Cisco Systems 700 User Manual

Cisco 700 Series Router Configurat ion Guide
Software Release 4.4.
Corporate Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
408 526-4000
Tel:
800 553-NETS (6387)
408 526-4100
Text Part Number: OL-0184-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO B E ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environm ent. This equ i pm ent generates , uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Opera tion of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency
energy. If it is n ot installed in accor dance with Cisco’s insta llation instruction s, it may cause interference wit h radio an d television r eception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interfer ence in a resident ial installation . However, there is no guarantee that interference will not occur in a particular installation.
Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digi tal dev ice s. I n tha t ev ent , y ou r r i ght to us e th e e q uipm ent ma y be li mite d by F CC r e gul at ions , a nd yo u m ay be requ ired to cor rect any interference to radio or televi sion commu nications at your own e xpense.
You can determine whether your equ ipment is cau sing interfere nce by turning it o ff. If th e interference s tops, it was probably caused by the Ci sco equipment or one of its peripheral devices. If th e equ i pm ent causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:
• Turn the television or radio antenna until the interference stops.
• Move the equipment to one side or the other of the televisi on or radio.
• Move the equipment farther away from the television or radio.
• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment an d the tele vision or radio are on circuits controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (U CB ) as part of
UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Access Registrar, AccessPath, Any to Any, AtmDirector, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, the Cisco logo, Cisco Certified Internetwork Expert logo, CiscoLink, the Cisco Management Conne ction logo, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Capital, the Cisco Systems Ca pital logo, Cisco Systems Networking A cademy, th e Ci sco Technologies l ogo, ConnectWay, ControlStr eam, Fast Step, FireRunner, GigaStack, IGX, JumpStart, Kernel Proxy, MGX, Natural Network Viewer, NetSonar, Network Registrar, New World, Packet, PIX, Point and Click Internetworking, Policy Builder, Precept, RouteStream, Secure Script, ServiceWay, SlideCast, SMARTnet, StreamView, The Cell, TrafficDirector, TransPath, ViewRunner, VirtualStream, VisionWay, VlanDirector, Workgroup Director, and Workgroup Stack are trademarks; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, The Internet Economy, and The New Internet Economy are service marks; and Asist, BPX, Catalyst, C isco, C isco IO S, the Cisco IO S logo, Cisco Systems, the Cisco System s logo, the Cis co Syst ems Cis co Press logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, FastSwitch, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Registrar, Strata View Plus, Stratm, TeleRouter, and VC O are registered trademar ks of Cisco Systems, Inc. in th e U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationshi p be twe en Cis co and any of its resellers. (9906R)
About This Manual vii
Related Documentation viii Conventions ix
Chapter 1 Overview 1-1
Supported Protocols 1-1 Software Images 1-2 Administrative Configuration Options 1-3
Chapter 2 Using Profiles wit h Cisco 700 Series Routers 2-1
Profile Overview 2-1
Profiles and Connections 2-2
System and Profile Parameters 2-2
System Mode Parameter Set 2-3 Profile Mode Parameter Set 2-3 Permanent Profiles 2-4
Creating and Modifying P r ofiles 2-5
Displaying Profile Configurations 2-5 Removing Profile-Based Values 2-5 Deleting Profiles 2-6 Changing Profile Na mes 2-6
CONTENTS
Incoming Calls 2-6 Outgoing Calls 2-7
Chapter 3 Basic Configurat ions 3-1
Basic Configuration Concepts 3-1
Bridges and Routers 3-2 Profiles 3-2 LANs and WANs 3-2 Current Configura tion 3-3 Remote and Central Sites 3-4
Contents iii
Password and Secret 3-4 Additiona l Reference 3-4
Starting Point 3-4
Setting SPID Autodetection (North America only) 3-5 Setting SPIDs Man ually (North America only) 3-6
Bridging with a Cisco 700 S eries Router 3-7
Cisco 700 Series Router Bridging Instructions 3-8
Routing IP with a Cisco 700 Series Router to an ISP 3-9
Routing a Cisco 700 Series Router to an ISP Instructions 3-11
Routing IP to a Central Site 3-11
Central Site IP Routing Command Summary 3-13
Routing IP and IPX On-Demand 3-14
On-Demand IP and IPX Routing with PPP Instructions 3-16 Central Site On-Demand IP and IPX Routing with PPP Commands 3-17
Chapter 4 Using CHAP 4-1
SPID Detection (North America only) 4-2 IP Static Routing and Callback with CHAP Authentication 4-2
Remote Cisco 765 Comma nd Summary 4-3
IP Static Routing with CHAP Authentication and MLP 4-4
Remote Cisco 765 Comma nd Summary 4-5
IP Static Routing with PAP Authentication and MLP 4-6
Remote Cisco 765 Comma nd Summary 4-7
IP Unnumbered Static Routing and CHAP with MLP 4-8
Remote Cisco 765 Comma nd Summary 4-9
IP Static and IPX Static Routing with CHAP and MLP 4-10
Remote Cisco 765 Comma nd Summary 4-11
IPX Static Routing with CHAP and MLP 4-12
Remote Cisco 765 Comma nd Summary 4-13
Multilink PPP Encapsulation 4-14
iv
Cisco 700 Series Router Configuration Guide
Dynamic Routing Prot ocols 4-14 Bridging to a Router Running Cisco IOS Software 4-15
Chapter 5 Configuring DHCP Relay, DHCP Server, and PAT 5-1
DHCP Description 5-2
DHCP Server Application Notes 5-2 DHCP Relay Application Notes 5-3
PAT Description 5-3
PAT Application Notes 5-3
IPCP Description 5-4
IPCP Address Negotiation Application Note s 5-4
PPP IPCP Negotiation Example 5-5
Cisco 765 Series Router Commands 5-5 Verify the Configuration 5-6
DHCP Relay with IPCP Negotiation Example 5-6
Cisco 765 Series Router Commands 5-6 Verify the Configuration 5-7
DHCP Server with IPCP Negotiation Example 5-7
Cisco 765 Series Router Commands 5-8 Verify the Configuration 5-8
PAT with IPCP Single-Destination Negotiation Example 5-9
Cisco 765 Series Router Commands 5-10 Verify the Configuration 5-10
DHCP Server and PAT with IPCP Single-Destination Negotiation Example 5-11
Cisco 765 Series Router Commands 5-12 Verify the Configuration 5-12
DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example 5-13
Cisco 765 Series Router Commands 5-14 Verify the Configuration 5-15
Contents v
Chapter 6 Configuring Remote CAPI 6-1
CAPI and RVS-COM 6-2
Supported D-Channel Protocols 6-3 Supported Appli cations 6-3 Remote CAPI Router Commands 6-3
Configuring the Cisco 700 Router as an RCAPI Server 6-4
RCAPI Command Summary 6-4 Verify the Configuration 6-5
Appendix A Token Card and Cisco Secure Authent ication Support A-1
Token Caching A-2
vi
Cisco 700 Series Router Configuration Guide

About This Manual

This chapter discusses the organization, relate d docum entation, and convention s of the Cisco 700 Series Router Configuration Guide.
This document is organized as follows:
Chapter 1, “Overview,” provides a brie f overview of Cisco IOS-700 software and
supported protocols.
Chapter 2, “Using Profiles with Cisco 700 Series Routers,” describes a set of
user-def i ned parame ters group ed in a customize d prof ile and assoc iate d with a specif ic remote device.
Chapter 3, “Basic Configurations,” describe s how to connect a Ci sco 700 series router
to an Internet service provider (ISP) or to a cent ral site, such as your company network.
Chapter 4, “Using CHAP,” describes how to connect a Cisco 700 series router to a
router running Cisco IOS software.
Chapter 5, “Configuring DHCP Relay, DHCP Server, and PAT,” describes ho w to
config ure Dynamic Host Conf i gurati on Prot ocol (DHCP ) relay, DHCP server, an d Port Address Translation (PAT) on the Cisco 700 series router.
Chapter 6, “Configuring Remote CAPI,” describes ho w to configure Remote Common
Application Programmers Interface (CAPI) and the ISDN Device Control Protocol (ISDN-DCP) on the Cisco 700 series router.
Appendix A, “Token Card and Cisco Secure Authentication Support, ” describes the
Token Card and Cisco Secure Authentication Support security features.
About This Manual vii

Related Documentation

Related Documentation
The followi ng documentation is al so provided with your Cisco 700 series router:
Release Notes for Cisco 700 Series Router S oftware pr ovides the latest infor ma tion on
the router software . Release notes for previous versions of the soft ware are on the Cisco Documentation CD-ROM and the Cisco Web site.
Cisco 760 Quick Reference Guide and Cisco 770 Quick Referenc e Guide provide
hardware installation ins tructions and forms to assist you in gathering configuration information. Ea ch guide includes a Cisco 700 Fast Step CD-ROM.
Cisco 700 Series Router Command Reference provide s details of all router comm ands .
The document is available on the Cisco Documentation CD-ROM and the Cisco Web site in HTML format.
Cisco 700 Series Router Installation Guide provides instructions for cabling the
Cisco 700 series router. The document is available on the Cisco Documentation CD-ROM and the Cisc o Web site in HTML format. A paper copy of the document is provided with your router.
Additional Cisco documentation and literature are available in a CD-ROM package that ships with your Cisco 700 series router. The Documentation CD-ROM, a member of the Cisco Connecti on famil y , is update d monthly. Therefore, it may be more up to dat e than the printed document ation. T o order additi onal copies of the Documentati on CD-ROM, conta ct your local sales representative or call customer service. You can also access Cisco documentation on the World Wide Web at http://www .cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco 700 series router configur ation information can be foun d at http://www.cisco.com/warp/public/779/s mbiz/service/configs/700_configs. htm and http://www.cisco.com/warp/c propub/67/sample.html
If you are reading Cisco product documentati on on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar, and s elec t Doc ume ntation. After you complete the form, click Submit to send it to Cisco. We appreciate your commen ts.
viii
Cisco700 Series Router Conf iguration Guide

Con ven tions

This publication uses the following conventions to convey instruc tions and information:
The caret character (^) represents the Control key.
For exampl e, the k ey combina tions ^D and Ctrl -D are equi v alent: Bot h mean hold do wn the Control key while you press the D key. Keys are indic ated in capitals, but are not case sensitive.
A string is defined as a nonquoted set of characters.
There are a f e w st rings t hat i ncl ude quot ation marks as part o f th e st atement . The refore, common practice is not to include the quotation marks unless the y are included in the statement. For example, set the SNMP community st ring to public does not use
quotation marks around the string “public” because when you enter the string, you would not include the quotation marks.
Command descriptions use these conventions:
Ve r ti ca l b ar s ( | ) se pa r at e al ternative, mu tu ally exclu s ive, elements.
Square brackets ([ ]) indicate opt ional elements.
Variables for which you supply values are in italic.
Conventions
Examples that contain system prompts denote interactive sessions, indicating the user
enters the command at the prompt. The system prompt indicates the current command mode. For example, the prompt rout er:2503> indicate s profile mode. The exception is when a list of commands is provided in an example configuration; the prompt is not shown for the sake of clarity.
Fixed inf ormation you enter i s in boldface screen font . Variable infor matio n you
enter is in it alic.
Terminal session s and information the system di sp lays are in screen font.
Nonprinting chara cters, such as passwords, are in angle brackets (< >).
The command synt ax contain s a combin at ion of bold a nd re gula r upperca se and lo we rcase alphanumeric charac ters. You can enter the full te x t of the commands , or you can ente r the abbre viate d form . The abbr ev iated f orm con sis ts of t he fi rst ch ara cters in ea ch wor d, sh own in uppercase bol d in the c ommand synt ax. T he uppe rcas e bold cha racte rs ar e the mini mum you must enter for the command to be recogni zed and executed.
About This Manual ix
Conventions
12
93
6
The actual c ommands you e nt er are not case sens iti v e. T he capit al izat ion and b old type ar e used in this manual only to dif ferentiate the characters requ ired for th e abbreviated for ms of commands.
For example, The syntax of the set system command is as fol l ows:
SEt SYstemname [systemname]
The complete version of the set system command can be entered at the command prompt as foll ows :
>set systemname
systemname
systemname
>
The abbreviated version of th e sam e comm and can be entered as follows:
>se sy
systemname
Note Means reader take note. Notes contain helpful s uggestions or refer ences to m ateria ls
systemname
>
not contained in this manual.
Timesaver This symbol me ans the described action saves time. You can save
time by performing the action described in the paragraph.
Caution This symbo l means reader be careful. In this situation, you mi ght do
something that could re sult in equipment damage or loss of data.
x
Cisco700 Series Router Conf iguration Guide

Overview

Cisco 700 series routers co nnect small off ice Et hernet LANs t o corporat e networks through Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) lines. After config uration, the router automatically routes packets to and from remote destinations using IP or Internetwork Packet Exchange (IPX).
The Cisco 700 series router is a fixed co n fig u r at io n router. The rout er operating sys t e m is called Cisco IOS-700 software and is unique to the Cisco 700 series router.

