Table Of Contents
Cisco 827 Router Network Connections
Cisco 831 Router Virtual Private Network Connections
Cisco 836 or Cisco SOHO 96 Network Connection
Cisco 837 Router Network Connections
Before You Configure Your Internet Access Network
Replacing a Bridge or Modem with a Cisco 827 Router
Configuring the Virtual Private Dial-Up Network Group Number
Configuring the Dialer Interface
PPP over Ethernet with NAT Using a Dial-on-Demand PPP-over- Ethernet Connection
Configuring the Virtual Private Dial-Up Network Group Number
Configuring the Dialer Interface
Configuring the Ethernet interface
Configuring the Dialer Interface
Dial Backup Feature Limitations and Configuration
Cisco 836 and Cisco 837 Routers and Cisco SOHO 96 and Cisco SOHO 97 Routers
Cisco 831 and Cisco SOHO 91 Routers
Configuring Dial Backup and Remote Management for the Cisco 837 and Cisco SOHO 97 Routers
Configuring Dial Backup and Remote Management for the Cisco 836 and Cisco SOHO 96 Routers
PPP over ATM with Centrally Managed Addressing and with Dial Backup
Configuring Dial Backup and Remote Management for the Cisco 837 Router
Configuring Dial Backup and Remote Management for the Cisco 836 Router
Configuring the Cisco 836 Router's ISDN Settings
Configuring Dial Backup and Remote Management Settings
Configuring Floating Static Route
Configuring the Aggregator and ISDN Peer Router
Configuring Remote Management for the Cisco SOHO 97 Router
Configuring Dial Backup and Remote Management for Cisco 831 Router and Cisco SOHO 91 Router
Configuration Example for the Cisco 831 Router
Configuring Remote Management for the Cisco SOHO 91 Router
Configuring the Ethernet Interface
Dynamic Addressing Received via IPCP
Configuring the Central Cisco 3620
Configuring the Central RADIUS Server
RFC 1483 Encapsulation with NAT
Configuring the Ethernet Interface
Integrated Routing and Bridging
Configuring the Default Gateway
Configuring the Ethernet Interface and IRB
Concurrent Routing and Bridging
Specifying CRB and Configuring the Ethernet Interface
Configuring the ATM Interface and Subinterfaces
Configuring the POTS Dial Peers
Configuring VoIP Dial Peers for H.323 Signaling
Configuring the Class Map, Route Map, and Policy Map
Configuring the Ethernet Interface
Configuring the POTS Dial Peers
Configuring VoIP Dial Peers for H.323 Signaling
Cisco 827-4V Router Configuration Example
Cisco 3640 Gateway Configuration Example
Cisco 3640 Gatekeeper Configuration Example
Network Scenarios
This chapter includes some example network scenarios and their configurations using Cisco 827 and Cisco 827-4V routers and Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 routers. This chapter is useful if you are building a new network and want some guidance. Most of the lessons here can be applied as well to networks incorporating Cisco 826, Cisco 828, Cisco SOHO 76, Cisco SOHO 77, and/or Cisco SOHO 78 routers.
Note
To verify that a feature is compatible with your router, you can use the software advisor too.
If you already have a network set up and you want to add specific features, see "Basic Router Configuration" and "Advanced Router Configuration."
The following sections are included in this chapter:
•
•
•
•
Each scenario in this chapter is described with a network diagram and configuration network examples are provided as models after which you can pattern your network. They cannot, however, anticipate all of your network needs. You can choose not to use features presented in the examples or to add or substitute features that better suit your needs.
Cisco 827 Router Network Connections
Figure 2-1 illustrates an example network topology employing Cisco 827 routers connecting to the following:
•
•
•
•
Figure 2-1 Cisco 827 Routers Network Connections
In the example, Cisco 827 routers send data or voice packets from the remote user to the service provider or corporate network through a high-speed, point-to-multi-point asymmetric digital subscriber line (ADSL) technology.
Cisco 831 Router Virtual Private Network Connections
Figure 2-2 shows how a Cisco 831 router can be used in a Virtual Private Network (VPN). The Cisco 831 router is linked to the ISP via a digital subscriber line (DSL) or a cable modem. Security is provided via IP security (IPSec) configuration.
Figure 2-2 Cisco 831 Router Virtual Private Network
Cisco 836 or Cisco SOHO 96 Network Connection
Figure 2-3 shows an example of a network topology employing a Cisco 836 router or a Cisco SOHO 96 router connecting to the following:
•
•
•
•
•
Figure 2-3 Cisco 836 Router Network Connections
Cisco 837 Router Network Connections
Figure 2-4 shows an example of a network topology employing a Cisco 837 router connecting to the following:
•
•
•
•
•
Figure 2-4 Cisco 837 Router Network Connections
In the topology, Cisco 837 routers send data packets from the remote user to the service provider or corporate network through high-speed, point-to-multipoint ADSL technology.
Internet Access Scenarios
Each network access scenario is described with a network diagram, configuration steps for setting up the network, and an example configuration.
Before You Configure Your Internet Access Network
You need to gather the following information before configuring networks based on the Internet access scenarios:
•
•
•
•
Replacing a Bridge or Modem with a Cisco 827 Router
This scenario shows a remote user connected to the Internet. You may want to use a network similar to this one if you want to set up a minimal connection to the Internet and bridge it through the Cisco 827 routers.
This network replaces an Alcatel 1000 bridge or modem with a Cisco 827 or Cisco 827-4V router by using AAL5SNAP encapsulation and bridging (RFC 1483 bridge mode) on the ATM interface.
Figure 2-5 shows the network topology for this scenario.
Figure 2-5 Replacing a Bridge or Modem with a Cisco 827 Router
Small business or remote user, connecting to the network through a Cisco 827 or Cisco 827-4V router
The Internet
The Cisco 827 router is configured to act as a bridge on the WAN, so the data packets are bridged through the 6400 router onto the Internet. This network setup creates the simplicity of bridging data but also maintains router control. This network is very simple but limits more complex services such as stopping broadcast traffic. If you want more services available on your network, you may want to consider Scenario 2 or 3.
Configuring the Scenario
Note
This scenario includes configuration tasks and a configuration example. To add additional features to this network, see "Basic Router Configuration," and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Follow the steps below to replace a bridge or modem with the Cisco 827 router, beginning in global configuration mode. Each step includes the same values that are shown in the bridging configuration example at the end of this section.
Configuration Example
The following is a configuration example for this network scenario. You do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
no ip routing!interface Ethernet0no ip addressno ip directed-broadcast (default)bridge-group 1!interface ATM0no ip addressno ip directed-broadcast (default)pvc 8/35encapsulation aal5snap!bridge-group 1!ip classless (default)!bridge 1 protocol ieee!endPPP over Ethernet with NAT
The Cisco 837 and SOHO 97 routers support a PPP-over-Ethernet (PPPoE) client, with Network Addressing Translation (NAT) and with multiple PCs on the LAN. Figure 2-6 shows a typical deployment scenario for PPPoE support.
Figure 2-6 PPPoE Deployment Scenario
A PPPoE session is initiated on the client side by the Cisco 837 or SOHO 97 router. If the session has a timeout, or if the session is disconnected, the PPPoE client immediately attempts to reestablish the session.
