Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
408 526-4000
Tel:
800 553-NETS (6387)
Fax:
408 526-4100
Text Part Number: OL-0184-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO B E ACCURATE BUT ARE
PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR
APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION
PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO
LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environm ent. This equ i pm ent generates , uses, and can radiate radio-frequency energy and, if not installed and used
in accordance with the instruction manual, may cause harmful interference to radio communications. Opera tion of this equipment in a residential area is
likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency
energy. If it is n ot installed in accor dance with Cisco’s insta llation instruction s, it may cause interference wit h radio an d television r eception. This equipment
has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These
specifications are designed to provide reasonable protection against such interfer ence in a resident ial installation . However, there is no guarantee that
interference will not occur in a particular installation.
Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or
Class B digi tal dev ice s. I n tha t ev ent , y ou r r i ght to us e th e e q uipm ent ma y be li mite d by F CC r e gul at ions , a nd yo u m ay be requ ired to cor rect any interference
to radio or televi sion commu nications at your own e xpense.
You can determine whether your equ ipment is cau sing interfere nce by turning it o ff. If th e interference s tops, it was probably caused by the Ci sco equipment
or one of its peripheral devices. If th e equ i pm ent causes interference to radio or television reception, try to correct the interference by using one or more of
the following measures:
• Turn the television or radio antenna until the interference stops.
• Move the equipment to one side or the other of the televisi on or radio.
• Move the equipment farther away from the television or radio.
• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment an d the tele vision or radio
are on circuits controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (U CB ) as part of
PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED
OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL
DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Access Registrar, AccessPath, Any to Any, AtmDirector, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, the Cisco logo, Cisco Certified
Internetwork Expert logo, CiscoLink, the Cisco Management Conne ction logo, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems
Capital, the Cisco Systems Ca pital logo, Cisco Systems Networking A cademy, th e Ci sco Technologies l ogo, ConnectWay, ControlStr eam, Fast Step,
FireRunner, GigaStack, IGX, JumpStart, Kernel Proxy, MGX, Natural Network Viewer, NetSonar, Network Registrar, New World, Packet, PIX, Point and
Click Internetworking, Policy Builder, Precept, RouteStream, Secure Script, ServiceWay, SlideCast, SMARTnet, StreamView, The Cell, TrafficDirector,
TransPath, ViewRunner, VirtualStream, VisionWay, VlanDirector, Workgroup Director, and Workgroup Stack are trademarks; Changing the Way We
Work, Live, Play, and Learn, Empowering the Internet Generation, The Internet Economy, and The New Internet Economy are service marks; and Asist,
BPX, Catalyst, C isco, C isco IO S, the Cisco IO S logo, Cisco Systems, the Cisco System s logo, the Cis co Syst ems Cis co Press logo, Enterprise/Solver,
EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, FastSwitch, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Registrar,
Strata View Plus, Stratm, TeleRouter, and VC O are registered trademar ks of Cisco Systems, Inc. in th e U.S. and certain other countries. All other trademarks
mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationshi p be twe en Cis co
and any of its resellers. (9906R)
Configuring the Cisco 700 Router as an RCAPI Server6-4
RCAPI Command Summary6-4
Verify the Configuration6-5
Appendix AToken Card and Cisco Secure Authent ication Support A-1
Token CachingA-2
vi
Cisco 700 Series Router Configuration Guide
About This Manual
This chapter discusses the organization, relate d docum entation, and convention s of the
Cisco 700 Series Router Configuration Guide.
This document is organized as follows:
• Chapter 1, “Overview,” provides a brie f overview of Cisco IOS-700 software and
supported protocols.
• Chapter 2, “Using Profiles with Cisco 700 Series Routers,” describes a set of
user-def i ned parame ters group ed in a customize d prof ile and assoc iate d with a specif ic
remote device.
• Chapter 3, “Basic Configurations,” describe s how to connect a Ci sco 700 series router
to an Internet service provider (ISP) or to a cent ral site, such as your company network.
• Chapter 4, “Using CHAP,” describes how to connect a Cisco 700 series router to a
router running Cisco IOS software.
• Chapter 5, “Configuring DHCP Relay, DHCP Server, and PAT,” describes ho w to
config ure Dynamic Host Conf i gurati on Prot ocol (DHCP ) relay, DHCP server, an d Port
Address Translation (PAT) on the Cisco 700 series router.
• Chapter 6, “Configuring Remote CAPI,” describes ho w to configure Remote Common
Application Programmers Interface (CAPI) and the ISDN Device Control Protocol
(ISDN-DCP) on the Cisco 700 series router.
• Appendix A, “Token Card and Cisco Secure Authentication Support, ” describes the
Token Card and Cisco Secure Authentication Support security features.
About This Manual vii
Related Documentation
Related Documentation
The followi ng documentation is al so provided with your Cisco 700 series router:
• Release Notes for Cisco 700 Series Router S oftware pr ovides the latest infor ma tion on
the router software . Release notes for previous versions of the soft ware are on the
Cisco Documentation CD-ROM and the Cisco Web site.
• Cisco 760 Quick Reference Guide and Cisco 770 Quick Referenc e Guide provide
hardware installation ins tructions and forms to assist you in gathering configuration
information. Ea ch guide includes a Cisco 700 Fast Step CD-ROM.
• Cisco 700 Series Router Command Reference provide s details of all router comm ands .
The document is available on the Cisco Documentation CD-ROM and the Cisco Web
site in HTML format.
• Cisco 700 Series Router Installation Guide provides instructions for cabling the
Cisco 700 series router. The document is available on the Cisco Documentation
CD-ROM and the Cisc o Web site in HTML format. A paper copy of the document is
provided with your router.
Additional Cisco documentation and literature are available in a CD-ROM package that
ships with your Cisco 700 series router. The Documentation CD-ROM, a member of the
Cisco Connecti on famil y , is update d monthly. Therefore, it may be more up to dat e than the
printed document ation. T o order additi onal copies of the Documentati on CD-ROM, conta ct
your local sales representative or call customer service. You can also access Cisco
documentation on the World Wide Web at http://www .cisco.com,
http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco 700 series router configur ation information can be foun d at
http://www.cisco.com/warp/public/779/s mbiz/service/configs/700_configs. htm and
http://www.cisco.com/warp/c propub/67/sample.html
If you are reading Cisco product documentati on on the World Wide Web, you can submit
comments electronically. Click Feedback in the toolbar, and s elec t Doc ume ntation. After
you complete the form, click Submit to send it to Cisco. We appreciate your commen ts.
viii
Cisco700 Series Router Conf iguration Guide
Con ven tions
This publication uses the following conventions to convey instruc tions and information:
• The caret character (^) represents the Control key.
For exampl e, the k ey combina tions ^D and Ctrl -D are equi v alent: Bot h mean hold do wn
the Control key while you press the D key. Keys are indic ated in capitals, but are not
case sensitive.
• A string is defined as a nonquoted set of characters.
There are a f e w st rings t hat i ncl ude quot ation marks as part o f th e st atement . The refore,
common practice is not to include the quotation marks unless the y are included in the
statement. For example, set the SNMP community st ring to public does not use
quotation marks around the string “public” because when you enter the string, you
would not include the quotation marks.
Command descriptions use these conventions:
• Ve r ti ca l b ar s ( | ) se pa r at e al ternative, mu tu ally exclu s ive, elements.
