Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Dial-on-Demand Routing (DDR)

Time-Based ISDN/Async (Legacy) DDR

Downloads

Document ID: 14961


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Background Information
Configure
      Network Diagram
      Configurations
Verify
Troubleshoot
      Troubleshooting Commands
Related Information

Introduction

This document provides a sample configuration for time-based ISDN/Async (legacy) Dial-on-Demand Routing (DDR).

Prerequisites

Requirements

To implement this configuration, you need the following:

  • The hostname of each side.

  • A password for Challenge Handshake Authentication Protocol (CHAP).

  • The IP addressing scheme (subnets and addresses).

  • Phone numbers to dial.

  • The time policy to be defined and a time range to be applied to the definition of interesting traffic.

Components Used

This document is based on the following software and hardware versions:

  • Cisco IOS® Software Release 12.0T

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Background Information

Time-based Access Control Lists (ACL) are used to implement time-based DDR. These ACLs help control dialing when they are used to define what traffic is interesting enough to cause or maintain a dial-up connection. This mechanism can be useful to control undesired dialing that could generate high charges by a telephone service provider. The definition of interesting traffic is part of the DDR feature present in Cisco IOS® Software. This feature is independent of the actual dial-up technology being used (ISDN or plain old telephone service [POTS]).

This sample configuration shows an example of time-based DDR applied to ISDN and async (POTS/modem) connections. For ISDN, HTTP traffic is considered uninteresting at all times and any other IP traffic is considered interesting during "open hours" as defined by the time range "only-during-open-hours." For async (POTS/modem) connections, broadcasts are only considered interesting during "open hours" and all other traffic is considered interesting at all times. Again, "open hours" is defined by user using the time range "only-during-open-hours."

The time policy used in this example starts January 1, 2001, and goes active weekdays between 7:30 a.m. and 6:30 p.m., Saturdays between 8:30 a.m. and 1:30 p.m., and Sundays between 8:30 a.m. and 6:30 p.m. Before January 1, 2001, the time range is inactive all days at all times.

These configurations were captured on a low-end platform; however, the concept can be easily applied to platforms with higher port density. In this particular case, the auxiliary port of the router is used for async (POTS/modem) dialing. The same async configuration can be applied to other access servers whether or not they have internal modems. Not all platforms maintain the correct time after reload. You may need to use Network Time Protocol (NTP) to guarantee that the date and time are correct even after reloading the router.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses this network setup:

tbddr.gif

In this setup, we configure all commands under the main bri and analog interfaces. However, it is also possible to use a dialer interface.

Configurations

This document uses these configurations:

Router 1

 
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router1
!
aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authentication ppp default local
enable password somethingSecret
!
username Router2 password 0 2easy2forget
ip subnet-zero
no ip domain-lookup
chat-script dial-out ABORT ERROR ABORT BUSY "" ATDT\T TIMEOUT 60 CONNECT \c
!
isdn switch-type basic-5ess
!
interface Ethernet0
 ip address 10.0.0.1 255.255.255.0
 no ip directed-broadcast
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface BRI0
 ip unnumbered Ethernet0
 no ip directed-broadcast
 encapsulation ppp
 dialer string 6665700
 dialer load-threshold 65 outbound
 dialer-group 1
 isdn switch-type basic-5ess
 ppp authentication chap
!
interface Async1
 ip unnumbered Ethernet0
 encapsulation ppp
 dialer in-band
 dialer string 7774500
 dialer-group 2
 ppp authentication chap
!
ip classless
ip route 10.0.0.0 255.0.0.0 BRI0
ip route 172.16.0.0 255.255.0.0 Async1
no ip http server
!
access-list 100 remark ACL for ISDN interesting traffic definition
access-list 100 deny   tcp any any eq www
access-list 100 permit ip any any time-range only-during-open-hours
access-list 101 remark ACL for Async interesting traffic definition
access-list 101 permit ip any host 255.255.255.255 
time-range only-during-open-hours
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit ip any any
dialer-list 1 protocol ip list 100
dialer-list 2 protocol ip list 101
!
!
line con 0
 login authentication CONSOLE
 transport input none
line aux 0
 script dialer dial-out
 modem InOut
 transport input all
 speed 38400
 flowcontrol hardware
line vty 0 4
!
time-range only-during-open-hours
 absolute start 00:00 01 January 2001
 periodic weekdays 7:30 to 18:30
 periodic Saturday 8:30 to 13:30
 periodic Sunday 8:30 to 18:30
!
end

Router 2

 
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router2
!
aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authentication ppp default local
enable password somethingSecret
!
username Router1 password 0 2easy2forget
ip subnet-zero
no ip domain-lookup
!
isdn switch-type basic-5ess
!
interface Ethernet0
 ip address 10.1.0.1 255.255.255.0
 no ip directed-broadcast
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface BRI0
 ip unnumbered Ethernet0
 no ip directed-broadcast
 dialer-group 1
 isdn switch-type basic-5ess
 ppp authentication chap
!
interface Async1
 ip unnumbered Ethernet0
 encapsulation ppp
 async mode dedicated
 ppp authentication chap
!
ip classless
no ip http server
!
dialer-list 1 protocol ip permit
!
!
line con 0
 login authentication CONSOLE
 transport input none
line aux 0
 modem InOut
 transport input all
 speed 38400
 flowcontrol hardware
line vty 0 4
!
end

Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

  • show isdn status—The status should be:

     
layer 1 = active 
layer 2 = MULTIPLE_FRAMES_ESTABLISHED

    If Layer 1 is not active, the wiring adapter or port may be bad or not plugged in. If Layer 2 is in a state of TEI_Assign, the router is not talking to the switch.

  • show user—To display async/ISDN users who are currently connected.

  • show user—To list all ACLs, show whether their entries are active, and show whether or not they have a time range associated with them.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

Note: Before issuing debug commands, refer to Important Information on Debug Commands.

  • debug isdn q931—To check ISDN connections as users dial in to see what is happening with the ISDN call (for example, whether the connection is being dropped).

  • debug ppp authentication—To check authentication.

  • debug ppp negotiation—To trace PPP negotiation and troubleshoot any negotiation problems between PPP peers.

  • debug dialer—To see when interesting traffic has been detected and when dialing is initiated.

  • debug chat—To monitor the execution of the chat script when async/POTS dialing is initiated.

  • debug modem—To display RS232 signal changes on the async port.

Related Information

Updated: Nov 15, 2007 Document ID: 14961