- Overview of Dial Interfaces, Controllers, and Lines
- Configuring Asynchronous Lines and Interfaces
- Asynchronous Call Queueing by Role
- Configuring Asynchronous Serial Traffic Over UDP
- Configuring and Managing Integrated Modems
- 1- and 2-Port V.90 Modem WICs for Cisco 2600 and Cisco 3600 Series Multiservice Platforms
- Call Tracker show Commands Extensions
- Cisco NM-8AM-V2 and NM-16AM-V2 Analog Modem Network Modules with V.92
- MICA and NextPort Modem Tech-Support Command Additions
- PIAFS Wireless Data Protocol Version 2.1 for Cisco MICA Modems
- V.92 and V.44 Support for Digital Modems
- V.92 Modem on Hold for Cisco AS5300 and Cisco AS5800 Universal Access Servers
- V.92 Modem on Hold for Cisco AS5350, Cisco AS5400, and Cisco AS5850 Universal Gateways and Cisco AS5800 Universal Access Servers
- V.92 Quick Connect for Cisco AS5300 and Cisco AS5800 Universal Access Servers
- V.92 Quick Connect for Cisco AS5350, Cisco AS5400, and Cisco AS5850 Universal Gateways and Cisco AS5800 Universal Access Servers
- V.92 Reporting Using RADIUS Attribute v.92-info
- Configuring and Managing Cisco Access Servers and Dial Shelves
- Configuring and Managing External Modems
- Modem Signal and Line States
- Creating and Using Modem Chat Scripts
- Cisco Modem User Interface
- Modem Script and System Script Support in Large-Scale Dial-Out
- Leased and Switched BRI Interface for ETSI NET3
- ISDN BCAC and Round-Robin Channel Selection Enhancements
- Configuring Virtual Asynchronous Traffic over ISDN
- Configuring Modem Use over ISDN BRI
- Configuring X.25 on ISDN
- Configuring X.25 on ISDN Using AO/DI
- Configuring ISDN on Cisco 800 Series Routers
- Cisco IOS Software Feature Removal
- Configuring ISDN PRI
- Dialing Number Enhancement
- ISDN BCAC and Round-Robin Channel Selection Enhancements
- Configuring ISDN Special Signaling
- Configuring Network Side ISDN PRI Signaling, Trunking, and Switching
- Preparing to Configure DDR
- Configuring Legacy DDR Spokes
- Configuring Legacy DDR Hubs
- Configuring Peer-to-Peer DDR with Dialer Profiles
- Dialer Map VRF-Aware for an MPLS VPN
- Dialer Persistent
- PPPoE Client DDR Idle-Timer
- Redial Enhancements
- Rotating Through Dial Strings
- Configuring Dialer CEF
- CEF Support for Dialer Profiles on Cisco 7500 Routers
- Configuring Snapshot Routing
- Reliable Static Routing Backup Using Object Tracking
- Configuring Dial Backup for Serial Lines
- Configuring Dial Backup Using Dialer Watch
- Dialer Watch Connect Delay
- VRF Aware Dialer Watch
- Configuring Dial Backup with Dialer Profiles
- ISDN Backup in MPLS Core
- Configuring Cisco Easy IP ..
