DDR Hubs Configuration Task Flow
Before you configure DDR, make sure you have completed the preparations for bridging or routing as described in the chapter “Preparing to Configure DDR” in this publication. That chapter provides information about the minimal requirements. For detailed information about bridging, routing, and wide-area networking configurations, see the appropriate chapters in other volumes of this documentation set.
When you configure DDR on a hub interface in a hub-and-spoke topology, you perform the following general steps:
Step 1 Specify the interface that will place calls to or receive calls from multiple sites. (See the chapter “Configuring Legacy DDR Spokes” in this publication for information about configuring an interface to place calls to or receive calls from one site only.)
Step 2 Enable DDR on the interface. This step is not required for some interfaces; for example, ISDN interfaces and passive interfaces that receive only from data terminal ready (DTR)-dialing interfaces.
Step 3 Configure the interface to receive calls only, if applicable. Receiving calls from multiple sites requires each inbound call to be authenticated.
Step 4 Configure the interface to place calls only, if applicable.
Step 5 Configure the interface to place and receive calls, if applicable.
Step 6 If the interface will place calls, specify access control for the following:
- Transparent bridging—Assign the interface to a bridge group, and define dialer lists associated with the bridging access lists. The interface switches between members of the same bridge group, and dialer lists specify which packets can trigger calls.
or
- Routed protocols—Define dialer lists associated with the protocol access lists to specify which packets can trigger calls.
Step 7 Customize the interface settings (timers, interface priority, hold queues, bandwidth on demand, and disabling fast switching) as needed.
When you have configured the interface and it is operational, you can monitor its performance and its connections as described in the “Monitoring DDR Connections” section later in this chapter.
You can also enhance DDR by configuring Multilink PPP and configuring PPP callback. The PPP configuration tasks are described in the chapter “Configuring Media-Independent PPP and Multilink PPP” in this publication.
See the section “Configuration Examples for Legacy DDR Hub” at the end of this chapter for examples of how to configure DDR on your network.
How to Configure DDR
To configure DDR on an interface, perform the tasks in the following sections. The first five bulleted items are required. The remaining tasks are not absolutely required, but might be necessary in your networking environment.
See the section “Monitoring DDR Connections” later in this chapter for commands and other information about monitoring DDR connections. See the section “Configuration Examples for Legacy DDR Hub” at the end of this chapter for ideas about how to implement DDR in your network.
Specifying the Interface
You can configure any asynchronous, synchronous serial, ISDN, or dialer interface for legacy DDR.
Note When you specify an interface, make sure to use the interface numbering scheme supported on the network interface module or other port hardware on the router. On the Cisco 7200 series router, for example, you specify an interface by indicating its type, slot number, and port number.
To specify an interface to configure for DDR, use one of the following commands in global configuration mode:
|
|
Router(config)# interface async number Router(config)# interface serial number Router(config)# interface bri number or Router(config)# interface serial slot / port :23 Router(config)# interface serial slot / port :15 or Router(config)# interface dialer number |
Specifies an interface to configure for DDR. Specifies an ISDN PRI D channel (T1). Specifies an ISDN PRI D channel (E1). Specifies a logical interface to function as a dialer rotary group leader. |
Dialer interfaces are logical or virtual entities, but they use physical interfaces to place or receive calls.
Enabling DDR on the Interface
This task is required for asynchronous serial, synchronous serial, and logical dialer interfaces.
This task is not required for ISDN interfaces (BRI interfaces and ISDN PRI D channels) and for purely passive interfaces that will receive calls only from interfaces that use DTR dialing.
Enabling DDR on an interface usually requires you to specify the type of dialer to be used. This task is not required for ISDN interfaces because the software automatically configures ISDN interfaces to be dialer type ISDN.
To enable DDR on the interface, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer in-band [ no-parity | odd-parity ] |
Enables DDR on an asynchronous interface or a synchronous serial interface using V.25 bis modems. |
You can optionally specify parity if the modem on this interface uses the V.25 bis command set. The 1984 version of the V.25 bis specification states that characters must have odd parity. However, the default for the dialer in-band command is no parity.
Configuring the Interface to Place Calls Only
To configure an interface to place calls to multiple destinations, perform the following tasks. The first task is required for all interface types. The second task is required only if you specified a dialer interface.
Defining the Dialing Destination
For calling multiple sites, an interface or dialer rotary group must be configured to map each next hop protocol address to the dial string (some form of a telephone number) used to reach it.
To define each dialing destination, use one of the following commands in interface configuration mode:
|
|
Router(config-if)# dialer map protocol next-hop-address dial-string [: isdn-subaddress ] |
Defines a dialing destination for a synchronous serial interface or a dialer interface. |
Router(config-if)# dialer map protocol next-hop-address [ spc ] [ speed 56 | 64 ] [ broadcast ] [ dial-string [ : isdn-subaddress ]] |
Defines a dialing destination for an ISDN interface (including an ISDN PRI D channel). |
Router(config-if)# dialer map protocol next-hop-address [ modem-script modem-regexp ] [ system-script system-regexp ] dial-string [: isdn-subaddress ] |
Defines a dialing destination for an asynchronous interface. If a modem dialing chat script has not been assigned to the line or a system login chat script must be specified, defines both a dialing destination and the chat scripts to use. |
Repeat this task as many times as needed to ensure that all dialing destinations are reachable via some next hop address and dialed number.
If you intend to send traffic over other types of networks, see one of the following sections later in this chapter: “Configuring the Interface for Sending Traffic over a Frame Relay Network,” “Configuring the Interface for Sending Traffic over an X.25 Network,” or “Configuring the Interface for Sending Traffic over a LAPB Network.”
