Table Of Contents
Configuring Advanced Networks
Before Configuring Advanced Networks or Features
Connecting a Private IP Network to the Internet and a Corporate Network
Features Used
Configuring the Cisco 800 Series Router
Configuring the Router at the Corporate Site
Connecting a Remote Network to Two Corporate Networks
Features Used
Configuring the Cisco 800 Series Router
Configuring the Routers at the Corporate Site
Configuring the ISDN Line
Dial-on-Demand Routing Using Snapshot Routing
Configuration
Verifying the DDR Configuration
Configuring a Leased ISDN Line
Configuring Dynamic Routing
Configuring Routing Information Protocol
Configuring UDP Broadcasts
Configuration of UDP Broadcasts
Configuring DHCP Relay
Configuration of DHCP Relay
Controlling the DDR ISDN Line Activation
UDP Broadcasts in Windows Networks
Configuration of an Extended Access List
UDP Broadcasts in DHCP Relay Environment
Configuration
UDP Broadcasts in NTP Environment
Configuration
IP Traffic
Configuration
Restricting Access to Your Network
Configuration of Extended Access List
Configuring Advanced Networks
This chapter describes the following configurations:
•
Private IP network to Internet and corporate network
•Remote network to two corporate networks
The following features can be configured in your network:
•Dial-on-demand routing (DDR) using snapshot routing
•Leased Integrated Services Digital Network (ISDN) line
•Dynamic routing using Routing Information Protocol (RIP), including triggered extensions to RIP, and Enhanced Interior Gateway Routing Protocol (EIGRP)
•Microsoft Windows (configuring Cisco 800 series routers to function in a Windows operating system environment)
•Dynamic Host Configuration Protocol (DHCP) relay
•Dial-on-demand ISDN line activation control
•Network access restrictions
•Dial-in authentication and authorization
•X.25 on ISDN Basic Rate Interface (BRI)
•Always on/dynamic ISDN (AO/DI)
•Advanced telephone features, such as ISDN voice priority and distinctive ringing
Cisco recommends that you familiarize yourself with the features in the configuration examples to help you decide which features you wish to include in your network.
Note Certain protocols (IP, User Datagram Protocol [UDP], and Network Time Protocol [NTP]) send updates that can cause an ISDN line to be activated excessively. For information on preventing this situation, refer to the "Controlling the DDR ISDN Line Activation" section.
Before Configuring Advanced Networks or Features
Before configuring the advanced networks or the advanced features, you must do the following:
Step 1 Order your ISDN line from your telephone service provider. For complete information on ordering your ISDN line, see Appendix D, "Provisioning an ISDN Line."
Step 2 While ordering your ISDN line, gather the following information from your telephone service provider:
•ISDN switch type.
•Service profile identifiers (SPIDs). In North America only, telephone service providers assign SPIDs. SPIDs identify the ISDN B channels. The SPID format is generally an ISDN telephone number with additional numbers, such as 40855522220101. Depending on the switch type that supports your ISDN line, your ISDN line could be assigned zero, one, or two SPIDs.
•ISDN local directory numbers (LDNs), which are the local ISDN telephone numbers of your routers, such as 4085552222 and 5553333.
Note The format of the LDN varies from region to region, depending on the telephone service provider. In some regions, you need to add the area code to the telephone number. Find out from your local telephone service provider whether or not you need to specify an area code for the LDN.
Step 3 If you are setting up an Internet connection, gather the following information from your Internet service provider (ISP):
•PPP client name that the ISP assigns as your login name
•PPP authentication type, either Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP)
•PPP password to access your ISP account
•IP address information: the IP address and subnet mask of the ISP ISDN interface
•ISP telephone number
Step 4 If you are setting up a connection to a corporate network, you and the network administrator of the corporate network must decide on or generate the following information for the WAN interfaces of your routers and share this information:
•PPP authentication type, either CHAP or PAP
•PPP client name to access the router
•PPP password to access the router
•Telephone number assigned to the telephone interface of your router
Step 5 If you are setting up IP routing, collect information on the addressing scheme for your IP network.
Connecting a Private IP Network to the Internet and a Corporate Network
In the network example shown in Figure 3-1 and Table 3-1, the Cisco 800 series router connects a private IP network to an ISP and a corporate network. In this network, the ISP assigns a registered IP address for the WAN interface only.
Figure 3-1 Connecting Private IP Network to Internet and Corporate Network
Callout Number
|
Description
|
1
|
Private network
|
2
|
Site 1
|
3
|
ISDN
|
4
|
Internet service provider
|
5
|
Site 2
|
Features Used
This network uses the following features on the LAN:
•IP routing
•DHCP server (optional)
When your router is acting as a DHCP server, workstations configured as DHCP clients are automatically assigned an IP address and subnet mask.
This network uses the following features on the WAN:
•IP routing
•PPP
•NAT overload
•Internet Protocol Control Protocol (IPCP)
•CHAP or PAP over PPP
With NAT overload configured, your router can use one address for multiple hosts. With IPCP configured, your router can automatically negotiate its IP address from the router it is attempting to connect to.
You can use CHAP or PAP as the PPP authentication protocol. Cisco recommends using CHAP, because it is more secure.
For the ISDN connection, you can use one of the following options:
•DDR using snapshot routing (the ISDN line is activated only when needed)
•Permanent ISDN line lease
For complete information on these options, including how to configure them, see the "Configuring the ISDN Line" section.
The IP routing protocol can use either RIP or EIGRP to learn routes dynamically. You can also use triggered extensions to RIP to control when RIP sends routing updates. For information on how to configure these options, see the "Configuring Dynamic Routing" section.
