Dial Solutions Quick Configuration Guide
Working with Your Access Server for the First Time
Download this chapter
Working with Your Access Server for the First TimeWorking with Your Access Server for the First Time
give_us_feedback

Table Of Contents

Working with Your Access Server for the First Time

Sample Dial Scenarios Using Access Servers

Working with the EXEC Facility, Lines, and Interfaces

Choosing a Method of Connecting to the Network

Permitting Users to Connect Directly to the Network

Connecting to the EXEC Facility

Accessing Different Command Modes

Getting Context Sensitive Help

Configuring Asynchronous Ports

Asynchronous Lines

Asynchronous Interfaces

Line-Specific Issues on the Cisco AS5200 Access Server

Configuring Group Asynchronous Interfaces

First-Time Router Configuration Procedures

What You Will Learn

Prerequisites

Lesson 1, Configuration Basics

Lesson 2, Modem Configuration

Lesson 3, PPP and ARA Configuration

Lesson 4, IP and AppleTalk Protocol Support

Lesson 5, Basic System Security

Sample Access Server Configuration


Working with Your Access Server for the First Time

This chapter will familiarize you with critical components of Cisco access servers while you configure the product for the first time. Spending a few minutes in this chapter when you first sit down to configure your access server will save you more than a few minutes later.

Complete the tasks in this chapter if you are not familiar with any of the following components and configuration tasks on a Cisco access server:

The EXEC facility

Line versus interface configuration tasks

Different command modes in the command line interface

Context-sensitive help

How to view your configuration and Cisco IOS software release version

The components that need to be configured on an access server to enable users to dial in from remote locations and access resources on your network (such as file servers and printers)

This chapter assumes you have already referred to your product's hardware installation configuration guide, software configuration guide, or other documents for your product to perform the following tasks:

Starting up your access server

Connecting to the console port of your access server

Displaying an EXEC prompt (Router>) on your terminal screen (or being able to display it)

Complete these tasks before you perform the tasks in this chapter. (Refer to the documentation that accompanied your access server for more information about these tasks.)

Specifically, this chapter describes the following:

Sample Dial Scenarios Using Access Servers—This section provides a description of the two networks that this guide aims to build using Cisco dial technologies.

Working with the EXEC Facility, Lines, and Interfaces—This section provides important background information.

First-Time Router Configuration Procedures—This section provides five lessons that enable you to learn while you configure the access server.

Sample Dial Scenarios Using Access Servers

Access servers are used in a variety of dial networking topologies.

shows the Cisco 2511 access server providing access for remote clients using modems. The clients place analog calls into the enterprise via a fixed number of asynchronous dial-in access ports on the Cisco 2511. In this chapter, lessons 1 through 5 provide concise step-by-step instructions for configuring low-end access servers, such as the Cisco 2511.

Figure 1-1 Remote Clients Making Analog Calls into the Enterprise

shows the Cisco AS5200 accepting incoming calls from a Cisco 766, Cisco 1604, and an individual remote client such as a standalone laptop in a hotel room. The chapter "" provides step-by-step configuration information for this scenario.

Figure 1-2 Remote Clients Making Analog and Digital Calls into the Enterprise

Note   Though the Cisco 2511 and Cisco AS5200 are referenced throughout this guide, most of their software configurations can be used to configure other Cisco access servers. The sample configurations for the Cisco 2511 can be used to configure other low-end access servers. The Cisco AS5200's configuration can be used to configure other high-end access servers, such as the Cisco AS5300.

Working with the EXEC Facility, Lines, and Interfaces

This section describes the following information:

Choosing a Method of Connecting to the Network

Accessing Different Command Modes

Getting Context Sensitive Help

Configuring Asynchronous Ports

Choosing a Method of Connecting to the Network

The prompt that appears when you first log in to an access server (Router>) is called the EXEC prompt. When you access the EXEC prompt, you are accessing the EXEC facility and you start an EXEC session. You can log in through the following ports on an access server:

Console port

LAN or WAN interface

Asynchronous interface

The focus of this guide is on how you configure (via the console port) the access server to permit remote clients to dial in through asynchronous interfaces to access network resources (such as printers and file servers).

You have two options when you enable remote clients to dial in and access network resources:

Have them access the EXEC facility and then access to network resources via the EXEC session

Have them connect directly to the network and bypass the EXEC facility

In general, you should give system administrators access to the EXEC facility, but give dial-in clients access only to the network. The next section "Permitting Users to Connect Directly to the Network" describes how to enable users to log in to the network without ever seeing the access server.

