Cisco Systems 700 User Manual

Download

Cisco 700 Series Router Configurat ion Guide

Software Release 4.4.

Corporate Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com

408 526-4000

Tel:

800 553-NETS (6387)

Fax:

408 526-4100

Text Part Number: OL-0184-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO B E ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environm ent. This equ i pm ent generates , uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Opera tion of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency

energy. If it is n ot installed in accor dance with Cisco’s insta llation instruction s, it may cause interference wit h radio an d television r eception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interfer ence in a resident ial installation . However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digi tal dev ice s. I n tha t ev ent , y ou r r i ght to us e th e e q uipm ent ma y be li mite d by F CC r e gul at ions , a nd yo u m ay be requ ired to cor rect any interference to radio or televi sion commu nications at your own e xpense.

You can determine whether your equ ipment is cau sing interfere nce by turning it o ff. If th e interference s tops, it was probably caused by the Ci sco equipment or one of its peripheral devices. If th e equ i pm ent causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the televisi on or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment an d the tele vision or radio are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (U CB ) as part of

UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE

PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Access Registrar, AccessPath, Any to Any, AtmDirector, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, the Cisco logo, Cisco Certified Internetwork Expert logo, CiscoLink, the Cisco Management Conne ction logo, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Capital, the Cisco Systems Ca pital logo, Cisco Systems Networking A cademy, th e Ci sco Technologies l ogo, ConnectWay, ControlStr eam, Fast Step, FireRunner, GigaStack, IGX, JumpStart, Kernel Proxy, MGX, Natural Network Viewer, NetSonar, Network Registrar, New World, Packet, PIX, Point and Click Internetworking, Policy Builder, Precept, RouteStream, Secure Script, ServiceWay, SlideCast, SMARTnet, StreamView, The Cell, TrafficDirector, TransPath, ViewRunner, VirtualStream, VisionWay, VlanDirector, Workgroup Director, and Workgroup Stack are trademarks; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, The Internet Economy, and The New Internet Economy are service marks; and Asist, BPX, Catalyst, C isco, C isco IO S, the Cisco IO S logo, Cisco Systems, the Cisco System s logo, the Cis co Syst ems Cis co Press logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, FastSwitch, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Registrar, Strata View Plus, Stratm, TeleRouter, and VC O are registered trademar ks of Cisco Systems, Inc. in th e U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationshi p be twe en Cis co and any of its resellers. (9906R)

About This Manual vii

Related Documentation viii Conventions ix

Chapter 1 Overview 1-1

Supported Protocols 1-1 Software Images 1-2 Administrative Configuration Options 1-3

Chapter 2 Using Profiles wit h Cisco 700 Series Routers 2-1

Profile Overview 2-1

Profiles and Connections 2-2

System and Profile Parameters 2-2

System Mode Parameter Set 2-3 Profile Mode Parameter Set 2-3 Permanent Profiles 2-4

Creating and Modifying P r ofiles 2-5

Displaying Profile Configurations 2-5 Removing Profile-Based Values 2-5 Deleting Profiles 2-6 Changing Profile Na mes 2-6

CONTENTS

Incoming Calls 2-6 Outgoing Calls 2-7

Chapter 3 Basic Configurat ions 3-1

Basic Configuration Concepts 3-1

Bridges and Routers 3-2 Profiles 3-2 LANs and WANs 3-2 Current Configura tion 3-3 Remote and Central Sites 3-4

Contents iii

Password and Secret 3-4 Additiona l Reference 3-4

Starting Point 3-4

Setting SPID Autodetection (North America only) 3-5 Setting SPIDs Man ually (North America only) 3-6

Bridging with a Cisco 700 S eries Router 3-7

Cisco 700 Series Router Bridging Instructions 3-8

Routing IP with a Cisco 700 Series Router to an ISP 3-9

Routing a Cisco 700 Series Router to an ISP Instructions 3-11

Routing IP to a Central Site 3-11

Central Site IP Routing Command Summary 3-13

Routing IP and IPX On-Demand 3-14

On-Demand IP and IPX Routing with PPP Instructions 3-16 Central Site On-Demand IP and IPX Routing with PPP Commands 3-17

Chapter 4 Using CHAP 4-1

SPID Detection (North America only) 4-2 IP Static Routing and Callback with CHAP Authentication 4-2

Remote Cisco 765 Comma nd Summary 4-3

IP Static Routing with CHAP Authentication and MLP 4-4

Remote Cisco 765 Comma nd Summary 4-5

IP Static Routing with PAP Authentication and MLP 4-6

Remote Cisco 765 Comma nd Summary 4-7

IP Unnumbered Static Routing and CHAP with MLP 4-8

Remote Cisco 765 Comma nd Summary 4-9

IP Static and IPX Static Routing with CHAP and MLP 4-10

Remote Cisco 765 Comma nd Summary 4-11

IPX Static Routing with CHAP and MLP 4-12

Remote Cisco 765 Comma nd Summary 4-13

Multilink PPP Encapsulation 4-14

Cisco 700 Series Router Configuration Guide

Dynamic Routing Prot ocols 4-14 Bridging to a Router Running Cisco IOS Software 4-15

Chapter 5 Configuring DHCP Relay, DHCP Server, and PAT 5-1

DHCP Description 5-2

DHCP Server Application Notes 5-2 DHCP Relay Application Notes 5-3

PAT Description 5-3

PAT Application Notes 5-3

IPCP Description 5-4

IPCP Address Negotiation Application Note s 5-4

PPP IPCP Negotiation Example 5-5

Cisco 765 Series Router Commands 5-5 Verify the Configuration 5-6

DHCP Relay with IPCP Negotiation Example 5-6

Cisco 765 Series Router Commands 5-6 Verify the Configuration 5-7

DHCP Server with IPCP Negotiation Example 5-7

Cisco 765 Series Router Commands 5-8 Verify the Configuration 5-8

PAT with IPCP Single-Destination Negotiation Example 5-9

Cisco 765 Series Router Commands 5-10 Verify the Configuration 5-10

DHCP Server and PAT with IPCP Single-Destination Negotiation Example 5-11

Cisco 765 Series Router Commands 5-12 Verify the Configuration 5-12

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example 5-13

Cisco 765 Series Router Commands 5-14 Verify the Configuration 5-15

Contents v

Chapter 6 Configuring Remote CAPI 6-1

CAPI and RVS-COM 6-2

Supported D-Channel Protocols 6-3 Supported Appli cations 6-3 Remote CAPI Router Commands 6-3

Configuring the Cisco 700 Router as an RCAPI Server 6-4

RCAPI Command Summary 6-4 Verify the Configuration 6-5

Appendix A Token Card and Cisco Secure Authent ication Support A-1

Token Caching A-2

Cisco 700 Series Router Configuration Guide

About This Manual

This chapter discusses the organization, relate d docum entation, and convention s of the Cisco 700 Series Router Configuration Guide.

This document is organized as follows:

• Chapter 1, “Overview,” provides a brie f overview of Cisco IOS-700 software and

supported protocols.

• Chapter 2, “Using Profiles with Cisco 700 Series Routers,” describes a set of

user-def i ned parame ters group ed in a customize d prof ile and assoc iate d with a specif ic remote device.

• Chapter 3, “Basic Configurations,” describe s how to connect a Ci sco 700 series router

to an Internet service provider (ISP) or to a cent ral site, such as your company network.

• Chapter 4, “Using CHAP,” describes how to connect a Cisco 700 series router to a

router running Cisco IOS software.

• Chapter 5, “Configuring DHCP Relay, DHCP Server, and PAT,” describes ho w to

config ure Dynamic Host Conf i gurati on Prot ocol (DHCP ) relay, DHCP server, an d Port Address Translation (PAT) on the Cisco 700 series router.

• Chapter 6, “Configuring Remote CAPI,” describes ho w to configure Remote Common

Application Programmers Interface (CAPI) and the ISDN Device Control Protocol (ISDN-DCP) on the Cisco 700 series router.

• Appendix A, “Token Card and Cisco Secure Authentication Support, ” describes the

Token Card and Cisco Secure Authentication Support security features.

About This Manual vii

Con ven tions

This publication uses the following conventions to convey instruc tions and information:

• The caret character (^) represents the Control key.

For exampl e, the k ey combina tions ^D and Ctrl -D are equi v alent: Bot h mean hold do wn the Control key while you press the D key. Keys are indic ated in capitals, but are not case sensitive.

• A string is defined as a nonquoted set of characters.

There are a f e w st rings t hat i ncl ude quot ation marks as part o f th e st atement . The refore, common practice is not to include the quotation marks unless the y are included in the statement. For example, set the SNMP community st ring to public does not use

quotation marks around the string “public” because when you enter the string, you would not include the quotation marks.

Command descriptions use these conventions:

• Ve r ti ca l b ar s ( | ) se pa r at e al ternative, mu tu ally exclu s ive, elements.

• Square brackets ([ ]) indicate opt ional elements.

• Variables for which you supply values are in italic.

Conventions

• Examples that contain system prompts denote interactive sessions, indicating the user

enters the command at the prompt. The system prompt indicates the current command mode. For example, the prompt rout er:2503> indicate s profile mode. The exception is when a list of commands is provided in an example configuration; the prompt is not shown for the sake of clarity.

• Fixed inf ormation you enter i s in boldface screen font . Variable infor matio n you

enter is in it alic.

• Terminal session s and information the system di sp lays are in screen font.

• Nonprinting chara cters, such as passwords, are in angle brackets (< >).

The command synt ax contain s a combin at ion of bold a nd re gula r upperca se and lo we rcase alphanumeric charac ters. You can enter the full te x t of the commands , or you can ente r the abbre viate d form . The abbr ev iated f orm con sis ts of t he fi rst ch ara cters in ea ch wor d, sh own in uppercase bol d in the c ommand synt ax. T he uppe rcas e bold cha racte rs ar e the mini mum you must enter for the command to be recogni zed and executed.

About This Manual ix

Conventions

The actual c ommands you e nt er are not case sens iti v e. T he capit al izat ion and b old type ar e used in this manual only to dif ferentiate the characters requ ired for th e abbreviated for ms of commands.

For example, The syntax of the set system command is as fol l ows:

SEt SYstemname [systemname]

The complete version of the set system command can be entered at the command prompt as foll ows :

>set systemname

systemname

The abbreviated version of th e sam e comm and can be entered as follows:

>se sy

systemname

Note Means reader take note. Notes contain helpful s uggestions or refer ences to m ateria ls

systemname

not contained in this manual.

Timesaver This symbol me ans the described action saves time. You can save

time by performing the action described in the paragraph.

Caution This symbo l means reader be careful. In this situation, you mi ght do

something that could re sult in equipment damage or loss of data.

Cisco700 Series Router Conf iguration Guide

Overview

Cisco 700 series routers co nnect small off ice Et hernet LANs t o corporat e networks through Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) lines. After config uration, the router automatically routes packets to and from remote destinations using IP or Internetwork Packet Exchange (IPX).

The Cisco 700 series router is a fixed co n fig u r at io n router. The rout er operating sys t e m is called Cisco IOS-700 software and is unique to the Cisco 700 series router.

