Table Of Contents
Cisco 827 Router Network Connections
Cisco 831 Router Virtual Private Network Connections
Cisco 836 or Cisco SOHO 96 Network Connection
Cisco 837 Router Network Connections
Before You Configure Your Internet Access Network
Replacing a Bridge or Modem with a Cisco 827 Router
Configuring the Virtual Private Dial-Up Network Group Number
Configuring the Dialer Interface
PPP over Ethernet with NAT Using a Dial-on-Demand PPP-over- Ethernet Connection
Configuring the Virtual Private Dial-Up Network Group Number
Configuring the Dialer Interface
Configuring the Ethernet interface
Configuring the Dialer Interface
Dial Backup Feature Limitations and Configuration
Cisco 836 and Cisco 837 Routers and Cisco SOHO 96 and Cisco SOHO 97 Routers
Cisco 831 and Cisco SOHO 91 Routers
Configuring Dial Backup and Remote Management for the Cisco 837 and Cisco SOHO 97 Routers
Configuring Dial Backup and Remote Management for the Cisco 836 and Cisco SOHO 96 Routers
PPP over ATM with Centrally Managed Addressing and with Dial Backup
Configuring Dial Backup and Remote Management for the Cisco 837 Router
Configuring Dial Backup and Remote Management for the Cisco 836 Router
Configuring the Cisco 836 Router's ISDN Settings
Configuring Dial Backup and Remote Management Settings
Configuring Floating Static Route
Configuring the Aggregator and ISDN Peer Router
Configuring Remote Management for the Cisco SOHO 97 Router
Configuring Dial Backup and Remote Management for Cisco 831 Router and Cisco SOHO 91 Router
Configuration Example for the Cisco 831 Router
Configuring Remote Management for the Cisco SOHO 91 Router
Configuring the Ethernet Interface
Dynamic Addressing Received via IPCP
Configuring the Central Cisco 3620
Configuring the Central RADIUS Server
RFC 1483 Encapsulation with NAT
Configuring the Ethernet Interface
Integrated Routing and Bridging
Configuring the Default Gateway
Configuring the Ethernet Interface and IRB
Concurrent Routing and Bridging
Specifying CRB and Configuring the Ethernet Interface
Configuring the ATM Interface and Subinterfaces
Configuring the POTS Dial Peers
Configuring VoIP Dial Peers for H.323 Signaling
Configuring the Class Map, Route Map, and Policy Map
Configuring the Ethernet Interface
Configuring the POTS Dial Peers
Configuring VoIP Dial Peers for H.323 Signaling
Cisco 827-4V Router Configuration Example
Cisco 3640 Gateway Configuration Example
Cisco 3640 Gatekeeper Configuration Example
Network Scenarios
This chapter includes some example network scenarios and their configurations using Cisco 827 and Cisco 827-4V routers and Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 routers. This chapter is useful if you are building a new network and want some guidance. Most of the lessons here can be applied as well to networks incorporating Cisco 826, Cisco 828, Cisco SOHO 76, Cisco SOHO 77, and/or Cisco SOHO 78 routers.
Note
To verify that a feature is compatible with your router, you can use the software advisor too.
If you already have a network set up and you want to add specific features, see "Basic Router Configuration" and "Advanced Router Configuration."
The following sections are included in this chapter:
•
•
•
•
Each scenario in this chapter is described with a network diagram and configuration network examples are provided as models after which you can pattern your network. They cannot, however, anticipate all of your network needs. You can choose not to use features presented in the examples or to add or substitute features that better suit your needs.
Cisco 827 Router Network Connections
Figure 2-1 illustrates an example network topology employing Cisco 827 routers connecting to the following:
•
•
•
•
Figure 2-1 Cisco 827 Routers Network Connections
In the example, Cisco 827 routers send data or voice packets from the remote user to the service provider or corporate network through a high-speed, point-to-multi-point asymmetric digital subscriber line (ADSL) technology.
Cisco 831 Router Virtual Private Network Connections
Figure 2-2 shows how a Cisco 831 router can be used in a Virtual Private Network (VPN). The Cisco 831 router is linked to the ISP via a digital subscriber line (DSL) or a cable modem. Security is provided via IP security (IPSec) configuration.
Figure 2-2 Cisco 831 Router Virtual Private Network
Cisco 836 or Cisco SOHO 96 Network Connection
Figure 2-3 shows an example of a network topology employing a Cisco 836 router or a Cisco SOHO 96 router connecting to the following:
•
•
•
•
•
Figure 2-3 Cisco 836 Router Network Connections
Cisco 837 Router Network Connections
Figure 2-4 shows an example of a network topology employing a Cisco 837 router connecting to the following:
•
•
•
•
•
Figure 2-4 Cisco 837 Router Network Connections
In the topology, Cisco 837 routers send data packets from the remote user to the service provider or corporate network through high-speed, point-to-multipoint ADSL technology.