Permitting Users to Connect Directly to the Network

When a user dials in to the access server, the Cisco IOS software running on the access server can detect the incoming protocol automatically if you configure it to autoselect the protocol. You autoselect a protocol by issuing the autoselect ppp or autoselect arap line configuration commands. If the Cisco IOS software detects that the remote device is using one of these protocols, it can launch Point-to-Point Protocol (PPP) or AppleTalk Remote Access (ARA) sessions automatically.

Note   Autoselect bypasses security dialogs for users who log in to an EXEC session on the access server. If you use autoselect, Cisco strongly recommends that you use the authentication techniques built into the asynchronous protocols. If you configure a line to detect PPP automatically, Cisco recommends that you use Challenge Handshake Authentication Protocol (CHAP) authentication. If you configure a line to automatically detect ARA and if the ARA protocol is detected, users are authenticated with ARA's built-in authentication. For complete security information, refer to the chapter "" in this guide.

shows the authentication process when autoselect is used.

Figure 1-3 Flowchart of EXEC Facility and Autoselect Authentication Options

Timesaver   

If you issue the autoselect ppp line configuration command, you must first issue the async mode interactive asynchronous interface configuration command. The async mode interactive command enables the interface to select a protocol type dynamically. If you do not enter the async mode interactive command before you issue the autoselect ppp command, the following warning message appears: "%Autoselect w/o the interface command `Async mode interactive' is useless." Refer to the chapter "" chapter for more information.

and show examples of what clients (dial in PC or Macintosh users) see on their monitors when they connect to the network using PPP and ARA.

Figure 1-4 Client Connection to an IP Network Using Windows 95 PPP Application

After clients using PPP connect to the network, they have access to all IP network resources, such as UNIX hosts for Telnet or FTP sessions, other PCs on the network, or Windows NT servers.

Figure 1-5 Client Connection to an AppleTalk Network Using the ARA 2.0 Application

After users connect to the network via ARA, they have access to all AppleTalk network resources, including AppleShare servers, the public folders of colleagues, and printers. They can also use ARA as the transport protocol to run IP applications. For more information, refer to the chapter "Enabling Remote Clients to Dial In to IP, IPX, and AppleTalk Networks."

Connecting to the EXEC Facility

If you permit users to dial in to the EXEC facility, they can use terminal services (such as Telnet), run an asynchronous protocol over the line, or use one of many other access services. For example, you can enter the ppp command to initiate a PPP session to a device on the network.

To enable users to log in to the EXEC facility, you issue the autoselect during-login line configuration command. When the Cisco IOS software detects a carriage return, the user is connected to the EXEC facility. You also access the EXEC facility any time you log in to the access server through the access server to configure it.

There are two primary levels to the EXEC facility:

User level EXEC mode, which is what you see when you first log in to the access server, whether from a remote client, or through of a console-port connection: 

Router>

Privileged level EXEC mode, which provides access to configuration mode. To enter privileged level EXEC mode, you issue the enable command, enter the enable password, and press Return, as shown in the following example: 

Router> enable 

Password:

Router#

As the network administrator for an access server, you protect privileged level EXEC mode with a password that only network administrators know. You give dialin users access only to user-level EXEC mode so that they can issue commands to connect with other network devices (such as the ppp command).

For an overview of configuration mode, refer to the next section, "Accessing Different Command Modes." For information about configuring security, refer to the "" chapter in this guide.

Accessing Different Command Modes

In addition to the EXEC facility, you can access several different command modes on the access server. Each different command mode permits you to configure different components on the access server. lists the most common components and configuration modes. You configure global parameters in global configuration mode, interface parameters in interface configuration mode, and line parameters in line configuration mode. For information about what you typically configure in line mode versus interface mode, refer to the section "Configuring Asynchronous Ports."

Table 1-1 Common Command Modes 

Command Mode
Access Method
Router Prompt
Displayed
Exit Method

User EXEC

Log in.

Router>

Use the logout command.

Privileged EXEC

From user EXEC mode, enter the enable EXEC command.

Router#

To exit back to user EXEC mode, use the disable, exit, or logout command.

Global configuration

From privileged EXEC mode, enter the configure terminal command.

Router(config)#

To exit to privileged EXEC mode, use the exit or end command or press Ctrl-Z.

Interface configuration

Enter the interface type number command, such as interface ethernet 0.