Supported Protocols

The Cisco 700 series routers support the following protocols :

• IP

CHAPTER

• IPX

• Internet Protocol Control Protocol (IPCP)

• Internet Control Message Protocol (ICMP)

• Internetwork Packet Exchange Control Prot ocol (IPXCP)

• Point-to-Point Protocol (PPP)

• Bridge Control Protocol (BCP)

• Multilink PPP (MLPPP)

• Address Resolution Protocol (ARP)

• Service Advertisement P r otocol (SAP)

• Password Authentication Protocol (PAP)

Over view 1-1

Software Images

• Trivial File Transfer Protocol (TFTP server)

• Simple Network Management Protocol (SNMP)

• Routing Information Protocol (RIP) for IP and IPX

• Trigge red RIP for IP

• Challenge Handshake Auth en ticatio n Protocol (CHAP)

• Dynamic Host Configuration Protocol (DHCP)

• Port Address Translation (PAT)

• Remote Common Applica tion Programmers Interf ace (RCAPI)

• ISDN Device Control Protocol (ISDN-DCP)

Software Images

The Cisco 700 Series routers run a proprietary Cisco soft ware (Cisco IOS-700 software) image, which is different than traditional Cis co IOS software. The image you use varies, depending on the region in which the router is used and what feature set you desire. The image name, fo r exa mple, c 760-in. r- TPH.43-1. bin , design at es the re gion and featu res. The regio n s are as follows:

1-2

• US for use in North America

• NET3 for use in Europe

• TR6 for use in Germany

• INS for use in Japan

• TPH for use in Australia

The features are in d icated as follo w s:

• Internet Ready (IP onl y, 30 users with data compression on) images have a "b"

designati on.

• Internet Re ady X.25 (IP only , 30 LAN de vices, compression, X.25) images have a "bxd"

designati on.

Cisco700 Series Router Command Reference

Administrati ve Configuration Options

• Remote Office (IP/IPX, 1500 LAN devices, compression) images have an "r"

designation.

• Remote Off ice X.25 (IP/IPX, 1500 LAN devices , compression, X.25) images have an

"rxd" designation.

So the example image named "c760-in.b-TPH.43-1.bin" is a Serie s 760 router image software Release 4.3(1) with the Internet Ready feature set for Australia. (All Cisco 700 series routers run Series 760 rout er im ages. There are no Series 770 router im age s.)

You can verify the image loaded on your router by entering the command-line prompt. The following examp le shows a router running a Cisco 760 (c760) image for the United St ates (US), rel ease 4.0(1), and u sing the Remote Off ice (r) fea ture set:

guest> version Software Version c760-in.r.US 4.0(1) - Jan 14 1997 19:00:23 Cisco 766 ISDN Stack Revision US 2.10 (5ESS/DMS/NI-1)

Administrative Configuration Options

You can configure routers through the configuration port or across an IP network using Telnet. In addition, Cisco IOS-700 software supports Cisco 700 Fast Step software applications. These tools are on the Ci sc o700 Fast Step CD-ROM in the Cisco 700 Quick Reference Guide.

version command at the

Over view 1-3

Administrati ve Confi guration Options

1-4

Cisco700 Series Router Command Reference

CHAPTER

Using Profiles with Cisco 700 Series Routers

A profile is a set of configuration parameters associated with ports on the router or WAN devices.

This chapter contains the following sections:

• Profile Overview

• System and Profile Parameters

• Creating and Modifying Profiles

• Incoming Calls

• Outgoing Calls

Profile Overview

There are two modes in which you can set parameters, the system mode and the profile mode. System m ode parameters affect the configur ation on a global level. Profi les are sets of local parameters. Profile mode parame ters affect how the router handles the connection to a device.

You do not have to reconfigure the router every time you connect to a different de vice. Instead of using one set of configuration parameters for all devices, you can use different profiles to communicate with a variety of devices.

For e xample, you can creat e a user -d ef ined prof i le c alled 250 0 that conta in s the para meters to be used when communicating with a Cisco 2500 series router over the WAN. You can customize your Cisco 700 series router to maintain up to 17 user -defined profiles. P r ofiles are saved in the Cisco 700 series router nonvolatile RAM (NVRAM).

Using Profiles with Cisco 700 Series Routers 2-1

System and Profile Parameters

In addition to user-defined profiles, there are three permanent profiles, Internal, LAN, and Standard. The Internal profile stores parameters used to communicate between the LAN and WAN ports on the Cisco 700 series router . The LAN profile stores paramet ers that config ure the LAN port on the router. The Standard profile is the defaul t profile. If authentication is not requir ed and the destination device you are connecting to does not have a user-defin ed profile, the router uses the Standard profile.

Profiles and Connections

Profiles are either active or inactive. An active profile creates a virtual connection to the remote device associated with th e profile. A virtual connection is a connection without physical channels. After creating a virtual connection, an on-demand call can be made to the asso ciated rem o t e d evice to estab l ish a physical connection.

A physical connection is a dynamically created pipeline of packets from the Cisco 700 series router to a switch on the WAN. All connections are associated with the profile that defines the configuration of the connecti on.

Virtual and physica l connections behave similarly; the diffe r ence is that physical connections forw ard packet s to the WAN. Virtua l connections monitor packet tr aff ic on the

LAN until a deman d filter “sees” that a pa cket is destined f o r the WAN and initiates a call to the switch, opening the physical connection. Once the call is established, the virtual connection be com es an active physical connection, and the packets move through the pipeline.

System and Profile Parameters

The system is composed of both system mode parameters, user-defined profiles, and permanent profiles. System mode parameters can be changed only in system mode. The prompt indicates you are in system mode by displaying nothing or the route r name. An example of the prompt is shown below:

Router_name>

If you are in profile mode, the profile name appears on the prompt, sepa rated from the system name by a colon (:). An example of the prompt is shown below:

Router_name:Profile>

2-2

Cisco700 Series Router Configuration Guide

All profi les are based o n the profil e templa te and inherit the system-le v el valu es. When you create a new profile, its default values ar e taken from the p r ofile template.

System Mode Parameter Set

System mode parameters affect the r o u ter as a system. Table 2-1 lists the system parameters.

T able 2-1 System Para meter Set

Caller ID pa ra m e ters Call wait in g PPP Date and time Country gr oup Screen l ength Directory number(s) Address age time Screen echo Delay ti me Local and remote acces s SNMP Forwarding mode Phone 1 and 2 SPIDs Multid es tinatio n di a lin g PPP clie nt pa ssword Switch typ e Numbering plan PPP clien t secret System password Patterns Voice priority Power Source 1 detect Passt hru Compression System name PPP auth e nt ic ation

1 PPP = Point-to- P oint Protocol 2 SNMP = Simple Network Management Protocol 3 SPID = service profile identifier

System Mode Parameter Set

parame ters

parameters

Profile Mode Parameter Set

Changes made to profile mode parameters in system mode affect the profile template. When a profile is cre ated, it in herits the matchi ng system mode paramet ers from the profi le template. Any changes to parameters in profile mode apply only to that profile. Changes made to prof ile par ameters in s ystem mode are stored in th e prof ile templa te. When you use the set user command to create a user-defined profile, the default parameters for the new profile are taken from system mode.

Using Profiles with Cisco 700 Series Routers 2-3

System and Profile Parameters

Table 2-2 lis ts the parameters that can be conf igured in a profile.

Table 2-2 Profile Parameters

Bridging Line speed PPP authentication (outgoing) Ringback number Auto calling All IP parameters, including filters Passt hrough Demand PAP password (client and host) Learning Timeout All IPX parameters, including filters Subnet mask Called nu mber CHAP secret (client and host) Protoco l Encapsul ation Bridge f ilters (a ddress, typ e, and user- defined) Loopback

Permanent Profiles

Cisco 700 series routers contain three permanent profiles . Permanent profiles can be modified, but they cannot be deleted. The permanent profiles are as follows:

LAN Determines ho w data is passed from the router to the LAN. This profile

is commonly used for connec tions made directly to the local network.

2-4

Internal Determines ho w dat a is pass ed bet ween the bridge e ngine a nd the IP/ IPX

router .

Standard The default profile. If authent ication is set to non e and a profile does not

exist for the WAN switch, the r outer uses the St andard profile b y default. If authentication is required and no prof ile is found, the call is drop ped.

The decision to use the LAN or Internal profile involves some knowledge of your network design and whether you are bridging or routing t o remote sites (or a combination of both). It is be st t o use the LAN prof il e inst ead of th e Inte rna l prof il e to si mplif y t he con f igurati on. You can easily associate the LAN profile with the Ethernet interface and the user-defined profiles with the ISDN interface.

Sometimes situations arise (very infrequent) where you must rou te a protocol to one site and bridge the same protocol to another site. Simply leave the LAN profi le as a bridging profile, and use the Internal profile for all routed protocol information.

Cisco700 Series Router Configuration Guide

Creating and Modifying Profiles

A new profile is created with the set user command. When you create a ne w profile, you automa tically enter profile mode for that profile. The followin g example creates a user profile called tomd. Enter the set user command to create a profile using the profile template for the default values of the parameters, as follows:

Host> set user Host:tomd>

Notice that th e profi le mode is indi cated by th e prompt, which appe ar s as the sys tem name and the profile name, separated by a colon. While this prompt is displayed, modifications to the para meters only affec t the parame ters in the profi le. The ch anges do n ot affe ct system mode parameters or other profiles.

The cd command is used to change to system mode or to another profile. Following is an exampl e of th e cd command used to change to a perm anent pro file called LAN:

Router_name> cd LAN Router_name:LAN>

Note that the prompt include s the name o f the profi le. You can now modi fy the LAN prof ile parameters.

tomd

Creating and Modifying Profiles

Displaying Profile Configuratio ns

The show commands dis play the values as sociated with a prof ile parameter in prof ile mode. The commands work in system mode to show the valu es associated with parameters i n the profile template.

In profile mode, some show commands only display profile paramete rs . Parameter values that have been redefined in profile mode are indic ated with a <*>. All other paramete r values ar e in h erited fr o m th e pr ofi l e te m p la te.

Removing Profile-Based Values

You can remove any parameter value within a profile with the unset command. The parameter you removed inherits its value from the system mode.

Using Profiles with Cisco 700 Series Routers 2-5

Incoming Calls

In the following example, the profile parameter number is removed from the profile by using the unset command:

Host:Profile> unset number

Deleting Profiles

The reset user comman d deletes a user-defined pr o file fr o m th e r outer. The three permanent profiles (LAN, Internal, and Standard) cannot be deleted. This command also closes any conne ction associated with the profile.

In the followi ng example, the tomd profi le is removed from the system by using the resetuser command:

Host:Profile> reset user tomd

Changing Profile Names

The set profile user command changes the name of an existing profile. Enter this command while i n prof ile mode for the profi le you wa nt to affec t. In the follo wing e xample, the profile name is being changed from 2500 to 4500:

766:2500> set profile user 4500 766:4500>

Incoming Calls

When th e ro ut e r re c eives an incom in g call, the rou t er s ea r ch es both act ive and inactive profiles for a profile with the same name as the calling de vice. If it finds a profile with the matching user ID, the router uses the conf iguration parameters of that profile while communicating with the remote device. If the profile is inactive, it is automa tically activated for the duration of the connection.

When the call is finished, the physical link between the two devices is disconnected. However, the virtual conne ction to the remote router might be configured to remain acti ve.

2-6

Cisco700 Series Router Configuration Guide

If the profile is configured to remain active after a link disconnects, a virtual connection remains. The vir tual c onnect ion monit ors t he LAN t raf fi c. If pa cket s dest ined for th e WAN are detected, the router opens up the physical connection and forwards the packets.