Specifying a Physical Interface to Use and Assigning It to a Dialer Rotary Group
This section applies only if you specified a dialer interface to configure for DDR.
To assign a physical interface to a dialer rotary group, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# interface serial number or Router(config)# interface async number |
Specifies a physical interface to use and begins interface configuration mode. |
Step 2 |
Router(config-if)# dialer rotary-group number |
Assigns the specified physical interface to a dialer rotary group. |
Repeat these two steps for each physical interface to be used by the dialer interface.
An ISDN BRI is a rotary group of B channels. An ISDN interface can be part of a rotary group comprising other interfaces (synchronous, asynchronous, ISDN BRI, or ISDN PRI). However, Cisco supports at most one level of recursion; that is, a rotary of rotaries is acceptable, but a rotary of rotaries of rotaries is not supported.
Interfaces in a dialer rotary group do not have individual addresses; when the interface is being used for dialing, it inherits the parameters configured for the dialer interface. However, if the individual interface is configured with an address and it is subsequently used to establish a connection from the user EXEC level, the individual interface address again applies.
Note When you look at your configuration file, commands will not appear in the order in which you entered them. You will also see interface configuration commands that you did not enter, because each interface assigned to a dialer rotary group inherits the parameters of the dialer interface in the dialer rotary group.
Figure 1 illustrates how dialer interfaces work. In this configuration, serial interfaces 1, 2, and 3 are assigned to dialer rotary group 1 and thereby take on the parameters configured for dialer interface 1. When it is used for dialing, the IP address of serial interface 2 is the same as the address of the dialer interface, 172.18.1.1.
Figure 1 Sample Dialer Interface Configuration
Configuring the Interface to Receive Calls Only
Once DDR is enabled on an asynchronous serial, synchronous serial, and ISDN interface, the interface can receive calls from multiple sites using one line or multiple lines. However, interfaces that receive calls from multiple sites require authentication of the remote sites. In addition, dialer interfaces require at least one physical interface to be specified and added to the dialer rotary group. The tasks in the following sections describe how to configuration authentication:
or
Configuring the Interface for TACACS+
To configure TACACS as an alternative to host authentication, use one of the following commands in interface configuration mode:
|
|
Router(config-if)# ppp use-tacacs [ single-line ] or Router(config-if)# aaa authentication ppp |
Configures TACACS. |
Use the ppp use-tacacs command with TACACS and extended TACACS. Use the aaa authentication ppp command with authentication, authorization, and accounting (AAA)/TACACS+.
Configuring the Interface for PPP Authentication
This section specifies the minimum required configuration for PPP Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) authentication. For more detailed information, see the chapter “Configuring Media-Independent PPP and Multilink PPP” in this publication.
To use CHAP or PAP authentication, perform the following steps beginning in interface configuration mode:
Note After you have enabled one of these protocols, the local router or access server requires authentication of the remote devices that are calling. If the remote device does not support the enabled authentication protocol, no traffic will be passed to that device.
1. For CHAP, configure host name authentication and the secret or password for each remote system with which authentication is required.
2. Map the protocol address to the name of the host calling in.
To enable PPP encapsulation, use the following commands beginning in interface configuration mode:
|
|
|
Step 1 |
Router(config-if)# encapsulation ppp |
Enables PPP on an interface. |
Step 2 |
Router(config-if)# ppp authentication chap [ if-needed ] or Router(config-if)# ppp authentication pap |
Enables CHAP on an interface. Enables PAP on an interface. |
Step 3 |
Router(config-if)# dialer map protocol next-hop-address name hostname |
For any host calling in to the local router or access server, maps its host name (case-sensitive) to the next hop address used to reach it. Repeat this step for each host calling in to this interface. |
Step 4 |
Router(config-if)# exit |
Returns to global configuration mode. |
Step 5 |
Router(config)# username name [ user-maxlinks link-number ] password secret |
Specifies the password to be used in CHAP caller identification. Optionally, you can specify the maximum number of connections a user can establish. To use the user-maxlinks keyword, you must also use the aaa authorization network default local command, and PPP encapsulation and name authentication on all the interfaces the user will be accessing. Repeat this step to add a username entry for each remote system from which the local router or access server requires authentication. |
Specifying Physical Interfaces and Assigning Them to the Dialer Rotary Group
To assign a physical interface to a dialer rotary group, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# interface serial number or Router(config)# interface async number |
Specifies a physical interface to use and begins interface configuration mode. |
Step 2 |
Router(config-if)# dialer rotary-group number |
Assigns the specified physical interface to a dialer rotary group. |
Repeat these two steps for each physical interface to be used by the dialer interface.
Configuring the Interface to Place and Receive Calls
You can configure an physical interface or dialer interface to both place and receive calls. For placing calls, the interface must be configured to map each next hop address to the telephone number to dial. For receiving calls from multiple sites, the interface must be configured to authenticate callers.
Figure 2 shows a configuration in which the central site is calling and receiving calls from multiple sites. In this configuration, multiple sites are calling in to a central site, and the central site might be calling one or more of the remote sites.
Figure 2 Hub-and-Spoke Configuration Using DDR
To configure a single line, multiple lines, or a dialer interface to place calls to and receive calls from multiple sites, perform the tasks in the following section:
If you intend to send traffic over other types of networks, see one of the following sections later in this chapter: “Configuring the Interface for Sending Traffic over a Frame Relay Network,” “Configuring the Interface for Sending Traffic over an X.25 Network,” or “Configuring the Interface for Sending Traffic over a LAPB Network.”