Router(config-if)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, press Ctrl-Z.

Line configuration

Enter the line start-number end-number command, such as line 1 16.

Router(config-line)#

To exit to global configuration mode, use the exit command.

To exit directly to privileged EXEC mode, press Ctrl-Z.


Getting Context Sensitive Help

You can get help in any of the command modes listed in Table 1-1. The help available in the Cisco IOS software describes the syntax for each command or displays the complete name of the command.

To get context sensitive help, type ? (a question mark) at the prompt. There are two types of help available: full help and partial help.

Full help—Type a ? at the configuration prompt or after entering part of a command followed by a space. The configuration parser displays options available with the command. For example, if you were in global configuration mode, typed the command arap, and wanted to see all the keywords and arguments for that command, you would type arap ?. The following example shows the resulting output: 

Router(config)# arap ?

  callback  Enable callback of ARAP connections

  logging   Turn on logging of ARAP connections

  network   Internal Appletalk Network For Arap Clients

Router(config)# arap

Partial help—Type part of the name of a command, then a ?, without an intervening space. The configuration parser identifies the rest of the command being entered. For example, if you were in global configuration mode and wanted to see the complete spelling of the command, you could type ar?. The following example shows the resulting output: 

Router(config)# ar?

arap   arp


Router(config)#

You can also type ? at the command prompt and the Cisco IOS software displays all available commands for that command mode. The following example shows sample output for the commands available in privileged EXEC mode: 

Router# ? 

Exec commands:

  access-enable    Create a temporary Access-List entry

  access-template  Create a temporary Access-List entry

  bfe              For manual emergency modes setting

  clear            Reset functions

...

  write            Write running configuration to memory, network, or terminal

  x3               Set X.3 parameters on PAD

  xremote          Enter XRemote mode

Refer to the chapter "Configuring the User Interface" in the Configuration Fundamentals Configuration Guide for more information about any aspect of working with the user interface in the Cisco IOS software. The Configuration Fundamentals Configuration Guide is part of the Cisco IOS documentation in Cisco IOS Releases 11.1 and later.

Configuring Asynchronous Ports

On the back of your access server are asynchronous ports to which you connect modems. Remote clients dial in to the network through these asynchronous ports.

To enable clients to dial in, you configure two components of each asynchronous port: lines and interfaces. Asynchronous interfaces correspond to physical terminal (TTY) lines. For example, asynchronous interface 1 corresponds to TTY line 1.

Generally, commands entered in asynchronous interface mode enable you to configure protocol-specific parameters for asynchronous interfaces, whereas commands entered in line configuration mode permit you to configure the physical aspects for the same port. In , which shows the show line output on a Cisco 2511, TTY line 1 corresponds with asynchronous interface 1, TTY line 16 corresponds with asynchronous interface 16, and so on.

Figure 1-6 Show Line Output—Comparing TTY Lines to Asynchronous Interfaces

Asynchronous Lines

Asynchronous line configuration commands configure ports for the following options:

Physical layer options (such as modem configuration)

Security for EXEC mode

ARA protocol configuration (PPP is configured in interface configuration mode)

Autoselect to detect incoming protocols (ARA and PPP)

To enter line configuration mode, first connect to the console port of the access server and enter privileged EXEC mode. Then enter global configuration mode and finally enter line configuration mode for the asynchronous lines that you want to configure. The following example shows the process of entering line configuration mode for lines 1 through 16: 

2511> enable

2511# configure terminal 

2511(config)# line 1 16

2511(config-line)#

Note   Router is the default name of your access server. This name appears in all system prompts (Router>). You can change the host name to any name you wish by using the hostname global configuration command. For example, to change the name of a host from Router to 2511, you would issue hostname 2511 at the global configuration prompt.

Asynchronous Interfaces

Generally, interfaces enable the Cisco IOS software to use routing functions. Specifically, you configure asynchronous interfaces to support PPP connections. You configure interfaces on an access server for the following functions:

Network protocol support (such as IP, IPX, or AppleTalk)

Encapsulation support (such as PPP)

IP client addressing options (default and/or dynamic)

IPX network addressing options

PPP authentication

ISDN BRI and PRI configuration

Line-Specific Issues on the Cisco AS5200 Access Server

On the Cisco AS5200 access server, each TTY line maps directly to an integrated AS5200 modem as shown in . The TTY lines 1 through 24 directly connect to modems 1/0 through 1/23, which are installed in the first chassis slot. The TTY lines 25 through 48 directly connect to modems 2/0 through 2/23, which are installed in the second chassis slot. For more information, refer to the Cisco AS5200 Universal Access Server Software Configuration Guide.