- Configuring Virtual Template Interfaces
- Multiclass Multilink PPP
- Configuring Asynchronous Callback
- Configuring PPP Callback
- Configuring ISDN Caller ID Callback
- Configuring BACP
- Configuring an IP Local Pools Holdback Timer
- Configuring per-User Configuration
- Configuring Resource Pool Management
- Configuring Wholesale Dial Performance Optimization
- Large-Scale Dial-Out
- Dial-Out DS0 Level Trunk Group
- L2TP Large-Scale Dial-Out
- L2TP Large-Scale Dial-Out per-User Attribute via AAA
- Modem Script and System Script Support in Large-Scale Dial-Out
- Large-Scale Dial-Out (LSDO) VRF Aware
- Peer Pool Backup
- Dial Networking Business Applications
- Enterprise Dial Scenarios and Configurations
- Telco and ISP Typical Dial Scenarios and Configurations
- Modem Initialization Strings
- Remote User Demographics
- Demand and Scalability
- Remote Offices and Telecommuters Dialing In to a Central Site
- Network Topologies
- Dial-In Scenarios
- Cisco 1604 Remote Office Router Dialing In to a Cisco 3620 Access Router
- Remote Office Router Dialing In to a Cisco 3620 Router
- Cisco 700 Series Router Using Port Address Translation to Dial In to a Cisco AS5300 Access Server
- Cisco 3640 Central Site Router Configuration to Support ISDN and Modem Calls
- Cisco AS5300 Central Site Configuration Using Remote Security
- Dial-In and Dial-Out Network Topology
- Dialer Profiles and Virtual Profiles
- Running Access Server Configurations
- Cisco AS5300 Access Server Configuration with Dialer Profiles
- Cisco 1604 ISDN Router Configuration with Dialer Profiles
- Cisco 1604 Router Asynchronous Configuration with Dialer Profiles
- Cisco AS5300 Access Server Configuration Without Dialer Profiles
- Cisco 1604 ISDN Router Configuration Without Dialer Profiles
- Cisco 1604 Router Asynchronous Configuration Without Dialer Profiles
- Large-Scale Dial-In Configuration Using Virtual Profiles
Enterprise Dial Scenarios and Configurations
This chapter provides sample configurations for specific dial scenarios used by enterprise networks (not telephone companies or Internet service providers). Each configuration is designed to support IP network traffic with basic security for the specified scenario.
The following scenarios are described:
- Scenario 1—Remote Offices and Telecommuters Dialing In to a Central Site
- Scenario 2—Bidirectional Dial Between Central Sites and Remote Offices
- Scenario 3—Telecommuters Dialing In to a Mixed Protocol Environment
Note
If you use Token card-based security in your dial network, we recommend that you enable Password Authentication Protocol (PAP) authentication and disable the Multilink protocol to maximize dial-in performance.
Remote User Demographics
Employees stationed in remote offices or disparate locations often dial in to central sites or headquarter offices to download or upload files and check e-mail. These employees often dial in to the corporate network from a remote office LAN using ISDN or from another location such as a hotel room using a modem.
The following remote enterprise users typically dial in to enterprise networks:
- Full-time telecommuters—Employees using stationary workstations to dial in from a small office, home office (SOHO), making ISDN connections with terminal adapters or PC cards through the public telephone network, and operating at higher speeds over the network, which rules out the need for a modem.
- Travelers—Employees such as salespeople that are not in a steady location for more than 30 percent of the time usually dial in to the network with a laptop and modem through the public telephone network, and primarily access the network to check E-mail or transfer a few files.
- Workday extenders—Employees that primarily work in the company office, occasionally dial in to the enterprise with a mobile or stationary workstation plus modem, and primarily access the network to check E-mail or transfer a few files.
Demand and Scalability
You need to evaluate scalability and design issues before you build a dial enterprise network. As the number of company employees increases, the number of remote users who need to dial in increases. A good dial solution scales upward as the demand for dial-in ports grows. For example, it is not uncommon for a fast-growing enterprise to grow from a demand of 100 modems to 250 modems in less than one year.
You should always maintain a surplus of dial-in ports to accommodate company growth and occasional increases in access demand. In the early stages of a fast-growing company that has 100 modems installed for 6000 registered remote users, only 50 to 60 modems might be active at the same time. As demand grows over one year, 250 modems might be installed to support 10,000 registered token card holders.
During special company occasions, such as worldwide conventions, demand for remote access can also increase significantly. During such activities, dial-in lines are used heavily throughout the day and evening by remote sales people using laptops to access E-mail and share files. This behavior is indicative of sales people working away from their home territories or sales offices. Network administrators need to prepare for these remote access bursts, which cause significant increases for remote access demand.
Remote Offices and Telecommuters Dialing In to a Central Site
Remote office LANs typically dial in to other networks using ISDN. Remote offices that use Frame Relay require a more costly dedicated link.