Supported Protocols

The Cisco 700 series routers support the following protocols :
IP
CHAPTER
1
IPX
Internet Protocol Control Protocol (IPCP)
Internet Control Message Protocol (ICMP)
Internetwork Packet Exchange Control Prot ocol (IPXCP)
Point-to-Point Protocol (PPP)
Bridge Control Protocol (BCP)
Multilink PPP (MLPPP)
Address Resolution Protocol (ARP)
Service Advertisement P r otocol (SAP)
Password Authentication Protocol (PAP)
Over view 1-1

Software Images

Trivial File Transfer Protocol (TFTP server)
Simple Network Management Protocol (SNMP)
Routing Information Protocol (RIP) for IP and IPX
Trigge red RIP for IP
Challenge Handshake Auth en ticatio n Protocol (CHAP)
Dynamic Host Configuration Protocol (DHCP)
Port Address Translation (PAT)
Remote Common Applica tion Programmers Interf ace (RCAPI)
ISDN Device Control Protocol (ISDN-DCP)
Software Images
The Cisco 700 Series routers run a proprietary Cisco soft ware (Cisco IOS-700 software) image, which is different than traditional Cis co IOS software. The image you use varies, depending on the region in which the router is used and what feature set you desire. The image name, fo r exa mple, c 760-in. r- TPH.43-1. bin , design at es the re gion and featu res. The regio n s are as follows:
1-2
US for use in North America
NET3 for use in Europe
TR6 for use in Germany
INS for use in Japan
TPH for use in Australia
The features are in d icated as follo w s:
Internet Ready (IP onl y, 30 users with data compression on) images have a "b"
designati on.
Internet Re ady X.25 (IP only , 30 LAN de vices, compression, X.25) images have a "bxd"
designati on.
Cisco700 Series Router Command Reference

Administrati ve Configuration Options

Remote Office (IP/IPX, 1500 LAN devices, compression) images have an "r"
designation.
Remote Off ice X.25 (IP/IPX, 1500 LAN devices , compression, X.25) images have an
"rxd" designation.
So the example image named "c760-in.b-TPH.43-1.bin" is a Serie s 760 router image software Release 4.3(1) with the Internet Ready feature set for Australia. (All Cisco 700 series routers run Series 760 rout er im ages. There are no Series 770 router im age s.)
You can verify the image loaded on your router by entering the command-line prompt. The following examp le shows a router running a Cisco 760 (c760) image for the United St ates (US), rel ease 4.0(1), and u sing the Remote Off ice (r) fea ture set:
guest> version Software Version c760-in.r.US 4.0(1) - Jan 14 1997 19:00:23 Cisco 766 ISDN Stack Revision US 2.10 (5ESS/DMS/NI-1)
Administrative Configuration Options
You can configure routers through the configuration port or across an IP network using Telnet. In addition, Cisco IOS-700 software supports Cisco 700 Fast Step software applications. These tools are on the Ci sc o700 Fast Step CD-ROM in the Cisco 700 Quick Reference Guide.
version command at the
Over view 1-3
Administrati ve Confi guration Options
1-4
Cisco700 Series Router Command Reference
CHAPTER
2
Using Profiles with Cisco 700 Series Routers
A profile is a set of configuration parameters associated with ports on the router or WAN devices.
This chapter contains the following sections:
Profile Overview
System and Profile Parameters
Creating and Modifying Profiles
Incoming Calls
Outgoing Calls

Profile Overview

There are two modes in which you can set parameters, the system mode and the profile mode. System m ode parameters affect the configur ation on a global level. Profi les are sets of local parameters. Profile mode parame ters affect how the router handles the connection to a device.
You do not have to reconfigure the router every time you connect to a different de vice. Instead of using one set of configuration parameters for all devices, you can use different profiles to communicate with a variety of devices.
For e xample, you can creat e a user -d ef ined prof i le c alled 250 0 that conta in s the para meters to be used when communicating with a Cisco 2500 series router over the WAN. You can customize your Cisco 700 series router to maintain up to 17 user -defined profiles. P r ofiles are saved in the Cisco 700 series router nonvolatile RAM (NVRAM).
Using Profiles with Cisco 700 Series Routers 2-1

System and Profile Parameters

In addition to user-defined profiles, there are three permanent profiles, Internal, LAN, and Standard. The Internal profile stores parameters used to communicate between the LAN and WAN ports on the Cisco 700 series router . The LAN profile stores paramet ers that config ure the LAN port on the router. The Standard profile is the defaul t profile. If authentication is not requir ed and the destination device you are connecting to does not have a user-defin ed profile, the router uses the Standard profile.

Profiles and Connections

Profiles are either active or inactive. An active profile creates a virtual connection to the remote device associated with th e profile. A virtual connection is a connection without physical channels. After creating a virtual connection, an on-demand call can be made to the asso ciated rem o t e d evice to estab l ish a physical connection.
A physical connection is a dynamically created pipeline of packets from the Cisco 700 series router to a switch on the WAN. All connections are associated with the profile that defines the configuration of the connecti on.
Virtual and physica l connections behave similarly; the diffe r ence is that physical connections forw ard packet s to the WAN. Virtua l connections monitor packet tr aff ic on the
LAN until a deman d filter “sees” that a pa cket is destined f o r the WAN and initiates a call to the switch, opening the physical connection. Once the call is established, the virtual connection be com es an active physical connection, and the packets move through the pipeline.
System and Profile Parameters
The system is composed of both system mode parameters, user-defined profiles, and permanent profiles. System mode parameters can be changed only in system mode. The prompt indicates you are in system mode by displaying nothing or the route r name. An example of the prompt is shown below:
Router_name>
If you are in profile mode, the profile name appears on the prompt, sepa rated from the system name by a colon (:). An example of the prompt is shown below:
Router_name:Profile>
2-2
Cisco700 Series Router Configuration Guide
All profi les are based o n the profil e templa te and inherit the system-le v el valu es. When you create a new profile, its default values ar e taken from the p r ofile template.

System Mode Parameter Set

System mode parameters affect the r o u ter as a system. Table 2-1 lists the system parameters.
T able 2-1 System Para meter Set
Caller ID pa ra m e ters Call wait in g PPP Date and time Country gr oup Screen l ength Directory number(s) Address age time Screen echo Delay ti me Local and remote acces s SNMP Forwarding mode Phone 1 and 2 SPIDs Multid es tinatio n di a lin g PPP clie nt pa ssword Switch typ e Numbering plan PPP clien t secret System password Patterns Voice priority Power Source 1 detect Passt hru Compression System name PPP auth e nt ic ation
1 PPP = Point-to- P oint Protocol 2 SNMP = Simple Network Management Protocol 3 SPID = service profile identifier
System Mode Parameter Set
1
parame ters
2
parameters
3

Profile Mode Parameter Set

Changes made to profile mode parameters in system mode affect the profile template. When a profile is cre ated, it in herits the matchi ng system mode paramet ers from the profi le template. Any changes to parameters in profile mode apply only to that profile. Changes made to prof ile par ameters in s ystem mode are stored in th e prof ile templa te. When you use the set user command to create a user-defined profile, the default parameters for the new profile are taken from system mode.
Using Profiles with Cisco 700 Series Routers 2-3
System and Profile Parameters
Table 2-2 lis ts the parameters that can be conf igured in a profile.
Table 2-2 Profile Parameters
Bridging Line speed PPP authentication (outgoing) Ringback number Auto calling All IP parameters, including filters Passt hrough Demand PAP password (client and host) Learning Timeout All IPX parameters, including filters Subnet mask Called nu mber CHAP secret (client and host) Protoco l Encapsul ation Bridge f ilters (a ddress, typ e, and user- defined) Loopback

Permanent Profiles

Cisco 700 series routers contain three permanent profiles . Permanent profiles can be modified, but they cannot be deleted. The permanent profiles are as follows:
LAN Determines ho w data is passed from the router to the LAN. This profile
is commonly used for connec tions made directly to the local network.
2-4
Internal Determines ho w dat a is pass ed bet ween the bridge e ngine a nd the IP/ IPX
router .
Standard The default profile. If authent ication is set to non e and a profile does not
exist for the WAN switch, the r outer uses the St andard profile b y default. If authentication is required and no prof ile is found, the call is drop ped.
The decision to use the LAN or Internal profile involves some knowledge of your network design and whether you are bridging or routing t o remote sites (or a combination of both). It is be st t o use the LAN prof il e inst ead of th e Inte rna l prof il e to si mplif y t he con f igurati on. You can easily associate the LAN profile with the Ethernet interface and the user-defined profiles with the ISDN interface.
Sometimes situations arise (very infrequent) where you must rou te a protocol to one site and bridge the same protocol to another site. Simply leave the LAN profi le as a bridging profile, and use the Internal profile for all routed protocol information.
Cisco700 Series Router Configuration Guide

Creating and Modifying Profiles

A new profile is created with the set user command. When you create a ne w profile, you automa tically enter profile mode for that profile. The followin g example creates a user profile called tomd. Enter the set user command to create a profile using the profile template for the default values of the parameters, as follows:
Host> set user Host:tomd>
Notice that th e profi le mode is indi cated by th e prompt, which appe ar s as the sys tem name and the profile name, separated by a colon. While this prompt is displayed, modifications to the para meters only affec t the parame ters in the profi le. The ch anges do n ot affe ct system mode parameters or other profiles.
The cd command is used to change to system mode or to another profile. Following is an exampl e of th e cd command used to change to a perm anent pro file called LAN:
Router_name> cd LAN Router_name:LAN>
Note that the prompt include s the name o f the profi le. You can now modi fy the LAN prof ile parameters.
tomd
Creating and Modifying Profiles

Displaying Profile Configuratio ns

The show commands dis play the values as sociated with a prof ile parameter in prof ile mode. The commands work in system mode to show the valu es associated with parameters i n the profile template.
In profile mode, some show commands only display profile paramete rs . Parameter values that have been redefined in profile mode are indic ated with a <*>. All other paramete r values ar e in h erited fr o m th e pr ofi l e te m p la te.