Table 1-2 TTY Lines Associated to Integrated AS5200 Modems 

TTY Line
Slot/port
TTY Line
Slot/port

1

1/0

25

2/0

2

1/1

26

2/1

3

1/2

27

2/2

4

1/3

28

2/3

5

1/4

29

2/4

6

1/5

30

2/5

7

1/6

31

2/6

8

1/7

32

2/7

9

1/8

33

2/8

10

1/9

34

2/9

11

1/10

35

2/10

12

1/11

36

2/11

13

1/12

37

2/12

14

1/13

38

2/13

15

1/14

39

2/14

16

1/15

40

2/15

17

1/16

41

2/16

18

1/17

42

2/17

19

1/18

43

2/18

20

1/19

44

2/19

21

1/20

45

2/20

22

1/21

46

2/21

23

1/22

47

2/22

24

1/23

48

2/23


Configuring Group Asynchronous Interfaces

To configure multiple asynchronous interfaces at the same time (with the same parameters), you can assign each asynchronous interface to a group and then configure the group. Configurations throughout this guide configure group asynchronous interfaces, rather than configuring each interface separately.

Note   After assigning asynchronous interfaces to a group, you cannot configure these interfaces separately. If you want to configure different attributes on different asynchronous interfaces, do not assign them to the group or assign different interfaces to different groups. For example, on a Cisco 2511 access server, you could assign asynchronous interfaces 1 to 8 as part of one group (such as group-async1) and asynchronous interfaces 9 to 16 as part of another group (group-async2).

To configure a group asynchronous interfaces, specify the group async number (an arbitrary number) and the group range (beginning and ending asynchronous interface number). The following example shows the process of creating a group asynchronous interface for asynchronous interfaces 1 through 16 on a Cisco 2511 access server: 

2511(config)# interface group-async 1

2511(config-if)# group-range 1 16 


Building configuration...


2511(config-if)#

At this point, you have configured asynchronous interfaces 1 through 16 as part of the same group and you are in interface configuration mode for the group asynchronous interface.

First-Time Router Configuration Procedures

If you have never configured a Cisco router (or have, but want more information about configuring one), perform the tasks in this section. This section will familiarize you with the Cisco IOS software while you configure some fundamental parameters to enable PC and Macintosh clients to dial into your network to access resources, such as file servers and printers.

This section assumes you have referred to the user guide or installation and configuration guide that accompanied your router and that you have access to user level EXEC mode (Router>).

Note   If you do not type anything for ten minutes while you are configuring your system, the session times out and is disconnected. If it times out, the message "Press RETURN to get started" appears. This is not an error. If this message appears, press Return and the Router> prompt appears again. Lesson 1 shows you how to change this timeout interval.

Each step in the subsequent sections show information that appears on the screen before and after you type each command. On-screen text and system responses appear in screen font. Commands that you are instructed to type appear in examples as boldface screen font.

What You Will Learn

The five lessons, and their content, are shown in the following list:

Lesson 1, Configuration Basics

Understanding Cisco's command line interface

Moving between different configuration modes

What to do if the EXEC facility times out while you are configuring the system

How to get help in the Cisco IOS software

How to view your configuration (running and startup)

How to copy a running configuration to a startup configuration

Lesson 2, Modem Configuration

Lesson 3, PPP and ARA Configuration

Lesson 4, IP and AppleTalk Protocol Support

Lesson 5, Basic System Security

After you complete the tasks in all five lessons, you will have enabled remote PC and Macintosh users to dial in and access IP or AppleTalk resources on your network.

Total time to complete all five lessons can range from 30 minutes to more than an hour. Each lesson takes approximately 10 minutes.

Prerequisites

Before you begin, make sure you perform the following tasks:

Write down the IP address of your Ethernet (LAN) interface.

Write down the set of available IP addresses to be assigned to dialin IP clients. If you do not have this information, you can use the sample addresses provided in the examples in these lessons.

Your modem has already been connected to the access server. Refer to the hardware installation guide, user guide, or installation and configuration guide that accompanied your access server for more information about connecting modems and cables.

Write down the maximum supported transmission rate of your modems or have your modem manual available.

If you are configuring access to an AppleTalk network by Macintosh clients, write down your AppleTalk zone, cable range, and your ARA network number and name.

