.0 0.0.0.0 63.203.35.138 80
ip route 0.0.0.0 0.0.0.0 63.203.35.139 80
ip route 0.0.0.0 0.0.0.0 63.203.35.140 80
ip route 0.0.0.0 0.0.0.0 63.203.35.141 80
ip route 0.0.0.0 0.0.0.0 Dialer1 150
no ip http server
ip pim bidir-enable
!
! PC IP address behind CPE.
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip 192.168.0.0 0.0.255.255 any
!
! Watch multiple IP addresses because peers are alternated 
! among them when the CPE is connected.
dialer watch-list 1 ip 64.161.31.254 255.255.255.255
dialer watch-list 1 ip 64.174.91.254 255.255.255.255
dialer watch-list 1 ip 64.125.91.254 255.255.255.255
!
! Dial backup will kick in if primary link is not available 
! 5 minutes after CPE starts up.
dialer watch-list 1 delay route-check initial 300
dialer-list 1 protocol ip permit
!
! Direct traffic to an interface only if the dialer is assigned an IP address.
route-map main permit 10
 match ip address 101
 match interface Dialer1
!
route-map secondary permit 10
 match ip address 103
 match interface Dialer3
!
! Change console to aux function.
line con 0
 exec-timedout 0 0
 modem enable
 stopbits 1
line aux 0
 exec-timeout 0 0
 ! To enable and communicate with the external modem properly.
 script dialer Dialout
 modem InOut
 modem autoconfigure discovery
 transport input all 
 stopbits 1
 speed 115200
 flowcontrol hardware
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
!
scheduler max-task-time 5000
end