Removing Profile-Based Values

You can remove any parameter value within a profile with the unset command. The parameter you removed inherits its value from the system mode.
Using Profiles with Cisco 700 Series Routers 2-5

Incoming Calls

In the following example, the profile parameter number is removed from the profile by using the unset command:
Host:Profile> unset number

Deleting Profiles

The reset user comman d deletes a user-defined pr o file fr o m th e r outer. The three permanent profiles (LAN, Internal, and Standard) cannot be deleted. This command also closes any conne ction associated with the profile.
In the followi ng example, the tomd profi le is removed from the system by using the resetuser command:
Host:Profile> reset user tomd

Changing Profile Names

The set profile user command changes the name of an existing profile. Enter this command while i n prof ile mode for the profi le you wa nt to affec t. In the follo wing e xample, the profile name is being changed from 2500 to 4500:
766:2500> set profile user 4500 766:4500>
Incoming Calls
When th e ro ut e r re c eives an incom in g call, the rou t er s ea r ch es both act ive and inactive profiles for a profile with the same name as the calling de vice. If it finds a profile with the matching user ID, the router uses the conf iguration parameters of that profile while communicating with the remote device. If the profile is inactive, it is automa tically activated for the duration of the connection.
When the call is finished, the physical link between the two devices is disconnected. However, the virtual conne ction to the remote router might be configured to remain acti ve.
2-6
Cisco700 Series Router Configuration Guide
If the profile is configured to remain active after a link disconnects, a virtual connection remains. The vir tual c onnect ion monit ors t he LAN t raf fi c. If pa cket s dest ined for th e WAN are detected, the router opens up the physical connection and forwards the packets.
If the profi le is configur ed to become inacti ve after a link dis connects, both the physical link and the virtual conne ction to the remote router ar e disconnected until another call is received f rom the same remote router.

Outgoing Calls

Outgoing calls requi re that the associated user- defined profiles be set to active, th at the set auto command be on, a nd t hat a phone number to c all be stor ed in th e pr of ile. If the pr of il e
is inactive, a number to dial is not available to the router.
Outgoing Calls
Using Profiles with Cisco 700 Series Routers 2-7
Outgoing Calls
2-8
Cisco700 Series Router Configuration Guide
CHAPTER
3

Basic Configurations

This chapter conta ins basic conf iguration e xamples for connecti ng a Cisco 700 series router to an Internet service provider (ISP) or to a central site, such as your co mpany network. It is assumed t hat your rout er is cable d as describe d i n the Ci sco 700 Quick Ref er enc e Guide. Before you proceed with the examples in this chapter, have the information regarding ordering the ISDN li ne an d the connection information in the Cisco 700 Quick Reference Guide (shipped with your router package) available.
The chapter is written so that a kno wledge able begi nne r can perform a basic config uratio n of the router, guided by the examples. Expl anations are kept to a mi nimum, but the y do show how the individual commands fit into the framework of a configuration.
This chapter has the following sections:
Basic Configuration Concepts
Starting Point
Setting SPIDs Manually (North America only)
Bridging with a Cisco 700 Series Router
Routing IP with a Cisco 700 Series Router to an ISP
Routing IP to a Central Site
Routing IP and IPX On-Demand

Basic Configuration Concepts

The information in this se ction describes basic networking concepts as they relate to the Cisco 700 series router and the examples presented. If you have some experience with Cisco 700 series routers, you can skip this section.
Basic Configura ti ons 3-1
Basic Configuration Concepts

Bridges and Routers

Routers forward packets on to specific network segments based on a logical network address, reducing network traff ic by kee ping unnecessary pack ets off network s egments by only forwarding packets to segments as required.
A bridge joins individual network segments into a single network. The bridge floods packets on to all the network segments it is connected to. In other words, bridges offer simplicity and routers offer a greater degree of control. Cisco 700 series routers can function as a bridge and a router.

Profiles

Profiles are logically organized sets of commands for each connection that can be customized and stored independently. This allows you to conf igure your router for more than one connec tion. There are two types of profiles , permanent and user-defined. The Cisco 700 Series Router Co mmand Ref erence publication cont ains a n e xten si v e discus si on on profiles. It is important to understand the use of profiles before attempting to configure your router.

LANs and WANs

Cisco 700 series routers have a “LAN side” and a “WAN side.” The LAN s ide of the route r is the Ethernet 10BaseT conne ction wher e your computer (or another short-ra nge networ k device ) is connected to the router. The WAN s ide is ISDN. The configuration commands can affect function on one or both sides of the router . Which side i s affected depends upon the command and the pr ofile containing the command.
3-2
Cisco 700 Series Router Configuration Guide

Current Configuration

You can display the current configuration at any time using the show configuration command. If you is sued the c ommand i n sys t em mode , sy stem mode comma nds di spla y. If you issue the command in profile mode, profile mode commands display. An asterisk (*) next to a v alue ind icate s the v alue has been m odif ie d from t he d ef ault v a lue. The c ommand is entered as follows:
>show config
Basic Configura ti ons 3-3
Basic Configuration Concepts
The following sample display shows output for the Cisco 700 series routers, from the show configuration command in system mode:
Host> show config System Parameters
Environment
Screen Length 20 Echo Mode ON CountryGroup 1
Bridging Parameters
LAN Forward Mode ANY WAN Forward Mode ONLY Address Age Time OFF
Call Startup Parameters
Multidestination OFF
Line Parameters
Switch Type 5ESS
Call Parameters Link 1 Link 2
Retry Delay 30 30
Profile Parameters
Bridging Parameters
Bridging ON Routed Protocols Learn Mode ON Passthru OFF
Call Startup Parameters
Encapsulation PPP
Line Parameters
Line Speed AUTO Numbering Plan NORMAL
Call Parameters Link 1 Link 2
Auto ON ON Called Number Ringback Number

Remote and Central Sites

In the e xampl es, the Cisc o 700 series router you a re conf igur ing is referre d t o as the remote router. This is strictly for identif ication purposes and does not have anything to do with geography or the physical location of the router.
3-4
Cisco 700 Series Router Configuration Guide

Passwo rd and Secr et

There a re s e ve ra l ty pes of a uth ent ic at ion, su ch as P as sw ord Au t hen ticat ion Pr oto col (PAP) and Challenge Handshake Authentication Protocol (CHAP). To avoid confusion, the PAP password is r eferred t o a s pass word, and t he CHAP s ecre t pass word is referre d to a s secret. The PAP password is pl ain text. The CHAP secret is encrypted.

Additional Reference

For more informati on on the commands, basics of networking, profiles and so forth, refer to the Cisco 700 Series Router Command Refer ence publication. The Cisco 700 Series Command Reference publication also contains advanced configuration examples.

Starting Point

This section shows how to set the router to default values and provide basic configuration information use d in all configurati ons. All of the example configuration s assume default valu es unless otherwise indi cated.
Step 1 Use the set default com mand as f ollo ws to be s ure tha t you begin wi th all default
values when co nfiguring your router:
> set def
System-le ve l paramet ers and the pa rameter s in the pe rmanent prof i les ar e set to their default values. Existing user-defined profiles are d eleted and the router reboots.
Step 2 Enter the set directorynumber command (usually a te n-digit local num ber with
no spaces or dashes) to set the ISDN dire ctory numbers.
>set 1 directory number 4085551234 >set 2 directory number 4085551235
You are ready to set Service Profile Identifier (SPID) au tomatic detection. A SPID is a number provided by the ISDN carrier to identify the line configuration of the BRI service. Each SPID points to li ne setup and configuration information.
Basic Configura ti ons 3-5
Starting Point
Setting a SPID is des cribed in the section “Setting SPID Autodetection (North America only)” in this chapter (recommended if you are connecting to a service provider where the ISDN switch t ype is DMS-100 or National ISDN-1 (NI1)) or to enter the SPIDs manually, as describe d in t he sect ion “ Settin g SPI Ds Manua lly (North Ame rica onl y)” in this chapt er.

Setting SPID Autodetection (North America only)

If the servi ce pro vi der IS DN swi tch t ype is DMS-100 or Nati onal IS DN-1 (NI1), the rou ter supports an automatic SPID detection feature. This section descri bes how to set the autodetec tion feature . If the switch type is 5ESS Custom PPP, do not enter SPIDs; go to the next section.
Enable automatic SPID de tection feature as follows:
>set autodetection on
Once you enable the autodetection feature, wait for the router to complete the process. This process might take seve ral minutes to complete. When autodetection is successful, the follo wing messages display:
>L76 1 Auto Spid Detect Successful 5ESS >L76 1 055512340 Auto Spid Detect Successful >L76 2 055512350 Auto Spid Detect Successful
3-6
No additional procedures are required. You can now enter specific configuration information.
If autodetection fails, the following message disp lays:
>L84 Manually enter spids and set autodetection off
In this event, set autodetection off by using the set autodetection command and continue with the section “Setting SPIDs Manually (North America only)” to enter SPIDs manually.
Cisco 700 Series Router Configuration Guide

Setting SPIDs Manually (North America only)

SPIDs can b e detected auto m atically usi ng the set autodetection command, or SPIDs ca n be entered manually, as described in this section.
If the service provider switch type is 5ESS Cust om PPP, you do not need to ente r SPIDs ; go to the next section. If the service provider switch type is DMS-100, National (NI1) , or 5ESS Multipoint, continue with this section.
To enter the SPIDs assigned by your ISDN service provider, take the following steps:
Step 1 Enter the set switch command to configure the ISDN switch type that is being
used with your ISDN line:
> set switch dms
Step 2 Enter the set spid command to set the router’ s SPID numbers:
> set 1 spid > set 2 spid
You are ready to configure the router for a specific routing environment.
An AT&T 5ESS switch can support up to eight SPIDs per BRI line. Because multiple SPIDs can be applied to a single B channel, multiple services can be supported simultaneou sly. For example , th e f irst B ch annel c an be conf ig ured for data , a nd t he s econd B channel can be conf i gure d for bot h v o ice and dat a. In th is sc enar io, t he s econd B c hannel can support an ISDN telephone in addition to supporting data connections. For 5ESS switches, the SPID is usually the 10-digit ISDN number beginning with “01” and ending with “0.” For example: ISDN number, 4085551212; SPID, 0140855512120. (There is no standard format for SPIDs. As a result, SPID values can vary, depending on the switch vendor and the carrier.)
0510198765430 0510187654320
DMS-100 and NI1 swi tc hes supp ort only two S PIDs, wi th only one B c hannel per S PID. If both B channels will be used for data only, enter the two SPIDs (one for each B channel). An issue comes up when trying to run data and voic e over the same B channel. Assuming the fi rst SP ID is appli ed to t he fi rst B cha nnel for data tr aff ic a nd is l imited t o that B cha nnel only, this leaves only one other SPID for the second B channel.
Consequent ly, the second B channel can be used for either data or voice, but not both simultaneously. The absence or presence of the second SPID in the configuration dictates whether the secon d B chan nel can be used for data or voice. This is an example of SPID
Basic Configura ti ons 3-7