Lesson 1, Configuration Basics

In this lesson, you will configure some basic parameters and learn how to work with the command line interface of the Cisco IOS software. This section requires 10 to 15 minutes to complete.

Timesaver   

Always make sure you are in the correct command mode before you enter a command. If you are not in the correct command mode when you enter a command, one of two problems occurs: either the command has no effect, or it has an unexpected (and possibly detrimental) effect.

Enter the commands in through to practice configuring basic parameters.

Table 1-3

Command
Purpose

Router> enable

Password:

Router#

Either or return to privileged EXEC mode (represented by Router#). If you are in user EXEC mode (represented by the Router> prompt), enter privileged EXEC mode by entering the enable command. If an enable password has been set, you are prompted for a password. If none has been set, you are not prompted for a password. If you are in any other mode, type exit and press Return until the Router# prompt appears.

Router# config term

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Enter global configuration mode. The abbreviated command config term represents the command configure terminal. You can abbreviate commands by entering the minimum number of characters that uniquely identify the command.

Router(config)# hostname 2511

2511(config)#

Change the name of the access server to a meaningful name. Substitute your own name for 2511.

2511(config)# enable secret guessme

2511(config)#

Enter a secret enable password. This password provides access to privileged EXEC mode. When a user types enable at the EXEC prompt (Router> or 2511>), they must enter the enable secret password to gain access to configuration mode.

2511(config)# line con 0

2511(config-line)# exec-timeout 0 0

2511(config-line)# exit

2511(config)#

Enter line configuration mode to configure the console port, which you are connected to. You can see when you enter line configuration mode, because the prompt changes to 2511(config-line)#. Prevent the access server's EXEC facility from timing out if you do not type any information on the console screen for an extended period, then exit back to global configuration mode.

2511(config)# exit

2511#

%SYS-5-CONFIG_I: Configured from console by console

Exit back to privileged EXEC mode. If you have altered any parameters while in global configuration mode (or any other command mode), the message "%SYS-5-CONFIG_I: Configured from console by console" appears. This is normal and does not indicate an error condition.

2511# show version

Display statistics about the Cisco IOS software image loaded on your access server, as well as available memory (NVRAM and Flash), and available interfaces.


Configuring Basic Parameters

The following output shows statistics for a Cisco IOS Release 11.3 image running on a Cisco 2511 access server: 

2511# show version


Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-J-L), Version 11.3(1.0) RELEASED SOFTWARE

Copyright (c) 1986-1997 by cisco Systems, Inc.

Compiled Mon 13-Oct-97 15:26 

Image text-base: 0x0000144C, data-base: 0x007E8DDC


ROM: System Bootstrap, Version (3.3), SOFTWARE


enkidu uptime is 5 hours, 19 minutes

System restarted by reload

System image file is "eschaffe/c2500-j-l.113", booted via tftp from 161.69.1.129


cisco 2511 (68030) processor (revision A) with 16384K/2048K bytes of memory.

Processor board ID 01244583, with hardware revision 00000000

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software copyright 1990 by Meridian Technology Corp).

TN3270 Emulation software.

1 Ethernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

16 terminal line(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

Table 1-4

Command
Purpose

2511# configure terminal

2511(config)# ?

Get help about all commands available in global configuration mode. The output that follows is based on the igs-j-l software image shown in the output of the show version command. Your output can differ and depends on your image type.


View Available Commands

The following output shows the commands and their definitions available in privileged EXEC mode: 

2511(config)# ?


Configure commands:

  aaa                         Authentication, Authorization and Accounting.

  access-list                 Add an access list entry

  alias                       Create command alias

  appletalk                   Appletalk global configuration commands

  arap                        Appletalk Remote Access Protocol

... (some output deleted for brevity)

  username                    Establish User Name Authentication

  vines                       VINES global configuration commands

  vpdn                        Virtual Private Dialup Network

  vty-async                   Enable virtual async line configuration

  x25                         X.25 Level 3

  x29                         X29 commands

  xremote                     Configure XRemote


2511(config)#

Table 1-5 Save then View Running Configuration 

Command
Purpose

2511(config)# arap ?

callback  Enable callback of ARAP connections

logging   Turn on logging of ARAP connections

network   Internal Appletalk Network For Arap           Clients

2511(config)# arap

Get help about all keywords and arguments associated with the arap global configuration command. The help system lists each argument and describes it. To find out if there are additional arguments with this command, you can type any portion of the command followed by a space and a question mark, as shown in the next step.