Connections initiated by remote offices and telecommuters are brought up on an as-needed basis, which results in substantial cost savings for the company. In dial-on-demand scenarios, users are not connected for long periods of time. The number of remote nodes requiring access is relatively low, and the completion time for the dial-in task is short.
Central sites typically do not dial out to the remote LANs. Instead, central sites respond to calls. Remote sites initiate calls. For example, a field sales office might use ISDN to dial in to and browse a central site’s intranet. Additionally a warehouse comprising five employees can use ISDN to log in to a remote network server to download or upload product order information. For an example of bidirectional dialing, see the section “Bidirectional Dial Between Central Sites and Remote Offices” later in this chapter.
Note Dial-on-demand routing (DDR) uses static routes or snapshot routing. For IP-only configurations, static routes are commonly used for remote dial-in. For Internet Protocol Exchange (IPX) networking, snapshot routing is often used to minimize configuration complexity.
Network Topologies
Figure 1 shows an example of a remote office that places digital calls in to a central site network. The remote office router can be any Cisco router with a BRI physical interface, such as a Cisco 766 or Cisco 1604 router. The central office gateway router can be any Cisco router that supports PRI connections, such as a Cisco 3600 series, Cisco 4000 series, or Cisco 7000 series router.
Figure 1 Remote Office Dialing In to a Central Site
Figure 2 shows an example of a remote office and telecommuter dialing in to a central site. The remote office places digital calls. The telecommuter places analog calls. The remote office router can be any Cisco router with a BRI interface, such as a Cisco 766, Cisco 1604, or Cisco 2503 router. The central office gateway router is a Cisco AS5300 series access server or a Cisco 3640 router, which supports both PRI and analog connections.
Figure 2 Remote Office and Telecommuter Dialing In to a Central Site
Dial-In Scenarios
The configuration examples in the following sections provide different combinations of dial-in scenarios, which can be derived from Figure 1 and Figure 2:
- Cisco 1604 Remote Office Router Dialing In to a Cisco 3620 Access Router
- Remote Office Router Dialing In to a Cisco 3620 Router
- Cisco 700 Series Router Using Port Address Translation to Dial In to a Cisco AS5300 Access Server
- Cisco 3640 Central Site Router Configuration to Support ISDN and Modem Calls
- Cisco AS5300 Central Site Configuration Using Remote Security
Note Be sure to include your own IP addresses, host names, and security passwords where appropriate if you use these examples in your own network.
Cisco 1604 Remote Office Router Dialing In to a Cisco 3620 Access Router
This section provides a common configuration for a Cisco 1604 remote office router dialing in to a Cisco 3620 access router positioned at a central enterprise site. Only ISDN digital calls are supported in this scenario. No analog modem calls are supported. All calls are initiated by the remote router on an as-needed basis. The Cisco 3620 router is not set up to dial out to the Cisco 1604 router. (Refer to Figure 1.)
The Cisco 1604 and Cisco 3620 routers use the IP unnumbered address configurations, MLP, and the dial-load threshold feature, which brings up the second B channel when the first B channel exceeds a certain limit. Because static routes are used, a routing protocol is not configured. A default static route is configured on the Cisco 1604 router, which points back to the central site. The central site also has a static route that points back to the remote LAN. Static route configurations assume that you have only one LAN segment at each remote office.
Cisco 1604 Router Configuration
The following configuration runs on the Cisco 1604 router, shown in Figure 1. This SOHO router places digital calls in to the Cisco 3620 central site access router. See the next example for the running configuration of the Cisco 3620 router.
Cisco 3620 Router Configuration
The following sample configuration runs on the Cisco 3620 router shown in Figure 1. This modular access router has one 2-port PRI network module installed in slot 1 and one 1-port Ethernet network module installed in slot 0. The router receives only digital ISDN calls from the Cisco 1604 router. The configuration for the Cisco 1604 router was provided in the previous example.