Defining One or More Dialing Destinations
For calling multiple sites, an interface or dialer rotary group must be configured to map each next hop protocol address to the dial string (some form of a telephone number) used to reach it.
To define each dialing destination, use one of the following commands in interface configuration mode:
|
|
Router(config-if)# dialer string dial-string [: isdn-subaddress ] |
Defines only one dialing destination (used to configure one phone number on multiple lines only). |
Router(config-if)# dialer map protocol next-hop-address dial-string [ : isdn-subaddress ] |
Defines one of several dialing destinations for a synchronous serial interface or a dialer interface. |
Router(config-if)# dialer map protocol next-hop-address [ spc ] [ speed 56 | 64 ][ broadcast ] [ dial-string [ : isdn-subaddress ]] |
Defines one of several dialing destinations for an ISDN interface (including an ISDN PRI D channel). |
Router(config-if)# dialer map protocol next-hop-address [ modem-script modem-regexp ] [ system-script system-regexp ] dial-string [ : isdn-subaddress ] |
Defines one of several dialing destinations for an asynchronous interface. If a modem dialing chat script has not been assigned to the line or a system login chat script must be specified, define both a dialing destination and the chat scripts to use. |
Repeat this task as many times as needed to ensure that all dialing destinations are reachable via some next hop address and dialed number.
Defining the Traffic to Be Authenticated
Calls from the multiple sites must be authenticated. Authentication can be done through CHAP or PAP. In addition, the interface must be configured to map the protocol address of a host to the name to use for authenticating the remote host.
To enable CHAP or PAP on an interface and authenticate sites that are calling in, use the following commands in interface configuration mode:
|
|
|
Step 1 |
Router(config-if)# encapsulation ppp |
Configures an interface for PPP encapsulation. |
Step 2 |
Router(config-if)# ppp authentication chap [ if-needed ] or Router(config-if)# ppp authentication pap [ if-needed ] |
Enables CHAP.
Enables PAP. |
Step 3 |
Router(config-if)# dialer map protocol next-hop-address name hostname [ modem-script modem-regexp ] [ system-script system-regexp ] [ dial-string [ : isdn-subaddress ]] |
Maps the protocol address to a host name. |
If the dial string is not used, the interface will be able to receive calls from the host, but will not be able to place calls to the host.
Repeat this task for each site from which the router will receive calls.
Configuring Access Control for Outgoing Calls
Protocol access lists and dialer access lists are central to the operation of DDR. In general, access lists are used as the screening criteria for determining when to initiate DDR calls. All packets are tested against the dialer access list. Packets that match a permit entry are deemed interesting or packets of interest. Packets that do not match a permit entry or that do match a deny entry are deemed uninteresting. When a packet is found to be interesting, either the dialer idle timer is reset (if the line is active) or a connection is attempted (assuming the line is available but not active). If a tested packet is deemed uninteresting, it will be forwarded if it is intended for a destination known to be on a specific interface and the link is active. However, such a packet will not initiate a DDR call and will not reset the idle timer.
Configuring Access Control for Bridging
When you completed preparations for bridging over DDR, you entered global access lists to specify the protocol packets to be permitted or denied, and global dialer lists to specify which access list to use and which dialer group will place the outgoing calls.
Now you must tie those global lists to an interface configured for DDR. You do this by assigning selected interfaces to a bridge group. Because packets are bridged only among interfaces that belong to the same bridge group, you need to assign this interface and others to the same bridge group.
To assign an interface to a bridge group, use the following command in interface configuration mode:
|
|
Router(config-if)# bridge-group bridge-group |
Assigns the specified interface to a bridge group. |
For examples of bridging over DDR, see the “Transparent Bridging over DDR Examples” section later in this chapter.
Configuring Access Control for Routing
Before you perform the tasks outlined in this section, you should have completed the preparations for routing a protocol over DDR as described briefly in the chapter “Preparing to Configure DDR” in this publication and as described in greater detail in the appropriate network protocols configuration guide (for example, the Cisco IOS AppleTalk and Novell IPX Configuration Guide).
An interface can be associated only with a single dialer access group; multiple dialer access group assignments are not allowed. To specify the dialer access group to which you want to assign an access list, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer-group group-number |
Specifies the number of the dialer access group to which the specific interface belongs. |
Customizing the Interface Settings
To customize DDR in your network, perform the tasks in the following sections as needed:
Configuring Timers on the DDR Interface
To configure DDR interface timers, perform the tasks in the following sections as needed:
Setting Line-Idle Time
To specify the amount of time for which a line will stay idle before it is disconnected, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer idle-timeout seconds |
Sets line-idle time. |
Setting Idle Time for Busy Interfaces
The dialer fast idle timer is activated if there is contention for a line. Contention occurs when a line is in use, a packet for a different next hop address is received, and the busy line is required to send the competing packet.
If the line has been idle for the configured amount of time, the current call is disconnected immediately and the new call is placed. If the line has not yet been idle as long as the fast idle timeout period, the packet is dropped because the destination is unreachable. (After the packet is dropped, the fast idle timer remains active and the current call is disconnected as soon as it has been idle for as long as the fast idle timeout). If, in the meantime, another packet is sent to the currently connected destination, and it is classified as interesting, the fast-idle timer is restarted.
To specify the amount of time for which a line for which there is contention will stay idle before the line is disconnected and the competing call is placed, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer fast-idle seconds |
Sets idle time for high traffic lines. |
This command applies to both inbound and outbound calls.