This section covers the following topics:
•
•
•
Configuring the Virtual Private Dial-Up Network Group Number
Follow the steps below to configure a virtual private dial-up network (VPDN), starting in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring the Dialer Interface
Follow the steps below to configure the dialer interface, starting in global configuration mode.
If you enter the clear vpdn tunnel pppoe command with a PPPoE client session already established, the PPPoE client session terminates, and the PPPoE client immediately tries to reestablish the session.
Configuration Example
The following example shows a configuration of a PPPoE client.
vpdn enablevpdn-group 1request-dialinprotocol pppoe!interface atm0no ip addressno atm ilmi-keepalivepvc 1/100pppoe-client dial-pool-number 1!interface dialer 1ip address negotiatedppp authentication chapdialer pool 1dialer-group 1!dialer-list 1 protocol ip permitPPP over Ethernet with NAT Using a Dial-on-Demand PPP-over- Ethernet Connection
The Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 routers support a PPP-over-Ethernet (PPPoE) client, using a dial-on-demand PPP-over-Ethernet connection. For deployment scenario, see Figure 2-6.
Configuring the Virtual Private Dial-Up Network Group Number
Complete the following tasks to configure a VPDN, starting in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring the Dialer Interface
Follow the steps below to configure the dialer interface, starting in global configuration mode.
If you enter the clear vpdn tunnel pppoe command with a PPPoE client session already established, the PPPoE client session terminates, and the PPPoE client immediately tries to reestablish the session.
Configuration Example
The following example shows a configuration of a PPPoE client.
interface Ethernet0no ip addressip tcp adjust-mss 1400no keepalivehold-queue 100 out!vpdn enablevpdn-group 1request-dialinprotocol pppoe!interface atm0no ip addressno atm ilmi-keepalivepvc 1/100pppoe-client dial-pool-number 1 dial-on-demand!interface dialer 1ip address negotiatedppp authentication chapdialer pool 1dialer-group 1!dialer-list 1 protocol ip permitPPP over ATM with NAT
This network shows a user connected to the Internet through PPP over ATM and one static IP address. You may want to use this scenario in your network if you want to access the network with ATM support at the endpoints. PPP over ATM provides a network solution with simplified address handling and gives straight user verification as you would get in a dial network.
Figure 2-7 shows the network topology for this scenario.
Figure 2-7 PPP over ATM with NAT
Small business or remote user
PPP over ATM PVC 8/35
Connection to Ethernet 0 address 192.168.1.1/24 through a dialer interface
The Internet
In this scenario, the small business or remote user on the Ethernet LAN can connect to the Internet through ADSL. The Ethernet interface carries the data packet through the LAN and offloads it to the PPP connection on the ATM interface. The dialer interface is used to connect to the Internet or the corporate office. The number of ATM PVCs is set by default.
NAT (represented as the dashed line at the edge of the 827 routers) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
The following configuration topics are covered in this section:
•
•
•
To add additional features to this network, see"Basic Router Configuration" and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see"Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Configuring the Ethernet interface
Follow the steps below to configure the Ethernet interface, beginning in global configuration mode.
Configuring the Dialer Interface
Follow the steps below to configure the dialer interface, beginning in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring NAT
Follow the steps below to configure NAT, beginning in global configuration mode.
Configuration Example
In the following configuration example, you do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0no ip addressno ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5mux ppp dialerdialer pool-member 1!bundle-enable!interface Dialer0ip address negotiatedno ip directed-broadcast (default)ip nat outsideencapsulation pppdialer pool 1!ip nat inside source list 1 interface Dialer0 overloadip classless (default)ip route 0.0.0.0 0.0.0.0 Dialer 0 (default gateway)!access-list 1 permit 192.168.1.0 0.0.0.255!endConfiguring Dial Backup
By allowing you to configure a backup modem line connection, dial backup provides protection against WAN downtime. Dial backup is inactive until it is configured. On Cisco 831, Cisco 837, Cisco SOHO 91, and Cisco SOHO 97 routers, both the console port and the auxiliary port in the Cisco IOS software configuration are on the same physical RJ-45 port. Therefore, both ports cannot be activated simultaneously, and the command-line interface (CLI) must be used to enable or disable either one.
Like the Cisco 831 and Cisco 837 routers and the Cisco SOHO 91 and Cisco SOHO 97 routers, the Cisco 836 router supports dial-in (for remote management) and dial-out (for dial backup) capabilities across the ISDN interface. The Cisco SOHO 96 router supports only the dial-in feature. Unlike the Cisco 831 and Cisco 837 routers and the Cisco SOHO 91 and Cisco SOHO 97 routers, the dial backup and remote management functions are configured on the Cisco 836 and Cisco SOHO 96 routers through the router's ISDN S/T port.
Note
Dial Backup Feature Limitations and Configuration
This section discusses the limitations and configuration of the dial backup feature on the Cisco 831, Cisco 836, and Cisco 837 routers and the Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 routers.
Cisco 836 and Cisco 837 Routers and Cisco SOHO 96 and Cisco SOHO 97 Routers
The following can be used to bring up the dial backup feature in the Cisco IOS software for the Cisco 836 and Cisco 837 routers and the Cisco SOHO 96 and Cisco SOHO 97 routers:
Backup Interfaces
When the device receives an indication that the primary line is down, the backup interface is brought up. You can configure the backup interface to go down (after a specified time) when the primary connection is restored.
The dial-on-demand routing (DDR) backup call is triggered by traffic of interest. Even if the backup interface comes out of standby mode, the router will not trigger the backup call unless it receives traffic of interest for that backup interface.
Floating Static Routes
Floating static routes depend on traffic of interest to trigger the DDR backup call. The router does not actually trigger the backup call unless it receives traffic of interest for that backup interface, even if the router installs the floating static route in the route table.
Floating static routes are independent of line protocol status. This is an important consideration on Frame Relay circuits wherein line protocol may not go down if the data-link connection identifier (DLCI) is inactive. Floating static routes are also encapsulation independent.
Note
Dialer Watch
Only the Extended Interior Gateway Routing Protocol (EIGRP) link-state dynamic routing protocols are supported.
There is a bottleneck in supporting bridging over console backup interfaces because bridging is not supported over slower interfaces such as console ports or auxiliary ports.
In the Cisco 836 and Cisco 837 routers, the dial backup feature is supported for the encapsulations identified in Table 2-1.
Cisco 831 and Cisco SOHO 91 Routers
Support for the dial backup feature on the Cisco 831 router is limited because the Ethernet WAN interface is always up, even when ISP connectivity is down across the modem connected to the Cisco 831 router. Support for dial backup is possible only for the PPPoE environment. The only way to bring up the backup interface is to simultaneously use the dialer watch feature. You also need to add the IP addresses of the peer in the dialer watch command and in the static route command to enable the dial backup when primary line goes down.
For the Cisco SOHO 91 router, only dial-in capability is supported.
Table 2-2 shows the encapsulation types supported by the Cisco 831 router dial backup.
Configuring Dial Backup and Remote Management for the Cisco 837 and Cisco SOHO 97 Routers
Figure 2-8 shows how dial backup and remote management work in a network system when the primary line goes down.