If the profi le is configur ed to become inacti ve after a link dis connects, both the physical link and the virtual conne ction to the remote router ar e disconnected until another call is received f rom the same remote router.

Outgoing Calls

Outgoing calls requi re that the associated user- defined profiles be set to active, th at the set auto command be on, a nd t hat a phone number to c all be stor ed in th e pr of ile. If the pr of il e

is inactive, a number to dial is not available to the router.

Outgoing Calls

Using Profiles with Cisco 700 Series Routers 2-7

Outgoing Calls

2-8

Cisco700 Series Router Configuration Guide

CHAPTER

Basic Configurations

This chapter conta ins basic conf iguration e xamples for connecti ng a Cisco 700 series router to an Internet service provider (ISP) or to a central site, such as your co mpany network. It is assumed t hat your rout er is cable d as describe d i n the Ci sco 700 Quick Ref er enc e Guide. Before you proceed with the examples in this chapter, have the information regarding ordering the ISDN li ne an d the connection information in the Cisco 700 Quick Reference Guide (shipped with your router package) available.

The chapter is written so that a kno wledge able begi nne r can perform a basic config uratio n of the router, guided by the examples. Expl anations are kept to a mi nimum, but the y do show how the individual commands fit into the framework of a configuration.

This chapter has the following sections:

• Basic Configuration Concepts

• Starting Point

• Setting SPIDs Manually (North America only)

• Bridging with a Cisco 700 Series Router

• Routing IP with a Cisco 700 Series Router to an ISP

• Routing IP to a Central Site

• Routing IP and IPX On-Demand

Basic Configuration Concepts

The information in this se ction describes basic networking concepts as they relate to the Cisco 700 series router and the examples presented. If you have some experience with Cisco 700 series routers, you can skip this section.

Basic Configura ti ons 3-1

Basic Configuration Concepts

Bridges and Routers

Routers forward packets on to specific network segments based on a logical network address, reducing network traff ic by kee ping unnecessary pack ets off network s egments by only forwarding packets to segments as required.

A bridge joins individual network segments into a single network. The bridge floods packets on to all the network segments it is connected to. In other words, bridges offer simplicity and routers offer a greater degree of control. Cisco 700 series routers can function as a bridge and a router.

Profiles

Profiles are logically organized sets of commands for each connection that can be customized and stored independently. This allows you to conf igure your router for more than one connec tion. There are two types of profiles , permanent and user-defined. The Cisco 700 Series Router Co mmand Ref erence publication cont ains a n e xten si v e discus si on on profiles. It is important to understand the use of profiles before attempting to configure your router.

LANs and WANs

Cisco 700 series routers have a “LAN side” and a “WAN side.” The LAN s ide of the route r is the Ethernet 10BaseT conne ction wher e your computer (or another short-ra nge networ k device ) is connected to the router. The WAN s ide is ISDN. The configuration commands can affect function on one or both sides of the router . Which side i s affected depends upon the command and the pr ofile containing the command.

3-2

Cisco 700 Series Router Configuration Guide

Current Configuration

You can display the current configuration at any time using the show configuration command. If you is sued the c ommand i n sys t em mode , sy stem mode comma nds di spla y. If you issue the command in profile mode, profile mode commands display. An asterisk (*) next to a v alue ind icate s the v alue has been m odif ie d from t he d ef ault v a lue. The c ommand is entered as follows:

>show config

Basic Configura ti ons 3-3

Basic Configuration Concepts

The following sample display shows output for the Cisco 700 series routers, from the show configuration command in system mode:

Host> show config System Parameters

Environment

Screen Length 20 Echo Mode ON CountryGroup 1

Bridging Parameters

LAN Forward Mode ANY WAN Forward Mode ONLY Address Age Time OFF

Call Startup Parameters

Multidestination OFF

Line Parameters

Switch Type 5ESS

Call Parameters Link 1 Link 2

Retry Delay 30 30

Profile Parameters

Bridging Parameters

Bridging ON Routed Protocols Learn Mode ON Passthru OFF

Call Startup Parameters

Encapsulation PPP

Line Parameters

Line Speed AUTO Numbering Plan NORMAL

Call Parameters Link 1 Link 2

Auto ON ON Called Number Ringback Number

Remote and Central Sites

In the e xampl es, the Cisc o 700 series router you a re conf igur ing is referre d t o as the remote router. This is strictly for identif ication purposes and does not have anything to do with geography or the physical location of the router.

3-4

Cisco 700 Series Router Configuration Guide

Passwo rd and Secr et

There a re s e ve ra l ty pes of a uth ent ic at ion, su ch as P as sw ord Au t hen ticat ion Pr oto col (PAP) and Challenge Handshake Authentication Protocol (CHAP). To avoid confusion, the PAP password is r eferred t o a s pass word, and t he CHAP s ecre t pass word is referre d to a s secret. The PAP password is pl ain text. The CHAP secret is encrypted.

Additional Reference

For more informati on on the commands, basics of networking, profiles and so forth, refer to the Cisco 700 Series Router Command Refer ence publication. The Cisco 700 Series Command Reference publication also contains advanced configuration examples.

Starting Point

This section shows how to set the router to default values and provide basic configuration information use d in all configurati ons. All of the example configuration s assume default valu es unless otherwise indi cated.

Step 1 Use the set default com mand as f ollo ws to be s ure tha t you begin wi th all default

values when co nfiguring your router:

> set def

System-le ve l paramet ers and the pa rameter s in the pe rmanent prof i les ar e set to their default values. Existing user-defined profiles are d eleted and the router reboots.

Step 2 Enter the set directorynumber command (usually a te n-digit local num ber with

no spaces or dashes) to set the ISDN dire ctory numbers.

>set 1 directory number 4085551234 >set 2 directory number 4085551235

You are ready to set Service Profile Identifier (SPID) au tomatic detection. A SPID is a number provided by the ISDN carrier to identify the line configuration of the BRI service. Each SPID points to li ne setup and configuration information.

Basic Configura ti ons 3-5

Starting Point

Setting a SPID is des cribed in the section “Setting SPID Autodetection (North America only)” in this chapter (recommended if you are connecting to a service provider where the ISDN switch t ype is DMS-100 or National ISDN-1 (NI1)) or to enter the SPIDs manually, as describe d in t he sect ion “ Settin g SPI Ds Manua lly (North Ame rica onl y)” in this chapt er.

Setting SPID Autodetection (North America only)

If the servi ce pro vi der IS DN swi tch t ype is DMS-100 or Nati onal IS DN-1 (NI1), the rou ter supports an automatic SPID detection feature. This section descri bes how to set the autodetec tion feature . If the switch type is 5ESS Custom PPP, do not enter SPIDs; go to the next section.

Enable automatic SPID de tection feature as follows:

>set autodetection on

Once you enable the autodetection feature, wait for the router to complete the process. This process might take seve ral minutes to complete. When autodetection is successful, the follo wing messages display:

>L76 1 Auto Spid Detect Successful 5ESS >L76 1 055512340 Auto Spid Detect Successful >L76 2 055512350 Auto Spid Detect Successful

3-6

No additional procedures are required. You can now enter specific configuration information.

If autodetection fails, the following message disp lays:

>L84 Manually enter spids and set autodetection off

In this event, set autodetection off by using the set autodetection command and continue with the section “Setting SPIDs Manually (North America only)” to enter SPIDs manually.

Cisco 700 Series Router Configuration Guide

Setting SPIDs Manually (North America only)

SPIDs can b e detected auto m atically usi ng the set autodetection command, or SPIDs ca n be entered manually, as described in this section.

If the service provider switch type is 5ESS Cust om PPP, you do not need to ente r SPIDs ; go to the next section. If the service provider switch type is DMS-100, National (NI1) , or 5ESS Multipoint, continue with this section.

To enter the SPIDs assigned by your ISDN service provider, take the following steps:

Step 1 Enter the set switch command to configure the ISDN switch type that is being

used with your ISDN line:

> set switch dms

Step 2 Enter the set spid command to set the router’ s SPID numbers:

> set 1 spid > set 2 spid

You are ready to configure the router for a specific routing environment.

An AT&T 5ESS switch can support up to eight SPIDs per BRI line. Because multiple SPIDs can be applied to a single B channel, multiple services can be supported simultaneou sly. For example , th e f irst B ch annel c an be conf ig ured for data , a nd t he s econd B channel can be conf i gure d for bot h v o ice and dat a. In th is sc enar io, t he s econd B c hannel can support an ISDN telephone in addition to supporting data connections. For 5ESS switches, the SPID is usually the 10-digit ISDN number beginning with “01” and ending with “0.” For example: ISDN number, 4085551212; SPID, 0140855512120. (There is no standard format for SPIDs. As a result, SPID values can vary, depending on the switch vendor and the carrier.)

0510198765430 0510187654320

DMS-100 and NI1 swi tc hes supp ort only two S PIDs, wi th only one B c hannel per S PID. If both B channels will be used for data only, enter the two SPIDs (one for each B channel). An issue comes up when trying to run data and voic e over the same B channel. Assuming the fi rst SP ID is appli ed to t he fi rst B cha nnel for data tr aff ic a nd is l imited t o that B cha nnel only, this leaves only one other SPID for the second B channel.

Consequent ly, the second B channel can be used for either data or voice, but not both simultaneously. The absence or presence of the second SPID in the configuration dictates whether the secon d B chan nel can be used for data or voice. This is an example of SPID

Basic Configura ti ons 3-7

Bridging with a Cisco 700 Series Router

values for DMS-100 and NI1 switches: ISDN number, 4085551212; SPID 1, 408555121201; SPID 2, 408555121202. In this case the S PID is the 10-digit IS DN number

ending with a “01” for SPID 1 and a “02” for SPID 2.

Bridging with a Cisco 700 Series Router

This sec tion d escr ibes ho w to br idge a Cis co 700 series route r o ve r an IS DN line t o anot her router. Bridging is used in cases where you do not need a lo t of filtering to manage the network. Basic ally , you are relying on the nodes on the LAN side of the router to dete rmine if a packet shoul d be accepted or dropped. (If you turn routin g on, you can fil ter the packet s on the WAN side, reducing your traffic on the LAN side.)

Note Bridging ov er an ISDN l ine i s not an e f f icient use of ISDN ba ndwidth. Ro uting o v er

the ISDN line helps optimize ISDN bandwidth by reducing traffic to the WAN.

Figure 3-1 illustrat es an e xample of a remote Cisco 700 series router bridging to a router called central at a centr a l sit e .

3-8

Figure 3-1 Bridging Example

IP address 172.16.125.9 Subnet mask 255.255.0.0

Enterprise

CPA765 Central

You are going to establish a basic connection with another router, relying primarily on the defaults. In this example conf iguration, a simpl e us er-defined profile is created in your Cisco 700 series router to bridge over an ISDN network to another router.

By defaul t, the Cis co 700 series router a utomati cally “lear ns” the MA C addr esses that ex ist locally and remot ely across the WAN. The router stores the MA C addresses in a MAC address table, so it knows if the unica st packets should remain on the LAN or forwarded

Cisco 700 Series Router Configuration Guide

ISDN

network

IP address 172.16.125.10 Subnet mask 255.255.0.0

San Jose

H5860

across the ISDN line. In a bridging scenario, the router does not need an IP address and bridging occurs regardless. The IP addre ss is used when the router is being mana ged remotely by a Telnet session or participating in SNMP.