Setting Line-Down Time
To set the length of time for which the interface stays down before it is available to dial again after a line is disconnected or fails, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer enable-timeout s econds |
Sets the interface downtime. |
This command applies to both inbound and outbound calls.
Setting Carrier-Wait Time
To set the length of time for which an interface waits for the telephone service (carrier), use the following command in interface configuration mode:
|
|
Router(config-if)# dialer wait-for-carrier-time seconds |
Sets the length of for which time the interface waits for the carrier to come up when a call is placed. |
For asynchronous interfaces, this command sets the total time to wait for a call to connect. This time is set to allow for running the chat script.
Setting Dialer Interface Priority
You can assign dialer priority to an interface. Priority indicates which interface in a dialer rotary group will get used first. To assign priority to a dialer interface, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer priority number |
Specifies which dialer interfaces will be used first. |
For example, you might give one interface in a dialer rotary group higher priority than another if it is attached to a faster, more reliable modem. In this way, the higher-priority interface will be used as often as possible.
The range of values for number is 0 through 255. Zero is the default value and lowest priority; 255 is the highest priority. This command applies to outgoing calls only.
Configuring a Dialer Hold Queue
Sometimes packets destined for a remote router are discarded because no connection exists. Establishing a connection using an analog modem can take time, during which packets are discarded. However, configuring a dialer hold queue will allow interesting outgoing packets to be queued and sent as soon as the modem connection is established.
A dialer hold queue can be configured on any type of dialer, including in-band synchronous, asynchronous, DTR, and ISDN dialers. Also, hunt group leaders can be configured with a dialer hold queue. If a hunt group leader (of a rotary dialing group) is configured with a hold queue, all members of the group will be configured with a dialer hold queue and no hold queue for an individual member can be altered.
To establish a dialer hold queue, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer hold-queue packets |
Creates a dialer hold queue and specifies the number of packets to be held in it. |
As many as 100 packets can be held in an outgoing dialer hold queue.
Configuring Bandwidth on Demand
You can configure a dialer rotary group to use additional bandwidth by placing additional calls to a single destination if the load for the interface exceeds a specified weighted value. Parallel communication links are established based on traffic load. The number of parallel links that can be established to one location is not limited.
To set the dialer load threshold for bandwidth on demand, use the following command in interface configuration mode:
|
|
Router(config-if)# dialer load-threshold load |
Configures the dialer rotary group to place additional calls to a destination, as indicated by interface load. |
Once multiple links are established, they are still governed by the load threshold. If the total load falls below the threshold, an idle link will be torn down.
Disabling and Reenabling DDR Fast Switching
Fast switching is enabled by default on all DDR interfaces. When fast switching is enabled or disabled on an ISDN D channel, it is enabled or disabled on all B channels. When fast switching is enabled or disabled on a dialer interface, it is enabled or disabled on all rotary group members but cannot be enabled or disabled on the serial interfaces individually.
Fast switching can be disabled and re-enabled on a protocol-by-protocol basis. To disable fast switching and re-enable it, use one of the following protocol-specific commands in interface configuration mode:
|
|
Router(config-if)# no ip route-cache Router(config-if)# ip route cache Router(config-if)# no ip route-cache distributed Router(config-if)# ip route-cache distributed |
Disables IP fast switching over a DDR interface. Reenables IP fast switching over a DDR interface. Disables distributed IP fast switching over a DDR interface. This feature works in Cisco 7500 routers with a Versatile Interface Processor (VIP) card. Enables distributed IP fast switching over a DDR interface. This feature works in Cisco 7500 routers with a VIP card. |
Router(config-if)# no ipx route-cache Router(config-if)# ipx route-cache |
Disables IPX fast switching over a DDR interface. Reenables IPX fast switching over a DDR interface. |
Configuring Dialer Redial Options
By default, the Cisco IOS software generates a single dial attempt for each interesting packet. Dialer redial allows the dialer to be configured to make a maximum number of redial attempts if the first dial-out attempt fails, wait a specific interval between redial attempts, and disable the interface for a specified duration if all redial attempts fail. New dialout attempts will not be initiated if a redial is pending to the same destination.
To configure redial options, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# interface dialer |
Enters interface configuration mode. |
Step 2 |
Router(config-if)# dialer redial interval time attempts number re-enable disable-time |
Configures redial options on the router. |
Sending Traffic over Frame Relay, X.25, or LAPB Networks
An interface configured for DDR can send traffic over networks that require Link Access Procedure, Balanced (LAPB), X.25, or Frame Relay encapsulation.
Before Cisco IOS software Release 12.0(6)T, encapsulation techniques such as Frame Relay, High-Level Data Link Control (HDLC), LAPB-TA, and X.25 could support only one ISDN B-channel connection over the entire link. HDLC and PPP could support multiple B channels, but the entire ISDN link needed to use the same encapsulation. Dynamic multiple encapsulations allow incoming calls over ISDN to be assigned encapsulation type based on calling line identification (CLID) or Dialed Number Identification Service (DNIS). With dynamic multiple encapsulations, once CLID binding is completed, the topmost interface is always used for all configuration and data structures. The ISDN B channel becomes a forwarding device, and the configuration on the D channel is ignored, thereby allowing the different encapsulation types and per-user configurations.
To configure an interface for those networks, perform the tasks in the following sections:
Configuring the Interface for Sending Traffic over a Frame Relay Network
Access to Frame Relay networks is now available through dialup connections and leased lines. Dialup connectivity allows Frame Relay networks to be extended to sites that do not generate enough traffic to justify leased lines, and also allows a Frame Relay network to back up another network or point-to-point line.