• Variables for which you supply values are in italic.
Conventions
• Examples that contain system prompts denote interactive sessions, indicating the user
enters the command at the prompt. The system prompt indicates the current command
mode. For example, the prompt rout er:2503> indicate s profile mode. The exception is
when a list of commands is provided in an example configuration; the prompt is not
shown for the sake of clarity.
• Fixed inf ormation you enter i s in boldface screen font . Variable infor matio n you
enter is in it alic.
• Terminal session s and information the system di sp lays are in screen font.
• Nonprinting chara cters, such as passwords, are in angle brackets (< >).
The command synt ax contain s a combin at ion of bold a nd re gula r upperca se and lo we rcase
alphanumeric charac ters. You can enter the full te x t of the commands , or you can ente r the
abbre viate d form . The abbr ev iated f orm con sis ts of t he fi rst ch ara cters in ea ch wor d, sh own
in uppercase bol d in the c ommand synt ax. T he uppe rcas e bold cha racte rs ar e the mini mum
you must enter for the command to be recogni zed and executed.
About This Manual ix
Conventions
12
93
6
The actual c ommands you e nt er are not case sens iti v e. T he capit al izat ion and b old type ar e
used in this manual only to dif ferentiate the characters requ ired for th e abbreviated for ms
of commands.
For example, The syntax of the set system command is as fol l ows:
SEt SYstemname [systemname]
The complete version of the set system command can be entered at the command prompt
as foll ows :
>set systemname
systemname
systemname
>
The abbreviated version of th e sam e comm and can be entered as follows:
>se sy
systemname
Note Means reader take note. Notes contain helpful s uggestions or refer ences to m ateria ls
systemname
>
not contained in this manual.
Timesaver This symbol me ans the described action saves time. You can save
time by performing the action described in the paragraph.
Caution This symbo l means reader be careful. In this situation, you mi ght do
something that could re sult in equipment damage or loss of data.
x
Cisco700 Series Router Conf iguration Guide
Overview
Cisco 700 series routers co nnect small off ice Et hernet LANs t o corporat e networks through
Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) lines. After
config uration, the router automatically routes packets to and from remote destinations
using IP or Internetwork Packet Exchange (IPX).
The Cisco 700 series router is a fixed co n fig u r at io n router. The rout er operating sys t e m is
called Cisco IOS-700 software and is unique to the Cisco 700 series router.
Supported Protocols
The Cisco 700 series routers support the following protocols :
• IP
CHAPTER
1
• IPX
• Internet Protocol Control Protocol (IPCP)
• Internet Control Message Protocol (ICMP)
• Internetwork Packet Exchange Control Prot ocol (IPXCP)
• Point-to-Point Protocol (PPP)
• Bridge Control Protocol (BCP)
• Multilink PPP (MLPPP)
• Address Resolution Protocol (ARP)
• Service Advertisement P r otocol (SAP)
• Password Authentication Protocol (PAP)
Over view 1-1
Software Images
• Trivial File Transfer Protocol (TFTP server)
• Simple Network Management Protocol (SNMP)
• Routing Information Protocol (RIP) for IP and IPX
• Trigge red RIP for IP
• Challenge Handshake Auth en ticatio n Protocol (CHAP)
• Dynamic Host Configuration Protocol (DHCP)
• Port Address Translation (PAT)
• Remote Common Applica tion Programmers Interf ace (RCAPI)
• ISDN Device Control Protocol (ISDN-DCP)
Software Images
The Cisco 700 Series routers run a proprietary Cisco soft ware (Cisco IOS-700 software)
image, which is different than traditional Cis co IOS software. The image you use varies,
depending on the region in which the router is used and what feature set you desire. The
image name, fo r exa mple, c 760-in. r- TPH.43-1. bin , design at es the re gion and featu res. The
regio n s are as follows:
1-2
• US for use in North America
• NET3 for use in Europe
• TR6 for use in Germany
• INS for use in Japan
• TPH for use in Australia
The features are in d icated as follo w s:
• Internet Ready (IP onl y, 30 users with data compression on) images have a "b"
designati on.
• Internet Re ady X.25 (IP only , 30 LAN de vices, compression, X.25) images have a "bxd"
designati on.
Cisco700 Series Router Command Reference
Administrati ve Configuration Options
• Remote Office (IP/IPX, 1500 LAN devices, compression) images have an "r"
designation.
• Remote Off ice X.25 (IP/IPX, 1500 LAN devices , compression, X.25) images have an
"rxd" designation.
So the example image named "c760-in.b-TPH.43-1.bin" is a Serie s 760 router image
software Release 4.3(1) with the Internet Ready feature set for Australia. (All Cisco 700
series routers run Series 760 rout er im ages. There are no Series 770 router im age s.)
You can verify the image loaded on your router by entering the
command-line prompt. The following examp le shows a router running a Cisco 760 (c760)
image for the United St ates (US), rel ease 4.0(1), and u sing the Remote Off ice (r) fea ture set:
guest> version
Software Version c760-in.r.US 4.0(1) - Jan 14 1997 19:00:23
Cisco 766
ISDN Stack Revision US 2.10 (5ESS/DMS/NI-1)
Administrative Configuration Options
You can configure routers through the configuration port or across an IP network using
Telnet. In addition, Cisco IOS-700 software supports Cisco 700 Fast Step software
applications. These tools are on the Ci sc o700 Fast Step CD-ROM in the Cisco 700 Quick Reference Guide.
version command at the
Over view 1-3
Administrati ve Confi guration Options
1-4
Cisco700 Series Router Command Reference
CHAPTER
2
Using Profiles with Cisco 700
Series Routers
A profile is a set of configuration parameters associated with ports on the router or WAN
devices.
This chapter contains the following sections:
• Profile Overview
• System and Profile Parameters
• Creating and Modifying Profiles
• Incoming Calls
• Outgoing Calls
Profile Overview
There are two modes in which you can set parameters, the system mode and the profile
mode. System m ode parameters affect the configur ation on a global level. Profi les are sets
of local parameters. Profile mode parame ters affect how the router handles the connection
to a device.
You do not have to reconfigure the router every time you connect to a different de vice.
Instead of using one set of configuration parameters for all devices, you can use different
profiles to communicate with a variety of devices.
For e xample, you can creat e a user -d ef ined prof i le c alled 250 0 that conta in s the para meters
to be used when communicating with a Cisco 2500 series router over the WAN. You can
customize your Cisco 700 series router to maintain up to 17 user -defined profiles. P r ofiles
are saved in the Cisco 700 series router nonvolatile RAM (NVRAM).
Using Profiles with Cisco 700 Series Routers 2-1
System and Profile Parameters
In addition to user-defined profiles, there are three permanent profiles, Internal, LAN, and
Standard. The Internal profile stores parameters used to communicate between the LAN
and WAN ports on the Cisco 700 series router . The LAN profile stores paramet ers that
config ure the LAN port on the router. The Standard profile is the defaul t profile. If
authentication is not requir ed and the destination device you are connecting to does not
have a user-defin ed profile, the router uses the Standard profile.
Profiles and Connections
Profiles are either active or inactive. An active profile creates a virtual connection to the
remote device associated with th e profile. A virtual connection is a connection without
physical channels. After creating a virtual connection, an on-demand call can be made to
the asso ciated rem o t e d evice to estab l ish a physical connection.