Configuring the Cisco 800 Series Router
Note Before you begin to configure your router, review the "Before Configuring Advanced Networks or Features" section.
Starting from global configuration mode, follow these steps to configure the Cisco 800 series router in the private IP network to connect to the Internet and the corporate network. For more information on the commands used, refer to the
Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# hostname c804
|
Enter the router name.
|
Step 3
|
c804(config)# enable secret 804password
|
Enter the password.
|
Step 4
|
c804(config)# pots country us
|
Optional. If you have a Cisco 803 router that is connected to telephones, fax machines, or modems, specify the country where your router is located. Specifying a country configures the country-specific default settings for each physical characteristic.
|
Step 5
|
c804(config)# interface bri0
c804(config-if)# isdn switch-type basic-ni
c804(config-if) exit
|
Change to interface configuration mode, set the ISDN switch type, and return to global configuration mode.
|
Step 6
|
c804(config)# ip subnet-zero
|
Set the router to recognize the zero subnet range as a valid range of addresses.
|
Step 7
|
c804(config)# ip dhcp pool DHCPpoolLAN_0
|
Optional. Configure your router as a DHCP server. This step specifies the DHCP relay pool name.
|
Step 8
|
c804(dhcp-config)# network 10.0.0.0 255.255.255.0
|
For configuring DHCP only. Set the DHCP pool of addresses.
|
Step 9
|
c804(dhcp-config)# dns-server 192.168.1.100
|
For configuring DHCP only. Set the IP address of the DNS server.
|
Step 10
|
c804(dhcp-config)# netbios-name-server 10.1.1.2 10.1.1.3
|
For configuring DHCP only. Set the NetBIOS servers.
|
Step 11
|
c804(dhcp-config)# default-router 10.1.1.1
|
For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.
|
Step 12
|
c804(dhcp-config)# exit
|
For configuring DHCP only. Exit to global configuration mode.
|
Step 13
|
c804(config-if)# ip address 10.0.0.1 255.255.255.0
|
Enter the IP address and subnet mask.
|
Step 14
|
c804(config-if)# ip nat inside
c804(config-if)# exit
|
Enable Network Address Translation (NAT) on your LAN; then change to global configuration mode.
|
Step 15
|
c804(config)# interface bri0
|
Change to interface configuration mode for BRI0.
|
Step 16
|
c804(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 17
|
c804(config-if)# isdn incoming-voice modem
|
Optional. Specify that incoming voice calls are forwarded to the devices connected to the telephone ports.
|
Step 18
|
c804(config-if)# ppp authentication pap chap callin
|
Enable PAP or CHAP on incoming calls only.
|
Step 19
|
c804(config-if)# ppp chap hostname c804
c804(config-if)# ppp chap password 804password
|
For CHAP only. Define the router hostname and password to authenticate.
|
Step 20
|
c804(config-if)# ppp multilink
|
Enable multilink PPP.
|
Step 21
|
c804(config-if)# ip nat outside
c804(config-if)# exit
|
Configure a valid Internet address to which the inside network address will be translated, then change to global configuration mode.
|
Step 22
|
c804(config)# interface dialer1
|
Create a dialer interface.
|
Step 23
|
c804(config-if)# ip unnumbered ethernet0
|
Specify that no specific IP addresses are assigned for Ethernet 0.
|
Step 24
|
c804(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 25
|
c804(config-if)# dialer remote-name corp_router
|
Specify the name of the corporate router.
|
Step 26
|
c804(config-if)# dialer pool 1
|
Assign a dialer pool.
|
Step 27
|
c804(config-if)# dialer idle-timeout 300
|
Specify the time in seconds that the line is idle before it is disconnected.
|
Step 28
|
c804(config-if)# dialer string 7771111
|
Set up the dialer string.
|
Step 29
|
c804(config-if)# dialer hold-queue 10
|
Specify the maximum number of packets to be held in the outgoing queue.
|
Step 30
|
c804(config-if)# dialer load-threshold 150 either
|
Define the load level that must be exceeded on the first ISDN B channel before the second B channel is brought up. The load-threshold variable is a number from 1 to 255 representing a utilization percentage.
Enter outbound to calculate the load using outbound data only, inbound to use inbound data only, and either to set the maximum load as the larger of the two loads.
|
Step 31
|
c804(config-if)# dialer-group 1
|
Assign the interface to dialer access group 1.
|
Step 32
|
c804(config-if)# ppp authentication chap pap callin
|
Configure CHAP and PAP to authenticate incoming calls.
|
Step 33
|
c804(config-if)# ppp chap hostname c804
c804(config-if)# ppp chap password 804password
|
Specify the CHAP host name and password.
|
Step 34
|
c804(config-if)# ppp pap sent-username c804 password 804password
|
Specify the PAP username and password.
|
Step 35
|
c804(config)# interface dialer2
|
Create a second dialer interface.
|
Step 36
|
c804(config-if)# ip address negotiated
|
Specify that IP addresses are negotiated.
|
Step 37
|
c804(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 38
|
c804(config-if)# dialer remote-name isp
|
Specify the name of the corporate router.
|
Step 39
|
c804(config-if)# dialer pool 2
|
Assign a dialer pool.
|
Step 40
|
c804(config-if)# dialer idle-timeout 300
|
Specify the time in seconds that the line is idle before it is disconnected.
|
Step 41
|
c804(config-if)# dialer string 18001234567
|
Set up the dialer string.
|
Step 42
|
c804(config-if)# dialer hold-queue 10
|
Specify the maximum number of packets to be held in the outgoing queue.
|
Step 43
|
c804(config-if)# dialer load-threshold 150 either
|
Define the load level that must be exceeded on the first ISDN B channel before the second B channel is brought up. The load-threshold variable is a number from 1 to 255 representing a utilization percentage.