Internet Access Scenarios
Each network access scenario is described with a network diagram, configuration steps for setting up the network, and an example configuration.
Before You Configure Your Internet Access Network
You need to gather the following information before configuring networks based on the Internet access scenarios:
•
•
•
•
Replacing a Bridge or Modem with a Cisco 827 Router
This scenario shows a remote user connected to the Internet. You may want to use a network similar to this one if you want to set up a minimal connection to the Internet and bridge it through the Cisco 827 routers.
This network replaces an Alcatel 1000 bridge or modem with a Cisco 827 or Cisco 827-4V router by using AAL5SNAP encapsulation and bridging (RFC 1483 bridge mode) on the ATM interface.
Figure 2-5 shows the network topology for this scenario.
Figure 2-5 Replacing a Bridge or Modem with a Cisco 827 Router
Small business or remote user, connecting to the network through a Cisco 827 or Cisco 827-4V router
The Internet
The Cisco 827 router is configured to act as a bridge on the WAN, so the data packets are bridged through the 6400 router onto the Internet. This network setup creates the simplicity of bridging data but also maintains router control. This network is very simple but limits more complex services such as stopping broadcast traffic. If you want more services available on your network, you may want to consider Scenario 2 or 3.
Configuring the Scenario
Note
This scenario includes configuration tasks and a configuration example. To add additional features to this network, see "Basic Router Configuration," and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see "Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Follow the steps below to replace a bridge or modem with the Cisco 827 router, beginning in global configuration mode. Each step includes the same values that are shown in the bridging configuration example at the end of this section.
Configuration Example
The following is a configuration example for this network scenario. You do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
no ip routing!interface Ethernet0no ip addressno ip directed-broadcast (default)bridge-group 1!interface ATM0no ip addressno ip directed-broadcast (default)pvc 8/35encapsulation aal5snap!bridge-group 1!ip classless (default)!bridge 1 protocol ieee!endPPP over Ethernet with NAT
The Cisco 837 and SOHO 97 routers support a PPP-over-Ethernet (PPPoE) client, with Network Addressing Translation (NAT) and with multiple PCs on the LAN. Figure 2-6 shows a typical deployment scenario for PPPoE support.
Figure 2-6 PPPoE Deployment Scenario
A PPPoE session is initiated on the client side by the Cisco 837 or SOHO 97 router. If the session has a timeout, or if the session is disconnected, the PPPoE client immediately attempts to reestablish the session.
This section covers the following topics:
•
•
•
Configuring the Virtual Private Dial-Up Network Group Number
Follow the steps below to configure a virtual private dial-up network (VPDN), starting in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring the Dialer Interface
Follow the steps below to configure the dialer interface, starting in global configuration mode.
If you enter the clear vpdn tunnel pppoe command with a PPPoE client session already established, the PPPoE client session terminates, and the PPPoE client immediately tries to reestablish the session.
Configuration Example
The following example shows a configuration of a PPPoE client.
vpdn enablevpdn-group 1request-dialinprotocol pppoe!interface atm0no ip addressno atm ilmi-keepalivepvc 1/100pppoe-client dial-pool-number 1!interface dialer 1ip address negotiatedppp authentication chapdialer pool 1dialer-group 1!dialer-list 1 protocol ip permitPPP over Ethernet with NAT Using a Dial-on-Demand PPP-over- Ethernet Connection
The Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 routers support a PPP-over-Ethernet (PPPoE) client, using a dial-on-demand PPP-over-Ethernet connection. For deployment scenario, see Figure 2-6.
Configuring the Virtual Private Dial-Up Network Group Number
Complete the following tasks to configure a VPDN, starting in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring the Dialer Interface
Follow the steps below to configure the dialer interface, starting in global configuration mode.
If you enter the clear vpdn tunnel pppoe command with a PPPoE client session already established, the PPPoE client session terminates, and the PPPoE client immediately tries to reestablish the session.
Configuration Example
The following example shows a configuration of a PPPoE client.
interface Ethernet0no ip addressip tcp adjust-mss 1400no keepalivehold-queue 100 out!vpdn enablevpdn-group 1request-dialinprotocol pppoe!interface atm0no ip addressno atm ilmi-keepalivepvc 1/100pppoe-client dial-pool-number 1 dial-on-demand!interface dialer 1ip address negotiatedppp authentication chapdialer pool 1dialer-group 1!dialer-list 1 protocol ip permitPPP over ATM with NAT
This network shows a user connected to the Internet through PPP over ATM and one static IP address. You may want to use this scenario in your network if you want to access the network with ATM support at the endpoints. PPP over ATM provides a network solution with simplified address handling and gives straight user verification as you would get in a dial network.