A physical connection is a dynamically created pipeline of packets from the Cisco 700
series router to a switch on the WAN. All connections are associated with the profile that
defines the configuration of the connecti on.
Virtual and physica l connections behave similarly; the diffe r ence is that physical
connections forw ard packet s to the WAN. Virtua l connections monitor packet tr aff ic on the
LAN until a deman d filter “sees” that a pa cket is destined f o r the WAN and initiates a call
to the switch, opening the physical connection. Once the call is established, the virtual
connection be com es an active physical connection, and the packets move through the
pipeline.
System and Profile Parameters
The system is composed of both system mode parameters, user-defined profiles, and
permanent profiles. System mode parameters can be changed only in system mode. The
prompt indicates you are in system mode by displaying nothing or the route r name. An
example of the prompt is shown below:
Router_name>
If you are in profile mode, the profile name appears on the prompt, sepa rated from the
system name by a colon (:). An example of the prompt is shown below:
Router_name:Profile>
2-2
Cisco700 Series Router Configuration Guide
All profi les are based o n the profil e templa te and inherit the system-le v el valu es. When you
create a new profile, its default values ar e taken from the p r ofile template.
System Mode Parameter Set
System mode parameters affect the r o u ter as a system. Table 2-1 lists the system
parameters.
T able 2-1System Para meter Set
Caller ID pa ra m e tersCall wait in gPPP
Date and timeCountry gr oupScreen l ength
Directory number(s)Address age timeScreen echo
Delay ti meLocal and remote acces sSNMP
Forwarding modePhone 1 and 2SPIDs
Multid es tinatio n di a lin gPPP clie nt pa sswordSwitch typ e
Numbering planPPP clien t secretSystem password
PatternsVoice priorityPower Source 1 detect
Passt hruCompressionSystem name
PPP auth e nt ic ation
1PPP = Point-to- P oint Protocol
2SNMP = Simple Network Management Protocol
3SPID = service profile identifier
System Mode Parameter Set
1
parame ters
2
parameters
3
Profile Mode Parameter Set
Changes made to profile mode parameters in system mode affect the profile template.
When a profile is cre ated, it in herits the matchi ng system mode paramet ers from the profi le
template. Any changes to parameters in profile mode apply only to that profile. Changes
made to prof ile par ameters in s ystem mode are stored in th e prof ile templa te. When you use
the set user command to create a user-defined profile, the default parameters for the new
profile are taken from system mode.
Using Profiles with Cisco 700 Series Routers 2-3
System and Profile Parameters
Table 2-2 lis ts the parameters that can be conf igured in a profile.
Table 2-2Profile Parameters
BridgingLine speedPPP authentication (outgoing)
Ringback numberAuto callingAll IP parameters, including filters
Passt hroughDemandPAP password (client and host)
LearningTimeoutAll IPX parameters, including filters
Subnet maskCalled nu mberCHAP secret (client and host)
Protoco lEncapsul ationBridge f ilters (a ddress, typ e, and user- defined)
Loopback
Permanent Profiles
Cisco 700 series routers contain three permanent profiles . Permanent profiles can be
modified, but they cannot be deleted. The permanent profiles are as follows:
LANDetermines ho w data is passed from the router to the LAN. This profile
is commonly used for connec tions made directly to the local network.
2-4
InternalDetermines ho w dat a is pass ed bet ween the bridge e ngine a nd the IP/ IPX
router .
StandardThe default profile. If authent ication is set to non e and a profile does not
exist for the WAN switch, the r outer uses the St andard profile b y default.
If authentication is required and no prof ile is found, the call is drop ped.
The decision to use the LAN or Internal profile involves some knowledge of your network
design and whether you are bridging or routing t o remote sites (or a combination of both).
It is be st t o use the LAN prof il e inst ead of th e Inte rna l prof il e to si mplif y t he con f igurati on.
You can easily associate the LAN profile with the Ethernet interface and the user-defined
profiles with the ISDN interface.
Sometimes situations arise (very infrequent) where you must rou te a protocol to one site
and bridge the same protocol to another site. Simply leave the LAN profi le as a bridging
profile, and use the Internal profile for all routed protocol information.
Cisco700 Series Router Configuration Guide
Creating and Modifying Profiles
A new profile is created with the set user command. When you create a ne w profile, you
automa tically enter profile mode for that profile. The followin g example creates a user
profile called tomd. Enter the set user command to create a profile using the profile
template for the default values of the parameters, as follows:
Host> set user
Host:tomd>
Notice that th e profi le mode is indi cated by th e prompt, which appe ar s as the sys tem name
and the profile name, separated by a colon. While this prompt is displayed, modifications
to the para meters only affec t the parame ters in the profi le. The ch anges do n ot affe ct system
mode parameters or other profiles.
The cd command is used to change to system mode or to another profile. Following is an
exampl e of th e cd command used to change to a perm anent pro file called LAN:
Router_name> cd LAN
Router_name:LAN>
Note that the prompt include s the name o f the profi le. You can now modi fy the LAN prof ile
parameters.
tomd
Creating and Modifying Profiles
Displaying Profile Configuratio ns
The show commands dis play the values as sociated with a prof ile parameter in prof ile mode.
The commands work in system mode to show the valu es associated with parameters i n the
profile template.
In profile mode, some show commands only display profile paramete rs . Parameter values
that have been redefined in profile mode are indic ated with a <*>. All other paramete r
values ar e in h erited fr o m th e pr ofi l e te m p la te.
Removing Profile-Based Values
You can remove any parameter value within a profile with the unset command. The
parameter you removed inherits its value from the system mode.
Using Profiles with Cisco 700 Series Routers 2-5
Incoming Calls
In the following example, the profile parameter number is removed from the profile by
using the unset command:
Host:Profile> unset number
Deleting Profiles
The reset user comman d deletes a user-defined pr o file fr o m th e r outer. The three
permanent profiles (LAN, Internal, and Standard) cannot be deleted. This command also
closes any conne ction associated with the profile.
In the followi ng example, the tomd profi le is removed from the system by using the
resetuser command:
Host:Profile> reset user tomd
Changing Profile Names
The set profile user command changes the name of an existing profile. Enter this
command while i n prof ile mode for the profi le you wa nt to affec t. In the follo wing e xample,
the profile name is being changed from 2500 to 4500:
766:2500> set profile user 4500
766:4500>
Incoming Calls
When th e ro ut e r re c eives an incom in g call, the rou t er s ea r ch es both act ive and inactive
profiles for a profile with the same name as the calling de vice. If it finds a profile with the
matching user ID, the router uses the conf iguration parameters of that profile while
communicating with the remote device. If the profile is inactive, it is automa tically
activated for the duration of the connection.
When the call is finished, the physical link between the two devices is disconnected.
However, the virtual conne ction to the remote router might be configured to remain acti ve.
2-6
Cisco700 Series Router Configuration Guide
If the profile is configured to remain active after a link disconnects, a virtual connection
remains. The vir tual c onnect ion monit ors t he LAN t raf fi c. If pa cket s dest ined for th e WAN
are detected, the router opens up the physical connection and forwards the packets.
If the profi le is configur ed to become inacti ve after a link dis connects, both the physical link
and the virtual conne ction to the remote router ar e disconnected until another call is
received f rom the same remote router.