Both sides of the WAN must be configured with PPP host names, secrets, and passwords for authentication. Each profile must also include dialing information.

Cisco 700 Series Rout er Bridging Instructions

The IP address and subnet mask are not entered. IP address assignments are not necessary in a bridged netwo r k; they are used only if the router is being pinged or accesse d through Tel ne t or SNMP.

Follow i n g is the comma n d su m mary fo r configuring the Cisco 700 s er ies ro uter to br idge to the ro ut er ca ll ed central at the central site:

set system set user set active set ppp secret client set ppp password client set bridging on

set set 2 number reboot

CPA765

central

number

phone_number phone_number

Routing IP with a Cisco 700 Series Router to an ISP

This section descri bes ho w to conf igure a Cisc o 700 serie s router to rout e to an I SP by us ing Internet Protocol (IP). Figure 3-2 illustrates the configuration used in this example. By default, PPP incoming authentication is on and outgoing authentication is off.

Note If you are connecting to an Ascend device, you must disable PPP Bandwidth

Allocation Control Protocol (BACP) and PPP multilink.

Basic Configura ti ons 3-9

Routing IP with a Cisco 700 Series Rout er to an ISP

The example also uses an unnumbered IP address on the Cisco 700 series router and a dynamically-as signed IP address from the ISP, a common practice used to conserve IP addresses.

Figure 3-2 Connecting to an ISP–Exampl e Confi guration

ISDN (WAN) interface IP address: 0.0.0.0. Subnetwork mask: 0.0.0.0.

Ethernet (LAN) interface IP address: 172.16.17.9 Subnet mask: 255.255.255.248

Cisco 700

Cisco 700 series router system name: 765 CHAP secret: cisco

ISDN network

IP unnumbered

Central

Central site router System name: isp

H8757

In this exa mp le , a user-defined pr o file named is p is created, representing the ISP router. Your router uses the isp profile to initiate the call to th e I SP router.

When the Cisco 700 series router calls the ISP router, it sends the ISP the PPP host name, the CHAP secrets, and PAP passwords, depend ing upon what the other router requires to authenticate the call.

3-10

Cisco 700 Series Router Configuration Guide

Routing a Cisco 700 Series Router to an ISP Instructions

Following is the command summary for conf iguring the remote Cisco 700 seri es router to connect to an ISP:

set system cd lan set ip address set ip netmask set ip routing on set user set number set ppp password client set ppp secret client set ppp address negotiation local on set ip routing on set ip route destinatio set bridging off set ip address set ip netmask set timeout set ip pat on set active reboot

If you are being charged for each connec tion, you can use the set timeout command to set the timeout to zero. Doin g so ma int ains your connecti on a nd minimiz es the numbe r of fees.

764

172.16.17.9

255.255.255.248

isp

5558011

0.0.0.0

360

n 0.0.0.0/0

gateway

0.0.0.0

propagate on

Routing IP to a Central Site

This section describes how to configure a remote Cisco 765 router and a ce ntral site Cisco 765 router for on-demand IP routing using PPP.

PPP addresses issues that include the assignmen t and manageme nt of IP addresses, asynchronous (s tart/stop) and bit-oriented synchronous enc apsulation, network protocol multiplexing, error detection, and option negotiation.

PPP addresses these issues by providing an extensible Link Control Protocol (LCP) and a family of Netw ork Control Protocols (NCPs) to negotiate opti onal configuration parameters and facilities. PPP suppor ts IP and IPX.

Figure 3-3 is an illustration of the configuration used in this example.

Basic Configurations 3-11

Routing IP to a Central Site

Figure 3-3 Routing IP to a Central Site—Example Configuration

ISDN interface IP address: 10.48.125.7 IP subnet mask: 255.255.255.0

Ethernet interface IP address: 172.16.17.9 IP subnet mask: 255.255.255.0

Ethernet interface IP address: 172.15.1.100 IP subnet mask: 255.255.255.0

ISDN interface IP address: 10.48.125.4 IP subnet mask: 255.255.255.0

Cisco765

Remote router System name: remote765 ISDN number: 5553693/4 User profile name: central765

ISDN

network

Cisco765

Central site router System name: central765 ISDN number: 5550143/4 User profile name: remote765

S4802

In this example, the Cisco 765 router named remote765 is used to establis h a connection through the ISDN service provider to the corporate network at a central site.

3-12

Cisco 700 Series Router Configuration Guide

Central Site IP Routing Command Summary

Following is the command summary for con figuring the remote Cisco 765 router for on-demand IP routing using PPP:

set system set multidestination on cd LAN set ip address set ip netmask set ip routing on set ip rip update periodic set user set ppp password client set ppp secret client set ip address set ip netmask set ip routing on set ip rip update demand set ip route destination set number set timeout set active reboot

remote765

172.16.17.9

255.255.255.0

central765

10.48.125.7

255.255.255.0

5550143

360

0.0.0.0/0

gateway

10.48.125.4

Basic Configurations 3-13

Routing IP and IPX On-Demand

Follo wing is the command summary for conf iguring the centra l site Cisc o 700 series rout er for on-demand IP routing with PPP:

set system set multidest on set ppp auth in chap set ppp secret host cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set user set ppp auth out chap set ppp secret client set bridging off set ip address set ip netmask set ip routing on set ip rip update demand set ip route destination set ip rip version 1

number

set

number

set set timeout set active reboot

central766

172.15.1.100

255.255.255.0

remote765

10.48.125.4

255.255.255.0

5553693 5553694

360

0.0.0.0

gateway

10.48.125.7

The set ip rip update demand command is only applicable to the Cisco 700 series router. If you are being charged for each connec tion, you can use the set timeout command to set

the timeout to zero. Doin g so ma int ains your connecti on a nd minimiz es the numbe r of fees.

Routing IP and IPX On-Demand

This section describes how to configure the remote Cisco 765 router and the central site Cisco 765 router for on-demand IP and IPX routing using PPP.

Figure 3-4 illustrates the confi guration used in this e xam ple.

3-14

Cisco 700 Series Router Configuration Guide

Figure 3-4 Routing IP and IPX On-Demand—Exampl e Confi guration

ISDN interface IP address: 10.32.125.7 IP subnet mask: 255.255.255.0 IPX network: 32125

Ethernet interface IP address: 172.16.17.9 IP subnet mask: 255.255.255.0 IPX network: 1478 IPX Framing 802.2

765

Cisco765

Remote router System name: remote765 ISDN number: 5553693/4 User profile name: central765

The remote Cisco 765 router is used to estab lish a connection through the ISDN service provide r to the corporate ne twork at a central site using PPP. The remote Cisco 765 router has three permanent profiles: LAN, Internal, and Standard. This example uses the LAN profile and a user-defined profile.

Ethernet interface IP address: 172.15.1.100 IP subnet mask: 255.255.255.0 IPX network: 73146 IPX framing 802.2

ISDN interface IP address: 10.32.125.4 IP subnet mask: 255.255.255.0 IPX network: 32125

ISDN network

Central site router System name: central765 ISDN number: 5550143/4 User profile name: remote765

Cisco765

S4800

Basic Configurations 3-15

Routing IP and IPX On-Demand

On-Demand IP and IPX Routing with PPP Instruct ions

Following is the command summary for con figuring the remote Cisco 765 router for on-demand IP and IPX routing using PPP:

set system set multidestination on set ppp password client set ppp secret client set ppp auth out chap set ppp password host set ppp secret host cd LAN set ipx routing on set ipx network set ipx framing 802.2 set ipx rip update periodic set ip address set ip netmask set ip routing on set ip rip update periodic set user set ipx routing on set ipx network set ipx rip update demand set ipx spoof set ip route destination set ip address set ip netmask set ip routing on set ip rip update demand

set set 2 number set timeout set active reboot

remote765

central765

number

1478

172.16.17.9

255.255.255.0

32125

10.32.125.7

255.255.255.0

5550143 5551044

360

0.0.0.0/0

gateway

10.32.125.4

3-16

Cisco 700 Series Router Configuration Guide

Central Site On-Demand IP and IPX Routing with PPP Commands

Follo wing is the command summary for conf iguring the centra l site Cisc o 700 seri es router router for on-demand IP and IPX routing using PPP:

set system set multidestination on set ppp auth in chap set ppp secret client cd lan set ipx routing on set ipx network set ipx framing 802.2 set ipx rip update periodic set ip address set ip netmask set ip routing on set ip rip update periodic set user set bridging off

set set 2 number set ipx network set ipx routing on set ipx framing none set ipx rip update demand set ipx spoof set ip route destination set ip address set ip netmask set ip routing on set ip rip update demand set ppp auth out chap set ppp secret host reboot

central765

remote765

number

73146

172.15.1.100

255.255.255.0

5553693 5553694

32125

10.32.125.4

255.255.255.0

0.0.0.0/0

gateway

10.32.125.7

Basic Configurations 3-17

Routing IP and IPX On-Demand

3-18

Cisco 700 Series Router Configuration Guide

CHAPTER

Using CHAP

This chapter conta ins con f igurati on e xamples for co nnecti ng a Ci sco 700 series router to a router runnin g Cisco IOS software. In these examples, the remote router is a Cisco 765 series router, and the central site router is a Cisco 4500 series router. Any Cisco 700 series router can be used in place of the remote Cisco 765 series router. Any router running Cisco IOS software can replace the central site Cisco 4500 series router.

In these ex amp les, the Ci sco 4500 ser i es ro ut er seri al - int er f ac e co n figu r at io n is an ISDN Primary R ate Interfac e (PRI). Depend ing on the route r model us ed at the cent ral site, the serial interface might be a different type.

In addition, this chapter lists se veral interoperability issues that exist bet w een Cisco IOS software and Cisco 700 series routers. These issues must be considered if you are connecting your Cisco 700 series router to a router running Cisco IOS software.

This chapter contains the following sections:

• IP Static Routi ng and Callback with CHAP Authentication

• IP Static Routing with CHAP Authentication and MLP

• IP Static Routing with PAP Authentication and MLP

• IP Unnumbered Static Routing and CHAP with MLP

• IP Static and IPX Static Routing with CHAP and MLP

• IPX Static Routing with CHAP and MLP

• Multilink PPP Encapsulation

• Dynamic Routin g Protocols

• Bridging to a Router Running Cisco IOS Software

Using CHAP 4-1

SPID Detection (North America only)

In North Ame r ica, SPIDs can be automatically detected or manually configured. For more information on SPID detection, see "Setting SPID Autodetection (North America only)" and "Setting S PIDs Manually (Nor th America only)" in the "Basic Con figur ations" chapt er .

IP Static Routing and Callback with CHAP Authentication

This sectio n describe s how to co nf igur e the router s for Inter net Protoco l (IP) stati c routing and callback with Challenge Handshake Authentication Protocol (CHAP).

Figure 4-1 illustrates the confi guration used in this example.