Figure 2-7 shows the network topology for this scenario.
Figure 2-7 PPP over ATM with NAT
Small business or remote user
PPP over ATM PVC 8/35
Connection to Ethernet 0 address 192.168.1.1/24 through a dialer interface
The Internet
In this scenario, the small business or remote user on the Ethernet LAN can connect to the Internet through ADSL. The Ethernet interface carries the data packet through the LAN and offloads it to the PPP connection on the ATM interface. The dialer interface is used to connect to the Internet or the corporate office. The number of ATM PVCs is set by default.
NAT (represented as the dashed line at the edge of the 827 routers) signifies two addressing domains and the inside source address. The source list defines how the packet travels through the network.
The following configuration topics are covered in this section:
•
•
•
To add additional features to this network, see"Basic Router Configuration" and "Advanced Router Configuration."
After configuring your router, you need to configure the PVC endpoint. For a general configuration example, see"Cisco 3640 Gateway Configuration Example" at the end of this chapter.
Configuring the Ethernet interface
Follow the steps below to configure the Ethernet interface, beginning in global configuration mode.
Configuring the Dialer Interface
Follow the steps below to configure the dialer interface, beginning in global configuration mode.
Configuring the ATM Interface
Follow the steps below to configure the ATM interface, beginning in global configuration mode.
Configuring NAT
Follow the steps below to configure NAT, beginning in global configuration mode.
Configuration Example
In the following configuration example, you do not have to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
interface Ethernet0ip address 192.168.1.1 255.255.255.0no ip directed-broadcast (default)ip nat inside!interface ATM0no ip addressno ip directed-broadcast (default)ip nat outsideno atm ilmi-keepalive (default)pvc 8/35encapsulation aal5mux ppp dialerdialer pool-member 1!bundle-enable!interface Dialer0ip address negotiatedno ip directed-broadcast (default)ip nat outsideencapsulation pppdialer pool 1!ip nat inside source list 1 interface Dialer0 overloadip classless (default)ip route 0.0.0.0 0.0.0.0 Dialer 0 (default gateway)!access-list 1 permit 192.168.1.0 0.0.0.255!endConfiguring Dial Backup
By allowing you to configure a backup modem line connection, dial backup provides protection against WAN downtime. Dial backup is inactive until it is configured. On Cisco 831, Cisco 837, Cisco SOHO 91, and Cisco SOHO 97 routers, both the console port and the auxiliary port in the Cisco IOS software configuration are on the same physical RJ-45 port. Therefore, both ports cannot be activated simultaneously, and the command-line interface (CLI) must be used to enable or disable either one.
Like the Cisco 831 and Cisco 837 routers and the Cisco SOHO 91 and Cisco SOHO 97 routers, the Cisco 836 router supports dial-in (for remote management) and dial-out (for dial backup) capabilities across the ISDN interface. The Cisco SOHO 96 router supports only the dial-in feature. Unlike the Cisco 831 and Cisco 837 routers and the Cisco SOHO 91 and Cisco SOHO 97 routers, the dial backup and remote management functions are configured on the Cisco 836 and Cisco SOHO 96 routers through the router's ISDN S/T port.
Note
Dial Backup Feature Limitations and Configuration
This section discusses the limitations and configuration of the dial backup feature on the Cisco 831, Cisco 836, and Cisco 837 routers and the Cisco SOHO 91, Cisco SOHO 96, and Cisco SOHO 97 routers.
Cisco 836 and Cisco 837 Routers and Cisco SOHO 96 and Cisco SOHO 97 Routers
The following can be used to bring up the dial backup feature in the Cisco IOS software for the Cisco 836 and Cisco 837 routers and the Cisco SOHO 96 and Cisco SOHO 97 routers:
Backup Interfaces
When the device receives an indication that the primary line is down, the backup interface is brought up. You can configure the backup interface to go down (after a specified time) when the primary connection is restored.
The dial-on-demand routing (DDR) backup call is triggered by traffic of interest. Even if the backup interface comes out of standby mode, the router will not trigger the backup call unless it receives traffic of interest for that backup interface.
Floating Static Routes
Floating static routes depend on traffic of interest to trigger the DDR backup call. The router does not actually trigger the backup call unless it receives traffic of interest for that backup interface, even if the router installs the floating static route in the route table.
Floating static routes are independent of line protocol status. This is an important consideration on Frame Relay circuits wherein line protocol may not go down if the data-link connection identifier (DLCI) is inactive. Floating static routes are also encapsulation independent.