Remote Office Router Dialing In to a Cisco 3620 Router
This section provides a common configuration for a Cisco 700 or 800 series remote office router placing digital calls in to a Cisco 3620 router positioned at a central enterprise site. All calls are initiated by the remote router on an as-needed basis. The Cisco 3620 router is not set up to dial out to the remote office router. (See Figure 1.)
Cisco 700 Series Router Configuration
The following configuration task is for a Cisco 700 series ISDN router placing digital calls in to a central site router that supports ISDN PRI, such as the Cisco 3620 router. In this scenario, ISDN unnumbered interfaces with static routes are pointing back to the Cisco 3620.
To configure the router, use the following commands in EXEC mode. However, this configuration assumes that you are starting from the router’s default configuration. To return the router to its default configuration, issue the set default command.
After you configure the Cisco 760 or Cisco 770 series router, the final configuration should resemble the following:
The previous software configuration does not provide for any access security. To provide access security, use the following optional commands in EXEC mode:
Cisco 3620 Router Configuration
The following example provides a sample configuration for the Cisco 3620 router. This modular access router has one 2-port PRI network module installed in slot 1 and one 1-port Ethernet network module installed in slot 0. The router receives only digital ISDN calls over T1 lines from the Cisco 700 series remote office router, which was described in the previous example.
Cisco 700 Series Router Using Port Address Translation to Dial In to a Cisco AS5300 Access Server
This section shows a Cisco 700 series router using the port address translation (PAT) feature to dial in to a Cisco AS5300 central site access server. IP addresses are assigned from the central site, which leverages the PAT feature to streamline multiple devices at the remote site through a single assigned address. In this example, the Cisco 700 series router has a private range of IP addresses used on the Ethernet side. However, the router is able to translate between the local private addresses and the dynamically registered address on the WAN interface. (See Figure 1.)
Cisco 700 Series Configuration
The sample configuration in this section allows PCs on a LAN to boot up and acquire their IP address dynamically from a Cisco 700 series router, which in turn translates the private addresses into a single IP address assigned from a Cisco AS5300 central site router. The Cisco 700 series router also passes information via DHCP regarding the Domain Name System (DNS) server (in this example, 10.2.10.1) and the Windows Internet naming service (WINS) server (in this example, 10.2.11.1) along with the domain name.
A possible sequence of events would be a remote PC running Windows 95 boots up on the Ethernet segment and gets its IP address and network information from the Cisco 700 series router. The PC then opens up Netscape and attempts to view a web page at the central site, which causes the router to dial in to the central site. The router dynamically obtains its address from the central site pool of addresses and uses it to translate between the private address on the local Ethernet segment and the registered IP address borrowed from the central site router.
To configure a remote router, use the following commands beginning in EXEC mode:
After you configure the router, the configuration should resemble the following:
Cisco AS5300 Router Configuration
The following example configures a Cisco AS5300 router for receiving calls from the router in the previous example.
Note This configuration can also run on a Cisco 4000, Cisco 3600, or Cisco 7000 series router. However, the interface numbering scheme for these routers will be in the form of slot/port. Additionally, the clocking will be set differently. Refer to your product configuration guides and configuration notes for more details.
In this configuration, the local pool is using a range of unused addresses on the same subnet on which the Ethernet interface is configured. The addresses will be used for the remote devices dialing in to the Cisco AS5300 access server.
Cisco 3640 Central Site Router Configuration to Support ISDN and Modem Calls
The following configuration allows remote LANs and standalone remote users with modems to dial in to a central site. Figure 2 shows the network topology.
The Cisco 3640 router has the following hardware configuration for this scenario:
- One 2-port ISDN-PRI network module installed in slot 1.
- One digital modem network module installed in slot 2 and slot 3.
- One 1-port Ethernet network module installed in slot 0.
Note Each MICA technologies digital modem card has its own group async configuration. Additionally, a single range of asynchronous lines is used for each modem card. For additional interface numbering information, refer to the document Digital Modem Network Module Configuration Note.