Figure 2-8 Cisco 837 Router Dial Backup and Remote Management
Configuring Dial Backup and Remote Management for the Cisco 836 and Cisco SOHO 96 Routers
Figure 2-9 and Figure 2-10 show how dial backup and remote management work in a network system when the primary line goes down. Two scenarios are typical applications of the Cisco 836 and the Cisco SOHO 96 routers. In Figure 4-9, the dial backup link goes through CPE splitter, DSLAM, and CO splitter before connecting to the ISDN switch. In Figure 4-10, the dial backup link goes directly from the Cisco 836 router to the ISDN switch.
Figure 2-9 Cisco 836 Router Dial Backup and Remote Management—Dial Backup Through CPE Splitter, DSLAM, and CO Splitter
Figure 2-10 Cisco 836 Router Dial Backup and Remote Management—Dial Backup Directly from Router to ISDN Switch
PPP over ATM with Centrally Managed Addressing and with Dial Backup
When customer premises equipment such as a Cisco 837 router is connected to an ISP, an IP address is dynamically assigned to the router, or the IP address may be assigned by its peer through the centrally managed function. The dial backup feature can be added to provide a failover route in case the primary line fails.
Configuring Dial Backup and Remote Management for the Cisco 837 Router
Follow the steps below to configure dial backup and remote management for the Cisco 837 router.
Configuration Example
The following configuration example for a Cisco 837 router specifies an IP address for the ATM interface via PPP/IPCP address negotiation and dial backup over the console port.
!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Router!memory-size iomem 20enable password cisco!ip subnet-zeroip name-server 206.13.28.12ip name-server 206.13.31.12ip name-server 63.203.35.55ip dhcp excluded-address 192.168.1.1!ip dhcp pool 1import allnetwork 192.168.1.0 255.255.255.0default-router 192.168.1.1!ip audit notify logip audit po max-events 100vpdn enable!vpdn-group 1request-dialinprotocol pppoe!! Need to use your own correct ISP phone numbermodemcap entry MY-USER_MODEM:MSC=&F1S0=1chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555102\T"TIMEOUT 45 CONNECT \c!!!!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip nat insideip tcp adjust-mss 1452hold-queue 100 out!interface ATM0mtu 1492no ip addressno atm ilmi-keepalivepvc 0/35pppoe-client dial-pool-number 1!dsl operating-mode auto!!Dial backup and remote management physical interfaceinterface Async1no ip addressencapsulation pppdialer in-banddialer pool-member 3async default routingasync dynamic routingasync mode dedicatedppp authentication pap callin!! Primary wan linkinterface Dialer1ip address negotiatedip nat outsideencapsulation pppdialer pool 1ppp authentication pap callinppp pap sent-username account password 7 passppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! Dialer backup logical interfaceinterface Dialer3ip address negotiatedip nat outsideencapsulation pppno ip route-cacheno ip mroute-cachedialer pool 3dialer idle-timeout 60dialer string 5555102 modem-script Dialoutdialer watch-group 1!! Remote management PC ip addresspeer default ip address 192.168.2.2no cdp enable!! Need to use your own ISP account and passwordppp pap sent-username account password 7 passppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! IP NAT over Dialer interface using route-mapip nat inside source route-map main interface Dialer1 overloadip nat inside source route-map secondary interface Dialer3 overloadip classless!! When primary link is up again, distance 50 will override 80 if dial backup hasn't timeout! Multiple routes because peer ip addresses are alternated among them when CPE gets connectedip route 0.0.0.0 0.0.0.0 64.161.31.254 50ip route 0.0.0.0 0.0.0.0 66.125.91.254 50ip route 0.0.0.0 0.0.0.0 64.174.91.254 50ip route 0.0.0.0 0.0.0.0 63.203.35.136 80ip route 0.0.0.0 0.0.0.0 63.203.35.137 80ip route 0.0.0.0 0.0.0.0 63.203.35.138 80ip route 0.0.0.0 0.0.0.0 63.203.35.139 80ip route 0.0.0.0 0.0.0.0 63.203.35.140 80ip route 0.0.0.0 0.0.0.0 63.203.35.141 80ip route 0.0.0.0 0.0.0.0 Dialer1 150no ip http serverip pim bidir-enable!! PC ip address behind CPEaccess-list 101 permit ip 192.168.0.0 0.0.255.255 anyaccess-list 103 permit ip 192.168.0.0 0.0.255.255 any!! Watch multiple ip address because peers are alternated among them when CPE gets connecteddialer watch-list 1 ip 64.161.31.254 255.255.255.255dialer watch-list 1 ip 64.174.91.254 255.255.255.255dialer watch-list 1 ip 64.125.91.254 255.255.255.255!! Dial backup will kick in if primary link is not available 5 minutes after CPE starts updialer watch-list 1 delay route-check initial 300dialer-list 1 protocol ip permit!! To direct traffic to an interface only if the Dialer gets assigned with an ip addressroute-map main permit 10match ip address 101match interface Dialer1!route-map secondary permit 10match ip address 103match interface Dialer3!!line con 0exec-timedout 0 0!! Change console to aux functionmodem enablestopbits 1line aux 0exec-timeout 0 0!! To enable and communicate with the external modem properlyscript dialer Dialoutmodem InOutmodem autoconfigure discoverytransport input allstopbits 1speed 115200flowcontrol hardwareline vty 0 4exec-timeout 0 0password ciscologin!scheduler max-task-time 5000endConfiguring Dial Backup and Remote Management for the Cisco 836 Router
Follow the steps given in the "Configuring the Cisco 836 Router's ISDN Settings" section to configure dial backup and remote management on the Cisco 836 router's ISDN S/T port.
Configuring the Cisco 836 Router's ISDN Settings
The user must first configure the Cisco 836 router ISDN settings to configure the router interface as a backup interface. Follow the steps below to configure the Cisco 836 router ISDN interface as a backup interface, beginning in global configuration mode.
Note
Configuring Dial Backup and Remote Management Settings
As described in the "Dial Backup Feature Limitations and Configuration" section, backup interface, static routes, and dialer watch are the three methods used for implementing dial backup and remote management. This section provides detailed procedures for configuring these three methods.
Configuring Backup Interface
Follow the steps below to configure the Cisco 836 router ISDN interface as a backup interface, beginning in global configuration mode.
Step 1
interface ATM0
Enters ATM interface configuration mode.
Step 2
backup interface BRI0
Assigns BRI0 as the secondary backup interface.
Configuring Floating Static Route
Static route and dynamic route are the two components of floating static routes. Complete the following steps to configure the static route on the Cisco 836 router ISDN port, beginning in global configuration mode.
Note
Follow the steps below to configure the dynamic route on the Cisco 836 router ISDN port, beginning in global configuration mode.
Note
Configuring Dialer Watch
Use the steps in the table below to configure the dialer watch on the Cisco 836 router's ISDN port, beginning in global configuration mode.
Configuration Example
The next three configuration examples shows sample configurations for the three dial backup interface and remote management methods.
The following is an example of configuring dial backup and remote management using the backup interface command.