Note
Dialer Watch
Only the Extended Interior Gateway Routing Protocol (EIGRP) link-state dynamic routing protocols are supported.
There is a bottleneck in supporting bridging over console backup interfaces because bridging is not supported over slower interfaces such as console ports or auxiliary ports.
In the Cisco 836 and Cisco 837 routers, the dial backup feature is supported for the encapsulations identified in Table 2-1.
Cisco 831 and Cisco SOHO 91 Routers
Support for the dial backup feature on the Cisco 831 router is limited because the Ethernet WAN interface is always up, even when ISP connectivity is down across the modem connected to the Cisco 831 router. Support for dial backup is possible only for the PPPoE environment. The only way to bring up the backup interface is to simultaneously use the dialer watch feature. You also need to add the IP addresses of the peer in the dialer watch command and in the static route command to enable the dial backup when primary line goes down.
For the Cisco SOHO 91 router, only dial-in capability is supported.
Table 2-2 shows the encapsulation types supported by the Cisco 831 router dial backup.
Configuring Dial Backup and Remote Management for the Cisco 837 and Cisco SOHO 97 Routers
Figure 2-8 shows how dial backup and remote management work in a network system when the primary line goes down.
Figure 2-8 Cisco 837 Router Dial Backup and Remote Management
Configuring Dial Backup and Remote Management for the Cisco 836 and Cisco SOHO 96 Routers
Figure 2-9 and Figure 2-10 show how dial backup and remote management work in a network system when the primary line goes down. Two scenarios are typical applications of the Cisco 836 and the Cisco SOHO 96 routers. In Figure 4-9, the dial backup link goes through CPE splitter, DSLAM, and CO splitter before connecting to the ISDN switch. In Figure 4-10, the dial backup link goes directly from the Cisco 836 router to the ISDN switch.
Figure 2-9 Cisco 836 Router Dial Backup and Remote Management—Dial Backup Through CPE Splitter, DSLAM, and CO Splitter
Figure 2-10 Cisco 836 Router Dial Backup and Remote Management—Dial Backup Directly from Router to ISDN Switch
PPP over ATM with Centrally Managed Addressing and with Dial Backup
When customer premises equipment such as a Cisco 837 router is connected to an ISP, an IP address is dynamically assigned to the router, or the IP address may be assigned by its peer through the centrally managed function. The dial backup feature can be added to provide a failover route in case the primary line fails.
Configuring Dial Backup and Remote Management for the Cisco 837 Router
Follow the steps below to configure dial backup and remote management for the Cisco 837 router.
Configuration Example
The following configuration example for a Cisco 837 router specifies an IP address for the ATM interface via PPP/IPCP address negotiation and dial backup over the console port.
!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Router!memory-size iomem 20enable password cisco!ip subnet-zeroip name-server 206.13.28.12ip name-server 206.13.31.12ip name-server 63.203.35.55ip dhcp excluded-address 192.168.1.1!ip dhcp pool 1import allnetwork 192.168.1.0 255.255.255.0default-router 192.168.1.1!ip audit notify logip audit po max-events 100vpdn enable!vpdn-group 1request-dialinprotocol pppoe!! Need to use your own correct ISP phone numbermodemcap entry MY-USER_MODEM:MSC=&F1S0=1chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT 5555102\T"TIMEOUT 45 CONNECT \c!!!!interface Ethernet0ip address 192.168.1.1 255.255.255.0ip nat insideip tcp adjust-mss 1452hold-queue 100 out!interface ATM0mtu 1492no ip addressno atm ilmi-keepalivepvc 0/35pppoe-client dial-pool-number 1!dsl operating-mode auto!!Dial backup and remote management physical interfaceinterface Async1no ip addressencapsulation pppdialer in-banddialer pool-member 3async default routingasync dynamic routingasync mode dedicatedppp authentication pap callin!! Primary wan linkinterface Dialer1ip address negotiatedip nat outsideencapsulation pppdialer pool 1ppp authentication pap callinppp pap sent-username account password 7 passppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! Dialer backup logical interfaceinterface Dialer3ip address negotiatedip nat outsideencapsulation pppno ip route-cacheno ip mroute-cachedialer pool 3dialer idle-timeout 60dialer string 5555102 modem-script Dialoutdialer watch-group 1!! Remote management PC ip addresspeer default ip address 192.168.2.2no cdp enable!! Need to use your own ISP account and passwordppp pap sent-username account password 7 passppp ipcp dns requestppp ipcp wins requestppp ipcp mask request!! IP NAT over Dialer interface using route-mapip nat inside source route-map main interface Dialer1 overloadip nat inside source route-map secondary interface Dialer3 overloadip classless!! When primary link is up again, distance 50 will override 80 if dial backup hasn't timeout