Enter outbound to calculate the load using outbound data only, inbound to use inbound data only, and either to set the maximum load as the larger of the two loads.
|
Step 44
|
c804(config-if)# dialer-group 1
|
Assign the interface to dialer access group 1.
|
Step 45
|
c804(config-if)# ppp authentication chap pap callin
|
Configure CHAP and PAP to authenticate incoming calls.
|
Step 46
|
c804(config-if)# ppp chap hostname
generic user
c804(config-if)# password user pass
|
Specify the CHAP username and password.
|
Step 47
|
c804(config-if)# ppp pap sent-username generic_user password user pass
|
Specify the PAP username and password.
|
Step 48
|
c804(config-if)# ppp multilink
|
Enable multilink PPP.
|
Step 49
|
c804(config-if)# exit
|
Change to global configuration mode.
|
Step 50
|
c804(config)# access-list 1 permit 10.0.0.1 255.255.255.0
c804(config)# dialer-list 1 protocol ip permit
|
Specify an access list and a dialer list to control IP traffic.
|
Step 51
|
c804(config)# ip route 10.1.0.0 255.255.0.0 bri0
|
Add a default route and interface.
|
Step 52
|
c804(config)# dial-peer voice 1 pots
c804(config-dial-peer)# destination-pattern 5551212
c804(config-dial-peer)# port 1
|
Create a dial peer to determine how incoming calls are routed to the telephone port 1.
|
Step 53
|
c804(config-dial-peer)# exit
|
Return to global configuration mode.
|
Step 54
|
c804(config)# dial-peer voice 2 pots
c804(config-dial-peer)# destination-pattern 5551313
c804(config-dial-peer)# port 2
|
Create a second dial peer for the telephone port 2.
|
Step 55
|
c804(config-dial-peer)# exit
|
Change to global configuration mode.
|
Step 56
|
c804(config)# ip nat inside source list 1 interface bri0 overload
c804(config)# access-list 1 permit 10.0.0.0 0.0.0.255
|
Set global NAT commands. In this example, all inside network addresses assigned to interface BRI0 are configured for translation, and the access list that contains the inside network addresses is defined.
|
Configuring the Router at the Corporate Site
Starting from global configuration mode, follow these steps to configure the router that is connected to the Cisco 800 series router. This procedure assumes that this router is a Cisco router that supports Cisco IOS software, such as a Cisco 3600 router.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# hostname 3600
|
Specify a name for the router.
|
Step 3
|
3600(config)# enable secret secret
|
Set an encrypted password to gain access to privileged EXEC mode commands.
|
Step 4
|
3600(config)# username c800 password c800 pass
|
Specify the username and password of the Cisco 800 series router.
|
Step 5
|
3600(config)# ip subnet-zero
|
Set router to recognize the zero subnet range as a valid range of addresses.
|
Step 6
|
3600(config)# no ip domain-lookup
|
Disable router from translating unfamiliar words entered during a console session into IP addresses.
|
Step 7
|
3600(config)# ip dhcp pool DHCPpoolLAN_1
|
Optional. Configure your router as a DHCP server. This step specifies the DHCP relay pool name.
|
Step 8
|
3600(dhcp-config)# network 192.168.1.0 255.255.255.0
|
For configuring DHCP only. Set the DHCP pool of addresses.
|
Step 9
|
3600(dhcp-config)# dns-server 192.168.1.2
|
For configuring DHCP only. Set the IP address of the DNS server.
|
Step 10
|
3600(dhcp-config)# netbios-name-server 192.168.1.11 192.168.1.12
|
For configuring DHCP only. Set the NetBIOS servers.
|
Step 11
|
3600(dhcp-config)# default-router 192.168.1.1
|
For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.
|
Step 12
|
3600(dhcp-config)# exit
|
For configuring DHCP only. Exit to global configuration mode.
|
Step 13
|
3600(config)# ip local pool POOL1 192.168.1.10 192.168.1.20
|
Set a local pool of IP addresses to be used when Cisco 800 series router attempts to connect.
|
Step 14
|
3600(config)# interface e0
|
Change to interface configuration mode for Ethernet 0.
|
Step 15
|
3600(config-if)# ip address 192.168.1.1 255.255.255.0
3600(config-if)# exit
|
Set IP address and subnet mask for the Ethernet interface, then return to global configuration mode.
|
Step 16
|
3600(config)# interface bri0
3600(config-if)# isdn switch-type basic-net3
|
Change to interface configuration mode for BRI0 and specify the ISDN switch type.
|
Step 17
|
3600(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 18
|
3600(config-if)# isdn spid1 0155533330101
3600(config-if)# isdn spid2 0155544440101
|
North America only. Specify SPID numbers assigned to B channels by telephone service provider.
|
Step 19
|
3600(config-if)# peer default ip address pool POOL1
|
Specify address from a particular IP address pool be returned to the connected router. Use pool name specified in ip local pool command.
|
Step 20
|
3600(config-if)# ppp authentication chap callin
or
3600(config-if)# ppp authentication pap callin
|
Enable PAP or CHAP and specify authentication in incoming calls only.
|
Step 21
|
3600(config-if)# ppp multilink
|
Enable multilink PPP.
|
Step 22
|
3600(config-if)# no cdp enable
|
Disable CDP.
|
Step 23
|
3600(config-if)# exit
3600(config)# ip classless
|
Change to global configuration mode, and set IP addresses to be treated as classless.
|
Connecting a Remote Network to Two Corporate Networks
In the network example shown in Figure 3-2, the Cisco 800 series router and two other routers, such as Cisco 3600 routers, connect a remote network to two corporate networks.