Cisco AS5300 Central Site Configuration Using Remote Security
The previous examples in this section configured static CHAP authentication on the central router using the username command. A more common configuration to support modem and ISDN calls on a single chassis is to use the AAA security model and an external security server at the central site. We recommend that you have a solid understanding of basic security principles and the AAA model before you set up this configuration. For more information about security, see the Cisco IOS Security Configuration Guide.
Central Site Cisco AS5300 Configuration Using TACACS+ Authentication
The following example assumes that you are running TACACS+ on the remote security server:
TACACS+ Security Server Entry
The following example can be configured on a remote TACACS+ security server, which complements the Cisco AS5300 access server configuration listed in the previous example:
Bidirectional Dial Between Central Sites and Remote Offices
Sometimes a gateway access server at headquarters is required to dial out to a remote site while simultaneously receiving incoming calls. This type of network is designed around a specific business support model.
Dial-In and Dial-Out Network Topology
Figure 3 shows a typical dial-in and dial-out network scenario, which amounts to only 25 percent of all dial topologies. The Cisco AS5300 access server at headquarters initiates a connection with a Cisco 1604 router at remote office 1. After a connection is established, the file server at the remote site (shown as Inventory child host) runs a batch processing application with the mainframe at headquarters (shown as Inventory totals parent host). While files are being transferred between remote office 1 and headquarters, remote office 2 is successfully dialing in to headquarters.
Figure 3 Headquarters Configured for Dial-In and Dial-out Networking
There are some restrictions for dial-out calling. Dial-out analog and digital calls are commonly made to remote ISDN routers, such as the Cisco 1604 router. On the whole, dial out calls are not made from a central site router to a remote PC but rather from a remote PC in to the central site. However, central site post offices often call remote office routers on demand to deliver E-mail. Callback is enabled on dial-in scenarios only. The majority of a dial out software configuration is setup on the router at headquarters, not the remote office router. Dialing out to a stack group of multiple chassis is not supported by Cisco IOS software. Note that Multichassis Multilink PPP (MMP) and virtual private dialup networks (VPDNs) are dial-in only solutions.
Dialer Profiles and Virtual Profiles
Profiles are set up to discriminate access on a user-specific basis. For example, if the chief network administrator is dialing in to the enterprise, a unique user profile can be created with an idle timeout of one year, and universal access privileges to all networks in the company. For less fortunate users, access can be restricted to an idle timeout of 10 seconds and network connections setup for only a few addresses.
Depending on the size and scope of your dial solution, you can set up two different types of profiles: dialer profiles or virtual profiles. Dialer profiles are individual user profiles set up on routers or access servers in a small-scale dial solution. This type of profile is configured locally on the router and is limited by the number of interfaces that exist on the router. When an incoming call comes into the dial pool, the dialer interface binds the caller to a dialer profile via the caller ID or the caller name.
Figure 4 shows an example of how dialer profiles can be used when:
- You need to bridge over multiple ISDN channels.
- You want to use ISDN to back up a WAN link, but still have the ISDN interface available during those times that the WAN link is up.
- A security server, such as a AAA TACACS or RADIUS server, is not available for use.
Note For more information about dialer profiles, see the chapters “Configuring Peer-to-Peer DDR with Dialer Profiles” and “Configuring Dial Backup with Dialer Profiles.”
Figure 4 Dial-In Scenario for Dialer Profiles
Virtual profiles are user-specific profiles for large-scale dial solutions; however, these profiles are not manually configured on each router or access server. A virtual profile is a unique PPP application that can create and configure a virtual access interface dynamically when a dial-in call is received, and tear down the interface dynamically when the call ends.
The configuration information for a virtual access interface in a virtual profile can come from the virtual template interface, or from user-specific configuration information stored on an AAA server, or both. The virtual profile user-specific configuration stored on the AAA server is identified by the authentication name for the call-in user. (That is, if the AAA server authenticates the user as samson, the user-specific configuration is listed under samson in the AAA user file.) The virtual profile user-specific configuration should include only the configuration that is not shared by multiple users. Shared configuration should be placed in the virtual template interface, where it can be cloned on many virtual access interfaces as needed.