2511(config)# arap network ?

  <1-65279>  Network number

Get help about the arap network command. The system displays the range of network numbers you can select for an ARA network. For more information about any command in the Cisco IOS software, you can refer to the Cisco IOS software command references.

2511(config)# exit

2511#

Exit back to privileged EXEC mode.

2511# copy running startup

Building configuration...

[OK]

2511#

Copy the contents of your running configuration (what you have just entered) to the startup configuration for the access server. The Cisco IOS software displays [OK], indicating that the copy process was successful. The full name of the command is copy running-config startup-config.

2511# show startup-config

Display your startup configuration. If you want to view your current configuration (if it differed from your running configuration), issue the show running-config command.


The following output shows the configuration that you saved when you issued the copy running startup command: 

2511# show startup-config

Using 419 out of 32762 bytes

!

version 11.3

service udp-small-servers

service tcp-small-servers

!

hostname 2511

!

enable secret 5 $1$oiqW$zIoVcK4tkGdpoBarDXcFz0

username jim password 7 04091E020A

!

interface Ethernet0

 no ip address

 shutdown

!

interface Serial0

 no ip address

 shutdown

 no fair-queue

!

no ip classless

!

!

line con 0

line 1 8

line aux 0

line vty 0 4

 login

!

end

Lesson 2, Modem Configuration

In this lesson, you will configure some line parameters to enable the access server to work with a modem. This section requires 5 to 7 minutes to complete. For more information about any of the parameters in this lesson, refer to the "Configuring Modems" chapter later in this guide.

At the end of Lesson 1, the 2511# prompt appeared, and this is where you start Lesson 2. Enter the commands in to configure the line and modems.

Table 1-6 Configure Asynchronous Modem Lines 

Command
Purpose

2511# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

2511(config)#

Enter global configuration mode. The prompt changes to 2511(config)#, indicating that you are in global configuration mode.

2511(config)# line 1 8

[or]

2511(config)# line 1 16

2511(config-line)#

Enter line configuration mode to configure all lines on the access server for modem support. On a Cisco 2509, which has 8 lines, you type line 1 8. On a Cisco 2511, which has 16 lines, you type line 1 16. The prompt changes to 2511(config-line)#, indicating you are in line configuration mode.

2511(config-line)# speed 115200

2511(config-line)#

Enter the highest speed in common between the access server and your modems. Refer to your modem manual for information about its highest line speed. In general, if your modems support a speed of 28,800 bps, specify 115200. If your modem supports a speed of 14,400 bps, specify 57600. If your modem supports a speed of 9,600 bps, specify 38400.

2511(config-line)# flowcontrol hardware

2511(config-line)#

Specify hardware flow control (except on the console port.

2511(config-line)# modem autoconfigure                   discovery

2511(config-line)#

Automatically initialize the modems attached to the asynchronous port of your access server. For more information, refer to the "Configuring Modems" chapter in this guide.

2511(config-line)# modem inout

2511(config-line)#

Configure the line to accept incoming and make outgoing calls through the modems.


The resulting configuration configures most modems to function with Cisco access servers. Proceed to Lesson 3.

Lesson 3, PPP and ARA Configuration

In this lesson, you will configure basic PPP and ARA dialin parameters. This section requires 10 to 15 minutes to complete. For more information about any of the parameters in this lesson, refer to the "" chapter later in this guide.

At the end of Lesson 2, the 2511(config-line)# prompt appeared, and this is where you start Lesson 3. Enter the commands in to enable clients to dial in using PPP or ARA.

Table 1-7

Command
Purpose

2511(config-line)# interface group-async 1

2511(config-if)# group-range 1 16

Building configuration...

2511(config-if)#

Place all asynchronous interfaces in a single group, so that you configure the same parameters quickly on all interfaces at one time. This example assigns asynchronous interfaces 1 to 16 to group asynchronous interface 1. You can see that you have entered interface configuration mode because the prompt changed to 2511(config-if)#.

The number you use with the group-range command depends on the number of asynchronous interfaces you have on your access server. That is, if your access server has 16 asynchronous interfaces, you can specify group-range 16.

2511(config-if)# ip unnumbered ethernet 0

To conserve IP addresses, configure the asynchronous interfaces as unnumbered and assign the IP address of the Ethernet interface to them. You will configure the IP address of the Ethernet interface in Lesson 4.