Figure 3-2 Connecting Remote Network to Two Corporate Networks
Callout Number
|
Description
|
1
|
Site 1
|
2
|
ISDN network
|
3
|
Site 2
|
4
|
Site 3
|
Features Used
This network uses the following features on the LAN:
•IP routing (Cisco recommends for management purposes, such as Telnet)
•DHCP server (optional)
When your router is acting as a DHCP server, workstations configured as DHCP clients are automatically assigned an IP address and subnet mask.
This network uses the following features on the WAN:
•IP routing
•PPP
•NAT overload
•IPCP
•CHAP or PAP over PPP
With NAT overload configured, your router can use one address for multiple hosts. With IPCP configured, your router can automatically negotiate its IP address from the router it is attempting to connect to.
You can use either CHAP or PAP as the PPP authentication protocol. Cisco recommends using CHAP because it is the more secure of the two protocols.
For the ISDN connection, you can use one of the following options:
•DDR using snapshot routing (the ISDN line is activated only when needed)
•Permanently leased ISDN line
For complete information on these options, including how to configure them, see the "Configuring the ISDN Line" section.
The IP routing protocol can use either RIP or EIGRP to learn routes dynamically. You can use either one of these options. You can also use triggered extensions to RIP to control when RIP sends routing updates. For information on how to configure these options, see the "Configuring Dynamic Routing" section.
Configuring the Cisco 800 Series Router
Note Before you begin to configure your router, review the "Before Configuring Advanced Networks or Features" section .
Starting from global configuration mode, follow these steps to configure the Cisco 800 series router in the remote network to two corporate networks. For information on the commands used in this table, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# hostname c804
|
Enter the router name.
|
Step 3
|
c804(config)# enable secret 804password
|
Enter the password.
|
Step 4
|
c804(config)# pots country us
|
Optional. If you have a Cisco 803 or 804 router that are connected to telephones, fax machines, or modems, specify the country where your router is located. Specifying a country configures the country-specific default settings for each physical characteristic.
|
Step 5
|
c804(config)# ip subnet-zero
|
Set the router to recognize the zero subnet range as a valid range of addresses.
|
Step 6
|
c804(config)# ip dhcp pool DHCPpoolLAN_0
|
Optional. Configure your router as a DHCP server. In this step, specify the DHCP relay pool name.
|
Step 7
|
c804(dhcp-config)# network 192.168.1.0 255.255.255.0
|
Optional. Set the DHCP pool of addresses.
|
Step 8
|
c804(dhcp-config)# dns-server 172.29.20.41 172.29.20.51
|
For DHCP configuration only. Set the IP address of the DNS servers.
|
Step 9
|
c804(dhcp-config)# netbios-name-server 172.29.20.41 172.29.20.51
|
For DHCP configuration only. Set the NetBIOS servers.
|
Step 10
|
c804(dhcp-config)# default-router 192.168.1.1
|
For DHCP configuration only. Set the Ethernet 0 IP address as the default gateway.
|
Step 11
|
c804(dhcp-config)# exit
|
For DHCP configuration only. Exit to global configuration mode.
|
Step 12
|
c804(config)# interface ethernet0
|
Change to the Ethernet interface configuration mode.
|
Step 13
|
c804(config-if)# ip nat inside
|
Enable NAT on the inside network.
|
Step 14
|
c804(config-if)# ip address 192.168.2.2 255.255.255.0
c804(config-if)# exit
|
Assign the IP addresses for Ethernet 0; then change to global configuration mode.
|
Step 15
|
c804(config)# interface dialer1
|
Create a dialer interface.
|
Step 16
|
c804(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 17
|
c804(config-if)# dialer remote-name corp1
|
Specify the name of the corporate router.
|
Step 18
|
c804(config-if)# dialer pool 1
|
Assign a dialer pool.
|
Step 19
|
c804(config-if)# dialer idle-timeout 300
|
Specify the time, in seconds, that the line is idle before it is disconnected.
|
Step 20
|
c804(config-if)# dialer string 7771111
|
Set up the dialer string.
|
Step 21
|
c804(config-if)# dialer hold-queue 10
|
Specify the maximum number of packets to be held in the outgoing queue.
|
Step 22
|
c804(config-if)# dialer-group 1
|
Assign the interface to dialer access group 1.
|
Step 23
|
c804(config-if)# ppp authentication chap pap callin
|
Configure CHAP and PAP to authenticate incoming calls.
|
Step 24
|
c804(config-if)# ppp chap hostname c804
|
Specify the CHAP host name.
|
Step 25
|
c804(config-if)# ppp chap password 804password
|
Specify the CHAP password.
|
Step 26
|
c804(config-if)# ppp pap sent-username c804 password 804password
|
Specify the PAP username and password.
|
Step 27
|
c804(config)# interface dialer2
|
Create a second dialer interface.
|
Step 28
|
c804(config-if)# ip address 192.168.3.1 255.255.255.0
|
Assign the IP addresses for Ethernet 0.
|
Step 29
|
c804(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 30
|
c804(config-if)# dialer remote-name corp2
|
Specify the name of the corporate router.
|
Step 31
|
c804(config-if)# dialer pool 1
|
Assign a dialer pool.
|
Step 32
|
c804(config-if)# dialer idle-timeout 300
|
Specify the time in seconds that the line is idle before it is disconnected.