AAA configurations are much easier to manage for large numbers of dial-in users. Virtual profiles can span across a group of access servers, but a AAA server is required. Virtual profiles are set up independently of which access server, interface, or port number users connect to. For users that share duplicate configuration information, it is best to enclose the configuration in a virtual template. This requirement eliminates the duplication of commands in each of the user records on the AAA server.
The user-specific AAA configuration used by virtual profiles is interface configuration information and downloaded during link control protocol (LCP) negotiations. Another feature, called per-user configuration, also uses configuration information gained from a AAA server. However, per-user configuration uses network configuration (such as access lists and route filters) downloaded during NCP negotiations.
Figure 5 shows an example of how virtual profiles are used:
- A large-scale dial-in solution is available, which includes many access servers or routers (for example, three or more devices stacked together in an MMP scenario).
- Discrimination between large numbers of users is needed.
- Setup and maintenance of a user profile for each dial-in user on each access server or router is much too time consuming.
- A security server, such as a AAA TACACS or RADIUS server, is available for use.
Note For a virtual profile configuration example, see the section “Large-Scale Dial-In Configuration Using Virtual Profiles” later in this chapter. For more information about virtual profiles, see the chapters “Configuring Virtual Profiles” and “Configuring Per-User Configuration” in this publication.
Figure 5 Dial-In Scenario for Virtual Profiles
Running Access Server Configurations
In most cases, dialer profiles are configured on access servers or routers that receive calls and must discriminate between users, such as many different remote routers dialing in. (See Figure 6.)
Figure 6 Remote Cisco 1600s Dialing In to a Cisco AS5300 at the Central Site
Access servers or routers that only place calls (not receive calls) do not need any awareness of configured dialer profiles. Remote routers do not need to discriminate on the basis of which device they are calling in to. For example, if multiple Cisco 1600 series routers are dialing in to one Cisco AS5300 access server, the Cisco 1600 series routers should not be configured with dialer profiles. The Cisco AS5300 access server should be configured with dialer profiles. Do not configure dialer profiles on devices that only make calls.
The configurations examples in the following section are provided for different types of dial scenarios, which can be derived from Figure 3 through Figure 6:
– Cisco AS5300 Access Server Configuration with Dialer Profiles
– Cisco 1604 ISDN Router Configuration with Dialer Profiles
– Cisco 1604 Router Asynchronous Configuration with Dialer Profiles
– Cisco AS5300 Access Server Configuration Without Dialer Profiles
– Cisco 1604 ISDN Router Configuration Without Dialer Profiles
– Cisco 1604 Router Asynchronous Configuration Without Dialer Profiles
Note Be sure to include your own IP addresses, host names, and security passwords where appropriate if configuring these examples in your network.
Cisco AS5300 Access Server Configuration with Dialer Profiles
The following bidirectional dial configuration runs on the Cisco AS5300 access server at headquarters in Figure 3. This configuration enables calls to be sent to the SOHO router and received from remote hosts and clients. The calling is bidirectional.
Cisco 1604 ISDN Router Configuration with Dialer Profiles
The following configuration runs on the remote office Cisco 1604 router, which receives calls from the Cisco AS5300 central site access server. (See Figure 3.)
Cisco 1604 Router Asynchronous Configuration with Dialer Profiles
The following asynchronous configuration runs on the remote office Cisco 1604 router, which receives calls from the Cisco AS5300 central site access server. (See Figure 3.)
Cisco AS5300 Access Server Configuration Without Dialer Profiles
The following bidirectional dial configuration runs on the Cisco AS5300 access server at headquarters in Figure 3. This configuration enables calls to be sent to the SOHO router and received from remote hosts and clients. The calling is bidirectional.
Cisco 1604 ISDN Router Configuration Without Dialer Profiles
The following configuration runs on the remote office Cisco 1604 router, which dials in to the Cisco AS5300 access server at headquarters in Figure 3. This configuration does not receive calls from the Cisco AS5300 access server.
Cisco 1604 Router Asynchronous Configuration Without Dialer Profiles
The following asynchronous configuration runs on the remote office Cisco 1604 router, which dials in to the Cisco AS5300 access server at headquarters in Figure 3. This configuration does not receive calls from the Cisco AS5300 access server.