Outgoing Calls
Outgoing calls requi re that the associated user- defined profiles be set to active, th at the set
auto command be on, a nd t hat a phone number to c all be stor ed in th e pr of ile. If the pr of il e
is inactive, a number to dial is not available to the router.
Outgoing Calls
Using Profiles with Cisco 700 Series Routers 2-7
Outgoing Calls
2-8
Cisco700 Series Router Configuration Guide
CHAPTER
3
Basic Configurations
This chapter conta ins basic conf iguration e xamples for connecti ng a Cisco 700 series router
to an Internet service provider (ISP) or to a central site, such as your co mpany network. It
is assumed t hat your rout er is cable d as describe d i n the Ci sco 700 Quick Ref er enc e Guide.
Before you proceed with the examples in this chapter, have the information regarding
ordering the ISDN li ne an d the connection information in the Cisco 700 Quick Reference Guide (shipped with your router package) available.
The chapter is written so that a kno wledge able begi nne r can perform a basic config uratio n
of the router, guided by the examples. Expl anations are kept to a mi nimum, but the y do
show how the individual commands fit into the framework of a configuration.
This chapter has the following sections:
• Basic Configuration Concepts
• Starting Point
• Setting SPIDs Manually (North America only)
• Bridging with a Cisco 700 Series Router
• Routing IP with a Cisco 700 Series Router to an ISP
• Routing IP to a Central Site
• Routing IP and IPX On-Demand
Basic Configuration Concepts
The information in this se ction describes basic networking concepts as they relate to the
Cisco 700 series router and the examples presented. If you have some experience with
Cisco 700 series routers, you can skip this section.
Basic Configura ti ons 3-1
Basic Configuration Concepts
Bridges and Routers
Routers forward packets on to specific network segments based on a logical network
address, reducing network traff ic by kee ping unnecessary pack ets off network s egments by
only forwarding packets to segments as required.
A bridge joins individual network segments into a single network. The bridge floods
packets on to all the network segments it is connected to. In other words, bridges offer
simplicity and routers offer a greater degree of control. Cisco 700 series routers can
function as a bridge and a router.
Profiles
Profiles are logically organized sets of commands for each connection that can be
customized and stored independently. This allows you to conf igure your router for more
than one connec tion. There are two types of profiles , permanent and user-defined. The Cisco 700 Series Router Co mmand Ref erence publication cont ains a n e xten si v e discus si on
on profiles. It is important to understand the use of profiles before attempting to configure
your router.
LANs and WANs
Cisco 700 series routers have a “LAN side” and a “WAN side.” The LAN s ide of the route r
is the Ethernet 10BaseT conne ction wher e your computer (or another short-ra nge networ k
device ) is connected to the router. The WAN s ide is ISDN. The configuration commands
can affect function on one or both sides of the router . Which side i s affected depends upon
the command and the pr ofile containing the command.
3-2
Cisco 700 Series Router Configuration Guide
Current Configuration
You can display the current configuration at any time using the show configuration
command. If you is sued the c ommand i n sys t em mode , sy stem mode comma nds di spla y. If
you issue the command in profile mode, profile mode commands display. An asterisk (*)
next to a v alue ind icate s the v alue has been m odif ie d from t he d ef ault v a lue. The c ommand
is entered as follows:
>show config
Basic Configura ti ons 3-3
Basic Configuration Concepts
The following sample display shows output for the Cisco 700 series routers, from the show
configuration command in system mode:
Host> show config
System Parameters
Environment
Screen Length 20
Echo Mode ON
CountryGroup 1
Bridging Parameters
LAN Forward Mode ANY
WAN Forward Mode ONLY
Address Age Time OFF
Call Startup Parameters
Multidestination OFF
Line Parameters
Switch Type5ESS
Call Parameters Link 1 Link 2
Retry Delay 30 30
Profile Parameters
Bridging Parameters
BridgingON
Routed Protocols
Learn Mode ON
PassthruOFF
Call Startup Parameters
Encapsulation PPP
Line Parameters
Line Speed AUTO
Numbering PlanNORMAL
Call Parameters Link 1 Link 2
AutoON ON
Called Number
Ringback Number
Remote and Central Sites
In the e xampl es, the Cisc o 700 series router you a re conf igur ing is referre d t o as the remote
router. This is strictly for identif ication purposes and does not have anything to do with
geography or the physical location of the router.
3-4
Cisco 700 Series Router Configuration Guide
Passwo rd and Secr et
There a re s e ve ra l ty pes of a uth ent ic at ion, su ch as P as sw ord Au t hen ticat ion Pr oto col (PAP)
and Challenge Handshake Authentication Protocol (CHAP). To avoid confusion, the PAP
password is r eferred t o a s pass word, and t he CHAP s ecre t pass word is referre d to a s secret.
The PAP password is pl ain text. The CHAP secret is encrypted.
Additional Reference
For more informati on on the commands, basics of networking, profiles and so forth, refer
to the Cisco 700 Series Router Command Refer ence publication. The Cisco 700 Series Command Reference publication also contains advanced configuration examples.
Starting Point
This section shows how to set the router to default values and provide basic configuration
information use d in all configurati ons. All of the example configuration s assume default
valu es unless otherwise indi cated.
Step 1Use the set default com mand as f ollo ws to be s ure tha t you begin wi th all default
values when co nfiguring your router:
> set def
System-le ve l paramet ers and the pa rameter s in the pe rmanent prof i les ar e set to
their default values. Existing user-defined profiles are d eleted and the router
reboots.
Step 2Enter the set directorynumber command (usually a te n-digit local num ber with
no spaces or dashes) to set the ISDN dire ctory numbers.
>set 1 directory number 4085551234
>set 2 directory number 4085551235
You are ready to set Service Profile Identifier (SPID) au tomatic detection. A SPID is a
number provided by the ISDN carrier to identify the line configuration of the BRI service.
Each SPID points to li ne setup and configuration information.
Basic Configura ti ons 3-5
Starting Point
Setting a SPID is des cribed in the section “Setting SPID Autodetection (North America
only)” in this chapter (recommended if you are connecting to a service provider where the
ISDN switch t ype is DMS-100 or National ISDN-1 (NI1)) or to enter the SPIDs manually,
as describe d in t he sect ion “ Settin g SPI Ds Manua lly (North Ame rica onl y)” in this chapt er.
Setting SPID Autodetection (North America only)
If the servi ce pro vi der IS DN swi tch t ype is DMS-100 or Nati onal IS DN-1 (NI1), the rou ter
supports an automatic SPID detection feature. This section descri bes how to set the
autodetec tion feature . If the switch type is 5ESS Custom PPP, do not enter SPIDs; go to the
next section.
Enable automatic SPID de tection feature as follows:
>set autodetection on
Once you enable the autodetection feature, wait for the router to complete the process. This
process might take seve ral minutes to complete. When autodetection is successful, the
follo wing messages display:
>L761Auto Spid Detect Successful 5ESS
>L761 055512340 Auto Spid Detect Successful
>L762 055512350 Auto Spid Detect Successful
3-6
No additional procedures are required. You can now enter specific configuration
information.
If autodetection fails, the following message disp lays:
>L84 Manually enter spids and set autodetection off
In this event, set autodetection off by using the set autodetection command and continue
with the section “Setting SPIDs Manually (North America only)” to enter SPIDs manually.