Cisco836#!vpdn enable!vpdn-group 1accept-dialinprotocol pppoe!!Specifies the ISDN switch typeisdn switch-type basic-net3!interface Ethernet0ip address 192.168.1.1 255.255.255.0hold-queue 100 out!!ISDN interface to be used as a backup interfaceinterface BRI0no ip addressencapsulation pppdialer pool-member 1isdn switch-type basic-net3!interface ATM0backup interface BRI0no ip addressno atm ilmi-keepalivepvc 1/40encapsulation aal5snappppoe-client dial-pool-number 2!dsl operating-mode auto!! Dial backup interface, associated with physical BRI0 interface. Dialer pool 1 associates it with BRI0's dialer pool member 1interface Dialer0ip address negotiatedencapsulation pppdialer pool 1dialer idle-timeout 30dialer string 384040dialer-group 1!! Primary interface associated with physical ATM0's interface, dialer pool 2 associates it with ATM0's dial-pool-number2interface Dialer2ip address negotiatedip mtu 1492encapsulation pppdialer pool 2dialer-group 2no cdp enable!ip classless!Primary and backup interface given route metricip route 0.0.0.0 0.0.0.0 22.0.0.2ip route 0.0.0.0 0.0.0.0 192.168.2.2 80ip http server!!Specifies interesting traffic to trigger backup ISDN trafficdialer-list 1 protocol ip permitThe following is an example of configuring dial backup and remote management using floating static routes.
Cisco836#!vpdn enable!vpdn-group 1accept-dialinprotocol pppoe!!Specifies the ISDN switch typeisdn switch-type basic-net3!interface Ethernet0ip address 192.168.1.1 255.255.255.0hold-queue 100 out!!ISDN interface to be used as a backup interfaceinterface BRI0no ip addressencapsulation pppdialer pool-member 1isdn switch-type basic-net3!interface ATM0no ip addressno atm ilmi-keepalivepvc 1/40encapsulation aal5snappppoe-client dial-pool-number 2!dsl operating-mode auto!! Dial backup interface, associated with physical BRI0 interface. Dialer pool 1 associate it with BRI0's dialer pool member 1interface Dialer0ip address negotiatedencapsulation pppdialer pool 1dialer idle-timeout 30dialer string 384040dialer-group 1!! Primary interface associated with physical ATM0's interface, dialer pool 2 associates it with ATM0's dial-pool-number2interface Dialer2ip address negotiatedip mtu 1492encapsulation pppdialer pool 2dialer-group 2!ip classlessno cdp enable!Primary and backup interface given route metric (This example using static routes, thus atm0 line protocol must be brought down for backup interface to function.)ip route 0.0.0.0 0.0.0.0 22.0.0.2ip route 0.0.0.0 0.0.0.0 192.168.2.2 150ip http server!!Specifies interesting traffic to trigger backup ISDN trafficdialer-list 1 protocol ip permitThe following is an example of configuring dial backup and remote management using dialer watch.
Cisco836#!vpdn enable!vpdn-group 1accept-dialinprotocol pppoe!!Specifies the ISDN switch typeisdn switch-type basic-net3!interface Ethernet0ip address 192.168.1.1 255.255.255.0hold-queue 100 out!!ISDN interface to be used as a backup interfaceinterface BRI0no ip addressencapsulation pppdialer pool-member 1isdn switch-type basic-net3!interface ATM0no ip addressno atm ilmi-keepalivepvc 1/40encapsulation aal5snappppoe-client dial-pool-number 2!dsl operating-mode auto!! Dial backup interface, associated with physical BRI0 interface. Dialer pool 1 associates it with BRI0's dialer pool member 1. Note "dialer watch-group 1" associates a watch list with corresponding "dialer watch-list" commandinterface Dialer0ip address negotiatedencapsulation pppdialer pool 1dialer idle-timeout 30dialer string 384040dialer watch-group 1dialer-group 1!! Primary interface associated with physical ATM0 interface, dialer pool 2 associates it with ATM0's dial-pool-number2interface Dialer2ip address negotiatedip mtu 1492encapsulation pppdialer pool 2dialer-group 2no cdp enable!ip classless!Primary and backup interface given route metricip route 0.0.0.0 0.0.0.0 22.0.0.2ip route 0.0.0.0 0.0.0.0 192.168.2.2 80ip http server!!Watch for interesting trafficdialer watch-list 1 ip 22.0.0.2 255.255.255.255!Specifies interesting traffic to trigger backup ISDN trafficdialer-list 1 protocol ip permit!Configuring the Aggregator and ISDN Peer Router
The aggregator is typically a concentrator router where the Cisco 836 router ATM PVC will terminate. In the configuration example shown below, the aggregator is configured as a PPPoE server to correspond with the Cisco 836 router configuration example that is given in this chapter.
The ISDN peer router is any router that has an ISDN interface and can communicate through a public ISDN network to reach the Cisco 836 router ISDN interface. The ISDN peer router provides Internet access for the Cisco 836 router during the ATM network downtime.
The following is a configuration example of an aggregator used in the Cisco 836 router network.
!vpdn enableno vpdn logging!vpdn-group 1accept-dialinprotocol pppoevirtual-template 1!interface Ethernet3description "4700ref-1"ip address 40.1.1.1 255.255.255.0media-type 10BaseT!interface Ethernet4ip address 30.1.1.1 255.255.255.0media-type 10BaseT!interface Virtual-Template1ip address 22.0.0.2 255.255.255.0ip mtu 1492peer default ip address pool adsl!interface ATM0no ip addresspvc 1/40encapsulation aal5snapprotocol pppoe!no atm limi-keepalive!ip local pool adsl 22.0.0.1ip classlessip route 0.0.0.0 0.0.0.0 22.0.0.1 50ip route 0.0.0.0 0.0.0.0 30.1.1.2.80The following is a configuration example of an ISDN peer router used in the Cisco 836 router network.
!isdn switch-type basic-net3!interface Ethernet0ip address 30.1.1.2 255.0.0.0!interface BRI0description "to 836-dialbackup"no ip addressencapsulation pppdialer pool-member 1isdn switch-type basic-net3!interface Dialer0ip address 192.168.2.2 255.255.255.0encapsulation pppdialer pool 1dialer string 384020dialer-group 1peer default ip address pool isdn!ip local pool isdn 192.168.2.1ip http serverip classlessip route 0.0.0.0 0.0.0.0 192.168.2.1ip route 40.0.0.0 255.0.0.0 30.1.1.1!dialer-list 1 protocol ip permit!Configuring Remote Management for the Cisco SOHO 97 Router
Complete the following steps to configure remote management for the Cisco SOHO 97 router.
Configuration Example
The following configuration example for a Cisco SOHO 97 router specifies the IP address for the ATM interface via PPP/IPCP address and supports dial-in maintenance over the console port.
!!Remote management accountusername dialin password ciscomodemcap entry MY_USR_MODEM:MSC=&F1S0=1!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip nat insidehold-queue 100 out!interface ATM0no ip addressno atm ilmi-keepalivepvc 0/35encapsulation aal5mux ppp dialerdialer pool-member 1!dsl operating-mode auto!interface Async1no ip addressencapsulation pppdialer in-bandautodetect encapsulation pppasync default routingasync dynamic routingasync mode dedicatedpap authentication pap callinpeer default ip address 192.168.2.2!ip nat inside source list 101 interface Dialer1 overloadip classlessip route 0.0.0.0 0.0.0.0 Dialer1 150!no ip http serverip pim bidir-enable!!access-list 101 permit ip 192.168.0.0 0.0.255.255 anydialer-list 1 protocol ip permit!line con 0exec-timeout 0 0modem enablestopbits 1line aux 0exec-timeout 0 0script dialer Dialoutmodem Dialinmodem autoconfigure discoverytransport input allstopbits 1speed 38400flowcontrol hardwareline vty 0 4login local!scheduler max-task-time 5000endConfiguring Dial Backup and Remote Management for Cisco 831 Router and Cisco SOHO 91 Router
Figure 2-11 shows how dial backup and remote management work in a DSL modem environment when the primary line goes down. Note that the cable modem environment is currently not supported.