DDR over Frame Relay is supported for synchronous serial and ISDN interfaces and for rotary groups, and is available for in-band, DTR, and ISDN dialers.
Frame Relay supports multiple permanent virtual circuit (PVC) connections over the same serial interface or ISDN B channel, but only one physical interface can be used (dialed, connected, and active) in a rotary group or with ISDN.
Dynamic multiple encapsulations support the following Frame Relay features:
- Frame Relay RTP Header Compression (RFC 1889)
- Frame Relay TCP/IP Header Compression
- Legacy DDR over Frame Relay
- Frame Relay Interface/Subinterface Backup
Dynamic multiple encapsulations support at least four Frame Relay PVCs on either dialer interfaces or dialer subinterfaces.
Note Frame Relay encapsulations in the dynamic multiple encapsulations feature do not support IETF or Cisco Encapsulation for IBM Systems Network Architecture (SNA). Frame Relay for SNA support is not applicable.
Configuration Restrictions
The following restrictions apply to DDR used over Frame Relay:
- Frame Relay is not available for asynchronous dialers.
- The Frame Relay dynamic multiple encapsulations does not provide bidirectional support.
- With the dynamic multiple encapsulations, there is no process switching for Frame Relay packets; these packets are always fast switched.
- Like HDLC, LAPB, X.25 and Frame Relay do not provide authentication. However, ISDN dialers can offer some authentication through the caller ID feature.
- Only one ISDN B channel can be dialed at any one time. When configuring a rotary group, you can use only one serial interface.
Note Frame Relay subinterfaces work the same on dialup connections as they do on leased lines.
Configuration Overview
No new commands are required to support DDR over Frame Relay. In general, you configure Frame Relay and configure DDR. In general, to configure an interface for DDR over Frame Relay, perform the following tasks:
- Specify the interface.
- Specify the protocol identifiers for the interface.
For example, enter the IP address and mask, the IPX network number, and the AppleTalk cable range and zone.
- Configure Frame Relay, as described in the chapter “Configuring Frame Relay” in the Cisco IOS Wide-Area Networking Configuration Guide.
As a minimum, you must enable Frame Relay encapsulation and decide whether you need to do static or dynamic address mapping. If you decide to do dynamic mapping, you need not enter a command because Inverse ARP is enabled by default. If you decide to do static mapping, you must enter Frame Relay mapping commands.
You can then configure various options as needed for your Frame Relay network topology.
At a minimum, you must decide and configure the interface for outgoing calls only, incoming calls only, or both outgoing and incoming calls.
You can also configure DDR for your routed protocols (as specified in the chapter “Preparing to Configure DDR”) and for snapshot routing (as specified in the chapter “Configuring Snapshot Routing” later in this publication). You can also customize DDR on your router or access server (as described in the “Customizing the Interface Settings” section later in this chapter).
For examples of configuring various interfaces for DDR over Frame Relay, see the section “Frame Relay Support Examples” later in this chapter.
Configuring the Interface for Sending Traffic over an X.25 Network
X.25 interfaces can now be configured to support DDR. Synchronous serial and ISDN interfaces on Cisco routers and access servers can be configured for X.25 addresses, X.25 encapsulation, and mapping of protocol addresses to the X.25 address of a remote host. In-band, DTR, and ISDN dialers can be configured to support X.25 encapsulation, but rotary groups cannot.
Remember that for ISDN interfaces, once CLID binding is completed, the topmost interface is always used for all configuration and data structures. The ISDN B channel becomes a forwarding device, and the configuration on the D channel is ignored, thereby allowing the different encapsulation types and per-user configurations. For X.25 encapsulations, the configurations reside on the dialer profile. The Dynamic Multiple Encapsulations feature provides support for packet assembler/disassembler (PAD) traffic and X.25 encapsulated and switched packets.
To configure an interface to support X.25 and DDR, use the following X.25-specific commands in interface configuration mode:
|
|
|
Step 1 |
Router(config-if)# encapsulation x25 [ dte | dce ] [ ietf ] |
Configures the interface to use X.25 encapsulation. |
Step 2 |
Router(config-if)# x25 address x.121-address |
Assigns an X.25 address to the interface. |
Step 3 |
Router(config-if)# x25 map protocol address [ protocol2 address2 [...[ protocol9 address9 ]]] x.121-address [ option ] |
Sets up the LAN protocols-to-remote host address mapping. |
The order of DDR and X.25 configuration tasks is not critical; you can configure DDR before or after X.25, and you can even mix the DDR and X.25 commands.
For an example of configuring an interface for X.25 encapsulation and then completing the DDR configuration, see the section “X.25 Support Configuration Example” later in this chapter.
Configuring the Interface for Sending Traffic over a LAPB Network
DDR over serial lines now supports LAPB encapsulation, in addition to the previously supported PPP, HDLC, and X.25 encapsulations.
LAPB encapsulation is supported on synchronous serial, ISDN, and dialer rotary group interfaces, but not on asynchronous dialers.
Because the default encapsulation is HDLC, you must explicitly configure LAPB encapsulation. To configure an interface to support LAPB encapsulation and DDR, use the following command in interface configuration mode:
|
|
Router(config-if)# encapsulation lapb [ dte | dce ] [ multi | protocol ] |
Specifies LAPB encapsulation. |
For more information about the serial connections on which LAPB encapsulation is appropriate, see the encapsulation lapb command in the chapter “X.25 and LAPB Commands” in the Cisco IOS Wide-Area Networking Command Reference.