Large-Scale Dial-In Configuration Using Virtual Profiles
The following example is used on each central site stack member shown in Figure 5. This configuration is for a large-scale dial-in scenario.
The following example configures an entry running on a RADIUS security server, which is queried by each central site stack member when a call comes in. This entry includes the virtual profile configuration information for remote users dialing in to the central site stack solution.
In this example, virtual profiles are configured by both virtual templates and AAA configuration. John and Rick can dial in from anywhere and have their same keepalive settings and their own IP addresses.
The remaining attribute-value pair settings are not used by virtual profiles. They are the network-protocol access lists and route filters used by AAA-based per-user configuration.
In the AAA configuration cisco-avpair lines, “\n” is used to indicate the start of a new Cisco IOS command line.
Telecommuters Dialing In to a Mixed Protocol Environment
The scenario in this section describes how to provide remote access to employees who dial in to a mixed protocol enterprise network. The sample configurations provided in this section assume that enterprise telecommuters are dialing in with modems or terminal adapters from outside the LAN at headquarters.
The following sections are provided:
Description
Sometimes an enterprise conducts its daily business operations across internal mixed protocol environments. (See Figure 7 and Table 1 .) For example, an enterprise might deploy an IP base across the entire intranet while still allowing file sharing with other protocols such as AppleTalk and AppleTalk Remote Access (ARA).
Figure 7 Large Enterprise with a Multiprotocol Network
Enterprise Network Topology
Figure 8 shows a sample enterprise network, which supports 10,000 registered token card holders. Some registered users might use their access privileges each day, while others might use their access privileges very infrequently, such as only on business trips. The dial-in access provisioned for outsiders, such as partners or vendors, is supported separately in a firewalled setup.
Five Cisco AS5300 access servers are positioned to provide 250 dial-in ports for incoming modem calls. A Catalyst 1900 is used as a standalone switch to provide Ethernet switching between the Cisco AS5300 access servers and the 100BASET interfaces on the backbone routers. Two Cisco 7200 series routers are used to reduce the processing workload on the access servers and provide access to the company’s backbone. If the Cisco 7200 series routers were not used in the network solution, the Cisco AS5300 access servers could not update routing tables, especially if 20 to 30 additional routers existed on the company’s backbone. Two additional backbone switches are used to provide access to the company network.
Note Depending on your networking needs, the Cisco 7200 series routers could be substituted by one or more Cisco 3640 series routers. Additionally, the Cisco AS5300 access servers could be replaced by Cisco 3640 routers loaded with MICA digital modem cards.
Figure 8 Sample Enterprise Network Topology
If you are setting up dial-in access for remote terminal adapters, the settings configured on the terminal adapters must match the setting on the access server or router. Depending on your business application, terminal adapters can operate in many different modes. (See Table 2 .)
Mixed Protocol Dial-In Scenarios
The examples in the following sections are intended to run on each network device featured in Figure 8, which allows remote users to dial in to a mixed protocol environment:
Note Be sure to include your own IP addresses, host names, and security passwords where appropriate.
Cisco 7200 #1 Backbone Router
The following configuration runs on the router labeled Cisco 7200 #1 in Figure 8. Fast Ethernet interface 0/0 connects to the corporate backbone switch. Fast Ethernet interface 1/0 connects to the Catalyst 1900 switch, which in turn connects to the Cisco AS5300 access servers.
Cisco 7200 #2 Backbone Router
The following configuration runs on the router labeled Cisco 7200 #2 in Figure 8. Fast Ethernet interface 0/0 connects to the corporate backbone switch. Fast Ethernet interface 1/0 connects to the Catalyst 1900 switch, which in turn connects to the Cisco AS5300 access servers.
Cisco AS5300 Universal Access Server
The following configuration runs on each Cisco AS5300 access server in the stack group shown in Figure 8:
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2001–-2009 Cisco Systems, Inc. All rights reserved.
Feedback