Figure 2-11 Cisco 831 Router Dial Backup and Remote Management in a DSL Modem Environment
Follow the steps below to configure dial backup and remote management for the Cisco 831 router.
Configuration Example for the Cisco 831 Router
The following example configures dial backup and remote management on a Cisco 831 router.
!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Router!memory-size iomem 20enable password cisco!ip subnet-zeroip name-server 206.13.28.12ip name-server 206.13.31.12ip name-server 63.203.35.55ip dhcp excluded-address 192.168.1.1!ip dhcp pool 1import allnetwork 192.168.1.0 255.255.255.0default-router 192.168.1.1!ip audit notify logip audit po max-events 100vpdn enable!vpdn-group 1request-dialinprotocol pppoe!! Need to use your own correct ISP phone numbermodemcap entry MY-USER_MODEM:MSC=&F1S0=1chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555102\T"TIMEOUT 45 CONNECT \c!!!!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip nat insideip tcp adjust-mss 1452hold-queue 100 out!interface Ethernet1no ip addressno ip route-cacheno ip mroute-cachepppoe enablepppoe-client dial-pool-number 1!!Dial backup and remote management physical interfaceinterface Async1no ip addressencapsulation pppdialer in-banddialer pool-member 3async default routingasync dynamic routingasync mode dedicatedppp authentication pap callin!! Primary wan linkinterface Dialer1ip address negotiatedip mtu 1492ip nat outsideencapsulation pppdialer pool 1ppp authentication pap callinppp pap sent-username account password 7 passppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! Dialer backup logical interfaceinterface Dialer3ip address negotiatedip nat outsideencapsulation pppno ip route-cacheno ip mroute-cachedialer pool 3dialer idle-timeout 60dialer string 5555102 modem-script Dialoutdialer watch-group 1!! Remote management PC ip addresspeer default ip address 192.168.2.2no cdp enable!! Need to use your own ISP account and passwordppp pap sent-username account password 7 passppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! IP NAT over Dialer interface using route-mapip nat inside source route-map main interface Dialer1 overloadip nat inside source route-map secondary interface Dialer3 overloadip classless!! When primary link is up again, distance 50 will override 80 if dial backup hasn't timeout! Multiple routes because peer ip address are alternated among them when CPE gets connectedip route 0.0.0.0 0.0.0.0 64.161.31.254 50ip route 0.0.0.0 0.0.0.0 66.125.91.254 50ip route 0.0.0.0 0.0.0.0 64.174.91.254 50ip route 0.0.0.0 0.0.0.0 63.203.35.136 80ip route 0.0.0.0 0.0.0.0 63.203.35.137 80ip route 0.0.0.0 0.0.0.0 63.203.35.138 80ip route 0.0.0.0 0.0.0.0 63.203.35.139 80ip route 0.0.0.0 0.0.0.0 63.203.35.140 80ip route 0.0.0.0 0.0.0.0 63.203.35.141 80ip route 0.0.0.0 0.0.0.0 Dialer1 150no ip http serverip pim bidir-enable!! PC ip address behind CPEaccess-list 101 permit ip 192.168.0.0 0.0.255.255 anyaccess-list 103 permit ip 192.168.0.0 0.0.255.255 any!! Watch multiple ip addresses because peers are alternated among them when CPE gets connecteddialer watch-list 1 ip 64.161.31.254 255.255.255.255dialer watch-list 1 ip 64.174.91.254 255.255.255.255dialer watch-list 1 ip 64.125.91.254 255.255.255.255!! Dial backup will kick in if primary link is not available 5 minutes after CPE starts updialer watch-list 1 delay route-check initial 300dialer-list 1 protocol ip permit!! To direct traffic to an interface only if the Dialer gets assigned with an ip addressroute-map main permit 10match ip address 101match interface Dialer1!route-map backup permit 10match ip address 103match interface Dialer3!!line con 0exec-timeout 0 0!! Change console to aux functionmodem enablestopbits 1line aux 0exec-timeout 0 0!! To enable and communicate with the external modem properlyscript dialer Dialoutmodem InOutmodem autoconfigure discoverytransport input allstopbits 1speed 115200flowcontrol hardwareline vty 0 4exec-timeout 0 0password ciscologin!scheduler max-task-time 5000endConfiguring Remote Management for the Cisco SOHO 91 Router
Follow the steps below to configure remote management for the Cisco SOHO 91 router.
Configuration Example
The following example shows how to configure a Cisco SOHO 91 router to obtain the IP address for ATM interface via PPP/IPCP address negotiation and shows how to configure and support dial-in maintenance over the console port.
!!Remote management accountusername dialin password ciscomodemcap entry MY_USR_MODEM:MSC=&F1S0=1!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip nat insidehold-queue 100 out!interface Async1no ip addressencapsulation pppdialer in-bandautodetect encapsulation pppasync default routingasync dynamic routingasync mode dedicatedpap authentication pap callinpeer default ip address 192.168.2.2!ip nat inside source list 101 interface Dialer1 overloadip classlessip route 0.0.0.0 0.0.0.0 Dialer1 150!no ip http serverip pim bidir-enable!!access-list 101 permit ip 192.168.0.0 0.0.255.255 anydialer-list 1 protocol ip permit!line con 0exec-timeout 0 0modem enablestopbits 1line aux 0exec-timeout 0 0script dialer Dialoutmodem Dialinmodem autoconfigure discoverytransport input allstopbits 1speed 38400flowcontrol hardwareline vty 0 4login local!scheduler max-task-time 5000endConfiguring the DHCP Server
Dynamic Host Configuration Protocol (DHCP) is an industry-standard protocol for automatically assigning IP configurations to workstations. DHCP uses a client-server model for address allocation. As administrator, you can configure one or more DHCP servers to provide IP address assignment and other TCP/IP-oriented configuration information to your workstations. DHCP frees you from having to manually assign an IP address to each client. The DHCP protocol is described in RFC 2131.
When configuring a DHCP server, you must configure the server properties, policies, and associated DHCP options.
Note
To configure the DHCP server, you must accept Network Registrar's defaults or supply the data explicitly:
•
•
Network Registrar uses the interface named default to provide configurable default values for interfaces that the DHCP server discovers automatically. If you delete the default interface, the DHCP server uses hard-coded default values for port numbers and socket buffer sizes for the interfaces that it autodiscovers.
If you enable discover-interfaces, the DHCP server uses the operating system platform support to enumerate all the active interfaces on the machine and (unless there is an interface configuration with the ignore feature enabled) attempts to listen on all of these. If you disable discover-interfaces, the DHCP server listens on the interface that you specify, as long as it does not have the ignore feature enabled.
Use the dhcp-interface commands to add, remove, and list the IP addresses of your server's hardware cards. Interfaces are named with the IP address and net mask for the physical device.