Cisco 700 Series Router Configuration Guide
Setting SPIDs Manually (North America only)
SPIDs can b e detected auto m atically usi ng the set autodetection command, or SPIDs ca n
be entered manually, as described in this section.
If the service provider switch type is 5ESS Cust om PPP, you do not need to ente r SPIDs ;
go to the next section. If the service provider switch type is DMS-100, National (NI1) , or
5ESS Multipoint, continue with this section.
To enter the SPIDs assigned by your ISDN service provider, take the following steps:
Step 1Enter the set switch command to configure the ISDN switch type that is being
used with your ISDN line:
> set switch dms
Step 2Enter the set spid command to set the router’ s SPID numbers:
> set 1 spid
> set 2 spid
You are ready to configure the router for a specific routing environment.
An AT&T 5ESS switch can support up to eight SPIDs per BRI line. Because multiple
SPIDs can be applied to a single B channel, multiple services can be supported
simultaneou sly. For example , th e f irst B ch annel c an be conf ig ured for data , a nd t he s econd
B channel can be conf i gure d for bot h v o ice and dat a. In th is sc enar io, t he s econd B c hannel
can support an ISDN telephone in addition to supporting data connections. For 5ESS
switches, the SPID is usually the 10-digit ISDN number beginning with “01” and ending
with “0.” For example: ISDN number, 4085551212; SPID, 0140855512120. (There is no
standard format for SPIDs. As a result, SPID values can vary, depending on the switch
vendor and the carrier.)
0510198765430
0510187654320
DMS-100 and NI1 swi tc hes supp ort only two S PIDs, wi th only one B c hannel per S PID. If
both B channels will be used for data only, enter the two SPIDs (one for each B channel).
An issue comes up when trying to run data and voic e over the same B channel. Assuming
the fi rst SP ID is appli ed to t he fi rst B cha nnel for data tr aff ic a nd is l imited t o that B cha nnel
only, this leaves only one other SPID for the second B channel.
Consequent ly, the second B channel can be used for either data or voice, but not both
simultaneously. The absence or presence of the second SPID in the configuration dictates
whether the secon d B chan nel can be used for data or voice. This is an example of SPID
Basic Configura ti ons 3-7
Bridging with a Cisco 700 Series Router
values for DMS-100 and NI1 switches: ISDN number, 4085551212; SPID 1,
408555121201; SPID 2, 408555121202. In this case the S PID is the 10-digit IS DN number
ending with a “01” for SPID 1 and a “02” for SPID 2.
Bridging with a Cisco 700 Series Router
This sec tion d escr ibes ho w to br idge a Cis co 700 series route r o ve r an IS DN line t o anot her
router. Bridging is used in cases where you do not need a lo t of filtering to manage the
network. Basic ally , you are relying on the nodes on the LAN side of the router to dete rmine
if a packet shoul d be accepted or dropped. (If you turn routin g on, you can fil ter the packet s
on the WAN side, reducing your traffic on the LAN side.)
Note Bridging ov er an ISDN l ine i s not an e f f icient use of ISDN ba ndwidth. Ro uting o v er
the ISDN line helps optimize ISDN bandwidth by reducing traffic to the WAN.
Figure 3-1 illustrat es an e xample of a remote Cisco 700 series router bridging to a router
called central at a centr a l sit e .
3-8
Figure 3-1Bridging Example
IP address 172.16.125.9
Subnet mask 255.255.0.0
Enterprise
CPA765Central
You are going to establish a basic connection with another router, relying primarily on the
defaults. In this example conf iguration, a simpl e us er-defined profile is created in your
Cisco 700 series router to bridge over an ISDN network to another router.
By defaul t, the Cis co 700 series router a utomati cally “lear ns” the MA C addr esses that ex ist
locally and remot ely across the WAN. The router stores the MA C addresses in a MAC
address table, so it knows if the unica st packets should remain on the LAN or forwarded
Cisco 700 Series Router Configuration Guide
ISDN
network
IP address 172.16.125.10
Subnet mask 255.255.0.0
San Jose
H5860
across the ISDN line. In a bridging scenario, the router does not need an IP address and
bridging occurs regardless. The IP addre ss is used when the router is being mana ged
remotely by a Telnet session or participating in SNMP.
Both sides of the WAN must be configured with PPP host names, secrets, and passwords
for authentication. Each profile must also include dialing information.
Cisco 700 Series Rout er Bridging Instructions
The IP address and subnet mask are not entered. IP address assignments are not necessary
in a bridged netwo r k; they are used only if the router is being pinged or accesse d through
Tel ne t or SNMP.
Follow i n g is the comma n d su m mary fo r configuring the Cisco 700 s er ies ro uter to br idge
to the ro ut er ca ll ed central at the central site:
set system
set user
set active
set ppp secret client
set ppp password client
set bridging on
1
set
set 2 number
reboot
CPA765
central
number
phone_number
phone_number
Routing IP with a Cisco 700 Series Router to an ISP
This section descri bes ho w to conf igure a Cisc o 700 serie s router to rout e to an I SP by us ing
Internet Protocol (IP). Figure 3-2 illustrates the configuration used in this example. By
default, PPP incoming authentication is on and outgoing authentication is off.
Note If you are connecting to an Ascend device, you must disable PPP Bandwidth
Allocation Control Protocol (BACP) and PPP multilink.
Basic Configura ti ons 3-9
Routing IP with a Cisco 700 Series Rout er to an ISP
The example also uses an unnumbered IP address on the Cisco 700 series router and a
dynamically-as signed IP address from the ISP, a common practice used to conserve IP
addresses.
Figure 3-2Connecting to an ISP–Exampl e Confi guration
ISDN (WAN) interface
IP address: 0.0.0.0.
Subnetwork mask: 0.0.0.0.
Ethernet (LAN) interface
IP address: 172.16.17.9
Subnet mask: 255.255.255.248
Cisco 700
Cisco 700 series router
system name: 765
CHAP secret: cisco
ISDN network
IP unnumbered
Central
Central site router
System name: isp
H8757
In this exa mp le , a user-defined pr o file named is p is created, representing the ISP router.
Your router uses the isp profile to initiate the call to th e I SP router.
When the Cisco 700 series router calls the ISP router, it sends the ISP the PPP host name,
the CHAP secrets, and PAP passwords, depend ing upon what the other router requires to
authenticate the call.
3-10
Cisco 700 Series Router Configuration Guide
Routing a Cisco 700 Series Router to an ISP Instructions
Following is the command summary for conf iguring the remote Cisco 700 seri es router to
connect to an ISP:
set system
cd lan
set ip address
set ip netmask
set ip routing on
set user
set number
set ppp password client
set ppp secret client
set ppp address negotiation local on
set ip routing on
set ip route destinatio
set bridging off
set ip address
set ip netmask
set timeout
set ip pat on
set active
reboot
If you are being charged for each connec tion, you can use the set timeout command to set
the timeout to zero. Doin g so ma int ains your connecti on a nd minimiz es the numbe r of fees.
764
172.16.17.9
255.255.255.248
isp
5558011
0.0.0.0
0.0.0.0
360
n 0.0.0.0/0
gateway
0.0.0.0
propagate on
Routing IP to a Central Site
This section describes how to configure a remote Cisco 765 router and a ce ntral site
Cisco 765 router for on-demand IP routing using PPP.