Bridging with a Cisco 700 Series Router

values for DMS-100 and NI1 switches: ISDN number, 4085551212; SPID 1, 408555121201; SPID 2, 408555121202. In this case the S PID is the 10-digit IS DN number
ending with a “01” for SPID 1 and a “02” for SPID 2.
Bridging with a Cisco 700 Series Router
This sec tion d escr ibes ho w to br idge a Cis co 700 series route r o ve r an IS DN line t o anot her router. Bridging is used in cases where you do not need a lo t of filtering to manage the network. Basic ally , you are relying on the nodes on the LAN side of the router to dete rmine if a packet shoul d be accepted or dropped. (If you turn routin g on, you can fil ter the packet s on the WAN side, reducing your traffic on the LAN side.)
Note Bridging ov er an ISDN l ine i s not an e f f icient use of ISDN ba ndwidth. Ro uting o v er
the ISDN line helps optimize ISDN bandwidth by reducing traffic to the WAN.
Figure 3-1 illustrat es an e xample of a remote Cisco 700 series router bridging to a router called central at a centr a l sit e .
3-8
Figure 3-1 Bridging Example
IP address 172.16.125.9 Subnet mask 255.255.0.0
Enterprise
CPA765 Central
You are going to establish a basic connection with another router, relying primarily on the defaults. In this example conf iguration, a simpl e us er-defined profile is created in your Cisco 700 series router to bridge over an ISDN network to another router.
By defaul t, the Cis co 700 series router a utomati cally “lear ns” the MA C addr esses that ex ist locally and remot ely across the WAN. The router stores the MA C addresses in a MAC address table, so it knows if the unica st packets should remain on the LAN or forwarded
Cisco 700 Series Router Configuration Guide
ISDN
network
IP address 172.16.125.10 Subnet mask 255.255.0.0
San Jose
H5860
across the ISDN line. In a bridging scenario, the router does not need an IP address and bridging occurs regardless. The IP addre ss is used when the router is being mana ged remotely by a Telnet session or participating in SNMP.
Both sides of the WAN must be configured with PPP host names, secrets, and passwords for authentication. Each profile must also include dialing information.

Cisco 700 Series Rout er Bridging Instructions

The IP address and subnet mask are not entered. IP address assignments are not necessary in a bridged netwo r k; they are used only if the router is being pinged or accesse d through Tel ne t or SNMP.
Follow i n g is the comma n d su m mary fo r configuring the Cisco 700 s er ies ro uter to br idge to the ro ut er ca ll ed central at the central site:
set system set user set active set ppp secret client set ppp password client set bridging on
1
set set 2 number reboot
CPA765
central
number
phone_number phone_number

Routing IP with a Cisco 700 Series Router to an ISP

This section descri bes ho w to conf igure a Cisc o 700 serie s router to rout e to an I SP by us ing Internet Protocol (IP). Figure 3-2 illustrates the configuration used in this example. By default, PPP incoming authentication is on and outgoing authentication is off.
Note If you are connecting to an Ascend device, you must disable PPP Bandwidth
Allocation Control Protocol (BACP) and PPP multilink.
Basic Configura ti ons 3-9
Routing IP with a Cisco 700 Series Rout er to an ISP
The example also uses an unnumbered IP address on the Cisco 700 series router and a dynamically-as signed IP address from the ISP, a common practice used to conserve IP addresses.
Figure 3-2 Connecting to an ISP–Exampl e Confi guration
ISDN (WAN) interface IP address: 0.0.0.0. Subnetwork mask: 0.0.0.0.
Ethernet (LAN) interface IP address: 172.16.17.9 Subnet mask: 255.255.255.248
Cisco 700
Cisco 700 series router system name: 765 CHAP secret: cisco
ISDN network
IP unnumbered
Central
Central site router System name: isp
H8757
In this exa mp le , a user-defined pr o file named is p is created, representing the ISP router. Your router uses the isp profile to initiate the call to th e I SP router.
When the Cisco 700 series router calls the ISP router, it sends the ISP the PPP host name, the CHAP secrets, and PAP passwords, depend ing upon what the other router requires to authenticate the call.
3-10
Cisco 700 Series Router Configuration Guide

Routing a Cisco 700 Series Router to an ISP Instructions

Following is the command summary for conf iguring the remote Cisco 700 seri es router to connect to an ISP:
set system cd lan set ip address set ip netmask set ip routing on set user set number set ppp password client set ppp secret client set ppp address negotiation local on set ip routing on set ip route destinatio set bridging off set ip address set ip netmask set timeout set ip pat on set active reboot
If you are being charged for each connec tion, you can use the set timeout command to set the timeout to zero. Doin g so ma int ains your connecti on a nd minimiz es the numbe r of fees.
764
172.16.17.9
255.255.255.248
isp
5558011
0.0.0.0
0.0.0.0
360
n 0.0.0.0/0
gateway
0.0.0.0
propagate on

Routing IP to a Central Site

This section describes how to configure a remote Cisco 765 router and a ce ntral site Cisco 765 router for on-demand IP routing using PPP.
PPP addresses issues that include the assignmen t and manageme nt of IP addresses, asynchronous (s tart/stop) and bit-oriented synchronous enc apsulation, network protocol multiplexing, error detection, and option negotiation.
PPP addresses these issues by providing an extensible Link Control Protocol (LCP) and a family of Netw ork Control Protocols (NCPs) to negotiate opti onal configuration parameters and facilities. PPP suppor ts IP and IPX.
Figure 3-3 is an illustration of the configuration used in this example.
Basic Configurations 3-11
Routing IP to a Central Site
Figure 3-3 Routing IP to a Central Site—Example Configuration
ISDN interface IP address: 10.48.125.7 IP subnet mask: 255.255.255.0
Ethernet interface IP address: 172.16.17.9 IP subnet mask: 255.255.255.0
Ethernet interface IP address: 172.15.1.100 IP subnet mask: 255.255.255.0
ISDN interface IP address: 10.48.125.4 IP subnet mask: 255.255.255.0
Cisco765
Remote router System name: remote765 ISDN number: 5553693/4 User profile name: central765
ISDN
network
Cisco765
Central site router System name: central765 ISDN number: 5550143/4 User profile name: remote765
S4802
In this example, the Cisco 765 router named remote765 is used to establis h a connection through the ISDN service provider to the corporate network at a central site.
3-12
Cisco 700 Series Router Configuration Guide

Central Site IP Routing Command Summary

Following is the command summary for con figuring the remote Cisco 765 router for on-demand IP routing using PPP:
set system set multidestination on cd LAN set ip address set ip netmask set ip routing on set ip rip update periodic set user set ppp password client set ppp secret client set ip address set ip netmask set ip routing on set ip rip update demand set ip route destination set number set timeout set active reboot
remote765
172.16.17.9
255.255.255.0
central765
10.48.125.7
255.255.255.0
5550143
360
0.0.0.0/0
gateway
10.48.125.4
Basic Configurations 3-13

Routing IP and IPX On-Demand

Follo wing is the command summary for conf iguring the centra l site Cisc o 700 series rout er for on-demand IP routing with PPP:
set system set multidest on set ppp auth in chap set ppp secret host cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set user set ppp auth out chap set ppp secret client set bridging off set ip address set ip netmask set ip routing on set ip rip update demand set ip route destination set ip rip version 1
1
number
set
2
number
set set timeout set active reboot
central766
172.15.1.100
255.255.255.0
remote765
10.48.125.4
255.255.255.0
5553693 5553694
360
0.0.0.0
gateway
10.48.125.7
The set ip rip update demand command is only applicable to the Cisco 700 series router. If you are being charged for each connec tion, you can use the set timeout command to set
the timeout to zero. Doin g so ma int ains your connecti on a nd minimiz es the numbe r of fees.
Routing IP and IPX On-Demand
This section describes how to configure the remote Cisco 765 router and the central site Cisco 765 router for on-demand IP and IPX routing using PPP.
Figure 3-4 illustrates the confi guration used in this e xam ple.
3-14
Cisco 700 Series Router Configuration Guide
Figure 3-4 Routing IP and IPX On-Demand—Exampl e Confi guration
ISDN interface IP address: 10.32.125.7 IP subnet mask: 255.255.255.0 IPX network: 32125
Ethernet interface IP address: 172.16.17.9 IP subnet mask: 255.255.255.0 IPX network: 1478 IPX Framing 802.2
765
Cisco765
Remote router System name: remote765 ISDN number: 5553693/4 User profile name: central765
The remote Cisco 765 router is used to estab lish a connection through the ISDN service provide r to the corporate ne twork at a central site using PPP. The remote Cisco 765 router has three permanent profiles: LAN, Internal, and Standard. This example uses the LAN profile and a user-defined profile.
Ethernet interface IP address: 172.15.1.100 IP subnet mask: 255.255.255.0 IPX network: 73146 IPX framing 802.2
ISDN interface IP address: 10.32.125.4 IP subnet mask: 255.255.255.0 IPX network: 32125
ISDN network
Central site router System name: central765 ISDN number: 5550143/4 User profile name: remote765
Cisco765
S4800
Basic Configurations 3-15
Routing IP and IPX On-Demand

On-Demand IP and IPX Routing with PPP Instruct ions

Following is the command summary for con figuring the remote Cisco 765 router for on-demand IP and IPX routing using PPP:
set system set multidestination on set ppp password client set ppp secret client set ppp auth out chap set ppp password host set ppp secret host cd LAN set ipx routing on set ipx network set ipx framing 802.2 set ipx rip update periodic set ip address set ip netmask set ip routing on set ip rip update periodic set user set ipx routing on set ipx network set ipx rip update demand set ipx spoof set ip route destination set ip address set ip netmask set ip routing on set ip rip update demand
1
set set 2 number set timeout set active reboot
remote765
central765
number
1478
172.16.17.9
255.255.255.0
32125
10
10.32.125.7
255.255.255.0
5550143 5551044
360
0.0.0.0/0
gateway
10.32.125.4
3-16
Cisco 700 Series Router Configuration Guide

Central Site On-Demand IP and IPX Routing with PPP Commands

Follo wing is the command summary for conf iguring the centra l site Cisc o 700 seri es router router for on-demand IP and IPX routing using PPP:
set system set multidestination on set ppp auth in chap set ppp secret client cd lan set ipx routing on set ipx network set ipx framing 802.2 set ipx rip update periodic set ip address set ip netmask set ip routing on set ip rip update periodic set user set bridging off
1
set set 2 number set ipx network set ipx routing on set ipx framing none set ipx rip update demand set ipx spoof set ip route destination set ip address set ip netmask set ip routing on set ip rip update demand set ppp auth out chap set ppp secret host reboot
central765
remote765
number
73146
172.15.1.100
255.255.255.0
5553693 5553694
32125
10
10.32.125.4
255.255.255.0
0.0.0.0/0
gateway
10.32.125.7
Basic Configurations 3-17
Routing IP and IPX On-Demand
3-18
Cisco 700 Series Router Configuration Guide
CHAPTER
4

Using CHAP

This chapter conta ins con f igurati on e xamples for co nnecti ng a Ci sco 700 series router to a router runnin g Cisco IOS software. In these examples, the remote router is a Cisco 765 series router, and the central site router is a Cisco 4500 series router. Any Cisco 700 series router can be used in place of the remote Cisco 765 series router. Any router running Cisco IOS software can replace the central site Cisco 4500 series router.
In these ex amp les, the Ci sco 4500 ser i es ro ut er seri al - int er f ac e co n figu r at io n is an ISDN Primary R ate Interfac e (PRI). Depend ing on the route r model us ed at the cent ral site, the serial interface might be a different type.
In addition, this chapter lists se veral interoperability issues that exist bet w een Cisco IOS software and Cisco 700 series routers. These issues must be considered if you are connecting your Cisco 700 series router to a router running Cisco IOS software.
This chapter contains the following sections:
IP Static Routi ng and Callback with CHAP Authentication
IP Static Routing with CHAP Authentication and MLP
IP Static Routing with PAP Authentication and MLP
IP Unnumbered Static Routing and CHAP with MLP
IP Static and IPX Static Routing with CHAP and MLP
IPX Static Routing with CHAP and MLP
Multilink PPP Encapsulation
Dynamic Routin g Protocols
Bridging to a Router Running Cisco IOS Software
Using CHAP 4-1

SPID Detection (North America only)

SPID Detection (North America only)
In North Ame r ica, SPIDs can be automatically detected or manually configured. For more information on SPID detection, see "Setting SPID Autodetection (North America only)" and "Setting S PIDs Manually (Nor th America only)" in the "Basic Con figur ations" chapt er .