If you have two interface cards for the server host, use two dhcp-interface create commands to register them both. Use the net mask suffix 16 or 24 as part of the address.
nrcmd> dhcp-interface 192.168.1.12/24 createnrcmd> dhcp-interface 10.1.2.3/24 createUse the dhcp-interface set ignore=true command to set all but one interface to ignore Network Registrar.
nrcmd> dhcp-interface 10.1.2.3/24 set ignore=trueConfiguring the Ethernet Interface
Follow the steps below to configure the Ethernet interface, beginning in global configuration mode.
For complete information on the Ethernet commands, see the Cisco IOS Release 12.2 documentation set. For more general information on Ethernet concepts, see "Concepts."
Dynamic Addressing Received via IPCP
Use the ip address negotiated interface command to enable a Cisco router to automatically negotiate its own registered WAN interface IP address from a central server (via PPP/IPCP). Use the same command to enable all remote hosts to use this single registered IP address to access the global Internet. The following example shows an IPCP configuration.
!interface ATM0no ip addressno atm ilmi-keepalivepvc 0/35encapsulation aal5mux ppp dialerdialer pool-member 1!dsl operating-mode auto!interface Dialer1ip address negotiatedip nat outsideencapsulation pppdialer pool 1dialer-group 1ppp authentication pap callinppp pap sent-username ! USER SPECIFIC password ! USER SPECIFICppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!Configuring the Central Cisco 3620
The following example configures peer and dial backup on the Cisco 3620 router.
!version 12.1no service single-slot-reload-enableservice timestamps debug uptimeservice timestamps log uptimeenable secret password!hostname c3620!boot system flash slot0:c3620-jk2o3s-mz.121-5.3.Tlogging rate-limit console 10 except errors!username ISP password ISPip subnet-zeroip name-server !ISPip name-server !ISPip name-server !ISP!no ip finger!ip audit notify logip audit po max-events 100ip audit smtp spam 25111no ip dhcp-client network-discoveryvpdn enableno vpdn logging!vpdn-group 1accept-dialinprotocol pppoevirtual-template 2!!!chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555101\T" TIMEOUT 45 CONNECT \c!modemcap entry MY_USR_MODEM:MSC=&F1S0=1!call rsvp-sync!!interface Loopback1ip address 21.0.0.2 255.255.255.0!interface Loopback2ip address 22.0.0.2 255.255.255.0!interface Ethernet0/0no ip addresshalf-duplexno cdp enable!interface Ethernet0/1no ip addressno ip route-cacheno ip mroute-cachehalf-duplexno cdp enable!interface ATM1/0no ip addressno atm ilmi-keepalive!interface ATM1/0.1 point-to-pointpvc 1/40encapsulation aal5mux ppp Virtual-Template1!!interface ATM1/0.2 point-to-pointpvc 1/41encapsulation aal5snapprotocol pppoe!!interface Virtual-Template1ip unnumbered Loopback1peer default ip address pool test!interface Virtual-Template2ip unnumbered Loopback2ip mtu 1492!interface Async65no ip addressencapsulation pppdialer in-banddialer pool-member 1autodetect encapsulation pppasync default routingasync dynamic routingasync mode dedicated!interface Dialer0ip unnumbered Async65encapsulation pppdialer pool 1dialer remote-name c837dialer string 5555101 modem-script Dialoutdialer-group 1autodetect encapsulation pppno cdp enable!ip local pool test 21.0.0.10 21.0.0.200ip kerberos source-interface anyip classlessno ip http server!dialer-list 1 protocol ip permitno cdp run!!dial-peer cor custom!!!!!line con 0exec-timeout 0 0transport input noneline aux 0exec-timeout 0 0no activation-characterscript dialer Dialoutno vacant-messagemodem InOutmodem autoconfigure type MY_USR_MODEMtransport input alltransport output telnetescape-character NONEautohangupstopbits 1speed 38400flowcontrol hardwareline vty 0 4exec-timeout 0 0login!endConfiguring the Central RADIUS Server
Remote Authentication Dial-In User Service (RADIUS) enables you to secure your network against unauthorized access. A RADIUS server must be configured in the service provider or corporate network in order for a Cisco 800 series router to use RADIUS client features.
To configure RADIUS on your router, you must perform the following tasks:
•
•
•
For instructions on configuring a RADIUS client, see the Cisco IOS Security Configuration Guide.
RFC 1483 Encapsulation with NAT
This network shows a remote user connecting to the Internet through an ATM connection with RFC 1483 encapsulation and NAT. You may want to use this scenario if RFC 1483 connections can be used for the network, since there is slightly less overhead than PPP.
Figure 2-12 shows the network topology for this scenario.
Figure 2-12 RFC 1483 Encapsulation with NAT
Small business or remote user
Connection to Ethernet 0 address 192.168.1.1/24
ATM 0 PVC 8/35
The Internet
In this scenario, the small business or remote user on the Ethernet LAN can connect to the Internet through ADSL. The Ethernet interface carries the data packet through the LAN and offloads it to the RFC 1483 connection on the ATM interface. The number of ATM PVCs is set by default.
NAT, represented as the dashed line at the edge of the 827 routers, signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
The following configuration topics are covered in this section:
•
•
To add additional features to this network, see "Basic Router Configuration," and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Configuring the Ethernet Interface
Follow the steps below to configure the Ethernet interface, beginning in global configuration mode.
Configuring the ATM Interface
Use this table to configure the ATM interface, beginning in global configuration mode.
Configuring NAT
Follow the steps below to configure NAT, beginning in global configuration mode.
Configuration Examples
In the following configuration examples, you do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
The following is an RFC 1483 LLC/SNAP encapsulation over ATM configuration example.
!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5snapprotocol ip 200.200.100.254 broadcast!bundle-enable!ip nat inside source list 1 interface ATM0 overloadip classless (default)ip route 0.0.0.0 0.0.0.0 200.200.100.254!access-list 1 permit 192.168.1.0 0.0.0.255!endThe following is an RFC 1483 VC-MUX configuration example.
ip subnet-zero!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5mux ipprotocol ip 200.200.100.254 broadcast!bundle-enable!ip nat inside source list 1 interface ATM0 overloadip classless (default)ip route 0.0.0.0 0.0.0.0 200.200.100.254!access-list 1 permit 192.168.1.0 0.0.0.255!endIntegrated Routing and Bridging
This network shows a user connecting to the Internet using integrated routing and bridging (IRB) to use NAT across a bridged interface. This scenario might work for you if you want to add functionality to an endpoint router without reconfiguring the central site. For example, you can provide an IP address and NAT in a bridged network without having to reconfigure the central site for routing.
Exchanging the bridge with a router enables feature additions such as voice and Quality of Service (QoS). IRB provides more secure control of the central site and more efficient use of the WAN link.
Figure 2-13 shows an IRB scenario.
Figure 2-13 IRB Internet Scenario
Small business or remote user
Connection to Ethernet 0 address 192.168.1.1/24
ATM 0 PVC 8/35
The Internet
One side of the network (WAN in this scenario) is configured to act as a bridge. The Bridge-Group Virtual Interface (BVI) is configured to act as a routed interface from the WAN bridge-group to the nonbridged LAN interface. From the LAN, the network appears as a router. From the WAN, the network appears as a bridge.