Figure 4-1 IP Static Routing and Callback with CHAP Authentication

Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0

Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248

765 CPA4500

Telecommuter PC IP address:

192.168.147.8

Remote router ISDN number: 5553693 User profile name: 4500

Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0

Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0

ISDN

Central site router ISDN number: 5558011 Host name: 4500

S4768

Central site network IP network: 172.18.124.0

4-2

Cisco700 Series Router Configuration Guide

Remote Cisco 765 Command Summary

Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or IP static routing and callback with CHAP authentication:

set switch 5ess

dir

set set 2 dir set system set ppp authentication incoming chap set ppp secret client set multidestination on cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set ip rip receive v2 set ip rip version 2 set user set ppp secret client set ppp secret host set ip route destination set ip address set ip netmask set ip routing on set ip framing none set ppp callback request always set set 2 ringback set number set bridging off set ip rip update off set timeout set active reboot

directory_number directory_number

765

4500

ringback

5558011

360

192.168.147.9

255.255.255.248

0.0.0.0

172.16.125.7

255.255.255.0

number number

gateway

Remote Cisco 765 Command Summary

172.16.125.1

propagate on

Multilink PPP is enab led b y defa ult. If the Ci sco 700 series router is dialing int o a hos t that does not support mult ilink PPP or that does not ha v e multil ink PPP enabled, the Cisco 700 series router might repo rt a misconfiguration. This is most commonly seen when the Cisco 700 series router is connecte d to equipment from Ascend.

Using CHAP 4-3

IP Static Routing with CHAP Authentication and MLP

IP Static Routi ng wit h CHAP Authentication and MLP

This section describes how to configure the ce ntral site Cisco 4500 series router and the remote Cisco 765 series router for IP static routing with Challenge Handshake Authenticat ion Protocol (CHAP) and Multilink Protocol (MLP).

Figure 4-2 is an illustration of the configuration used in this example.

Figure 4-2 IP Static Routing with CHAP Authentication and MLP

Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0

Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248

765 CPA4500

elecommuter PC

IP address:

192.168.147.8

Remote router ISDN number: 5553693 User profile name: 4500

Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0

Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0

ISDN

Central site router ISDN number: 5558011 Host name: 4500

S4768

Central site network IP network: 172.18.124.0

4-4

Cisco700 Series Router Configuration Guide

Remote Cisco 765 Command Summary

Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP static routing with CHAP and MLP:

set switch 5ess

dir

set set 2 dir set system set multidestination on set ppp multilink on set ppp authentication incoming chap set ppp authentication outgoing chap cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set user set ppp secret client set ip address set ip netmask set ip routing on set ip framing none set ip route destination set number set bridging off set ip rip update off set ppp secret host set timeout demand 2 threshold 32 duration set active reboot

directory_number directory_number

765

192.168.147.9

255.255.255.248

4500

172.16.125.7

255.255.255.0

5558011

360

0.0.0.0

gateway

Remote Cisco 765 Command Summary

172.16.125.1

propagate on

Note The set ppp authentication outgoing chap command in this example is not

recommended when connecting to Ascend 4000 or NAS routers.

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Using CHAP 4-5

IP Static Routing with PAP Authentication and MLP

IP Static Routing with PAP A uthentication and MLP

This section describes how to configure the ce ntral site Cisco 4500 series router and the remote Cisco 765 series router for Internet Protocol (I P ) st atic routing with Passw ord Authentic ation Protocol ( PAP) authentication.

Figure 4-3 is an illustration of the configuration used in this example.

Figure 4-3 IP Static Routing with PAP Authentication

Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0

Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248

765 CPA4500

Telecommuter PC IP address:

192.168.147.8

Remote router ISDN number: 5553693 User profile name: 4500

Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0

Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0

ISDN

Central site router ISDN number: 5558011 Host name: 4500

S4768

Central site network IP network: 172.18.124.0

4-6

Cisco700 Series Router Configuration Guide

Remote Cisco 765 Command Summary

Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP static routing with PAP authenticatio n:

set switch 5ess

dir

set set 2 dir set system set multidestination on set ppp multi on set ppp authentication in pap set ppp authentication out pap cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set ip rip receive v2 set ip rip version 2 set user set ip route destination set ip address set ip netmask set ip routing on set ip framing none set ppp clientname set ppp password client set ppp password host set number set bridging off set timeout set active reboot

directory_number directory_number

765

192.168.147.9

255.255.255.248

4500

172.16.125.7

255.255.255.0

765

5558011

360

0.0.0.0

gateway

Remote Cisco 765 Command Summary

172.16.125.1

propagate on

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Using CHAP 4-7

IP Unnumbered Static Routing and CHAP with MLP

This section describes how to configure the ce ntral site Cisco 4500 series router and the remote Cisco 765 series router for Internet Protocol (I P ) unnumbered routing with Challenge Handshake Authentication Protocol ( CHAP) authentication and Multilink Protocol (MLP).

Figure 4-4 is an illustration of the configuration used in this example.

Figure 4-4 IP Unnumbered Routing and CHAP Authentication with MLP

Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248

Serial interface IP unnumbered

Telecommuter PC IP address:

192.168.147.8

Remote router ISDN number: 5553693/4 User profile name: 4500

765

ISDN network

Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0

Serial interface IP unnumbered

4500

Central site router ISDN number: 5558011/2 Host name: 4500

Central site network IP network: 172.18.124.0

S4769

4-8

Cisco700 Series Router Configuration Guide

Remote Cisco 765 Command Summary

Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or IP unnumbered routing with CHAP authentication and MLP:

set switch 5ess set system set multidestination on set ppp multilink on set ppp authentication incoming chap set ppp authentication outgoing chap set ppp secret client set ppp secret host cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set ip rip receive v2 set ip rip version 2 set user set ppp secret client set ip rip update off set ip routing on set ip framing none set ip route destination set number set bridging off set ppp secret host set timeout set active reboot

765

192.168.147.9

255.255.255.248

4500

5558011

360

0.0.0.0

gateway

Remote Cisco 765 Command Summary

0.0.0.0

For detailed information regarding the commands listed here, refer to theCisco700 Series Router Command Reference.

Using CHAP 4-9

IP Static and IPX Static Routing with CHAP and MLP

This section describes how to configure the ce ntral site Cisco 4500 series router and Cisco 765 series router for Interne t P r otocol (IP) s tatic and Internetwork Pack et Exchange (IPX) static routing with Point-to-Poi nt P rotocol (PPP) using CHAP and MLP.

Figure 4-5 is an illustration of the configuration used in this example.

Figure 4-5 IP Static and IPX Static Routing with PPP

Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0 IPX network: 32125

Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248 IPX network: 1478

Telecommuter PC IP address: 192.168.147.8

765

Remote router IPX address: 32125: 0040f9cfd5 ISDN number: 5553693/4 User profile name: 4500

ISDN network

Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0 IPX network: 48124

Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0 IPX network: 32125

Central site router IPX address: 32125: 0c08af65 ISDN number: 5558011/2 Host name: 4500

4500

S4770

IPX file server IPX internal address: 3039e670

Central site network IP network: 172.18.124.0

4-10

Cisco700 Series Router Configuration Guide

Remote Cisco 765 Command Summary

Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP static and IPX static routing with PPP using CHAP and MLP:

set switch 5ess

dir

set set 2 dir set system set multidestination on set ppp authentication incoming chap set ppp authentication outgoing chap set ppp secret client set ppp secret host cd lan set ipx network set ipx framing 802.2 set ipx routing on set ipx rip update periodic set ip address set ip netmask set ip routing on set ip rip update periodic set user set ipx network set ipx routing on set ipx route destination set ipx service name CORP_FS1 type 4 address set ipx spoof set ipx rip update off set ipx framing none set ip routing on set ip route destination set ip address set ip netmask set ip framing none set number set bridging off set ip rip update off set timeout set active reboot

directory_number directory_number

765

1478

192.168.147.9

255.255.255.248

4500

32125

172.16.125.7

255.255.255.0

5558011

360

3039e670

0.0.0.0

gateway

Remote Cisco 765 Command Summary

32125:0c08af65

3039e670:01:0451

172.16.125.1

propagate on

Using CHAP 4-11

IPX Static Routing with CHAP and MLP

This section describes how to conf igure the remote Cis co 765 serie s router and the central site Cisco 4500 series router for Internetwork Pa cket Exchange (IPX) static routing with Point-to-Point Protocol (PPP).

Figure 4-6 is an illustration of the configuration used in this example.

Figure 4-6 IPX Static Routing with PPP

Ethernet interface IPX network: 1478

Remote router IPX address: 32125: 0040f9cfd5 ISDN number: 5553693/4 User profile name: 4500

Serial interface IPX network: 32125

765

ISDN network

Ethernet interface IPX network: 23160

Serial interface IPX network: 32125

4500

Central site router IPX address: 32125: 0c08af65 ISDN number: 5558011/2 Host name: 4500

S4771

IPX file server IPX internal address: 3039e670

4-12

Cisco700 Series Router Configuration Guide

Remote Cisco 765 Command Summary

Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or IPX static routing with PPP:

set switch 5ess

dir

set set 2 dir set system set multidestination on set ppp auth in chap set ppp secret client set ppp secret host set multilink on cd lan set ipx network set ipx framing 802.2 set ipx routing on set ipx rip update periodic set user set ppp secret client set ipx network set ipx routing on set ipx route destination set ipx service name CORP_FS1 type 4 address set ipx spoofing set ipx rip update off set ipx framing none set number set bridging off set timeout set active reboot

directory_number directory_number

765

1478

4500

32125

5558011

360

3039e670

gateway

Remote Cisco 765 Command Summary

32125:0c08af65

3039e670:01:0451

For detailed information regarding the commands listed here, refer to theCisco700 Series Router Command Reference.

Using CHAP 4-13

Multilink PPP Encapsulation

Cisco 700 series routers imple ment mult il ink PPP, which is a va il able in Relea se 11. 0(3) or later of Cisco IOS software. You can disable multilink PPP in the following two environments:

• You are connecting your Cisc o 700 series router to a rout er runni ng a Cis co IOS r eleas e

prior to 11.0(3).

• You are connecting your Cisco 700 series router to a router running Cisco IOS Release

11.0(3) or late r , and you ha ve no t configu red mul tilink PPP on th at rou ter running Ci sco IOS.

Use the set ppp multilink command at the system level to disable mul tilink PPP, as follows:

766> set ppp multilink off

Dynamic Routing Protocols

Cisco 700 series routers implem ent RIP Versions 1 and 2 a nd demand RIP. Demand RIP is not implemented in Cisco IOS software. If you are connecting your router to a router running Cisco IOS software, and you want to use a dynamic routing protocol, you must disable demand RIP.

4-14

Use one of the followi ng set ip rip update commands to disable demand RIP:

766> set ip rip update periodic / snapshot

766> set ip rip update none

Note Setting the IP RIP update to periodic maintains the connection indefinit ely . This

might be a concern if it i s not nec essar y to main tai n the li ne 24 hou rs a day, 7 days a week; you are paying for connection time that you are not using.

Cisco700 Series Router Configuration Guide

Bridging to a Router Running Cisco IOS Software

It is possibl e to bridge data o ver ISDN to and from Cisco ISDN rout ers. Dependin g on your network environment, this mi ght be an ideal solution. Bridging offers configuration simplicity with few concerns re garding network address space limitations and unroutable protocols. Bridging also offers compatibility with other products that need to bridge.

When bridging, you do not have the same ISDN line control that routing access lists provide . When bridging protocols such as Novell IPX, AppleTalk, or NetBIOS, it is possible for the ISDN line to remain connected for long periods of time. This can result in high ISDN usage charges. If bridging is the only solution for your environment, we recommend monitoring the ISDN line connection.

Cisco IOS Release 11.1 and earlier limit the number of simult aneous ISDN bridge sessio ns to one per in t er f ace.

Prior to Cisco IOS Release 11.2 (half -bridging), the Cisco IOS must also be configured to the bridging protocol, not the router protocol.