IP Static Routing and Callback with CHAP Authentication

This sectio n describe s how to co nf igur e the router s for Inter net Protoco l (IP) stati c routing and callback with Challenge Handshake Authentication Protocol (CHAP).
Figure 4-1 illustrates the confi guration used in this example.
Figure 4-1 IP Static Routing and Callback with CHAP Authentication
Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0
Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248
765 CPA4500
Telecommuter PC IP address:
192.168.147.8
Remote router ISDN number: 5553693 User profile name: 4500
Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0
Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0
ISDN
Central site router ISDN number: 5558011 Host name: 4500
S4768
Central site network IP network: 172.18.124.0
4-2
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or IP static routing and callback with CHAP authentication:
set switch 5ess
1
dir
set set 2 dir set system set ppp authentication incoming chap set ppp secret client set multidestination on cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set ip rip receive v2 set ip rip version 2 set user set ppp secret client set ppp secret host set ip route destination set ip address set ip netmask set ip routing on set ip framing none set ppp callback request always set set 2 ringback set number set bridging off set ip rip update off set timeout set active reboot
directory_number directory_number
765
4500
1
ringback
5558011
360
192.168.147.9
255.255.255.248
0.0.0.0
172.16.125.7
255.255.255.0
number number
gateway
Remote Cisco 765 Command Summary
172.16.125.1
propagate on
Multilink PPP is enab led b y defa ult. If the Ci sco 700 series router is dialing int o a hos t that does not support mult ilink PPP or that does not ha v e multil ink PPP enabled, the Cisco 700 series router might repo rt a misconfiguration. This is most commonly seen when the Cisco 700 series router is connecte d to equipment from Ascend.
Using CHAP 4-3

IP Static Routing with CHAP Authentication and MLP

T
IP Static Routi ng wit h CHAP Authentication and MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and the remote Cisco 765 series router for IP static routing with Challenge Handshake Authenticat ion Protocol (CHAP) and Multilink Protocol (MLP).
Figure 4-2 is an illustration of the configuration used in this example.
Figure 4-2 IP Static Routing with CHAP Authentication and MLP
Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0
Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248
765 CPA4500
elecommuter PC
IP address:
192.168.147.8
Remote router ISDN number: 5553693 User profile name: 4500
Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0
Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0
ISDN
Central site router ISDN number: 5558011 Host name: 4500
S4768
Central site network IP network: 172.18.124.0
4-4
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP static routing with CHAP and MLP:
set switch 5ess
1
dir
set set 2 dir set system set multidestination on set ppp multilink on set ppp authentication incoming chap set ppp authentication outgoing chap cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set user set ppp secret client set ip address set ip netmask set ip routing on set ip framing none set ip route destination set number set bridging off set ip rip update off set ppp secret host set timeout demand 2 threshold 32 duration set active reboot
directory_number directory_number
765
192.168.147.9
255.255.255.248
4500
172.16.125.7
255.255.255.0
5558011
360
0.0.0.0
gateway
5
Remote Cisco 765 Command Summary
172.16.125.1
propagate on
Note The set ppp authentication outgoing chap command in this example is not
recommended when connecting to Ascend 4000 or NAS routers.
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.
Using CHAP 4-5

IP Static Routing with PAP Authentication and MLP

IP Static Routing with PAP A uthentication and MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and the remote Cisco 765 series router for Internet Protocol (I P ) st atic routing with Passw ord Authentic ation Protocol ( PAP) authentication.
Figure 4-3 is an illustration of the configuration used in this example.
Figure 4-3 IP Static Routing with PAP Authentication
Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0
Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248
765 CPA4500
Telecommuter PC IP address:
192.168.147.8
Remote router ISDN number: 5553693 User profile name: 4500
Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0
Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0
ISDN
Central site router ISDN number: 5558011 Host name: 4500
S4768
Central site network IP network: 172.18.124.0
4-6
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP static routing with PAP authenticatio n:
set switch 5ess
1
dir
set set 2 dir set system set multidestination on set ppp multi on set ppp authentication in pap set ppp authentication out pap cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set ip rip receive v2 set ip rip version 2 set user set ip route destination set ip address set ip netmask set ip routing on set ip framing none set ppp clientname set ppp password client set ppp password host set number set bridging off set timeout set active reboot
directory_number directory_number
765
192.168.147.9
255.255.255.248
4500
172.16.125.7
255.255.255.0
765
5558011
360
0.0.0.0
gateway
Remote Cisco 765 Command Summary
172.16.125.1
propagate on
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.
Using CHAP 4-7

IP Unnumbered Static Routing and CHAP with MLP

IP Unnumbered Static Routing and CHAP with MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and the remote Cisco 765 series router for Internet Protocol (I P ) unnumbered routing with Challenge Handshake Authentication Protocol ( CHAP) authentication and Multilink Protocol (MLP).
Figure 4-4 is an illustration of the configuration used in this example.
Figure 4-4 IP Unnumbered Routing and CHAP Authentication with MLP
Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248
Serial interface IP unnumbered
Telecommuter PC IP address:
192.168.147.8
Remote router ISDN number: 5553693/4 User profile name: 4500
765
ISDN network
Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0
Serial interface IP unnumbered
4500
Central site router ISDN number: 5558011/2 Host name: 4500
Central site network IP network: 172.18.124.0
S4769
4-8
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or IP unnumbered routing with CHAP authentication and MLP:
set switch 5ess set system set multidestination on set ppp multilink on set ppp authentication incoming chap set ppp authentication outgoing chap set ppp secret client set ppp secret host cd lan set ip address set ip netmask set ip routing on set ip rip update periodic set ip rip receive v2 set ip rip version 2 set user set ppp secret client set ip rip update off set ip routing on set ip framing none set ip route destination set number set bridging off set ppp secret host set timeout set active reboot
765
192.168.147.9
255.255.255.248
4500
5558011
360
0.0.0.0
gateway
Remote Cisco 765 Command Summary
0.0.0.0
For detailed information regarding the commands listed here, refer to theCisco700 Series Router Command Reference.
Using CHAP 4-9

IP Static and IPX Static Routing with CHAP and MLP

IP Static and IPX Static Routing with CHAP and MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and Cisco 765 series router for Interne t P r otocol (IP) s tatic and Internetwork Pack et Exchange (IPX) static routing with Point-to-Poi nt P rotocol (PPP) using CHAP and MLP.
Figure 4-5 is an illustration of the configuration used in this example.
Figure 4-5 IP Static and IPX Static Routing with PPP
Serial interface IP address: 172.16.125.7 IP subnet mask: 255.255.255.0 IPX network: 32125
Ethernet interface IP address: 192.168.147.9 IP subnet mask: 255.255.255.248 IPX network: 1478
Telecommuter PC IP address: 192.168.147.8
765
Remote router IPX address: 32125: 0040f9cfd5 ISDN number: 5553693/4 User profile name: 4500
ISDN network
Ethernet interface IP address: 172.18.124.2 IP subnet mask: 255.255.255.0 IPX network: 48124
Serial interface IP address: 172.16.125.1 IP subnet mask: 255.255.255.0 IPX network: 32125
Central site router IPX address: 32125: 0c08af65 ISDN number: 5558011/2 Host name: 4500
4500
S4770
IPX file server IPX internal address: 3039e670
Central site network IP network: 172.18.124.0
4-10
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP static and IPX static routing with PPP using CHAP and MLP:
set switch 5ess
1
dir
set set 2 dir set system set multidestination on set ppp authentication incoming chap set ppp authentication outgoing chap set ppp secret client set ppp secret host cd lan set ipx network set ipx framing 802.2 set ipx routing on set ipx rip update periodic set ip address set ip netmask set ip routing on set ip rip update periodic set user set ipx network set ipx routing on set ipx route destination set ipx service name CORP_FS1 type 4 address set ipx spoof set ipx rip update off set ipx framing none set ip routing on set ip route destination set ip address set ip netmask set ip framing none set number set bridging off set ip rip update off set timeout set active reboot
directory_number directory_number
765
1478
192.168.147.9
255.255.255.248
4500
32125
10
172.16.125.7
255.255.255.0
5558011
360
3039e670
0.0.0.0
gateway
gateway
Remote Cisco 765 Command Summary
32125:0c08af65
3039e670:01:0451
172.16.125.1
propagate on
Using CHAP 4-11

IPX Static Routing with CHAP and MLP

IPX Static Routing with CHAP and MLP
This section describes how to conf igure the remote Cis co 765 serie s router and the central site Cisco 4500 series router for Internetwork Pa cket Exchange (IPX) static routing with Point-to-Point Protocol (PPP).
Figure 4-6 is an illustration of the configuration used in this example.
Figure 4-6 IPX Static Routing with PPP
Ethernet interface IPX network: 1478
Remote router IPX address: 32125: 0040f9cfd5 ISDN number: 5553693/4 User profile name: 4500
Serial interface IPX network: 32125
765
ISDN network
Ethernet interface IPX network: 23160
Serial interface IPX network: 32125
4500
Central site router IPX address: 32125: 0c08af65 ISDN number: 5558011/2 Host name: 4500
S4771
IPX file server IPX internal address: 3039e670
4-12
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or IPX static routing with PPP:
set switch 5ess
1
dir
set set 2 dir set system set multidestination on set ppp auth in chap set ppp secret client set ppp secret host set multilink on cd lan set ipx network set ipx framing 802.2 set ipx routing on set ipx rip update periodic set user set ppp secret client set ipx network set ipx routing on set ipx route destination set ipx service name CORP_FS1 type 4 address set ipx spoofing set ipx rip update off set ipx framing none set number set bridging off set timeout set active reboot
directory_number directory_number
765
1478
4500
32125
10
5558011
360
3039e670
gateway
Remote Cisco 765 Command Summary
32125:0c08af65
3039e670:01:0451
For detailed information regarding the commands listed here, refer to theCisco700 Series Router Command Reference.
Using CHAP 4-13

Multilink PPP Encapsulation

Multilink PPP Encapsulation
Cisco 700 series routers imple ment mult il ink PPP, which is a va il able in Relea se 11. 0(3) or later of Cisco IOS software. You can disable multilink PPP in the following two environments:
You are connecting your Cisc o 700 series router to a rout er runni ng a Cis co IOS r eleas e
prior to 11.0(3).
You are connecting your Cisco 700 series router to a router running Cisco IOS Release
11.0(3) or late r , and you ha ve no t configu red mul tilink PPP on th at rou ter running Ci sco IOS.
Use the set ppp multilink command at the system level to disable mul tilink PPP, as follows:
766> set ppp multilink off