|
Step 33
|
c804(config-if)# dialer string 7772222
|
Set up the dialer string.
|
Step 34
|
c804(config-if)# dialer hold-queue 10
|
Specify the maximum number of packets to be held in the outgoing queue.
|
Step 35
|
c804(config-if)# dialer-group 2
|
Assign the interface to a dialer access group.
|
Step 36
|
c804(config-if)# ppp authentication chap pap callin
|
Configure CHAP and PAP to authenticate incoming calls.
|
Step 37
|
c804(config-if)# ppp chap hostname c804
|
Specify the CHAP host name.
|
Step 38
|
c804(config-if)# ppp chap password 804password
|
Specify the CHAP password.
|
Step 39
|
c804(config-if)# ppp pap sent-username c804 password 804password
|
Configure PAP username and password.
|
Step 40
|
c804(config-if)# exit
c804(config)#
|
Change to global configuration mode.
|
Step 41
|
c804(config)# dialer-list 1 protocol ip permit
c804(config) dialer-list 2 protocol ip permit
|
Specify dialer-list protocol permissions.
|
Step 42
|
c804(config)# interface bri0
c804(config-if)# isdn switch-type basic-ni
|
Change to the interface BRI0 configuration mode and set the ISDN switch type.
|
Step 43
|
c804(config-if)# ip address 192.168.1.1. 255.255.255.0
|
Enter the IP address and subnet mask.
|
Step 44
|
c804(config-if)# ip nat outside
|
Configure a valid Internet address to which the inside network address will be translated.
|
Step 45
|
c804(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 46
|
c804(config-if)# dialer rotary-group 1
c804(config-if)# dialer rotary-group 2
|
Create dialer rotary groups 1 and 2, specifying a number between 0 and 255 for each.
|
Step 47
|
c804(config-if)# isdn spid1 0 4085551212
c804(config-if)# isdn spid2 0 4085551313
|
North America only. Associate the ISDN LDNs provided by your telephone service provider to the first and second SPIDs, and configure the SPID numbers to be automatically detected.
|
Step 48
|
c804(config-if)# ppp authentication pap chap callin
|
Enable PAP or CHAP for incoming data.
|
Step 49
|
c804(config-if)# isdn incoming-voice modem
|
Specify that voice calls are forwarded to the devices connected to the analog telephone ports.
|
Step 50
|
c804(config-if)# exit
|
Change to global configuration mode.
|
Step 51
|
c804(config)# dial-peer voice 1 pots
c804(config-dial-peer)# destination-pattern 5551212
c804(config-dial-peer)# port 1
|
Create a dial peer to determine how incoming calls are routed to the telephone port 1.
|
Step 52
|
c804(config-dial-peer)# exit
|
Return to global configuration mode.
|
Step 53
|
c804(config)# dial-peer voice 2 pots
c804(config-dial-peer)# destination-pattern 5551313
c804(config-dial-peer)# port 2
|
Create a second dial peer to determine how incoming calls are routed to the telephone port 2.
|
Step 54
|
c804(config-dial-peer)# exit
|
Change to global configuration mode.
|
Step 55
|
c804(config)# ip nat inside source list 1 interface bri0 overload
c804(config)# access-list 1 permit 192.168.1.0 0.0.0.255
|
Set global NAT commands. In this example, all inside network addresses assigned to interface BRI0 are configured for translation, and the access list that contains the inside network addresses is defined.
|
Configuring the Routers at the Corporate Site
Starting from global configuration mode, follow these steps to configure the routers that connect the Cisco 800 series router.
This procedure assumes that these routers are Cisco routers that support Cisco IOS software, such as a Cisco 3600 router.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# hostname 3600
|
Define the corporate router hostname.
|
Step 3
|
3600(config)# enable secret secret
|
Enter an encrypted password to gain access to privileged EXEC mode commands.
|
Step 4
|
3600(config)# username c800 password c800_pass
|
Specify the username and password of the Cisco 800 series router.
|
Step 5
|
3600(config)# ip subnet-zero
|
Set router to recognize the zero subnet range as a valid range of addresses.
|
Step 6
|
3600(config)# no ip domain-lookup
|
Disable router from translating unfamiliar words entered during a console session into IP addresses.
|
Step 7
|
3600(config)# ip local pool POOL1 1.1.2.1 1.1.2.7
|
Set a local pool of IP addresses to be used when the Cisco 800 series router attempts to connect. Define the pool name and the range of IP addresses in the pool.
|
Step 8
|
3600(config)# ip dhcp pool DHCPpoolLAN_1
|
Optional if configuring your router as a DHCP server. If DHCP is not being configured, go to step 14.
This step specifies the DHCP relay pool name.
|
Step 9
|
3600(dhcp-config)# network 1.1.2.0 255.255.255.0
|
For configuring DHCP only. Set the DHCP pool of addresses.
|
Step 10
|
3600(dhcp-config)# dns-server 1.1.2.2
|
For configuring DHCP only. Set the IP address of the DNS server.
|
Step 11
|
3600(dhcp-config)# netbios-name-server 1.2.2.2 1.2.2.3
|
For configuring DHCP only. Set the NetBIOS servers.
|
Step 12
|
3600(dhcp-config)# default-router 1.1.2.1
|
For configuring DHCP only. Set the Ethernet 0 IP address as the default gateway.
|
Step 13
|
3600(dhcp-config)# exit
|
For configuring DHCP only. Exit to global configuration mode.
|
Step 14
|
3600(config)# ip address 1.1.1.1 255.255.255.0
|
Set IP address and subnet mask.