Using CHAP 4-15

Bridging to a Router Running Cisco IOS Software

4-16

Cisco700 Series Router Configuration Guide

CHAPTER

Configuring DHCP Relay, DHCP Server, and PAT

Cisco 700 series routers can perform the role of the relay agent, relaying IP configuration information request packets from the L AN interface, o ver the ISDN i nterface, to a specif ied Dynamic Host Configuration Proto col (DHCP) server. Cisco 700 series routers provide DHCP relay, DHCP server, Port Address Translation (PAT), and Internet Protocol Control Protocol (IPCP).

This chapter pro vides descriptions, application not es, and example configurations for configuring Dynamic Host Configuration Protocol (DHCP) relay, DHCP server, and Port Address Translation (PAT) on the Cisco 700 series router. It contains the following sections:

• DHCP Description

• PAT Description

• IPCP Description

• PPP IPCP Negotiation Example

• DHCP Relay with IPCP Negotiation Example

• DHCP Server with IPCP Negotiation Example

• PAT with IP CP Single-Destination Negotiation Example

• DHCP Server and PAT with IPCP Single-Destination Negoti ation Example

• DHCP Server with PAT and IPCP Dual-Destin ation PPP Negotiation Example

Configuring DHCP Relay, DHCP Server, and PAT 5-1

DHCP Description

DHCP is a client-server protocol that allows devices on an IP network (the DHCP clients) to request configuration informati on from a DHCP server. DHCP allocates network addresses from a central pool on an a s-needed basis. DHCP is useful for assigning IP addresses to hosts connect ed to the netw ork tempora ril y or for sharing a li mite d pool of IP addresses among a group of hosts that do not need permanent IP addresses.

DHCP allows for inc reased automation and fewer network administrat ion problems by:

• Eliminating t he need for the manual co nfigurat ion of individua l computers, prin ters, and

shared file systems.

• Preventing the simultaneous use of the same IP address by two clients.

• Allowing configuration from a central site.

DHCP Server Application Notes

The followi ng are application not es for DHCP se rver:

• DHCP relay and DHCP server are mutually exclusive.

• When DHCP server is initialized, default addresses are us ed if no LAN or internal

address ex ists. The Ci sco 700 series router p icks up th e DHCP c lient ’s default gatewa y, netmask, and starting DHCP addresses by using the LAN IP address , if one exists. If a LAN address does not exist, the router uses the internal IP address. If neither exists, it uses the defau lt settings: 10.0. 0.1 as the LAN IP address (default gateway for DHCP clients), 255.0.0.0 as the subnet mask, and 10.0.0.2 as the starting DHCP client addresses.

5-2

• For the DHCP valu es to be a utomatically generated based on the LAN or internal IP

address, each DHCP value must be set to 0.0.0.0 or none, for the new valu es to take effect.

Cisco700 Series Router Configuration Guide

DHCP Relay Application Notes

The followi ng are application not es for DHCP relay:

• The IP ad dres s in t he Int er n al prof il e m ust be on the s am e network as that of the DHC P

clients.

• A firewall configu r ation (where there is an Internal profile and LAN IP address) does

not work with DHCP relay.

• A configuration where PAT is on and DHCP relay is enabled is not va lid. DHCP relay

will attempt to cross from a public to a private domain. PAT prevents access to the

priv ate dom ain. DHCP r elay fails because i t must re ferenc e the rou ter’s private a ddress.

• DHCP relay and DHCP server are mutually exclusive. The Cisco 700 series router can

function as one or the other, but not both.

PAT Description

Cisco 700 series routers provide PAT, enabling local hosts on a priv ate IP network to communicate externally.

Packets destined for an external address have their private IP address plus port number

transl at ed t o th e r o ute r’s extern al I P add r ess bef or e the IP pac k et i s for w arde d t o th e WAN. IP packets returning to the rout er have their externa l IP addresses (plus port number) translated ba ck to the private I P addresse s, and the packets are forwarded to the LAN .

DHCP Relay Application Notes

When PAT is enabled, the transmission of RIP packets is automatically disabled to prevent a broadcast of the private IP addresses externa lly.

PAT Application Notes

A configurati on where PAT is on and DHCP relay is enable d is not v alid. DHCP relay will attempt to cros s from a public to a priv ate domain. PAT prevents access to the private domain. DHCP relay fails because it must reference the router’s private address.

Configuring DHCP Relay, DHCP Server, and PAT 5-3

IPCP Description

If you are u sing IP routing, Cisco 700 series router s must be c onfig ured for IP CP to conne ct to routers running Cisco IOS software. Use the set ip framing command in prof ile mode to enable IPCP for user-defined WAN profiles by setting IP framing to none.

The following example illustrates IPCP enabled by disabli ng IP framing:

766:2503> set ip framing none

Note Do not set the ip framing or the ipx framing command s to none when configuring

the permanent LAN profile.

IPCP Address Negotiation Application Notes

The followi ng are application not es for IP CP address negotiation:

• Cisco 700 series routers require a user -def ined profi le, conf igured wit h IP routing on, to

receive an IP CP addres ses.

• A router running Cisco IOS software must be configured to hand off IPCP addresses.

5-4

• If a manually configured IP address exists on the Internal profile of a Cisco 700 series

router, the IPCP address is assigned to the WAN profile.

• If a manually configured IP address exists on the LAN profile, the IPCP address is

assigned to the Internal profile.

Cisco700 Series Router Configuration Guide

PPP IPCP Negotiation Example

This sectio n describes how to configure a remote Cisco 700 series router for PPP IPCP negotiat ion to a c entra l site rout er , such as a Cis co4500 series router, t hat is running Ci sco IOS software.

Figure 5-1 is an illustration of the configuration used in this example.

Figure 5-1 PPP IPCP Negotiation

ISDN network

Cisco 765 Cisco 4500

Cisco 765 Series Router Commands

Following are the commands for configuring the remote Cisco 765 series router for point-to-point IPCP negotiation with a Cisco 4500 router:

set switch 5ess

dir

set set 2 dir set system set user set ppp secret client set ppp password client set active set 1 number set 2 number set ip routing on set ip route destination set ip rip version 2 set ip rip receive v2 set ip rip update linkup reboot

directory_number directory_number

765

4500

phone_number phone_number

0.0.0.0/0

gateway

PPP IPCP Negotiation Example

H9230

0.0.0.0

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Configuring DHCP Relay, DHCP Server, and PAT 5-5

DHCP Relay with IPCP Negotiation Example

Verify the Configuration

Y ou can use the show ip configuration all and show ip route all comman ds t o see the IPCP negotiation address.

DHCP Relay with IPCP Negotiation Example

This sectio n describes how to configure a remote Cisco 700 series router for DHCP relay with IPCP negotiation to a central-site router running Cisco IOS software.

Figure 5-2 is an illustration of the configuration used in this example.

Figure 5-2 DHCP Relay with IPCP Negotiation

DHCP

client

DHCP relay agent

ISDN network

Cisco 765

Cisco 765 Series Router Commands

Follo wing are the commands for conf i guring th e re mote Cis co 765 series router for DHCP Relay with IPCP Ne gotiation with a Cisc o 4500 router:

set system set dhcp relay set user set 1 number set 2 number set ip routing on set ip rip version 2 set ip rip receive v2 set ip rip update linkup reboot

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

765

172.168.100.2

4500

phone_number phone_number

172.168.100.2Cisco 4500

DHCP server

H9231

5-6

Cisco700 Series Router Configuration Guide

Verify the Configuration

You can use the show ip configu ration and show ip route commands to see the IPCP negotiation address.

You can use the show dhcp configuration command to see the IP address returned by DHCP.

DHCP Server with IPCP Negotiation Example

This section de scrib es how to configure a r emote Ci sco 700 series route r as a DHCP serv er with IPCP negotiation to a central-site router running Cisco IOS software.

Figure 5-3 is an illustration of the configuration used in this example.

Figure 5-3 DHCP Server with IPCP Negotiation

DHCP

client

DHCP server

Cisco 765

ISDN network

Cisco 4500

H9232

Configuring DHCP Relay, DHCP Server, and PAT 5-7

DHCP Server with IPCP Negotiation Example

Cisco 765 Series Router Commands

Follo wing are the commands for conf iguri ng the remote Ci sco 765 series router as a DHCP server with IPCP negotiati on with a Cisco 4500 router:

set switch NI-1

dir

4500

number

5551211 5551212

88855512110101 88855512120101 765

172.168.1.2 128

255.255.255.0

172.168.1.1

255.255.255.0

phone_number phone_number

172.168.1.1

set set 2 dir set 1 spid set 2 spid set system set dhcp server set dhcp address set dhcp netmask set dhcp gateway primary cd lan set ip address set ip netmask set ip routing on set user

set ip routing on

set active set set set ip routing on set ip rip version 2 set ip rip receive v2 set ppp address negotiation local on set ip rip update periodic reboot

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Verify the Configuration

When a call is made, you can use the show ip configuration all and show ip route all commands to see the IPCP negotiation address.

You can use the show dhcp configuration command to see the IP address returned by DHCP.

5-8

Cisco700 Series Router Configuration Guide

PAT with IPCP Single-Destination Negoti ation Example

PAT with IPCP Single-Destination Negotiation Example

This section descri bes ho w to conf igure a remote C isco 700 series router f or PAT with IP CP single-destination negotiation to a central-site router running Cisco IOS software.

Figure 5-4 is an illustration of the configuration used in this example.

Figure 5-4 PAT with IPCP Single-Destinati on Negotiation

Internal

FTP

server

10.0.0.2

10.0.0.1

IPCP negotiated

address assigned

profile

Cisco 765

ISDN network

Cisco 4500

PAT on

H9233

Private

network

Public

network

Configuring DHCP Relay, DHCP Server, and PAT 5-9

PAT with IPCP Single-Destination Negotiation Example

Cisco 765 Series Router Commands

Following are the commands for configuring the remote Cisco 765 series router for PAT with IPCP single-destination negotiation with a Cisco 4500 router:

set system set ip pat po ftp cd lan set ip address set ip netmask set ip routing on set user set active set 1 number set 2 number set ip routing on set ip rip version 2 set ip rip receive v2 set ip pat on reboot

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

765

10.0.0.1

255.0.0.0

4500

phone_number phone_number

10.0.0.2

Verify the Configuration

When a de ma n d ca ll is made, yo u can use the show ip config all and show ip route all commands to see the IPCP negotiation address.

You can use the show ip pat command to see the services returned by PAT.

5-10

Cisco700 Series Router Configuration Guide

DHCP Server and PAT with IPCP Single-Destination Negotiation Example

This section descri bes how to conf ig ure a remote Cisco 700 series router for DHCP server with PAT and IPCP single-destination negotiation to a Cisco 4500 seri es router running Cisco IOS software at a central site.

Figure 5-5 is an illustration of the configuration used in this example.

Figure 5-5 DHCP Server with PAT and IPCP Single-Destination Negotiation

ISDN network

Cisco 765

PAT on

Cisco 4500

H9234

Private

network

Public

network

Configuring DHCP Relay, DHCP Server, and PAT 5-11

DHCP Server and PAT with IPCP Single-Destination Negotiation Example

Cisco 765 Series Router Commands

Following are the commands for configuring the remote Cisco 765 series router for PAT with IPCP single-destination negotiation with a Cisco 4500 router:

765

172.168.99.1

255.255.255.0

4500

phone_number phone_number

0.0.0.0

172.168.99.2 128

255.255.255.0

172.168.99.1

172.168.99.3

0.0.0.0/0

gateway

0.0.0.0

For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Verify the Configuration

When a de ma n d ca ll is made, yo u can use the show ip config all and show ip route all commands to se e the IPCP ne gotiati on address. Y o u can also use the show dhcp config and show ip pat commands to verify the configuration.