PPP addresses issues that include the assignmen t and manageme nt of IP addresses,
asynchronous (s tart/stop) and bit-oriented synchronous enc apsulation, network protocol
multiplexing, error detection, and option negotiation.
PPP addresses these issues by providing an extensible Link Control Protocol (LCP) and a
family of Netw ork Control Protocols (NCPs) to negotiate opti onal configuration
parameters and facilities. PPP suppor ts IP and IPX.
Figure 3-3 is an illustration of the configuration used in this example.
Basic Configurations 3-11
Routing IP to a Central Site
Figure 3-3Routing IP to a Central Site—Example Configuration
ISDN interface
IP address: 10.48.125.7
IP subnet mask: 255.255.255.0
Ethernet interface
IP address: 172.16.17.9
IP subnet mask: 255.255.255.0
Ethernet interface
IP address: 172.15.1.100
IP subnet mask: 255.255.255.0
ISDN interface
IP address: 10.48.125.4
IP subnet mask: 255.255.255.0
Cisco765
Remote router
System name: remote765
ISDN number: 5553693/4
User profile name: central765
ISDN
network
Cisco765
Central site router
System name: central765
ISDN number: 5550143/4
User profile name: remote765
S4802
In this example, the Cisco 765 router named remote765 is used to establis h a connection
through the ISDN service provider to the corporate network at a central site.
3-12
Cisco 700 Series Router Configuration Guide
Central Site IP Routing Command Summary
Following is the command summary for con figuring the remote Cisco 765 router for
on-demand IP routing using PPP:
set system
set multidestination on
cd LAN
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set user
set ppp password client
set ppp secret client
set ip address
set ip netmask
set ip routing on
set ip rip update demand
set ip route destination
set number
set timeout
set active
reboot
remote765
172.16.17.9
255.255.255.0
central765
10.48.125.7
255.255.255.0
5550143
360
0.0.0.0/0
gateway
10.48.125.4
Basic Configurations 3-13
Routing IP and IPX On-Demand
Follo wing is the command summary for conf iguring the centra l site Cisc o 700 series rout er
for on-demand IP routing with PPP:
set system
set multidest on
set ppp auth in chap
set ppp secret host
cd lan
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set user
set ppp auth out chap
set ppp secret client
set bridging off
set ip address
set ip netmask
set ip routing on
set ip rip update demand
set ip route destination
set ip rip version 1
1
number
set
2
number
set
set timeout
set active
reboot
central766
172.15.1.100
255.255.255.0
remote765
10.48.125.4
255.255.255.0
5553693
5553694
360
0.0.0.0
gateway
10.48.125.7
The set ip rip update demand command is only applicable to the Cisco 700 series router.
If you are being charged for each connec tion, you can use the set timeout command to set
the timeout to zero. Doin g so ma int ains your connecti on a nd minimiz es the numbe r of fees.
Routing IP and IPX On-Demand
This section describes how to configure the remote Cisco 765 router and the central site
Cisco 765 router for on-demand IP and IPX routing using PPP.
Figure 3-4 illustrates the confi guration used in this e xam ple.
3-14
Cisco 700 Series Router Configuration Guide
Figure 3-4Routing IP and IPX On-Demand—Exampl e Confi guration
ISDN interface
IP address: 10.32.125.7
IP subnet mask: 255.255.255.0
IPX network: 32125
Ethernet interface
IP address: 172.16.17.9
IP subnet mask: 255.255.255.0
IPX network: 1478
IPX Framing 802.2
765
Cisco765
Remote router
System name: remote765
ISDN number: 5553693/4
User profile name: central765
The remote Cisco 765 router is used to estab lish a connection through the ISDN service
provide r to the corporate ne twork at a central site using PPP. The remote Cisco 765 router
has three permanent profiles: LAN, Internal, and Standard. This example uses the LAN
profile and a user-defined profile.
Ethernet interface
IP address: 172.15.1.100
IP subnet mask: 255.255.255.0
IPX network: 73146
IPX framing 802.2
ISDN interface
IP address: 10.32.125.4
IP subnet mask: 255.255.255.0
IPX network: 32125
ISDN network
Central site router
System name: central765
ISDN number: 5550143/4
User profile name: remote765
Cisco765
S4800
Basic Configurations 3-15
Routing IP and IPX On-Demand
On-Demand IP and IPX Routing with PPP Instruct ions
Following is the command summary for con figuring the remote Cisco 765 router for
on-demand IP and IPX routing using PPP:
set system
set multidestination on
set ppp password client
set ppp secret client
set ppp auth out chap
set ppp password host
set ppp secret host
cd LAN
set ipx routing on
set ipx network
set ipx framing 802.2
set ipx rip update periodic
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set user
set ipx routing on
set ipx network
set ipx rip update demand
set ipx spoof
set ip route destination
set ip address
set ip netmask
set ip routing on
set ip rip update demand
1
set
set 2 number
set timeout
set active
reboot
remote765
central765
number
1478
172.16.17.9
255.255.255.0
32125
10
10.32.125.7
255.255.255.0
5550143
5551044
360
0.0.0.0/0
gateway
10.32.125.4
3-16
Cisco 700 Series Router Configuration Guide
Central Site On-Demand IP and IPX Routing with PPP
Commands
Follo wing is the command summary for conf iguring the centra l site Cisc o 700 seri es router
router for on-demand IP and IPX routing using PPP:
set system
set multidestination on
set ppp auth in chap
set ppp secret client
cd lan
set ipx routing on
set ipx network
set ipx framing 802.2
set ipx rip update periodic
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set user
set bridging off
1
set
set 2 number
set ipx network
set ipx routing on
set ipx framing none
set ipx rip update demand
set ipx spoof
set ip route destination
set ip address
set ip netmask
set ip routing on
set ip rip update demand
set ppp auth out chap
set ppp secret host
reboot
central765
remote765
number
73146
172.15.1.100
255.255.255.0
5553693
5553694
32125
10
10.32.125.4
255.255.255.0
0.0.0.0/0
gateway
10.32.125.7
Basic Configurations 3-17
Routing IP and IPX On-Demand
3-18
Cisco 700 Series Router Configuration Guide
CHAPTER
4
Using CHAP
This chapter conta ins con f igurati on e xamples for co nnecti ng a Ci sco 700 series router to a
router runnin g Cisco IOS software. In these examples, the remote router is a Cisco 765
series router, and the central site router is a Cisco 4500 series router. Any Cisco 700 series
router can be used in place of the remote Cisco 765 series router. Any router running
Cisco IOS software can replace the central site Cisco 4500 series router.
In these ex amp les, the Ci sco 4500 ser i es ro ut er seri al - int er f ac e co n figu r at io n is an
ISDN Primary R ate Interfac e (PRI). Depend ing on the route r model us ed at the cent ral site,
the serial interface might be a different type.
In addition, this chapter lists se veral interoperability issues that exist bet w een Cisco IOS
software and Cisco 700 series routers. These issues must be considered if you are
connecting your Cisco 700 series router to a router running Cisco IOS software.