|
Step 15
|
3600(config)# interface bri0
3600(config-if)# isdn switch-type basic-net3
|
Change to interface configuration mode for BRI0 and specify ISDN switch type.
|
Step 16
|
3600(config-if)# encapsulation ppp
|
Enable PPP.
|
Step 17
|
3600(config-if)# isdn spid1 0155533330101
3600(config-if)# isdn spid2 0155544440101
|
North America only. Specify SPID numbers assigned to B channels by telephone service provider.
|
Step 18
|
3600(config-if)# peer default ip address pool POOL1
|
Specify address from a particular IP address pool be returned to the connected router. Use pool name specified in ip local pool command.
|
Step 19
|
3600(config-if)# ppp authentication chap
or
3600(config-if)# ppp authentication pap
|
Enable PAP or CHAP.
|
Step 20
|
3600(config-if)# ppp multilink
|
Enable multilink PPP.
|
Step 21
|
3600(config-if)# no cdp enable
|
Disable CDP.
|
Step 22
|
3600(config-if)# exit
|
Change to global configuration mode.
|
Step 23
|
3600(config)# ip classless
|
Set the IP addresses to be treated as classless.
|
Configuring the ISDN Line
For the ISDN line, you can use one of the following features:
•DDR using snapshot routing (the ISDN line is activated only when needed)
•Permanent ISDN line lease
This section provides further information on these features and how to configure them.
Dial-on-Demand Routing Using Snapshot Routing
You can configure the DDR feature on your ISDN line. The ISDN line is then activated by traffic demands, including sending updates to other routers. You can configure snapshot routing to control the duration and frequency of the routing updates.
Note Some protocols (IP, UDP, and NTP) send updates that can cause an ISDN line to be activated excessively. For information on preventing this situation, see the "Controlling the DDR ISDN Line Activation" section.
Configuration
Starting from interface configuration mode, follow these steps to configure DDR using snapshot routing. For information on the commands used in this configuration, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
router(config)# interface bri0
|
Enter global configuration mode. Then enter interface configuration mode.
|
Step 2
|
router(config-if)# dialer rotary-group 1
|
Create a dialer rotary-group, useful in environments that require multiple calling destinations. Only the rotary-group needs to be configured with dialer map commands.
|
Step 3
|
router(config-if)# interface dialer 0
|
Create a dialer rotary-group leader.
|
Step 4
|
router(config-if)# ppp multilink
|
Enable multilink PPP.
|
Step 5
|
router(config-if)# dialer in-band
|
Enable DDR.
|
Step 6
|
router(config-if)# dialer idle-timeout 150
|
Specify the amount of time that the line is idle before it is disconnected.
|
Step 7
|
router(config-if)# dialer hold-queue 10
|
Set number of packets held in outgoing queue.
|
Step 8
|
router(config-if)# dialer load-threshold 150 either
|
Define the load level that must be exceeded on first ISDN B channel before the second B channel is brought up, and whether the load level is defined for inbound or outbound traffic, or for either type.
|
Step 9
|
router(config-if)# dialer-group 2
|
Assign interface to dialer access group.
|
Step 10
|
router(config-if)# dialer-list 2 protocol ip permit
|
Define the traffic types that trigger and sustain an ISDN call on interfaces sharing the same dialer-group number.
|
Step 11
|
router(config-if)# map-class dialer class1
|
Optional. Define a class of shared configuration parameters for outgoing calls.
|
Step 12
|
router(config-map-class)# dialer isdn speed 56
|
Optional. If 64-kbps calling is not supported, enter 56 kbps as speed for the B channel.
|
Step 13
|
router(config-map-class)# exit
router(config)# interface bri0
|
Change to global configuration. Then change to interface configuration mode for BRI0.
|
Step 14
|
router(config-if)# dialer map 3.3.3.3 name name1 5551000
|
Create a dialer map used by the WAN interface.
|
Step 15
|
router(config-if)# exit
router(config)# interface dialer0
|
Change to global configuration mode. Then change to interface configuration for dialer 0.
|
Step 16
|
router(config-if)# snapshot server 5
or
router(config-if)# snapshot client 5
|
Set up one of the following options for snapshot routing:
•A server router and the active time interval, in minutes (from 5 to 1000)
•A client router, the active time interval, in minutes (from 5 to 1000), and the quiet time interval, in minutes (from 8 to 100,000)
|
Step 17
|
router(config-if)# exit
router(config)# interface bri0
|
Change to global configuration mode. Then change to interface configuration for BRI0.
|
Step 18
|
router(config-if)# dialer map snapshot 2 5551000
|
Define a dialer map for snapshot routing on a client router connected to a DDR interface.
|
Verifying the DDR Configuration
You can test your DDR configuration by making an ISDN data call through the CLI as shown in the following steps. For more information on the commands shown, refer to the Cisco IOS documentation set.
| |
Command
|
Purpose
|
Step 1
|
router# isdn call interface bri0 5551000
|
Initiate the data call and specify the interface and dial string.
|
Step 2
|
router# isdn disconnect interface bri0 all
|
Disconnect the data call without bringing down the interface.
|
Configuring a Leased ISDN Line
This section describes how to configure the router so that it uses the ISDN line as a leased-line connection to the routers at the corporate site. Use the following steps to ensure that the ISDN line is always active and connected to the corporate office switch. For more information, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# isdn leased-line bri0 128
|
Configure the BRI interface to use the ISDN physical connection as a leased-line service. Select one of the following line speeds:
•128 combines the two B channels at
128 kbps. Offered in Japan only.