Dynamic Routing Protocols

Cisco 700 series routers implem ent RIP Versions 1 and 2 a nd demand RIP. Demand RIP is not implemented in Cisco IOS software. If you are connecting your router to a router running Cisco IOS software, and you want to use a dynamic routing protocol, you must disable demand RIP.
4-14
Use one of the followi ng set ip rip update commands to disable demand RIP:
766> set ip rip update periodic / snapshot
or
766> set ip rip update none
Note Setting the IP RIP update to periodic maintains the connection indefinit ely . This
might be a concern if it i s not nec essar y to main tai n the li ne 24 hou rs a day, 7 days a week; you are paying for connection time that you are not using.
Cisco700 Series Router Configuration Guide

Bridging to a Router Running Cisco IOS Software

Bridging to a Router Running Cisco IOS Software
It is possibl e to bridge data o ver ISDN to and from Cisco ISDN rout ers. Dependin g on your network environment, this mi ght be an ideal solution. Bridging offers configuration simplicity with few concerns re garding network address space limitations and unroutable protocols. Bridging also offers compatibility with other products that need to bridge.
When bridging, you do not have the same ISDN line control that routing access lists provide . When bridging protocols such as Novell IPX, AppleTalk, or NetBIOS, it is possible for the ISDN line to remain connected for long periods of time. This can result in high ISDN usage charges. If bridging is the only solution for your environment, we recommend monitoring the ISDN line connection.
Cisco IOS Release 11.1 and earlier limit the number of simult aneous ISDN bridge sessio ns to one per in t er f ace.
Prior to Cisco IOS Release 11.2 (half -bridging), the Cisco IOS must also be configured to the bridging protocol, not the router protocol.
Using CHAP 4-15
Bridging to a Router Running Cisco IOS Software
4-16
Cisco700 Series Router Configuration Guide
CHAPTER
5

Configuring DHCP Relay, DHCP Server, and PAT

Cisco 700 series routers can perform the role of the relay agent, relaying IP configuration information request packets from the L AN interface, o ver the ISDN i nterface, to a specif ied Dynamic Host Configuration Proto col (DHCP) server. Cisco 700 series routers provide DHCP relay, DHCP server, Port Address Translation (PAT), and Internet Protocol Control Protocol (IPCP).
This chapter pro vides descriptions, application not es, and example configurations for configuring Dynamic Host Configuration Protocol (DHCP) relay, DHCP server, and Port Address Translation (PAT) on the Cisco 700 series router. It contains the following sections:
DHCP Description
PAT Description
IPCP Description
PPP IPCP Negotiation Example
DHCP Relay with IPCP Negotiation Example
DHCP Server with IPCP Negotiation Example
PAT with IP CP Single-Destination Negotiation Example
DHCP Server and PAT with IPCP Single-Destination Negoti ation Example
DHCP Server with PAT and IPCP Dual-Destin ation PPP Negotiation Example
Configuring DHCP Relay, DHCP Server, and PAT 5-1

DHCP Description

DHCP Description
DHCP is a client-server protocol that allows devices on an IP network (the DHCP clients) to request configuration informati on from a DHCP server. DHCP allocates network addresses from a central pool on an a s-needed basis. DHCP is useful for assigning IP addresses to hosts connect ed to the netw ork tempora ril y or for sharing a li mite d pool of IP addresses among a group of hosts that do not need permanent IP addresses.
DHCP allows for inc reased automation and fewer network administrat ion problems by:
Eliminating t he need for the manual co nfigurat ion of individua l computers, prin ters, and
shared file systems.
Preventing the simultaneous use of the same IP address by two clients.
Allowing configuration from a central site.

DHCP Server Application Notes

The followi ng are application not es for DHCP se rver:
DHCP relay and DHCP server are mutually exclusive.
When DHCP server is initialized, default addresses are us ed if no LAN or internal
address ex ists. The Ci sco 700 series router p icks up th e DHCP c lient ’s default gatewa y, netmask, and starting DHCP addresses by using the LAN IP address , if one exists. If a LAN address does not exist, the router uses the internal IP address. If neither exists, it uses the defau lt settings: 10.0. 0.1 as the LAN IP address (default gateway for DHCP clients), 255.0.0.0 as the subnet mask, and 10.0.0.2 as the starting DHCP client addresses.
5-2
For the DHCP valu es to be a utomatically generated based on the LAN or internal IP
address, each DHCP value must be set to 0.0.0.0 or none, for the new valu es to take effect.
Cisco700 Series Router Configuration Guide

DHCP Relay Application Notes

The followi ng are application not es for DHCP relay:
The IP ad dres s in t he Int er n al prof il e m ust be on the s am e network as that of the DHC P
clients.
A firewall configu r ation (where there is an Internal profile and LAN IP address) does
not work with DHCP relay.
A configuration where PAT is on and DHCP relay is enabled is not va lid. DHCP relay
will attempt to cross from a public to a private domain. PAT prevents access to the
priv ate dom ain. DHCP r elay fails because i t must re ferenc e the rou ter’s private a ddress.
DHCP relay and DHCP server are mutually exclusive. The Cisco 700 series router can
function as one or the other, but not both.

PAT Description

Cisco 700 series routers provide PAT, enabling local hosts on a priv ate IP network to communicate externally.
Packets destined for an external address have their private IP address plus port number
transl at ed t o th e r o ute r’s extern al I P add r ess bef or e the IP pac k et i s for w arde d t o th e WAN. IP packets returning to the rout er have their externa l IP addresses (plus port number) translated ba ck to the private I P addresse s, and the packets are forwarded to the LAN .
DHCP Relay Application Notes
When PAT is enabled, the transmission of RIP packets is automatically disabled to prevent a broadcast of the private IP addresses externa lly.

PAT Application Notes

A configurati on where PAT is on and DHCP relay is enable d is not v alid. DHCP relay will attempt to cros s from a public to a priv ate domain. PAT prevents access to the private domain. DHCP relay fails because it must reference the router’s private address.
Configuring DHCP Relay, DHCP Server, and PAT 5-3

IPCP Description

IPCP Description
If you are u sing IP routing, Cisco 700 series router s must be c onfig ured for IP CP to conne ct to routers running Cisco IOS software. Use the set ip framing command in prof ile mode to enable IPCP for user-defined WAN profiles by setting IP framing to none.
The following example illustrates IPCP enabled by disabli ng IP framing:
766:2503> set ip framing none
Note Do not set the ip framing or the ipx framing command s to none when configuring
the permanent LAN profile.

IPCP Address Negotiation Application Notes

The followi ng are application not es for IP CP address negotiation:
Cisco 700 series routers require a user -def ined profi le, conf igured wit h IP routing on, to
receive an IP CP addres ses.
A router running Cisco IOS software must be configured to hand off IPCP addresses.
5-4
If a manually configured IP address exists on the Internal profile of a Cisco 700 series
router, the IPCP address is assigned to the WAN profile.
If a manually configured IP address exists on the LAN profile, the IPCP address is
assigned to the Internal profile.
Cisco700 Series Router Configuration Guide

PPP IPCP Negotiation Example

This sectio n describes how to configure a remote Cisco 700 series router for PPP IPCP negotiat ion to a c entra l site rout er , such as a Cis co4500 series router, t hat is running Ci sco IOS software.
Figure 5-1 is an illustration of the configuration used in this example.
Figure 5-1 PPP IPCP Negotiation
ISDN network
Cisco 765 Cisco 4500
Cisco 765 Series Router Commands
Following are the commands for configuring the remote Cisco 765 series router for point-to-point IPCP negotiation with a Cisco 4500 router:
set switch 5ess
1
dir
set set 2 dir set system set user set ppp secret client set ppp password client set active set 1 number set 2 number set ip routing on set ip route destination set ip rip version 2 set ip rip receive v2 set ip rip update linkup reboot
directory_number directory_number
765
4500
phone_number phone_number
0.0.0.0/0
gateway
PPP IPCP Negotiation Example
H9230
0.0.0.0
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.
Configuring DHCP Relay, DHCP Server, and PAT 5-5

DHCP Relay with IPCP Negotiation Example

Verify the Configuration

Y ou can use the show ip configuration all and show ip route all comman ds t o see the IPCP negotiation address.
DHCP Relay with IPCP Negotiation Example
This sectio n describes how to configure a remote Cisco 700 series router for DHCP relay with IPCP negotiation to a central-site router running Cisco IOS software.
Figure 5-2 is an illustration of the configuration used in this example.
Figure 5-2 DHCP Relay with IPCP Negotiation
DHCP
client
DHCP relay agent
ISDN network
Cisco 765
Cisco 765 Series Router Commands
Follo wing are the commands for conf i guring th e re mote Cis co 765 series router for DHCP Relay with IPCP Ne gotiation with a Cisc o 4500 router:
set system set dhcp relay set user set 1 number set 2 number set ip routing on set ip rip version 2 set ip rip receive v2 set ip rip update linkup reboot
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.
765
172.168.100.2
4500
phone_number phone_number
172.168.100.2Cisco 4500
DHCP server
H9231
5-6
Cisco700 Series Router Configuration Guide

Verify the Configuration

Verify the Configuration
You can use the show ip configu ration and show ip route commands to see the IPCP negotiation address.
You can use the show dhcp configuration command to see the IP address returned by DHCP.

DHCP Server with IPCP Negotiation Example

This section de scrib es how to configure a r emote Ci sco 700 series route r as a DHCP serv er with IPCP negotiation to a central-site router running Cisco IOS software.
Figure 5-3 is an illustration of the configuration used in this example.
Figure 5-3 DHCP Server with IPCP Negotiation
DHCP
client
DHCP server
Cisco 765
ISDN network
Cisco 4500
H9232
Configuring DHCP Relay, DHCP Server, and PAT 5-7
DHCP Server with IPCP Negotiation Example
Cisco 765 Series Router Commands
Follo wing are the commands for conf iguri ng the remote Ci sco 765 series router as a DHCP server with IPCP negotiati on with a Cisco 4500 router:
set switch NI-1
1
dir
4500
1
number
2
number
5551211 5551212
88855512110101 88855512120101 765
172.168.1.2 128
255.255.255.0
172.168.1.1
255.255.255.0
phone_number phone_number
172.168.1.1
set set 2 dir set 1 spid set 2 spid set system set dhcp server set dhcp address set dhcp netmask set dhcp gateway primary cd lan set ip address set ip netmask set ip routing on set user
set ip routing on
set active set set set ip routing on set ip rip version 2 set ip rip receive v2 set ppp address negotiation local on set ip rip update periodic reboot
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Verify the Configuration

When a call is made, you can use the show ip configuration all and show ip route all commands to see the IPCP negotiation address.
You can use the show dhcp configuration command to see the IP address returned by DHCP.
5-8
Cisco700 Series Router Configuration Guide