The ATM interface uses AAL5SNAP encapsulation, and the number of PVCs is set by default.
NAT, represented as the dashed line at the edge of the Cisco 827 routers, signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
The following configuration topics are covered in this section:
•
•
•
To add additional features to this network, see "Basic Router Configuration," and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Configuring the Default Gateway
Enter the following command to set the IP route for the default gateway:
ip route default-gateway ip address-mask
Configuring the Ethernet Interface and IRB
Follow the steps below to configure the Ethernet interface and IRB, beginning in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring the BVI
Follow the steps below to configure the BVI, beginning in global configuration mode.
Configuring NAT
Follow the steps below to configure NAT, beginning in global configuration mode.
Configuration Example
In the following configuration example, you do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
bridge irb!interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0no ip addressno ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5snap!bridge-group 1!interface BVI1ip address 200.200.100.1 255.255.255.0no ip directed-broadcast (default)ip nat outside!ip nat pool test 200.200.100.1 200.200.100.1 netmask 255.255.255.0ip nat inside source list 101 pool test overloadip classless (default)!bridge 1 protocol ieeebridge 1 route ip!access-list 101 permit ip 192.168.1.0 0.0.0.255 any log!ip route 0.0.0.0 0.0.0.0 200.200.100.254 (default gateway)!endConcurrent Routing and Bridging
This network shows a remote user connecting to the Internet using concurrent routing and bridging (CRB) to route voice traffic and bridge data traffic while keeping each of them separate. This scenario is useful if you want to simplify your network setup for data transmission and then configure voice. The IP address is configured to recognize the difference between data traffic and voice traffic (voice traffic is configured with QoS parameters and virtual circuits). IRB can do routing and bridging on the same interface; CRB does routing and bridging on separate interfaces.
Figure 2-14 shows a CRB Internet scenario with the voice traffic routed and the data traffic bridged. Both the Cisco 827/827-4V router and the Cisco 3640 voice gateway are supporting voice traffic from telephones.
Figure 2-14 CRB Internet Scenario
Small business or remote user
ATM connection, ATM0.1 PVC 1/40 Voice 1.0.0.1/24, ATM0.2 PVC 8/35 data
Ethernet 0 bridge
The Internet
Concurrent routing and bridging are accomplished using different subinterfaces under the ATM interface. Each ATM subinterface that is created is treated uniquely in the network.
Data traffic in this scenario is bridged across ATM subinterface2, using AAL5SNAP encapsulation. A single PVC is created with a VPI/VCI value of 8/35.
Voice traffic is routed across ATM0 subinterface 0.1. There is a single PVC created with a virtual path identifier and virtual channel identifier (vpi/vci) value of 1/40 for voice. The voice subinterface is configured with remote dial peers to determine where outgoing calls are sent and local dial peers to determine what numbers each port should respond to. Each VoIP dial peer is configured for H.323 signaling.
The following configuration topics are covered in this section:
•
•
•
•
To add additional features to this network, see "Basic Router Configuration" and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Specifying CRB and Configuring the Ethernet Interface
Follow these steps to specify CRB and configure the Ethernet interface, beginning in global configuration mode.
Configuring the ATM Interface and Subinterfaces
Follow these steps to configure the ATM interface and subinterfaces, beginning in global configuration mode.
Configuring Voice Ports
To configure voice ports, you must configure the POTS dial peers and the VoIP dial peers for the signaling type; in this case, the type is H.323.
Configuring the POTS Dial Peers
Follow the steps below to configure the POTS dial peers, beginning in global configuration mode. Table 2-3 shows the destination telephone number and port for each dial peer POTS port.
Table 2-3 Mapping of Dial Peer Number to Destination Telephone and Port
101
14085271111
1
102
14085272222
2
103
14085273333
3
104
14085274444
4
Configuring VoIP Dial Peers for H.323 Signaling
Use this table to configure VoIP dial peers for H.323 signaling, beginning in global configuration mode. Table 2-4 shows the destination telephone number for each voice dial peer.
Table 2-4 Mapping of VoIP Dial Peers to Destination Telephone Numbers for H.323
1100
12123451111
1200
12123452222
1300
12123453333
1400
12123454444
Configuration Example
In the following configuration example, you do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
ip subnet-zero!bridge crb!interface Ethernet0no ip addressno ip directed-broadcast (default)bridge-group 1!interface ATM0no ip addressno ip directed-broadcast (default)no atm ilmi-keepalive (default)bundle-enable!interface ATM0.1 point-to-pointip address 1.0.0.1 255.255.255.0no ip directed-broadcast (default)pvc voice 1/40protocol ip 1.0.0.2 broadcastencapsulation aal5snap!interface ATM0.2 point-to-pointno ip addressno ip directed-broadcast (default)pvc data 8/35encapsulation aal5snap!bridge-group 1!ip classless (default)!bridge 1 protocol ieee!voice-port 1local-alerting!voice-port 2local-alerting!voice-port 3local-alerting!voice-port 4local-alerting!dial-peer voice 101 potsdestination-pattern 14085271111port 1!dial-peer voice 1100 voipdestination-pattern 12123451111codec g711ulawsession target ipv4:1.0.0.2!dial-peer voice 102 potsdestination-pattern 14085272222port 2!dial-peer voice 1200 voipdestination-pattern 12123452222codec g711ulawsession target ipv4:1.0.0.2!dial-peer voice 103 potsdestination-pattern 14085273333port 3!dial-peer voice 1300 voipdestination-pattern 12123453333codec g711ulawsession target ipv4:1.0.0.2!dial-peer voice 104 potsdestination-pattern 14085274444port 4!dial-peer voice 1400 voipdestination-pattern 12123454444codec g711ulawsession target ipv4:1.0.0.2!endVoice Scenario
This section describes a voice scenario configuration using the Cisco 827-4V router in an H.323 signaling environment.
Setting up voice on the router actually includes two configurations; one for data and one for voice. When you have completed the configuration for the data scenario, you can add voice by configuring the POTS and VoIP dial peers and voice ports. Scenarios for data and voice are discussed below.
Data Network
Figure 2-15 shows a data network with traffic routing through the Cisco 827 router and then switching onto the ATM interface.
Figure 2-15 Data Network
1
Ethernet connection to a Cisco 827 router
2
Ethernet connection 0/1 at address 172.17.1.1, subnet 255.255.255.0
3
Ethernet connection 0 at 172.17.1.36, subnet 255.255.255.0
The Cisco 827 router is connected through the ATM interface through one PVC and it is associated with a QoS policy called mypolicy. Data traffic coming from the Ethernet must have an IP precedence below 5 (critical) to distinguish it from voice traffic.
Enhanced IGRP is configured to send hello packets every 5 seconds to inform neighboring routers that it is functioning. If a particular router does not send a hello packet within a prescribed period, Enhanced IGRP assumes that the state of a destination has changed and sends an incremental update.
NAT (represented as the dashed line at the edge of the Cisco 827 routers) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
This scenario includes configuration tasks and a configuration example. To add additional features to this network, see "Basic Router Configuration" and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Voice Network
Figure 2-16 shows a voice network with a Cisco 827-4V router and a Cisco 3640 router as the VoIP gateway using H.323 signaling (H.323 gateway).