For an example of configuring an interface for DDR over LAPB, see the section “X.25 Support Configuration Example” later in this chapter.
Configuration Examples for Legacy DDR Hub
The following sections provide various DDR configuration examples:
Transparent Bridging over DDR Examples
The following two examples differ only in the packets that cause calls to be placed. The first example specifies by protocol (any bridge packet is permitted to cause a call to be made); the second example allows a finer granularity by specifying the Ethernet type codes of bridge packets.
The first example configures serial interface 1 for DDR bridging. Any bridge packet is permitted to cause a call to be placed.
dialer map bridge name urk broadcast 8985
dialer-list 1 protocol bridge permit
The second example also configures the serial interface 1 for DDR bridging. However, this example includes an access-list command that specifies the Ethernet type codes that can cause calls to be placed and a dialer list protocol list command that refers to the specified access list.
dialer map bridge name urk broadcast 8985
access-list 200 permit 0x0800 0xFFF8
dialer-list 1 protocol bridge list 200
DDR Configuration in an IP Environment Example
The following example shows how to configure DDR to call one site from a synchronous serial interface in an IP environment. You could use the same configuration on an asynchronous serial interface by changing the interface serial 1 command to specify an asynchronous interface (for example, interface async 0).
ip address 172.18.126.1 255.255.255.0
! The next command adds this interface to the dialer access group defined with
! the dialer-list command.
! The first access list statement, below, specifies that IGRP updates are not
! interesting packets. The second access-list statement specifies that all
! other IP traffic such as Ping, Telnet, or any other IP packet is interesting.
! The dialer-list command then creates dialer access group 1 and states that
! access list 101 is to be used to classify packets as interesting or
! uninteresting. The ip route commands specify that there is a route to network
! 172.18.29.0 and to network 172.18.1.0 via 172.18.126.2. This means that
! several destination networks are available through a router that is dialed
! from interface serial 1.
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
ip route 172.18.29.0 172.18.126.2
ip route 172.18.1.0 172.18.126.2
ip local pool dialin 10.102.126.2 10.102.126.254
With many modems, the pulse-time command must be used so that DTR is dropped for enough time to allow the modem to disconnect.
AppleTalk Configuration Example
The following example configures DDR for AppleTalk access using an ISDN BRI. Two access lists are defined: one for IP and Interior Gateway Routing Protocol (IGRP) and one for AppleTalk. AppleTalk packets from network 2141 only (except broadcast packets) can initiate calls.
ip address 172.16.20.107 255.255.255.0
appletalk cable-range 2141-2141 2141.65
dialer map ip 172.16.20.106 broadcast 1879
dialer map appletalk 2141.66 broadcast 1879
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
access-list 601 permit cable-range 2141-2141 broadcast-deny
access-list 601 deny other-access
Banyan VINES Configuration Example
The following example configures a router for VINES and IP DDR with in-band dialing. The VINES access list does not allow RTP routing updates to place a call, but any other data packet is interesting.
vines routing BBBBBBBB:0001
username RouterB password 7 030752180500
username RouterC password 7 00071A150754
ip address 172.18.170.19 255.255.255.0
vines neighbor AAAAAAAA:0001 0
dialer map ip 172.18.170.151 name RouterB broadcast 4155551234
dialer map vines AAAAAAAA:0001 name RouterC broadcast 4155551212
access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
vines access-list 107 deny RTP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF
vines access-list 107 permit IP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF
dialer-list 1 protocol ip list 101
dialer-list 1 protocol vines list 107
DECnet Configuration Example
The following example configures a router for DECnet DDR with in-band dialing:
username RouterB password 7 030752180531
dialer map decnet 10.151 name RouterB broadcast 4155551212
access-list 301 permit 10.0 0.1023 0.0 63.1023
dialer-list 1 protocol decnet list 301
ISO CLNS Configuration Example
The following example configures a router for International Organization for Standardization Connectionless Network Service (ISO CLNS) DDR with in-band dialing:
username RouterB password 7 111C140B0E
clns net 47.0004.0001.0000.0c00.2222.00
clns filter-set ddrline permit 47.0004.0001....
dialer map clns 47.0004.0001.0000.0c00.1111.00 name RouterB broadcast 1212
clns route default serial 0
dialer-list 1 protocol clns list ddrline
XNS Configuration Example
The following example configures a router for XNS DDR with in-band dialing. The access lists deny broadcast traffic to any host on any network, but allow all other traffic.
xns routing 0000.0c01.d8dd
username RouterB password 7 111B210A0F
dialer map xns 10.0000.0c01.d877 name RouterB broadcast 4155551212
access-list 400 deny -1 -1.ffff.ffff.ffff 0000.0000.0000
access-list 400 permit -1 10
dialer-list 1 protocol xns list 400
Hub-and-Spoke DDR for Asynchronous Interfaces and Authentication Example
You can set up DDR to provide service to multiple remote sites. In a hub-and-spoke configuration, you can use a generic configuration script to set up each remote connection. Figure 3 illustrates a typical hub-and-spoke configuration.
Figure 3 Hub-and-Spoke DDR Configuration
The examples in the following sections show how to create this configuration.