•144 combines the two B channels and D channel at 144 kbps.
|
Configuring Dynamic Routing
The IP routing protocol can use RIP or EIGRP to learn routes dynamically. You can configure either one of these options. This section also provide information on triggered extensions to RIP.
Configuring Routing Information Protocol
RIP is a commonly used Interior Gateway Protocol (IGP) for use in small networks.
Starting in global configuration mode, follow these steps to configure RIP. For information on the commands used in this configuration, refer to the Cisco IOS documentation set.
| |
Command
|
Purpose
|
Step 1
|
router(config)# router rip
|
Enable the RIP routing process.
|
Step 2
|
router(config-router)# network network-number
|
Associate a network with the RIP routing process.
|
Step 3
|
router(config-router)# version
{1 | 2}
|
Set the software to receive and send only RIP version 1 or only RIP version 2 packets.
|
Configuring UDP Broadcasts
Figure 3-3 shows a Cisco 800 series router configured to function in a Microsoft Windows environment.
Figure 3-3 Cisco 800 Series Router Forwarding UDP Broadcasts
Callout Number
|
Description
|
1
|
NT client
|
2
|
Network A
|
3
|
ISDN
|
4
|
Network B
|
5
|
NT server
|
The router forwards UDP broadcasts containing PC addresses, so that PCs in network A can learn about PCs in network B, and vice versa. However, if your network uses a DDR ISDN line, the UDP broadcasts might activate this line too often.
If keeping monthly ISDN costs low is a concern, you can control when your DDR ISDN line is activated. For more information on this option, see the "Controlling the DDR ISDN Line Activation" section.
Configuration of UDP Broadcasts
Starting from the ISDN interface configuration mode, use the following steps to configure the router to forward UDP broadcasts. For more information on the commands listed, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# interface bri0
|
Change to interface configuration mode for BRI0.
|
Step 3
|
router(config-if)# ip helper-address address
|
Set the router to forward UDP broadcasts, including broadcasts of IP addresses and IP configuration requests to the NT server.
|
Note By default, eight other UDP ports, including 137 (NetBIOS name server) and 138 (NetBIOS datagram service), are enabled. For more information, refer to the Cisco IOS documentation.
Configuring DHCP Relay
With DHCP, devices on an IP network (DHCP clients) can request configuration information from a DHCP server. DHCP allocates IP addresses from a central pool as needed.
With the DHCP relay feature configured, the Cisco 800 series routers can relay IP configuration information from the LAN interface, over the ISDN interface, and to a specified DHCP server as shown in Figure 3-4.
Figure 3-4 DHCP Relay
Callout Number
|
Description
|
1
|
DHCP client
|
2
|
DHCP relay
|
3
|
ISDN network
|
4
|
DHCP server
|
DHCP relay configures the router to forward UDP broadcasts, including IP configuration requests, from DHCP clients. However, if your network uses a DDR ISDN line, you might find that this line is activated excessively by the IP configuration requests and other UDP broadcasts. If keeping monthly ISDN costs low is a concern, you can control the activation of your ISDN line. For more information, refer to the "UDP Broadcasts in DHCP Relay Environment" section.
Configuration of DHCP Relay
Starting in global configuration mode, use the following steps to configure DHCP relay. For more information on the commands listed, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# ip dhcp-server ip-address
|
Specify which DHCP server to use on your network.
|
Controlling the DDR ISDN Line Activation
The following types of traffic can activate your ISDN line and increase your monthly ISDN line cost:
•UDP broadcasts associated with networks running Microsoft Windows
•UDP broadcasts associated with networks running DHCP relay
•UDP broadcasts associated with NTP
•IP broadcasts, including RIP and EIGRP broadcasts
The following sections describe how to control these types of traffic.
UDP Broadcasts in Windows Networks
The "Configuring UDP Broadcasts" section describes how to configure the router to forward UDP broadcasts.
To control monthly costs, you can configure an extended access list so that UDP broadcasts do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.
Configuration of an Extended Access List
Starting in global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# interface bri0
|
Change to interface configuration mode for the WAN interface.
|
Step 3
|
router(config-if)# dialer-group 1
|
Create a dialer list.
|
Step 4
|
router(config-if)# exit
|
Return to global configuration mode.
|
Step 5
|
router(config)# access-list 100 deny udp any any eq netbios-nm
|
Set NetBIOS name service packets not to activate the ISDN line.
|
Step 6
|
router(config)# access-list 100 deny udp any any eq netbios-dgm
|
Set NetBIOS datagram service packets not to activate the ISDN line.
|
Step 7
|
router(config)# access-list 100 permit ip any any
|
Permit all other IP traffic.
|
Step 8
|
router(config)# dialer-list 1 protocol ip list 100
|
Set IP packets to activate the ISDN line.
|
Note This example of an extended access list includes commonly anticipated restrictions. The information in this section is meant to be used as a base from which you can add or delete restrictions as appropriate for your particular network. The extended access list that you create depends on your particular network.
UDP Broadcasts in DHCP Relay Environment
The "Configuring DHCP Relay" section describes how to configure the router to forward UDP broadcasts.
To control costs, you can configure an extended access list so that UDP broadcasts do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.
Configuration
Starting in global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# interface bri0
|
Change to interface configuration mode for the WAN interface.
|
Step 3
|
router(config-if)# dialer-group 1
|
Create a dialer list.
|
Step 4
|
router(config-if)# exit
|
Return to global configuration mode.
|
Step 5
|
router(config)# access-list 100 deny udp any any eq 135
|
Set location services packets not to activate the ISDN line.
|
Step 6
|
router(config)# access-list 100 permit ip any any
|
Permit all other IP traffic.
|
Step 7
|
router(config)# dialer-list 1 protocol ip list 100
|
Set IP packets to activate the ISDN line.
|
UDP Broadcasts in NTP Environment
You can configure an extended access list so that UDP broadcasts associated with NTP do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and can permit or deny specific protocols.