2511(config-if)# encapsulation ppp

Enable the point-to-point protocol (PPP) to run on the set of interfaces in the group.

2511(config-if)# async mode interactive

Configure interactive mode on the asynchronous interfaces.

2511(config-if)# ip tcp header-compression                  passive

Configure the asynchronous interfaces to perform compression of TCP headers, but only if requested by the dial-in client.

2511(config-if)# line 1 16

2511(config-line)#

Enter line configuration mode again. Specify the range of asynchronous lines on your access server (8, 16, or 48).

2511(config-line)# autoselect ppp

Enable remote IP or IPX users running a PPP application to dial in, bypass the EXEC facility, and connect directly to the network.

2511(config-line)# arap enable

2511(config-line)#

Enable ARA dial-in on your network.

2511(config-line)# autoselect arap

2511(config-line)#

Enable remote Macintosh users running ARA to dial in, bypass the EXEC facility, and connect directly to the network. If you do not intend to permit remote Macintosh users to connect to AppleTalk resources on your network, do not enter this command.


Configure PPP and ARA

This lesson configured basic PPP and ARA support. Before you can allow users to dial in to the network, you must configure IP and AppleTalk network support, which are described in Lesson 4.

Lesson 4, IP and AppleTalk Protocol Support

In this lesson, you will configure IP and AppleTalk protocol support, which will allow users to dial in to your network. This section requires 10 to 15 minutes to complete.

For more information about any of the parameters in this lesson, refer to the "" chapter in this guide.

At the end of Lesson 3, the 2511(config-line)# prompt appeared, and this is where you start Lesson 4. Enter the commands in to configure IP and AppleTalk support.

Table 1-8 Configure IP and AppleTalk 

Command
Purpose

2511(config-line)# exit

2511(config)#

Exit from interface configuration mode and return to global configuration mode.

2511(config)# appletalk routing

Enable AppleTalk routing on the access server. IP routing is already enabled by default.

2511(config)# arap network 2500 Mac-dialup

Create a new internal AppleTalk network in the access server. In this example, the network number is 2500 and the zone name is Mac-dialup. Substitute your own zone number and name.

2511(config)# interface ethernet 0

2511(config-if)#

Enter interface configuration mode to configure the Ethernet interface 0. You can see that you have entered interface configuration mode because the prompt changed to 2511(config-if)#.

2511(config-if)# appletalk cable-range 1-2

Enter a cable range for an AppleTalk network. Substitute your own cable range.

2511(config-if)# appletalk zone Corporate

Create an AppleTalk zone on the Ethernet interface 0. In this example, the zone is Corporate. Substitute your own zone name.

2511(config-if)# ip-address 172.16.42.24                  255.255.255.0

Enter an IP address and subnet mask for the Ethernet (LAN) interface on your access server. Substitute your own IP address.

2511(config-if)# exit

2511(config)#

Exit back to global configuration mode.

2511(config)# ip domain-name eapp.com

2511(config)# ip name-server 172.16.42.128

Specify an IP domain name and IP name server on the LAN segment to which the access server is attached. Substitute your own domain name and name server IP address.

2511(config)# router rip

Specify RIP routing. You can also specify IGRP, EIGRP, OSPF, or other routing protocols. For more information about configuring routing protocols, refer to the "" chapter in this guide or the Network Protocols Configuration Guide, Part 1 in the Cisco IOS configuration guides and command references documentation.

2511(config)# network 172.16.42.0

Associate a network with the RIP routing process.

2511(config)# ip address-pool local

Assign IP addresses to dial-in IP clients as they dial in, rather than providing static IP addresses to every client. The ip address-pool command create a local IP address pooling mechanism in the access server.

2511(config)# ip local pool default               172.16.42.1 172.16.42.16

Define a set of IP addresses inside the access server. This example uses a pool of addresses from 172.16.42.1 through 172.16.42.16. The name of the IP address pool is default. Substitute your own pool of IP addresses.

2511(config)# interface group-async 1

Enter asynchronous interface configuration mode, so that you can apply the IP address pool to a set of interfaces.

2511(config-if)# peer default ip-address pool                 default

Apply the IP address pool default with the address range of 172.16.42.1 through 172.16.42.16 to the group asynchronous interface.


The resulting configuration enables clients to dial in to the network to access IP and AppleTalk resources. At this point, you must configure security, or your network will be open to significant security breaches.