PAT with IPCP Single-Destination Negoti ation Example

PAT with IPCP Single-Destination Negotiation Example
This section descri bes ho w to conf igure a remote C isco 700 series router f or PAT with IP CP single-destination negotiation to a central-site router running Cisco IOS software.
Figure 5-4 is an illustration of the configuration used in this example.
Figure 5-4 PAT with IPCP Single-Destinati on Negotiation
Internal
FTP
server
10.0.0.2
10.0.0.1
IPCP negotiated
address assigned
profile
Cisco 765
ISDN network
Cisco 4500
PAT on
A
H9233
Private
network
Public
network
Configuring DHCP Relay, DHCP Server, and PAT 5-9
PAT with IPCP Single-Destination Negotiation Example
Cisco 765 Series Router Commands
Following are the commands for configuring the remote Cisco 765 series router for PAT with IPCP single-destination negotiation with a Cisco 4500 router:
set system set ip pat po ftp cd lan set ip address set ip netmask set ip routing on set user set active set 1 number set 2 number set ip routing on set ip rip version 2 set ip rip receive v2 set ip pat on reboot
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.
765
10.0.0.1
255.0.0.0
4500
phone_number phone_number
10.0.0.2

Verify the Configuration

When a de ma n d ca ll is made, yo u can use the show ip config all and show ip route all commands to see the IPCP negotiation address.
You can use the show ip pat command to see the services returned by PAT.
5-10
Cisco700 Series Router Configuration Guide

DHCP Server and PAT with IPCP Single-Destination Negotiation Example

DHCP Server and PAT with IPCP Single-Destination Negotiation Example
This section descri bes how to conf ig ure a remote Cisco 700 series router for DHCP server with PAT and IPCP single-destination negotiation to a Cisco 4500 seri es router running Cisco IOS software at a central site.
Figure 5-5 is an illustration of the configuration used in this example.
Figure 5-5 DHCP Server with PAT and IPCP Single-Destination Negotiation
ISDN network
Cisco 765
PAT on
Cisco 4500
H9234
Private
network
Public
network
Configuring DHCP Relay, DHCP Server, and PAT 5-11
DHCP Server and PAT with IPCP Single-Destination Negotiation Example
Cisco 765 Series Router Commands
Following are the commands for configuring the remote Cisco 765 series router for PAT with IPCP single-destination negotiation with a Cisco 4500 router:
set system set ppp secret client set ppp password client set dhcp server set dhcp address set dhcp netmask set dhcp gateway primary set ip pat porthandler ftp cd lan set ip routing on set ip address set ip netmask set user set 1 number set 2 number set ip routing on set ip route destination set ip address set ip netmask set ip pat on set active
765
172.168.99.1
255.255.255.0
4500
phone_number phone_number
0.0.0.0
0.0.0.0
172.168.99.2 128
255.255.255.0
172.168.99.1
172.168.99.3
0.0.0.0/0
gateway
0.0.0.0
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.

Verify the Configuration

When a de ma n d ca ll is made, yo u can use the show ip config all and show ip route all commands to se e the IPCP ne gotiati on address. Y o u can also use the show dhcp config and show ip pat commands to verify the configuration.
5-12
Cisco700 Series Router Configuration Guide

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example

DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example
This section descri bes how to conf ig ure a remote Cisco 700 series router for DHCP server with PAT and IPCP dual-destination PPP negotiation to two routers running Cisco IOS software.
Figure 5-6 is an illustration of the configuration used in this example.
Figure 5-6 DHCP Server with PAT and IPCP and Dual-Destination PPP Negotiation
DHCP server
ISDN network
Cisco 765
Cisco 4500
Cisco 2500
S5815
Configuring DHCP Relay, DHCP Server, and PAT 5-13
DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example
Cisco 765 Series Router Commands
Follo wing are the commands for conf iguri ng the remote Ci sco 765 series router as a DHCP server with PAT and IPCP multili nk PPP to two routers running Cis co IOS software:
set system set ppp secret client set ppp password client set dhcp server set dhcp address set dhcp netmask set dhcp gateway primary set ip pat porthandler ftp cd lan set ip routing on set ip address set ip netmask set user set ppp clientname set 1 number set 2 number set ip routing on set ip route destination set ip address set ip netmask set ip pat on set active set user set ppp clientname set 1 number set 2 number set ip routing on set ip route destination set ip address set ip netmask set ip pat on set active
765
172.168.99.1
255.255.255.0
2500
phone_number phone_number
30.169.100.1
255.255.255.0
4500
phone_number phone_number
173.100.10.1
255.255.255.0
172.168.99.2 128
255.255.255.0
172.168.99.1
172.168.99.3
2500
0.0.0.0/0
4500
120.50.40.0/0
gateway
gateway
30.169.100.2
173.100.10.2
5-14
Note If you create a mult ipl e desti natio n co nf igur ation wi th PA T ena ble d in bot h prof i les,
the IP route destination must be specified, using the set ip route destination com man d .
Cisco700 Series Router Configuration Guide

Verify the Configuration

When a de ma n d ca ll is made, yo u can use the show ip configuration all command to see the IPCP negotiation address.
You can use the show dhcp connections command to see the IP addresses retu rned by DHCP.
Verify the Configuration
Configuring DHCP Relay, DHCP Server, and PAT 5-15
DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example
5-16
Cisco700 Series Router Configuration Guide
CHAPTER
6

Configuring Re mote CAPI

This chapter pro vides procedures for confi guring Remote Common Applicat ion Programming Interface (CAPI) support on a Cisco 700 series router.
CAPI is an application programming interfa ce standard used to access ISDN equipment connected to Bas ic Rate Interfaces (BRIs ) and Pr im ary Rate Interfaces (PRI s). CAPI provide s a standar dized int erfac e that allo ws app lication programs to use ISDN driv ers an d controllers . One applica tion can use one or more contr ollers. Sev eral appl ications can s hare one or more controllers.
CAPI provide s a selection mechanism that suppor ts applicat ions that use dif ferent p rotocols at diff erent prot ocol le vels. CAP I also pro vides standar dized netw ork access by performing an abstraction from different protocol variables. All connection-related data, such as connection state, display mess ages, and so on, is available to the applications at any time.
The framing protoco ls supported by CAPI consist of High-Level Data L ink Control (HDLC), HDLC inverted, bit-transparent (speech), and V.110 synchronou s/ as ynchronous.
CAPI integra tes the following data link and network layer protocols:
Link Access Procedure on the D channel (LAPD) in accordance with Q.921 for X.25
D-channel implementation
Point-to-Point Protocol (PPP)
ISO 8208 (X.25 DTE-DTE)
X.25 DCE, T.90NL, and T.30 (fax group 3)
Configuring Remote CAPI 6-1

CAPI and RVS-COM

CAPI and RVS-COM
The Cisco 700 series router supports the ISDN De vice Control Protocol (I SDN-DCP) from RVS-COM. ISDN-DCP allows a workstation on the LAN to use le gacy dial compute r telepho ny integration (CTI) app lications. These applications incl ude fax transmitting and receiving and placing and receiving phone calls.
Using ISDN - D CP, the router acts as a DCP server. By default, the router listens f o r DCP messages on TCP port number 2578 (th e Internet-assigned number for RVS-COM DCP) on its LAN port.
When the route r rece iv e s a DCP message from a DCP c li ent (conne cted to t he LAN p ort of the router), the router processe s the message and acts on it. The actions c onsist of sending confir ma tions to the DCP clients and sending ISDN packets through the router BRI port.
When the router receives a packet on its BRI port for one of the DCP clients, the router formats the packet as a DCP message and sends it to the corres ponding client. The router supports all the DCP messages specified in the ISDN-DCP specification.
The router provides two 64-kbps B channels to CAPI clients. Each B channel can be config ured separately to work in ei ther HDLC mode or bit-transpar ent mode. For CAPI support, the higher layer protocols (B2 through B7) are transparent to the applications using these B channels.
6-2
The ISDN Core Engine of RVS-COM supports the fol lowing B channel protocols:
CAPI layer B1
64 kbps with HDLC framing64-kbps bit-transparent operation with byte framing from the networkT. 30 mo dem for fax group 3Modem with full negotiation
CAPI layer B2
X.75 SLP (ISO 7776) with V.42bis compression option (negotiated)V.120 with V.42bis compression option (negotiated)TransparentT. 30 mo dem for fax group 3
Cisco700 Series Router Configuration Guide
Modem with full negotiation
CAPI layer B3
TransparentT. 90NL with compatibility with T.70NL, according to T.90 Appendix IIISO 8208 (X.25 DTE-DTE) modulo 8 and windows size 2, no multiple logical
connections
T. 30 for fax group 3Modem with full negotiation
T.30 for fax group 3 (SFF file format [default], sending and receiving up to 14400 bps
with ECM option, modula tions V.17, V.21, V.27ter, V.29)
Analog modem (sending and receiving up to 14400 bps with V.42 error correction and
V.42bis compression option, modulations V.21, V.22, V.22bis, V.23, V.32, V.32bis)

Supported D-Channel Protoco l s

CAPI support is available only for the ISDN switch type Net3.
Supported D-Channel Prot ocols

Supported Applications

ISDN-DCP supports CAPI and non-CAPI applications. Supported applications consist of those that use one or two B channels for data transfer, different HDLC-based protocols, Euro File tra nsfe r , or fa x G4; also s upported are a ppli cati ons th at se nd bit -tra nsparent dat a, such as A/Mu lay audio, fax G3, analog modem, or analog telephones.

Remote CAPI Router Commands

The command s used in th is chapter have been added to the router user interface to support CAPI. Note that CAPI runs o n a remote ne twork de vice, not the route r; the Cisco 700 series router enables remote CAPI applications.
Configuring Remote CAPI 6-3
Configuring the Cisco 700 Router as an RCAPI Server
Configuring the Cisco 700 Router as an RCAPI Server
This section de scri bes how to configu re t he Cisco 700 series router t o be an RC API serv er. By default, RCAPI is disabled in the router. Enabling RCAPI causes the router to become
an RCAPI se r ver. When RCAPI is enabled, the router listens for i n coming RCAPI messages from PCs connected on its LAN side. By default, the router listens for RCAPI messages on TCP port 2578.
Figure 6-1 illustrates the confi guration used in this example. The PCs in the figure have RVS-COM softwa r e installed.
Figure 6-1 RCAPI Server Configuration Example
Local PC Remote PC
IP address
192.168.2.2
Local 7xx
router
IP address
192.168.2.1 Directory numbers 5554000/5552000

RCAPI Command Summary

Following is the command summa r y for configuring the RCAPI on the local Cisco 700 series router.
set rcapi on set dir set rcapi 1 number set rcapi server port reboot
5554000
5554000
2578
Remote 7xx
router
IP address
192.168.3.1 Directory numbers 5553000/551000
IP address
192.168.3.2
26547
6-4
Cisco700 Series Router Configuration Guide