Configuration
Starting in global configuration mode, use the following steps to configure an extended access list so that UDP broadcasts associated with NTP do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# interface bri0
|
Specify parameters for the WAN interface.
|
Step 3
|
router(config-if)# dialer-group 1
|
Create a dialer list.
|
Step 4
|
router(config-if)# exit
|
Return to global configuration mode.
|
Step 5
|
router(config)# access-list 100 deny udp any any eq ntp
|
Set NTP packets not to activate the ISDN line.
|
Step 6
|
router(config)# access-list 100 permit ip any any
|
Permit all other IP traffic.
|
Step 7
|
router(config)# dialer-list 1 protocol ip list 100
|
Specify that extended access list 100 defines which IP packets activate the ISDN line.
|
IP Traffic
You can configure an extended access list so that IP broadcasts, including RIP and EIGRP broadcasts, do not activate the ISDN line. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.
Configuration
Starting in global configuration mode, use the following steps to configure an extended access list so that IP packets do not activate the ISDN line. For more information on the commands listed, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# interface bri0
|
Change to interface configuration mode for the WAN interface.
|
Step 3
|
router(config-if)# dialer-group 1
|
Create a dialer list.
|
Step 4
|
router(config-if)# exit
|
Return to global configuration mode.
|
Step 5
|
router(config)# access-list 100 deny eigrp any any
|
Set EIGRP packets not to activate the ISDN line.
|
Step 6
|
router(config)# access-list 100 deny udp any any eq rip
|
Set RIP packets not to activate the ISDN line.
|
Step 7
|
router(config)# access-list 100 permit ip any any
|
Allow other packets to activate the ISDN line.
|
Restricting Access to Your Network
You can restrict access to your network by creating an extended access list. An extended access list controls packets. When defining this list, you can specify complex addresses and permit or deny specific protocols.
Figure 3-5 shows an example of a network with restricted access. See Table 3-1 for restrictions on network access.
Note This network example and extended access list include commonly anticipated restrictions. The information in this section is meant to be used as a base from which you can add or delete restrictions as they relate to your particular network. The extended access list that you create depends on your particular network.
Figure 3-5 Restricting Access to IP Network
Callout Number
|
Description
|
1
|
SMTP mail server
|
2
|
Web server
|
3
|
FTP server
|
4
|
Internet service provider
|
5
|
DNS server
|
Table 3-1 Restrictions on IP Network-to-Internet Access
Access Permitted
|
Access Denied
|
Permit any host on network 192.168.1.0 to access any Internet host.
|
Prevent any Internet host from spoofing any host on the network. (Spoofing is illegally misrepresenting the address of the sender.)
|
Permit the outside Internet Domain Name System (DNS) server to send TCP replies to any host on the network 192.168.1.0.
|
Deny any Internet host from making a remote terminal connection (Telnet) to any host on network.
|
Permit the outside Internet DNS server to send UDP replies to any host on the network 192.168.1.0.
|
|
Permit any Internet host to access the Simple Mail Transport Protocol (SMTP) mail server 192.168.1.2.
|
|
Permit any Internet host to access the Web server 192.168.1.3.
|
|
Permit any Internet host to access the File Transport Protocol (FTP) server with IP address 192.168.1.4.
|
|
Configuration of Extended Access List
Starting in global configuration mode, use the following steps to set up an extended access list based on the restrictions in Table 3-1.
For information on the commands used in this table, refer to the Cisco IOS documentation.
| |
Command
|
Purpose
|
Step 1
|
router# configure terminal
|
Enter global configuration mode.
|
Step 2
|
router(config)# interface bri0
|
Change to interface configuration mode for the WAN interface.
|
Step 3
|
router(config-if)# dialer-group 1
|
Create a dialer list.
|
Step 4
|
router(config-if)# exit
|
Return to global configuration mode.
|
Step 5
|
router(config)# access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established
|
Permit any host on the specified network to access any Internet host if it has an established connection.
|
Step 6
|
router(config)# access-list 100 deny ip any 192.168.1.0 0.0.0.255 any
|
Prevent IP spoofing using the specified network.
|
Step 7
|
router(config)# access-list 100 permit tcp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domain
|
Permit the DNS server to send TCP replies to the specified network.
|
Step 8
|
router(config)# access-list 100 permit udp host 10.0.0.3 192.168.1.0 0.0.0.255 eq domain
|
Permit the DNS server to send UDP replies to the specified network.
|
Step 9
|
router(config)# access-list 100 permit tcp any host 192.168.1.2 eq smtp
|
Permit any host to access the mail server through SMTP.
|
Step 10
|
router(config)# access-list 100 permit tcp any host 192.168.1.3 eq www
|
Permit any host to access the mail server through HTTP.
|
Step 11
|
router(config)# access-list 100 permit tcp any host 192.168.1.4 eq ftp
|
Allow access to the FTP server from any Internet host through FTP.
|
Step 12
|
router(config)# access-list 100 deny tcp any 192.168.1.0 0.0.0.255 eq telnet
|
Restrict any Internet host from making a Telnet connection to any host on the specified network.
|
Step 13
|
router(config)# interface dialer 1
|
Change to dialer interface configuration mode.
|
Step 14
|
router(config-if)# ip access-group 100 in
|
Activate access list 100.
|