5-12

Cisco700 Series Router Configuration Guide

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example

This section descri bes how to conf ig ure a remote Cisco 700 series router for DHCP server with PAT and IPCP dual-destination PPP negotiation to two routers running Cisco IOS software.

Figure 5-6 is an illustration of the configuration used in this example.

Figure 5-6 DHCP Server with PAT and IPCP and Dual-Destination PPP Negotiation

DHCP server

ISDN network

Cisco 765

Cisco 4500

Cisco 2500

S5815

Configuring DHCP Relay, DHCP Server, and PAT 5-13

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example

Cisco 765 Series Router Commands

Follo wing are the commands for conf iguri ng the remote Ci sco 765 series router as a DHCP server with PAT and IPCP multili nk PPP to two routers running Cis co IOS software:

set system set ppp secret client set ppp password client set dhcp server set dhcp address set dhcp netmask set dhcp gateway primary set ip pat porthandler ftp cd lan set ip routing on set ip address set ip netmask set user set ppp clientname set 1 number set 2 number set ip routing on set ip route destination set ip address set ip netmask set ip pat on set active set user set ppp clientname set 1 number set 2 number set ip routing on set ip route destination set ip address set ip netmask set ip pat on set active

765

172.168.99.1

255.255.255.0

2500

phone_number phone_number

30.169.100.1

255.255.255.0

4500

phone_number phone_number

173.100.10.1

255.255.255.0

172.168.99.2 128

255.255.255.0

172.168.99.1

172.168.99.3

2500

0.0.0.0/0

4500

120.50.40.0/0

gateway

30.169.100.2

173.100.10.2

5-14

Note If you create a mult ipl e desti natio n co nf igur ation wi th PA T ena ble d in bot h prof i les,

the IP route destination must be specified, using the set ip route destination com man d .

Cisco700 Series Router Configuration Guide

Verify the Configuration

When a de ma n d ca ll is made, yo u can use the show ip configuration all command to see the IPCP negotiation address.

You can use the show dhcp connections command to see the IP addresses retu rned by DHCP.

Verify the Configuration

Configuring DHCP Relay, DHCP Server, and PAT 5-15

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example

5-16

Cisco700 Series Router Configuration Guide

CHAPTER

Configuring Re mote CAPI

This chapter pro vides procedures for confi guring Remote Common Applicat ion Programming Interface (CAPI) support on a Cisco 700 series router.

CAPI is an application programming interfa ce standard used to access ISDN equipment connected to Bas ic Rate Interfaces (BRIs ) and Pr im ary Rate Interfaces (PRI s). CAPI provide s a standar dized int erfac e that allo ws app lication programs to use ISDN driv ers an d controllers . One applica tion can use one or more contr ollers. Sev eral appl ications can s hare one or more controllers.

CAPI provide s a selection mechanism that suppor ts applicat ions that use dif ferent p rotocols at diff erent prot ocol le vels. CAP I also pro vides standar dized netw ork access by performing an abstraction from different protocol variables. All connection-related data, such as connection state, display mess ages, and so on, is available to the applications at any time.

The framing protoco ls supported by CAPI consist of High-Level Data L ink Control (HDLC), HDLC inverted, bit-transparent (speech), and V.110 synchronou s/ as ynchronous.

CAPI integra tes the following data link and network layer protocols:

• Link Access Procedure on the D channel (LAPD) in accordance with Q.921 for X.25

D-channel implementation

• Point-to-Point Protocol (PPP)

• ISO 8208 (X.25 DTE-DTE)

• X.25 DCE, T.90NL, and T.30 (fax group 3)

Configuring Remote CAPI 6-1

CAPI and RVS-COM

The Cisco 700 series router supports the ISDN De vice Control Protocol (I SDN-DCP) from RVS-COM. ISDN-DCP allows a workstation on the LAN to use le gacy dial compute r telepho ny integration (CTI) app lications. These applications incl ude fax transmitting and receiving and placing and receiving phone calls.

Using ISDN - D CP, the router acts as a DCP server. By default, the router listens f o r DCP messages on TCP port number 2578 (th e Internet-assigned number for RVS-COM DCP) on its LAN port.

When the route r rece iv e s a DCP message from a DCP c li ent (conne cted to t he LAN p ort of the router), the router processe s the message and acts on it. The actions c onsist of sending confir ma tions to the DCP clients and sending ISDN packets through the router BRI port.

When the router receives a packet on its BRI port for one of the DCP clients, the router formats the packet as a DCP message and sends it to the corres ponding client. The router supports all the DCP messages specified in the ISDN-DCP specification.

The router provides two 64-kbps B channels to CAPI clients. Each B channel can be config ured separately to work in ei ther HDLC mode or bit-transpar ent mode. For CAPI support, the higher layer protocols (B2 through B7) are transparent to the applications using these B channels.

6-2

The ISDN Core Engine of RVS-COM supports the fol lowing B channel protocols:

• CAPI layer B1

— 64 kbps with HDLC framing — 64-kbps bit-transparent operation with byte framing from the network — T. 30 mo dem for fax group 3 — Modem with full negotiation

• CAPI layer B2

— X.75 SLP (ISO 7776) with V.42bis compression option (negotiated) — V.120 with V.42bis compression option (negotiated) — Transparent — T. 30 mo dem for fax group 3

Cisco700 Series Router Configuration Guide

— Modem with full negotiation

• CAPI layer B3

— Transparent — T. 90NL with compatibility with T.70NL, according to T.90 Appendix II — ISO 8208 (X.25 DTE-DTE) modulo 8 and windows size 2, no multiple logical

connections

— T. 30 for fax group 3 — Modem with full negotiation

• T.30 for fax group 3 (SFF file format [default], sending and receiving up to 14400 bps

with ECM option, modula tions V.17, V.21, V.27ter, V.29)

• Analog modem (sending and receiving up to 14400 bps with V.42 error correction and

V.42bis compression option, modulations V.21, V.22, V.22bis, V.23, V.32, V.32bis)

Supported D-Channel Protoco l s

CAPI support is available only for the ISDN switch type Net3.

Supported D-Channel Prot ocols

Supported Applications

ISDN-DCP supports CAPI and non-CAPI applications. Supported applications consist of those that use one or two B channels for data transfer, different HDLC-based protocols, Euro File tra nsfe r , or fa x G4; also s upported are a ppli cati ons th at se nd bit -tra nsparent dat a, such as A/Mu lay audio, fax G3, analog modem, or analog telephones.

Remote CAPI Router Commands

The command s used in th is chapter have been added to the router user interface to support CAPI. Note that CAPI runs o n a remote ne twork de vice, not the route r; the Cisco 700 series router enables remote CAPI applications.

Configuring Remote CAPI 6-3

Configuring the Cisco 700 Router as an RCAPI Server

This section de scri bes how to configu re t he Cisco 700 series router t o be an RC API serv er. By default, RCAPI is disabled in the router. Enabling RCAPI causes the router to become

an RCAPI se r ver. When RCAPI is enabled, the router listens for i n coming RCAPI messages from PCs connected on its LAN side. By default, the router listens for RCAPI messages on TCP port 2578.

Figure 6-1 illustrates the confi guration used in this example. The PCs in the figure have RVS-COM softwa r e installed.

Figure 6-1 RCAPI Server Configuration Example

Local PC Remote PC

IP address

192.168.2.2

Local 7xx

router

IP address

192.168.2.1 Directory numbers 5554000/5552000

RCAPI Command Summary

Following is the command summa r y for configuring the RCAPI on the local Cisco 700 series router.

set rcapi on set dir set rcapi 1 number set rcapi server port reboot

5554000

2578

Remote 7xx

router

IP address

192.168.3.1 Directory numbers 5553000/551000

IP address

192.168.3.2

26547

6-4

Cisco700 Series Router Configuration Guide

Verify the Configuration

You can use the command show rcapi status to see the status of RCAPI server, the clients that are in the listening state, and the status of RCAPI calls:

local-router> show rcapi status Rcapi Sever ON Rcapi Server Port 2578 Rcapi Number(s) 5554000

CLIENT SESSION-ID LISTEN CONNECTION-ID TYPE CALL-STATUS

------------------------------------------------------------------------

192.168.100.3 16777218 ON

Verify the Configuration

Configuring Remote CAPI 6-5

Configuring the Cisco 700 Router as an RCAPI Server

6-6

Cisco700 Series Router Configuration Guide

APPENDIX A

Token Card and Cisco Secure Authentication Support

This appendix provides Token Card and Cisco Secure Authentication support concepts as they apply to the Cisco 700 series router. Cisco Secure Authent ication Agent supports single-user mode, which extends B channel authentication to a Cisco Secure Authentication Agent client.

T ok en car ds ar e consi dere d the most s ecure authe ntica tion s oluti on av ai lable . The re are two kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure Authenticat ion Agent only supports sync hronous token card, which does not need a challenge from a to ken server to generate a token.

Figure A-1 shows the connection between the client and the token server.

Figure A-1 Cisco Secure Authentication Agent Client-to-Token Server

Connection

LAN ISDN LAN LAN

10259

Cisco Secure AA

client

The following steps illust rate how a link is established using a profile:

Step 1 Demand tr affic or a ca ll command makes a connection. Step 2 The router sends a User Datagram Protocol (UDP) packet to a Token

Authorizati on agent (also known as Cisco Secure Authentication Agent), requesting a username and passw ord for PAP and CHAP. If T oken Aut horizatio n Support (TAS) is set to central, the router always sends the authentication inform ation request to the des i gnated client.

Cisco 700 NAS Authentication

Authorization

Accounting

Token Card and Cisco Secure Authentication Support A-1

Token server

Token Caching

Otherwise, the router sends the request to the source of the interesting packet recei v e d if t he i n ter esti ng pa ck et is an I P pa ck et . T he route r sends t he r equ est to the designated client if the interesting packet is not an IP packet.

Step 3 The agent software recognizes the UDP/IP packet and opens an authentication

window on the terminal. The user enters the username and token. The agent organizes the information into the PAP and CHAP username and password, based on the rout er conf igurati on. It then sends the use rname and pass word back to the ro uter as a rep ly packet.

Step 4 The reply packet is received, and the router opens an ISDN connection with

Network Access Server (NAS).

Step 5 The router negotiates all line-control protocol options, including which

authentication protocol to use (PAP or CHAP).

Step 6 Depending on whi ch aut hentic ation proto col is ne goti ated, the ro uter asse mbles

a PAP request or CHAP response packet and sends it to NA S. If authentication fails, NAS passe s the failure m es sage from authentication, authorization, and accounting (AAA) to the r outer. The router sends one more request to the agent with a messag e to re try onc e more . If a uthent icati on fails aga in, t he rout er se nds another PAP request with the pppautheninfotype parameter set to message-only to in f orm the Cisco Sec ur e Authentication Agent client that the authentication failed ag ain and that the router has stopped authoriz ation attempts.

Token Caching

Cisco 700 series routers do not do token cachi ng. A token is cached at the client, and the client sends the router the cached token in response to the authentication request from a link that uses a multilink PPP bundle. Wi th its built-in algorithm, the agent can also generate a new token, called a soft token, instead of prompting the user to enter a new hard token.