Lesson 5, Basic System Security

This lesson uses the authentication, authorization, and accounting (AAA) facility to configure basic local authentication. Local authentication means that an internal username database authenticates users, rather than a remote user authentication (security) server. This section requires 10 to 15 minutes to complete.

For more information about any of the parameters in this lesson, refer to the "" chapter in this guide.

At the end of Lesson 4, the 2511(config-if)# prompt appeared, and this is where you start Lesson 5. Enter the commands in to configure basic system security.

Table 1-9 Configure Basic System Security 

Command
Purpose

2511(config-if)# exit

2511(config)#

Exit from interface configuration mode back to global configuration mode.

2511(config)# aaa new-model

Enable the AAA facility globally on the access server.

2511(config)# aaa authentication login               default local

Define an authentication method list for users logging in to the access server.

2511(config)# aaa authentication ppp               default local

Define an authentication method list for clients using a PPP application to dial in to the network.

2511(config)# aaa authentication arap               default local

Define an authentication method list for clients using ARA to dial in to the network.

2511(config)# line 1 22

2511(config-line)# login authentication                    default

2511(config-line)#

Enter line configuration mode, so that you can apply a login authentication method list to lines that allow login. This example assumes that you are applying the authentication list on a Cisco 2511 access server with 16 asynchronous lines (lines 1 to 16), 1 auxiliary port (line 17), and 5 VTY ports accessed via the LAN and WAN ports (lines 18 to 22). This example applies the default authentication list.1

2511(config-line)# line 1 16

2511(config-line)# arap authentication                    default

Secure physical asynchronous lines against unauthorized ARA access. This example assumes that you are applying the default authentication list on a Cisco 2511 access server with
16 asynchronous lines.

2511(config-line)# interface group-async 1

2511(config-if)# ppp authentication chap                  default

Secure physical asynchronous interfaces against unauthorized PPP access. This example assumes that you are applying the default authentication list on a Cisco 2511 access server with 16 asynchronous lines and that you want to use CHAP authentication.

2511(config-if)# exit

Exit back to global configuration mode.

2511(config)# username jim password 2ude

Populate the local username database by specifying a username-and- password pair for every user who needs access to the network.

1 Refer to the chapter "Configuring Modem Support and Asynchronous Devices" of the Dial Solutions Configuration Guide for more information about line numbers.


You have configured PPP dialin to an IP network, ARA dialin to an AppleTalk network, and security. Each task in these lessons is described in much greater detail in the subsequent chapters in this guide.

Refer to the next section "Sample Access Server Configuration" to view the configuration resulting from the 5 lessons.

Sample Access Server Configuration

The following Cisco 2511 configuration shows the results of Lessons 1 through 5. This configuration is typically sufficient to enable remote users to dial in as a node on a local IP or AppleTalk network. For additional information, refer to the subsequent chapters in this guide.

Note   Substitute your own IP addresses and network numbers, usernames and passwords, and zone names and numbers in this example. Also, ensure that you consider your security policies carefully. For more information, refer to the Security Configuration Guide. 

2511# show running-config 

Building configuration...


Current configuration:

!

version 11.3

service udp-small-servers

service tcp-small-servers

!

hostname 2511

!

aaa new-model

aaa authentication login default local

aaa authentication arap default local

aaa authentication ppp default local

enable secret 5 $1$ltBE$Slq0BUs/5mwqw6B4DOapg/

!

username jim password 7 02150C5A110702

!

appletalk routing

arap network 2500 Mac-dialup

!

ip address-pool local

!

interface Ethernet0

 ip address 172.16.42.24 255.255.255.0

 appletalk cable-range 1-2

 appletalk zone Corporate

 no mop enabled

!

interface Serial0

 no ip address

 shutdown

!

interface group-async1

 ip unnumbered Ethernet0

 encapsulation ppp

 async mode interactive

 ip tcp header-compression passive

 peer default ip-address pool default

 no cdp enable

 ppp authentication chap

 group-range 1 16

!

router rip

 network 172.16.42.0

!

ip local pool default 172.16.42.1 172.16.42.16

no ip classless

!

line con 0

 login

 transport input all

 login authentication default

!

line 1 16

 arap enable

 login

 modem InOut

 modem autoconfigure discovery 

 autoselect arap

 autoselect ppp

 transport input all

 speed 115200

 flowcontrol hardware

 arap authentication default 

 login authentication default

line aux 0

line vty 0 4

 login authentication default

!

ip domain-name eapp.com

ip name-server 172.16.42.128

!

end