Spoke Topology Configuration
The following commands are executed on the spoke side of the connection. (A different “spoke” password must be specified for each remote client.) The configuration provides authentication by identifying a password that must be provided on each end of the connection.
ip address 172.30.44.1 255.255.255.0
async default ip address 172.19.45.1
ip address 172.30.45.2 255.255.255.0
dialer map ip 172.30.45.1 name hub system-script hub 1234
dialer map ip 172.30.45.255 name hub system-script hub 1234
ip route 172.30.43.0 255.255.255.0 172.30.45.1
ip default-network 172.30.0.0
chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT
chat-script hub ““ ““ name: spoke1 word” <spoke1-passwd> PPP
dialer-list 1 protocol ip permit
username hub password <spoke1-passwd>
passive-interface async 7
modem chat-script generic
Hub Router Configuration
The following commands are executed on the local side of the connection—the hub router. The commands configure the server for communication with three clients and provide authentication by identifying a unique password for each “spoke” in the hub-and-spoke configuration.
ip address 172.30.43.1 255.255.255.0
ip address 172.30.45.2 255.255.255.0
dialer map ip 172.30.45.2 name spoke1 3333
dialer map ip 172.30.45.2 name spoke2 4444
dialer map ip 172.30.45.2 name spoke3 5555
dialer map ip 172.30.45.255 name spoke1 3333
dialer map ip 172.30.45.255 name spoke2 4444
dialer map ip 172.30.45.255 name spoke3 5555
ip route 172.30.44.0 255.255.255.0 172.30.45.2
ip route 172.30.44.0 255.255.255.0 172.30.45.3
ip route 172.30.44.0 255.255.255.0 172.30.45.4
dialer-list 1 protocol ip list 101
access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT
username spoke1 password <spoke1-passwd>
username spoke2 password <spoke2-passwd>
username spoke3 password <spoke3-passwd>
username spoke1 autocommand ppp 172.30.45.2
username spoke2 autocommand ppp 172.30.45.3
username spoke3 autocommand ppp 172.30.45.4
modem chat-script generic
The redistribute static command can be used to advertise static route information for DDR applications. Without this command, static routes to the hosts or network that the router can access with DDR will not be advertised to other routers with which the router is communicating. This behavior can block communication because some routes will not be known. See the redistribute static ip command, described in the chapter “IP Routing Protocol-Independent Commands” in the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Single Site or Multiple Sites Dialing Configuration Example
The following example is based on the configuration shown in Figure 4; the router receives a packet with a next hop address of 10.1.1.1.
Figure 4 Sample Dialer String or Dialer Map Configuration
If the interface on your router is configured to call a single site with phone number 5555555, it will send the packet to that site, assuming that the next hop address 10.1.1.1 indicates the same remote device as phone number 5555555. The dialer string command is used to specify the string (telephone number) to be called.
If the interface is configured to dial multiple sites, the interface or dialer rotary group must be configured so that the correct phone number, 5555555, is mapped to the address 10.1.1.1. If this mapping is not configured, the interface or dialer rotary group does not know what phone number to call to deliver the packet to its correct destination, which is the address 10.1.1.1. In this way, a packet with a destination of 10.2.2.2 will not be sent to 5555555. The dialer map command is used to map next hop addresses to phone numbers.
dialer map ip 10.1.1.1 5555555
dialer map ip 10.2.2.2 6666666
Multiple Destinations Configuration Example
The following example shows how to specify multiple destination numbers to dial for outgoing calls:
ip address 172.18.126.1 255.255.255.0
dialer wait-for-carrier-time 100
dialer map ip 172.18.126.10 5558899
dialer map ip 172.18.126.15 5555555
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
dialer-list 1 protocol ip list 101
As in the “DDR Configuration in an IP Environment Example” section, a pulse time is assigned and a dialer access group specified.
The first dialer map command specifies that the number 555-8899 is to be dialed for IP packets with a next-hop-address value of 172.18.126.10. The second dialer map command then specifies that the number 5555555 will be called when an IP packet with a next-hop-address value of 172.18.126.15 is detected.
Dialer Interfaces and Dialer Rotary Groups Example
The following configuration places serial interfaces 1 and 2 into dialer rotary group 1, defined by the interface dialer 1 command:
! PPP encapsulation is enabled for interface dialer 1.
ip address 172.18.2.1 255.255.255.0
ip address 172.18.2.1 255.255.255.0 secondary
! The first dialer map command allows remote site YYY and the central site to
! call each other. The second dialer map command, with no dialer string, allows
! remote site ZZZ to call the central site but the central site cannot call
! remote site ZZZ (no phone number).
dialer map ip 172.18.2.5 name YYY 1415553434
dialer map ip 172.18.2.55 name ZZZ
! The DTR pulse signals for three seconds on the interfaces in dialer group 1.
! This holds the DTR low so the modem can recognize that DTR has been dropped.
! Serial interfaces 1 and 2 are placed in dialer rotary group 1. All the
! interface configuration commands (the encapsulation and dialer map commands
! shown earlier in this example) that applied to interface dialer 1 also apply
! to these interfaces.
DDR Configuration Using Dialer Interface and PPP Encapsulation Example
The following example shows a configuration for XXX, the local router shown in Figure 5. In this example, remote Routers YYY and ZZZ can call Router XXX. Router XXX has dialing information only for Router YYY and cannot call Router ZZZ.
Figure 5 DDR Configuration
Router XXX Configuration
username YYY password theirsystem
username ZZZ password thatsystem
! Create a dialer interface with PPP encapsulation and CHAP authentication.
ip address 172.18.2.1 255.255.255.0
ip address 172.24.4.1 255.255.255.0 secondary
! The first dialer map command indicates that calls between the remote site
! YYY and the central site will be placed at either end. The second dialer
! map command, with no dialer string, indicates that remote site ZZZ will call
! the central site but the central site will not call out.
dialer map ip 172.18.2.5 name YYY 1415553434
dialer map ip 172.24.4.5 name ZZZ
! The DTR pulse holds the DTR low for three seconds, so the modem can recognize
! that DTR has been dropped.