Figure 2-16 Voice Network
The Cisco 3640 router is set up on the LAN as a gatekeeper, which provides address translation and control access for the LAN for H.323 terminals and gateways. The gatekeeper may provide other services to the H.323 terminals and gateways, such as managing bandwidth and locating gateways.
In this scenario, the dial endpoint is the Cisco 3640 router, with an IP address of 172.17.1.36 and a subnet mask of 255.255.255.0. This configuration assumes a single-zone setup so that both the Cisco 827-4V and the 3640 router are in the same zone.
Dialed numbers are stored by the VoIP session application in the Cisco 827-4V router, in this case H.323. After enough digits are accumulated to match a configured destination pattern, the telephone number is mapped to a dial peer and session target. In this configuration, the dial peer has a session target of RAS, which is a protocol run between the H.323 session protocol gateway and gatekeeper.
The gatekeeper resolves the destination for each dialed number, and the call signal routes to the Cisco 3640 gateway, which assigns the call to a voice port.
The coder-decoder compression schemes (codecs) are enabled for both ends of the connection and QoS parameters are configured for IP precedence.
Configuration Tasks
To configure the voice scenario, you must configure the data network and then the voice network.
•
–
–
–
–
•
–
–
•
Use the tables shown here to configure this scenario. Each command includes the values in the data and voice configuration examples shown at the end of this section. Configuration examples are shown for the Cisco 827-4V router and the gateway and gatekeeper endpoint routers.
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Configuring the Class Map, Route Map, and Policy Map
Follow these steps to configure the class map, route map, and policy map, beginning in global configuration mode.
Step 1
access-lists 101 permit ip any any precedence 5
Configures the access list.
Step 2
class-map voice
Configures the class map.
Step 3
match access-group 101
Assigns access list 101 to the class map.
Step 4
route-map data permit 10
Configures the route map.
Step 5
ip precedence routine
Sets the IP precedence.
Step 6
policy-map mypolicy
Configures a policy map.
Step 7
class voice
Specifies the class for queuing voice traffic.
Step 8
priority 176
Specifies the bandwidth for queuing.1
Step 9
class class-default
Configures the default class for all traffic but voice traffic.
1 Total bandwidth for the policy map may not exceed 75 percent of the total PVC bandwidth.
Configuring the Ethernet Interface
Follow the steps here to configure the Ethernet interface, beginning in global configuration mode.
Configuring the ATM Interface
Follow the steps here to configure the ATM interface, beginning in global configuration mode.
Configuring Enhanced IGRP
Follow the steps here to configure Enhanced IGRP, beginning in global configuration mode.
Configuring the POTS Dial Peers
Follow the steps here to configure each POTS dial peer, beginning in global configuration mode.
Configuring VoIP Dial Peers for H.323 Signaling
Follow the steps here to configure VoIP dial peers for H.323 signaling in global configuration mode.
Configuration Examples
This section contains the following configuration examples:
•
•
•
Cisco 827-4V Router Configuration Example
The following is a configuration example for the Cisco 827-4V router portion of the voice network scenario. You do not have to enter the commands marked "default." These commands appear automatically in the file generated when you use the show running-config command.
!class-map voicematch access-group 101!route-map data permit 10set ip precedence routine!policy-map mypolicyclass voicepriority 176class class-defaultfair-queue 16 (default)!ip subnet-zero!gateway!interface Ethernet0ip address 20.20.20.20 255.255.255.0no ip directed-broadcast (default)ip route-cache policyip policy route-map data!interface ATM0ip address 10.10.10.20 255.255.255.0no ip directed-broadcast (default)no atm ilmi-keepalive (default)pvc 1/40service-policy output mypolicyprotocol ip 10.10.10.36 broadcastvbr-nrt 640 640 1! 640 is the maximum upstream rate of ADSLencapsulation aal5snap!bundle-enableh323-gateway voip interfaceh323-gateway voip id gk-twister ipaddr 172.17.1.1 1719h323-gateway voip h323-id gw-820h323-gateway voip tech-prefix 1#!router eigrp 100network 10.0.0.0network 20.0.0.0!ip classless (default)no ip http server!access-list 101 permit ip any any precedence critical(5)!line con 0exec-timeout 0 0transport input nonestopbits 1line vty 0 4login!!voice-port 1local-alerting!voice-port 2local-alerting!voice-port 3local-alerting!voice-port 4local-alerting!dial-peer voice 10 voipdestination-pattern .......ip precedence 5session target ras!dial-peer voice 1 potsdestination-pattern 4085258111port 1!dial-peer voice 2 potsdestination-pattern 14085258222port 2!dial-peer voice 3 potsdestination-pattern 14085258333port 3!dial-peer voice 4 potsdestination-pattern 14085258444port 4!endCisco 3640 Gateway Configuration Example
The following is a configuration example for the Cisco 3640 gateway portion of the voice network scenario. You do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!class-map voicematch access-group 101!policy-map mypolicyclass voicebandwidth 176class class-defaultfair-queue 16!ip subnet-zero!cns event-service server!voice-port 1/0/0!voice-port 1/0/1!voice-port 1/1/0!voice-port 1/1/1!dial-peer voice 10 voipdestination-pattern .......ip precedence 5session target ras!dial-peer voice 1 potsdestination-pattern 12125253111port 1/0/0!dial-peer voice 2 potsdestination-pattern 12125253222port 1/0/1!dial-peer voice 3 potsdestination-pattern 12125253333port 1/1/0!dial-peer voice 4 potsdestination-pattern 12125253444port 1/1/1!process-max-time 200gateway!interface Ethernet0/0ip address 172.17.1.36 255.255.255.0no ip directed-broadcasth323-gateway voip interfaceh323-gateway voip id gk-twister ipaddr 172.17.1.1 1719h323-gateway voip h323-id gw-3640h323-gateway voip tech-prefix 1#!interface ATM2/0ip address 10.10.10.36 255.255.255.0no ip directed-broadcastno atm ilmi-keepalivepvc 8/35service-policy output mypolicyprotocol ip 10.10.10.20 broadcastvbr-rt 1000 600 1encapsulation aal5snap!router eigrp 100network 10.0.0.0network 172.17.0.0!no ip classlessno ip http server!access-list 101 permit ip any any precedence critical (5)!line con 0exec-timeout 0 0transport input noneline aux 0line vty 0 4login!!endCisco 3640 Gatekeeper Configuration Example
The following is a configuration example for the H.323 gatekeeper portion of the voice network scenario. You do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
!class-map voicematch access-group 101!!policy-map mypolicyclass voicebandwidth 176class class-defaultfair-queue 16!ip subnet-zero!ip dvmrp route-limit 20000!process-max-time 200!interface Ethernet0/0ip address 172.28.9.83 255.255.255.0no ip directed-broadcast (default)!interface Ethernet0/1ip address 172.17.1.1 255.255.255.0no ip directed-broadcast (default)!router eigrp 100network 172.17.0.0!ip classless (default)no ip http server!!gatekeeperzone local gk-router router.cisco.com 172.17.1.1zone remote gk-sf1 cisco.com 179.15.2.2zone remote gk-sf2 lucent.com 180.4.0.1zone prefix gk-sf1 1415525....zone prefix gk-sf2 1415527....!line con 0exec-timeout 0 0transport input noneline aux 0line vty 0 4password lablogin!end