This chapter contains the following sections:
• IP Static Routi ng and Callback with CHAP Authentication
• IP Static Routing with CHAP Authentication and MLP
• IP Static Routing with PAP Authentication and MLP
• IP Unnumbered Static Routing and CHAP with MLP
• IP Static and IPX Static Routing with CHAP and MLP
• IPX Static Routing with CHAP and MLP
• Multilink PPP Encapsulation
• Dynamic Routin g Protocols
• Bridging to a Router Running Cisco IOS Software
Using CHAP 4-1
SPID Detection (North America only)
SPID Detection (North America only)
In North Ame r ica, SPIDs can be automatically detected or manually configured. For more
information on SPID detection, see "Setting SPID Autodetection (North America only)"
and "Setting S PIDs Manually (Nor th America only)" in the "Basic Con figur ations" chapt er .
IP Static Routing and Callback with CHAP Authentication
This sectio n describe s how to co nf igur e the router s for Inter net Protoco l (IP) stati c routing
and callback with Challenge Handshake Authentication Protocol (CHAP).
Figure 4-1 illustrates the confi guration used in this example.
Figure 4-1IP Static Routing and Callback with CHAP Authentication
Serial interface
IP address: 172.16.125.7
IP subnet mask: 255.255.255.0
Ethernet interface
IP address: 192.168.147.9
IP subnet mask: 255.255.255.248
765CPA4500
Telecommuter PC
IP address:
192.168.147.8
Remote router
ISDN number: 5553693
User profile name: 4500
Ethernet interface
IP address: 172.18.124.2
IP subnet mask: 255.255.255.0
Serial interface
IP address: 172.16.125.1
IP subnet mask: 255.255.255.0
ISDN
Central site router
ISDN number: 5558011
Host name: 4500
S4768
Central site network
IP network: 172.18.124.0
4-2
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or
IP static routing and callback with CHAP authentication:
set switch 5ess
1
dir
set
set 2 dir
set system
set ppp authentication incoming chap
set ppp secret client
set multidestination on
cd lan
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set ip rip receive v2
set ip rip version 2
set user
set ppp secret client
set ppp secret host
set ip route destination
set ip address
set ip netmask
set ip routing on
set ip framing none
set ppp callback request always
set
set 2 ringback
set number
set bridging off
set ip rip update off
set timeout
set active
reboot
directory_number
directory_number
765
4500
1
ringback
5558011
360
192.168.147.9
255.255.255.248
0.0.0.0
172.16.125.7
255.255.255.0
number
number
gateway
Remote Cisco 765 Command Summary
172.16.125.1
propagate on
Multilink PPP is enab led b y defa ult. If the Ci sco 700 series router is dialing int o a hos t that
does not support mult ilink PPP or that does not ha v e multil ink PPP enabled, the Cisco 700
series router might repo rt a misconfiguration. This is most commonly seen when the
Cisco 700 series router is connecte d to equipment from Ascend.
Using CHAP 4-3
IP Static Routing with CHAP Authentication and MLP
T
IP Static Routi ng wit h CHAP Authentication and MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and the
remote Cisco 765 series router for IP static routing with Challenge Handshake
Authenticat ion Protocol (CHAP) and Multilink Protocol (MLP).
Figure 4-2 is an illustration of the configuration used in this example.
Figure 4-2IP Static Routing with CHAP Authentication and MLP
Serial interface
IP address: 172.16.125.7
IP subnet mask: 255.255.255.0
Ethernet interface
IP address: 192.168.147.9
IP subnet mask: 255.255.255.248
765CPA4500
elecommuter PC
IP address:
192.168.147.8
Remote router
ISDN number: 5553693
User profile name: 4500
Ethernet interface
IP address: 172.18.124.2
IP subnet mask: 255.255.255.0
Serial interface
IP address: 172.16.125.1
IP subnet mask: 255.255.255.0
ISDN
Central site router
ISDN number: 5558011
Host name: 4500
S4768
Central site network
IP network: 172.18.124.0
4-4
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP
static routing with CHAP and MLP:
set switch 5ess
1
dir
set
set 2 dir
set system
set multidestination on
set ppp multilink on
set ppp authentication incoming chap
set ppp authentication outgoing chap
cd lan
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set user
set ppp secret client
set ip address
set ip netmask
set ip routing on
set ip framing none
set ip route destination
set number
set bridging off
set ip rip update off
set ppp secret host
set timeout
demand 2 threshold 32 duration
set active
reboot
directory_number
directory_number
765
192.168.147.9
255.255.255.248
4500
172.16.125.7
255.255.255.0
5558011
360
0.0.0.0
gateway
5
Remote Cisco 765 Command Summary
172.16.125.1
propagate on
Note The set ppp authentication outgoing chap command in this example is not
recommended when connecting to Ascend 4000 or NAS routers.
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series Router Command Reference.
Using CHAP 4-5
IP Static Routing with PAP Authentication and MLP
IP Static Routing with PAP A uthentication and MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and the
remote Cisco 765 series router for Internet Protocol (I P ) st atic routing with Passw ord
Authentic ation Protocol ( PAP) authentication.
Figure 4-3 is an illustration of the configuration used in this example.
Figure 4-3IP Static Routing with PAP Authentication
Serial interface
IP address: 172.16.125.7
IP subnet mask: 255.255.255.0
Ethernet interface
IP address: 192.168.147.9
IP subnet mask: 255.255.255.248
765CPA4500
Telecommuter PC
IP address:
192.168.147.8
Remote router
ISDN number: 5553693
User profile name: 4500
Ethernet interface
IP address: 172.18.124.2
IP subnet mask: 255.255.255.0
Serial interface
IP address: 172.16.125.1
IP subnet mask: 255.255.255.0
ISDN
Central site router
ISDN number: 5558011
Host name: 4500
S4768
Central site network
IP network: 172.18.124.0
4-6
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP
static routing with PAP authenticatio n:
set switch 5ess
1
dir
set
set 2 dir
set system
set multidestination on
set ppp multi on
set ppp authentication in pap
set ppp authentication out pap
cd lan
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set ip rip receive v2
set ip rip version 2
set user
set ip route destination
set ip address
set ip netmask
set ip routing on
set ip framing none
set ppp clientname
set ppp password client
set ppp password host
set number
set bridging off
set timeout
set active
reboot
directory_number
directory_number
765
192.168.147.9
255.255.255.248
4500
172.16.125.7
255.255.255.0
765
5558011
360
0.0.0.0
gateway
Remote Cisco 765 Command Summary
172.16.125.1
propagate on
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series
Router Command Reference.
Using CHAP 4-7
IP Unnumbered Static Routing and CHAP with MLP
IP Unnumbered Static Routing and CHAP with MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and the
remote Cisco 765 series router for Internet Protocol (I P ) unnumbered routing with
Challenge Handshake Authentication Protocol ( CHAP) authentication and Multilink
Protocol (MLP).
Figure 4-4 is an illustration of the configuration used in this example.
Figure 4-4IP Unnumbered Routing and CHAP Authentication with MLP
Ethernet interface
IP address: 192.168.147.9
IP subnet mask: 255.255.255.248
Serial interface
IP unnumbered
Telecommuter PC
IP address:
192.168.147.8
Remote router
ISDN number: 5553693/4
User profile name: 4500
765
ISDN network
Ethernet interface
IP address: 172.18.124.2
IP subnet mask: 255.255.255.0
Serial interface
IP unnumbered
4500
Central site router
ISDN number: 5558011/2
Host name: 4500
Central site network
IP network: 172.18.124.0
S4769
4-8
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or
IP unnumbered routing with CHAP authentication and MLP:
set switch 5ess
set system
set multidestination on
set ppp multilink on
set ppp authentication incoming chap
set ppp authentication outgoing chap
set ppp secret client
set ppp secret host
cd lan
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set ip rip receive v2
set ip rip version 2
set user
set ppp secret client
set ip rip update off
set ip routing on
set ip framing none
set ip route destination
set number
set bridging off
set ppp secret host
set timeout
set active
reboot
765
192.168.147.9
255.255.255.248
4500
5558011
360
0.0.0.0
gateway
Remote Cisco 765 Command Summary
0.0.0.0
For detailed information regarding the commands listed here, refer to theCisco700 Series
Router Command Reference.