! Place asynchronous serial interfaces 1 and 2 in dialer group 1. The interface commands
! applied to dialer group 1 (for example, PPP encapsulation and CHAP) apply to these
! interfaces.
Two-Way DDR with Authentication Example
You can set up two-way DDR with authentication in which both the client and server have dial-in access to each other. This configuration is demonstrated in the following two subsections.
Remote Configuration
The following commands are executed on the remote side of the connection. This configuration provides authentication by identifying a password that must be provided on each end of the connection.
username local password secret1
username remote password secret2
ip address 172.30.44.1 255.255.255.0
ip address 172.30.45.2 255.255.255.0
async default ip address 172.30.45.1
ip route 172.30.43.0 255.255.255.0 async 7
ip default-network 172.30.0.0
chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT
dialer-list 1 protocol ip permit
modem chat-script generic
Local Configuration
The following commands are executed on the local side of the connection. As with the remote side configuration, this configuration provides authentication by identifying a password for each end of the connection.
username remote password secret1
username local password secret2
ip address 172.30.43.1 255.255.255.0
async default ip address 172.30.45.2
async default ip address 172.30.45.2
ip address 172.30.45.2 255.255.255.0
dialer map ip 172.30.45.2 name remote 4321
ip route 172.30.44.0 255.255.255.0 172.30.45.2
chat-script generic ABORT BUSY ABORT NO ## AT OK ATDT\T TIMEOUT 30 CONNECT
passive-interface async 7
modem chat-script generic
Frame Relay Support Examples
The examples in this section present various combinations of interfaces, Frame Relay features, and DDR features.
Frame Relay Access with In-Band Dialing and Static Mapping
The following example configures a router for IP over Frame Relay using in-band dialing. A Frame Relay static map is used to associate the next hop protocol address to the DLCI. The dialer string allows dialing to only one destination.
ip address 10.1.1.1 255.255.255.0
encapsulation frame-relay
frame-relay map ip 10.1.1.2 100 broadcast
access-list 101 deny igrp any host 255.255.255.255
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
Frame Relay Access with ISDN Dialing and DDR Dynamic Maps
The following example shows a BRI interface configured for Frame Relay and for IP, Internet Protocol Exchange (IPX), and AppleTalk routing. No static maps are defined because this setup relies on Frame Relay Local Management Interface (LMI) signaling and Inverse ARP to determine the network addresses-to-DLCI mappings dynamically. (Because Frame Relay Inverse ARP is enabled by default, no command is required.)
ip address 10.1.1.1 255.255.255.0
appletalk cable-range 100-100 100.1
encapsulation frame-relay IETF
dialer map ip 10.1.1.2 broadcast 4155551212
dialer map apple 100.2 broadcast 4155551212
dialer map ipx 100.0000.0c05.33ed broadcast 4085551234
access-list 101 deny igrp any host 255.255.255.255
access-list 101 permit ip any any
access-list 901 deny -1 FFFFFFFF 452
access-list 901 deny -1 FFFFFFFF 453
access-list 901 deny -1 FFFFFFFF 457
access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 452
access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 453
access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 457
access-list 901 permit -1
access-list 601 permit cable-range 100-100 broadcast-deny
access-list 601 deny other-access
dialer-list 1 protocol ip list 101
dialer-list 1 protocol novell list 901
dialer-list 1 protocol apple list 601
Frame Relay Access with ISDN Dialing and Subinterfaces
The following example shows a BRI interface configured for Frame Relay and for IP, IPX, and AppleTalk routing. Two logical subnets are used; a point-to-point subinterface and a multipoint subinterface are configured. Frame Relay Annex A (LMI type Q933a) and Inverse ARP are used for dynamic routing.
encapsulation frame-relay
frame-relay lmi-type q933a
interface BRI0.1 multipoint
ip address 10.1.100.1 255.255.255.0
appletalk cable-range 100-100 100.1
frame-relay interface-dlci 100
frame-relay interface-dlci 110
frame-relay interface-dlci 120
interface BRI0.2 point-to-point
ip address 10.1.200.1 255.255.255.0
appletalk cable-range 200-200 200.1
frame-relay interface-dlci 200 broadcast IETF
access-list 101 deny igrp any host 255.255.255.255
access-list 101 permit ip any any
access-list 901 deny -1 FFFFFFFF 452
access-list 901 deny -1 FFFFFFFF 453
access-list 901 deny -1 FFFFFFFF 457
access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 452
access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 453
access-list 901 deny -1 FFFFFFFF 0 FFFFFFFF 457
access-list 901 permit -1
access-list 601 permit cable-range 100-100 broadcast-deny
access-list 601 permit cable-range 200-200 broadcast-deny
access-list 601 deny other-access
dialer-list 1 protocol ip list 101
dialer-list 1 protocol novell list 901
dialer-list 1 protocol apple list 601
X.25 Support Configuration Example
The following example configures a router to support X.25 and DTR dialing:
ip address 172.18.170.19 255.255.255.0
x25 map ip 172.18.171.20 67890 broadcast
access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
dialer-list 1 protocol ip list 101
LAPB Support Configuration Example
The following example configures a router for LAPB encapsulation and in-band dialing:
ip address 172.18.170.19 255.255.255.0
access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
dialer-list 1 protocol ip list 101
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2001-2009 Cisco Systems, Inc. All rights reserved.