There are two authentication modes, PAP and CHAP local secret, shown in the following figures.

A-2

Cisco700 Series Router Configuration Guide

Figure A-2 PAP Client Packet

Token Caching

Client

username

token

Figure A-3 CHAP Local Secret

Client

username*token

PPP PAP Packet

username

token

Cisco 700 Series Router Configuration

authorization protocol = PAP local secret = N/A

PPP PAP Packet

MD5 (challenge, knock)username*token

Cisco 700 Series Router Configuration

authorization protocol = CHAP use local secret = Yes secret = knock

10260

10262

Token Card and Cisco Secure Authentication Support A-3

Token Caching

A-4

Cisco700 Series Router Configuration Guide

INDEX

Numerics

5ESS 3-6

Address Resolution Protocol

See ARP address, MAC 3-8 addressing, DHCP 5-2 AppleTalk 4-15 ARP, supported proto col 1-1 authentication 2-4

CHAP 3-4

PPP 3-8 autodetection

set autodetection command 3-5

troubleshooting 3-6

B channel 3-6 BCP, supported protocol 1-1 Bridge Con trol Protocol

See BCP bridging 3-7, 4-15

configuration example 3-7

interoperability issues 4-15

CAPI 6-1 cautio n description x cd command 2-5

Challenge Handshake Authentication Protocol

See CHAP changing a profile name 2-6 CHAP 3-10

authenticatio n 3-10

config uration example

IP static routing and callback 4-2 IP stati c routing with M LP 4-4 IP unnumbered routing with MLP 4-8

with Cisco IOS software 4-2, 4-4, 4-8 secret 3-4 supported protocol 1-2

Cisco Fast Step 1-3 Cisco Internetwork Operating System

See Cisco IOS

Cisco IOS

configuration vii, 4-1 Release 11.0(3) 4-14 Release 11.1 4-15 software, inter operability with IPC P and IPXCP 5-4 with bridging 4-15

Cisco IOS-700 software 1-2 command reference viii Common Application Program m ing Interface

See CAPI See Remote CAPI

configuration

bridging example 3-7 changing profiles 2-2 displa ying profiles 2-5 example

bridging 3-7

IP static and callback with CHAP 4-2

IP static with CHAP and MLP 4-4

IP static with PAP 4-6

IP unnumbered and CHAP with MLP 4-8

RCAPI 6-4

routing a Cisco 700 series router 3-9

rout in g IP an d IPX on- de m a nd 3-14

Index 1

routing to an ISP 3-9 ISDN PRI 4-1 line 3-5 options 1-3 port 1-3 profiles 2-1 Remote CAPI example 6-4 system level 2-2 Telnet 1-3 Web sources viii

connect io ns

ISP 3-9

creating profiles 2-5

deleting profiles 2-6 dema n d R IP 4-14 DHCP

clients 5-2 defa ul t gatewa y 5 -2 network addresses 5-2 relay 5-1

with IPC P ne go ti at ion 5-6 server 5-2

with IPC P ne go ti at ion 5-7

with PAT and IPCP dual-destination PPP

negotiation 5-13

with PAT and IPCP single-destination

negotiation 5-11

supporte d protocol 1-2

DMS-100 ISDN BRI switch 3-7 document conventions ix documentation viii documentation CD-ROM viii Dynamic Host Configuration Protocol

See DHCP

firewall 5-3

ICMP, supported protocol 1-1 image (software) 1-3 Integrated Services Digital Network

See ISDN Internal profile 2-4, 5-3 Interne t Control Message Protocol

See ICMP Interne t Packet Exchange Control Protocol

See IPXCP Interne t Protocol Cont rol Protocol

See IPCP Internet service p rovider

See ISP Interne tw ork Packet Exchange

See IPX interoperab il ity w ith Ci sc o IOS softw a re

bridging 4-15

IPCP and IPXCP 5-4

multili nk PP P en ca p sulatio n 4-1 4 IP 3-14, 3-17

config uration example

IP static and callback with CHAP 4-2 IP static with CHAP and MLP 4-4 IP static with PAP 4-6 IP unnumbered and CHAP with MLP 4-8 rout in g IP an d IPX on- de m a nd 3-14

DHCP

network addresses 5-2 relaying configuration information 5-1

unnumbered IP address 3-9 IPCP

interoperability 5-1

supported protocol 1-1

Cisco 700 Series Rout er Configuration GuideIndex 2

IPX 3-14, 3-17

configuration example, routin g IP and IPX

on-demand 3-14

IPXCP

interoperability issues 5-1 supporte d protocol 1-1

ISDN

BRI number 3-6 PRI configuration 4-1

ISDN Device Control Protocol

See ISDN-DCP ISDN-DCP , supported protocol 1-2 ISP, connections 3-9

NCP 3-11 NetBIOS 4-15 network add ress

DHCP 5-2 space limitations 4-15

Network Control Protocol

See NCP NI1 switch 3-7 nonvolatile random access memory

See NVRAM note, description x Novell IPX 4-15 NVRAM 2-1

LAN

Ethernet 10B aseT connection 3-2

profile 2-4 LCP 3-11 line configuration 3-5 Link Control Protocol

See LCP

MAC address table 3-8 MLP, confi guration example

IP static routing with CHAP 4-4

IP unnumbered routing wi th CH A P 4-8 MLPPP

encapsul ation 4-14

supporte d protocol 1-1 Mult il i nk Point-to- Point Pr otocol

See MLPPP

operati ng system (router) 1-1 overview of Cisco 700 series routers 1-1

PAP 3-4

config uration example

IP stati c routing 4-6 with a router running Cisco IOS sof tware 4-6

supported protocol 1-1

Password Authentication Protocol

See PAP PAT with IPCP single-dest ination negotiation 5-9 PAT, supported protocol 1-2 permanent profiles 2-4, 2-6 Point-to-Point Protocol

See PPP Port Address Translation

See PAT

Index 3

PPP 3-11

configuration example

routin g IP and IPX on-demand 3-14 IP and IPX ro uting 3-14 IPCP negotiation 5-5 multil in k enc a ps u la tio n, intero p er ab i lity 4-14 supporte d protocol 1-1

private IP addresses 5-3 profil e-level parameters 2-1 profiles

active 2-2, 2-6 changing a profile name 2-6 creating 2-5 definition 3-2 deleting 2-6 displaying configurations 2-5 inactive 2-2, 2-6 on-demand 2-2 parameters 2-2 permanent 2-4

Internal 2-4

LAN 2-4

Standard 2-4 redefin ed values indi cator 2-5 removing parameters 2-5 system mode parameters 2- 3 user-defined 3-10 using with the routers 2-1 to 2-7

protocols supported 1-1

quick reference viii

release notes for Cis co IO S 700 software viii Remote CAPI 6-3

configuration 6-4 config uration example 6-4

TCP port 6-4 Remote CAPI, su pported protocol 1-2 Remote Common App lication Programmers Interface

See RCAPI removing profile parameters 2-5 reset user command 2-6 RIP

dynamic routing protocols 4-14

PAT enabled 5-3

supported protocol router manuals viii routing

config uration example

bridging 3-7 central site 3-11 routing a Cisco 700 series router 3-9 rout in g IP an d IPX on- de m a nd 3-14 routing to an ISP 3-9

Routing Inf ormation Protocol

See RIP

SAP, supported protocol 1-1 secret, CHAP 3-4 Service Advertisement Protocol

See SAP set autodetectio n com mand 3-5 set default command 3-4 set ip framing command 5-4 set ip rip update command 4-14 set ppp multilink command 4-14 set profi le user comma nd 2-6 set switch command 3-6 set user command 2-3 show commands, defined 2-5 show configuration command 3-3

Cisco 700 Series Rout er Configuration GuideIndex 4

show dhcp configuration 5-7 show dhcp connections 5-15 show ip configuration command 5-6 show ip route command 5-6 show rcapi status command 6-5 Simple Network Management Protocol

See SNMP commands SNMP, supported protocol 1-2 software image 1-3 software, Cisco IOS-700 1-2 SPIDs 3-6

autodetection 3-5

definintion 3-5

troubleshooting 3-6 supported protocols 1-1

ARP 1-1

BCP 1-1

CHAP 1-2

DHCP 1-2

ICMP 1-1

IPCP 1-1

IPXCP

ISDN-DCP 1-2

MLPPP 1-1

PAP 1-1

PAT 1-2

PPP 1-1

RCAPI 1-2

RIP

SAP 1-1

SNMP 1-2

TFTP 1-2 system mode

configuration parameters 2-2

parameters 2-1

TFTP server 1-2 TFTP, supported protocol 1-2 timesaver, description x Triggere d RIP 1-2 Trivial File Transfer Protocol

See TFTP

unnumbered IP address 3-9 unroutable protocols 4-15 unset command 2-5

WAN ISDN ports 3-2 World Wide Web viii

Index 5

Cisco Systems 700 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

About This Manual

Related Documentation

Con ven tions

Overview

Supported Protocols

Software Images

Administrati ve Configuration Options

Profile Overview

System and Profile Parameters

Profiles and Connections

System Mode Parameter Set

Profile Mode Parameter Set

Permanent Profiles

Creating and Modifying Profiles

Displaying Profile Configuratio ns

Removing Profile-Based Values

Incoming Calls

Deleting Profiles

Changing Profile Names

Outgoing Calls

Basic Configurations

Basic Configuration Concepts

Bridges and Routers

Profiles

LANs and WANs

Current Configuration

Remote and Central Sites

Passwo rd and Secr et

Additional Reference

Starting Point

Setting SPID Autodetection (North America only)

Setting SPIDs Manually (North America only)

Bridging with a Cisco 700 Series Router

Cisco 700 Series Rout er Bridging Instructions

Routing IP with a Cisco 700 Series Router to an ISP

Routing a Cisco 700 Series Router to an ISP Instructions

Routing IP to a Central Site

Central Site IP Routing Command Summary

Routing IP and IPX On-Demand

On-Demand IP and IPX Routing with PPP Instruct ions

Central Site On-Demand IP and IPX Routing with PPP Commands

Using CHAP

SPID Detection (North America only)

IP Static Routing and Callback with CHAP Authentication

IP Static Routing with CHAP Authentication and MLP

IP Static Routing with PAP Authentication and MLP

IP Unnumbered Static Routing and CHAP with MLP

IP Static and IPX Static Routing with CHAP and MLP

IPX Static Routing with CHAP and MLP

Multilink PPP Encapsulation

Dynamic Routing Protocols

Bridging to a Router Running Cisco IOS Software

Configuring DHCP Relay, DHCP Server, and PAT

DHCP Description

DHCP Server Application Notes

DHCP Relay Application Notes

PAT Description

PAT Application Notes

IPCP Description

IPCP Address Negotiation Application Notes

PPP IPCP Negotiation Example

DHCP Relay with IPCP Negotiation Example

Verify the Configuration

Verify the Configuration

DHCP Server with IPCP Negotiation Example

Verify the Configuration

PAT with IPCP Single-Destination Negoti ation Example

Verify the Configuration

DHCP Server and PAT with IPCP Single-Destination Negotiation Example

Verify the Configuration

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example

Verify the Configuration

Configuring Re mote CAPI

CAPI and RVS-COM

Supported D-Channel Protoco l s

Supported Applications