Verify the Configuration

You can use the command show rcapi status to see the status of RCAPI server, the clients that are in the listening state, and the status of RCAPI calls:
local-router> show rcapi status Rcapi Sever ON Rcapi Server Port 2578 Rcapi Number(s) 5554000
CLIENT SESSION-ID LISTEN CONNECTION-ID TYPE CALL-STATUS
------------------------------------------------------------------------
192.168.100.3 16777218 ON
Verify the Configuration
Configuring Remote CAPI 6-5
Configuring the Cisco 700 Router as an RCAPI Server
6-6
Cisco700 Series Router Configuration Guide
APPENDIX A
Token Card and Cisco Secure Authentication Support
This appendix provides Token Card and Cisco Secure Authentication support concepts as they apply to the Cisco 700 series router. Cisco Secure Authent ication Agent supports single-user mode, which extends B channel authentication to a Cisco Secure Authentication Agent client.
T ok en car ds ar e consi dere d the most s ecure authe ntica tion s oluti on av ai lable . The re are two kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure Authenticat ion Agent only supports sync hronous token card, which does not need a challenge from a to ken server to generate a token.
Figure A-1 shows the connection between the client and the token server.
Figure A-1 Cisco Secure Authentication Agent Client-to-Token Server
Connection
LAN ISDN LAN LAN
10259
Cisco Secure AA
client
The following steps illust rate how a link is established using a profile:
Step 1 Demand tr affic or a ca ll command makes a connection. Step 2 The router sends a User Datagram Protocol (UDP) packet to a Token
Authorizati on agent (also known as Cisco Secure Authentication Agent), requesting a username and passw ord for PAP and CHAP. If T oken Aut horizatio n Support (TAS) is set to central, the router always sends the authentication inform ation request to the des i gnated client.
Cisco 700 NAS Authentication
Authorization
Accounting
Token Card and Cisco Secure Authentication Support A-1
Token server

Token Caching

Otherwise, the router sends the request to the source of the interesting packet recei v e d if t he i n ter esti ng pa ck et is an I P pa ck et . T he route r sends t he r equ est to the designated client if the interesting packet is not an IP packet.
Step 3 The agent software recognizes the UDP/IP packet and opens an authentication
window on the terminal. The user enters the username and token. The agent organizes the information into the PAP and CHAP username and password, based on the rout er conf igurati on. It then sends the use rname and pass word back to the ro uter as a rep ly packet.
Step 4 The reply packet is received, and the router opens an ISDN connection with
Network Access Server (NAS).
Step 5 The router negotiates all line-control protocol options, including which
authentication protocol to use (PAP or CHAP).
Step 6 Depending on whi ch aut hentic ation proto col is ne goti ated, the ro uter asse mbles
a PAP request or CHAP response packet and sends it to NA S. If authentication fails, NAS passe s the failure m es sage from authentication, authorization, and accounting (AAA) to the r outer. The router sends one more request to the agent with a messag e to re try onc e more . If a uthent icati on fails aga in, t he rout er se nds another PAP request with the pppautheninfotype parameter set to message-only to in f orm the Cisco Sec ur e Authentication Agent client that the authentication failed ag ain and that the router has stopped authoriz ation attempts.
Token Caching
Cisco 700 series routers do not do token cachi ng. A token is cached at the client, and the client sends the router the cached token in response to the authentication request from a link that uses a multilink PPP bundle. Wi th its built-in algorithm, the agent can also generate a new token, called a soft token, instead of prompting the user to enter a new hard token.
There are two authentication modes, PAP and CHAP local secret, shown in the following figures.
A-2
Cisco700 Series Router Configuration Guide
Figure A-2 PAP Client Packet
Token Caching
Client
username
token
Figure A-3 CHAP Local Secret
Client
username*token
PPP PAP Packet
username
token
Cisco 700 Series Router Configuration
authorization protocol = PAP local secret = N/A
PPP PAP Packet
MD5 (challenge, knock)username*token
Cisco 700 Series Router Configuration
authorization protocol = CHAP use local secret = Yes secret = knock
10260
10262
Token Card and Cisco Secure Authentication Support A-3
Token Caching
A-4
Cisco700 Series Router Configuration Guide

INDEX

Numerics
5ESS 3-6
A
Address Resolution Protocol
See ARP address, MAC 3-8 addressing, DHCP 5-2 AppleTalk 4-15 ARP, supported proto col 1-1 authentication 2-4
CHAP 3-4
PPP 3-8 autodetection
set autodetection command 3-5
troubleshooting 3-6
B
B channel 3-6 BCP, supported protocol 1-1 Bridge Con trol Protocol
See BCP bridging 3-7, 4-15
configuration example 3-7
interoperability issues 4-15
C
CAPI 6-1 cautio n description x cd command 2-5
Challenge Handshake Authentication Protocol
See CHAP changing a profile name 2-6 CHAP 3-10
authenticatio n 3-10
config uration example
IP static routing and callback 4-2 IP stati c routing with M LP 4-4 IP unnumbered routing with MLP 4-8
with Cisco IOS software 4-2, 4-4, 4-8 secret 3-4 supported protocol 1-2
Cisco Fast Step 1-3 Cisco Internetwork Operating System
See Cisco IOS
Cisco IOS
configuration vii, 4-1 Release 11.0(3) 4-14 Release 11.1 4-15 software, inter operability with IPC P and IPXCP 5-4 with bridging 4-15
Cisco IOS-700 software 1-2 command reference viii Common Application Program m ing Interface
See CAPI See Remote CAPI
configuration
bridging example 3-7 changing profiles 2-2 displa ying profiles 2-5 example
bridging 3-7
IP static and callback with CHAP 4-2
IP static with CHAP and MLP 4-4
IP static with PAP 4-6
IP unnumbered and CHAP with MLP 4-8
RCAPI 6-4
routing a Cisco 700 series router 3-9
rout in g IP an d IPX on- de m a nd 3-14
Index 1
routing to an ISP 3-9 ISDN PRI 4-1 line 3-5 options 1-3 port 1-3 profiles 2-1 Remote CAPI example 6-4 system level 2-2 Telnet 1-3 Web sources viii
connect io ns
ISP 3-9
creating profiles 2-5
D
deleting profiles 2-6 dema n d R IP 4-14 DHCP
clients 5-2 defa ul t gatewa y 5 -2 network addresses 5-2 relay 5-1
with IPC P ne go ti at ion 5-6 server 5-2
with IPC P ne go ti at ion 5-7
with PAT and IPCP dual-destination PPP
negotiation 5-13
with PAT and IPCP single-destination
negotiation 5-11
supporte d protocol 1-2
DMS-100 ISDN BRI switch 3-7 document conventions ix documentation viii documentation CD-ROM viii Dynamic Host Configuration Protocol
See DHCP
F
firewall 5-3
I
ICMP, supported protocol 1-1 image (software) 1-3 Integrated Services Digital Network
See ISDN Internal profile 2-4, 5-3 Interne t Control Message Protocol
See ICMP Interne t Packet Exchange Control Protocol
See IPXCP Interne t Protocol Cont rol Protocol
See IPCP Internet service p rovider
See ISP Interne tw ork Packet Exchange
See IPX interoperab il ity w ith Ci sc o IOS softw a re
bridging 4-15
IPCP and IPXCP 5-4
multili nk PP P en ca p sulatio n 4-1 4 IP 3-14, 3-17
config uration example
IP static and callback with CHAP 4-2 IP static with CHAP and MLP 4-4 IP static with PAP 4-6 IP unnumbered and CHAP with MLP 4-8 rout in g IP an d IPX on- de m a nd 3-14
DHCP
network addresses 5-2 relaying configuration information 5-1
unnumbered IP address 3-9 IPCP
interoperability 5-1
supported protocol 1-1
Cisco 700 Series Rout er Configuration GuideIndex 2
IPX 3-14, 3-17
configuration example, routin g IP and IPX
on-demand 3-14
IPXCP
interoperability issues 5-1 supporte d protocol 1-1
ISDN
BRI number 3-6 PRI configuration 4-1
ISDN Device Control Protocol
See ISDN-DCP ISDN-DCP , supported protocol 1-2 ISP, connections 3-9
L
N
NCP 3-11 NetBIOS 4-15 network add ress
DHCP 5-2 space limitations 4-15
Network Control Protocol
See NCP NI1 switch 3-7 nonvolatile random access memory
See NVRAM note, description x Novell IPX 4-15 NVRAM 2-1
LAN
Ethernet 10B aseT connection 3-2
profile 2-4 LCP 3-11 line configuration 3-5 Link Control Protocol
See LCP
M
MAC address table 3-8 MLP, confi guration example
IP static routing with CHAP 4-4
IP unnumbered routing wi th CH A P 4-8 MLPPP
encapsul ation 4-14
supporte d protocol 1-1 Mult il i nk Point-to- Point Pr otocol
See MLPPP
O
operati ng system (router) 1-1 overview of Cisco 700 series routers 1-1
P
PAP 3-4
config uration example
IP stati c routing 4-6 with a router running Cisco IOS sof tware 4-6
supported protocol 1-1
Password Authentication Protocol
See PAP PAT with IPCP single-dest ination negotiation 5-9 PAT, supported protocol 1-2 permanent profiles 2-4, 2-6 Point-to-Point Protocol
See PPP Port Address Translation
See PAT
Index 3
PPP 3-11
configuration example
routin g IP and IPX on-demand 3-14 IP and IPX ro uting 3-14 IPCP negotiation 5-5 multil in k enc a ps u la tio n, intero p er ab i lity 4-14 supporte d protocol 1-1
private IP addresses 5-3 profil e-level parameters 2-1 profiles
active 2-2, 2-6 changing a profile name 2-6 creating 2-5 definition 3-2 deleting 2-6 displaying configurations 2-5 inactive 2-2, 2-6 on-demand 2-2 parameters 2-2 permanent 2-4
Internal 2-4
LAN 2-4
Standard 2-4 redefin ed values indi cator 2-5 removing parameters 2-5 system mode parameters 2- 3 user-defined 3-10 using with the routers 2-1 to 2-7
protocols supported 1-1
Q
quick reference viii
R
release notes for Cis co IO S 700 software viii Remote CAPI 6-3
configuration 6-4 config uration example 6-4
TCP port 6-4 Remote CAPI, su pported protocol 1-2 Remote Common App lication Programmers Interface
See RCAPI removing profile parameters 2-5 reset user command 2-6 RIP
dynamic routing protocols 4-14
PAT enabled 5-3
supported protocol router manuals viii routing
config uration example
bridging 3-7 central site 3-11 routing a Cisco 700 series router 3-9 rout in g IP an d IPX on- de m a nd 3-14 routing to an ISP 3-9
Routing Inf ormation Protocol
See RIP
S
SAP, supported protocol 1-1 secret, CHAP 3-4 Service Advertisement Protocol
See SAP set autodetectio n com mand 3-5 set default command 3-4 set ip framing command 5-4 set ip rip update command 4-14 set ppp multilink command 4-14 set profi le user comma nd 2-6 set switch command 3-6 set user command 2-3 show commands, defined 2-5 show configuration command 3-3
Cisco 700 Series Rout er Configuration GuideIndex 4
show dhcp configuration 5-7 show dhcp connections 5-15 show ip configuration command 5-6 show ip route command 5-6 show rcapi status command 6-5 Simple Network Management Protocol
See SNMP commands SNMP, supported protocol 1-2 software image 1-3 software, Cisco IOS-700 1-2 SPIDs 3-6
autodetection 3-5
definintion 3-5
troubleshooting 3-6 supported protocols 1-1
ARP 1-1
BCP 1-1
CHAP 1-2
DHCP 1-2
ICMP 1-1
IPCP 1-1
IPXCP
ISDN-DCP 1-2
MLPPP 1-1
PAP 1-1
PAT 1-2
PPP 1-1
RCAPI 1-2
RIP
SAP 1-1
SNMP 1-2
TFTP 1-2 system mode
configuration parameters 2-2
parameters 2-1
T
TFTP server 1-2 TFTP, supported protocol 1-2 timesaver, description x Triggere d RIP 1-2 Trivial File Transfer Protocol
See TFTP
U
unnumbered IP address 3-9 unroutable protocols 4-15 unset command 2-5
W
WAN ISDN ports 3-2 World Wide Web viii
Index 5
Loading...