Using CHAP 4-9
IP Static and IPX Static Routing with CHAP and MLP
IP Static and IPX Static Routing with CHAP and MLP
This section describes how to configure the ce ntral site Cisco 4500 series router and
Cisco 765 series router for Interne t P r otocol (IP) s tatic and Internetwork Pack et Exchange
(IPX) static routing with Point-to-Poi nt P rotocol (PPP) using CHAP and MLP.
Figure 4-5 is an illustration of the configuration used in this example.
Figure 4-5IP Static and IPX Static Routing with PPP
Serial interface
IP address: 172.16.125.7
IP subnet mask: 255.255.255.0
IPX network: 32125
Ethernet interface
IP address: 192.168.147.9
IP subnet mask: 255.255.255.248
IPX network: 1478
Ethernet interface
IP address: 172.18.124.2
IP subnet mask: 255.255.255.0
IPX network: 48124
Serial interface
IP address: 172.16.125.1
IP subnet mask: 255.255.255.0
IPX network: 32125
Central site router
IPX address:
32125: 0c08af65
ISDN number: 5558011/2
Host name: 4500
4500
S4770
IPX file server
IPX internal
address:
3039e670
Central site network
IP network: 172.18.124.0
4-10
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is the command sum mary to con f igur e the re mote Cis co 765 series router for IP
static and IPX static routing with PPP using CHAP and MLP:
set switch 5ess
1
dir
set
set 2 dir
set system
set multidestination on
set ppp authentication incoming chap
set ppp authentication outgoing chap
set ppp secret client
set ppp secret host
cd lan
set ipx network
set ipx framing 802.2
set ipx routing on
set ipx rip update periodic
set ip address
set ip netmask
set ip routing on
set ip rip update periodic
set user
set ipx network
set ipx routing on
set ipx route destination
set ipx service name CORP_FS1 type 4 address
set ipx spoof
set ipx rip update off
set ipx framing none
set ip routing on
set ip route destination
set ip address
set ip netmask
set ip framing none
set number
set bridging off
set ip rip update off
set timeout
set active
reboot
directory_number
directory_number
765
1478
192.168.147.9
255.255.255.248
4500
32125
10
172.16.125.7
255.255.255.0
5558011
360
3039e670
0.0.0.0
gateway
gateway
Remote Cisco 765 Command Summary
32125:0c08af65
3039e670:01:0451
172.16.125.1
propagate on
Using CHAP 4-11
IPX Static Routing with CHAP and MLP
IPX Static Routing with CHAP and MLP
This section describes how to conf igure the remote Cis co 765 serie s router and the central
site Cisco 4500 series router for Internetwork Pa cket Exchange (IPX) static routing with
Point-to-Point Protocol (PPP).
Figure 4-6 is an illustration of the configuration used in this example.
Central site router
IPX address:
32125: 0c08af65
ISDN number: 5558011/2
Host name: 4500
S4771
IPX file server
IPX internal
address:
3039e670
4-12
Cisco700 Series Router Configuration Guide
Remote Cisco 765 Command Summary
Follo wing is t he co mmand s ummary for co nf igur ing the re mote Cisco 765 series router f or
IPX static routing with PPP:
set switch 5ess
1
dir
set
set 2 dir
set system
set multidestination on
set ppp auth in chap
set ppp secret client
set ppp secret host
set multilink on
cd lan
set ipx network
set ipx framing 802.2
set ipx routing on
set ipx rip update periodic
set user
set ppp secret client
set ipx network
set ipx routing on
set ipx route destination
set ipx service name CORP_FS1 type 4 address
set ipx spoofing
set ipx rip update off
set ipx framing none
set number
set bridging off
set timeout
set active
reboot
directory_number
directory_number
765
1478
4500
32125
10
5558011
360
3039e670
gateway
Remote Cisco 765 Command Summary
32125:0c08af65
3039e670:01:0451
For detailed information regarding the commands listed here, refer to theCisco700 Series
Router Command Reference.
Using CHAP 4-13
Multilink PPP Encapsulation
Multilink PPP Encapsulation
Cisco 700 series routers imple ment mult il ink PPP, which is a va il able in Relea se 11. 0(3) or
later of Cisco IOS software. You can disable multilink PPP in the following two
environments:
• You are connecting your Cisc o 700 series router to a rout er runni ng a Cis co IOS r eleas e
prior to 11.0(3).
• You are connecting your Cisco 700 series router to a router running Cisco IOS Release
11.0(3) or late r , and you ha ve no t configu red mul tilink PPP on th at rou ter running Ci sco
IOS.
Use the set ppp multilink command at the system level to disable mul tilink PPP, as
follows:
766> set ppp multilink off
Dynamic Routing Protocols
Cisco 700 series routers implem ent RIP Versions 1 and 2 a nd demand RIP. Demand RIP is
not implemented in Cisco IOS software. If you are connecting your router to a router
running Cisco IOS software, and you want to use a dynamic routing protocol, you must
disable demand RIP.
4-14
Use one of the followi ng set ip rip update commands to disable demand RIP:
766> set ip rip update periodic / snapshot
or
766> set ip rip update none
Note Setting the IP RIP update to periodic maintains the connection indefinit ely . This
might be a concern if it i s not nec essar y to main tai n the li ne 24 hou rs a day, 7 days a week;
you are paying for connection time that you are not using.
Cisco700 Series Router Configuration Guide
Bridging to a Router Running Cisco IOS Software
Bridging to a Router Running Cisco IOS Software
It is possibl e to bridge data o ver ISDN to and from Cisco ISDN rout ers. Dependin g on your
network environment, this mi ght be an ideal solution. Bridging offers configuration
simplicity with few concerns re garding network address space limitations and unroutable
protocols. Bridging also offers compatibility with other products that need to bridge.
When bridging, you do not have the same ISDN line control that routing access lists
provide . When bridging protocols such as Novell IPX, AppleTalk, or NetBIOS, it is
possible for the ISDN line to remain connected for long periods of time. This can result in
high ISDN usage charges. If bridging is the only solution for your environment, we
recommend monitoring the ISDN line connection.
Cisco IOS Release 11.1 and earlier limit the number of simult aneous ISDN bridge sessio ns
to one per in t er f ace.
Prior to Cisco IOS Release 11.2 (half -bridging), the Cisco IOS must also be configured to
the bridging protocol, not the router protocol.
Using CHAP 4-15
Bridging to a Router Running Cisco IOS Software
4-16
Cisco700 Series Router Configuration Guide
CHAPTER
5
Configuring DHCP Relay,
DHCP Server, and PAT
Cisco 700 series routers can perform the role of the relay agent, relaying IP configuration
information request packets from the L AN interface, o ver the ISDN i nterface, to a specif ied
Dynamic Host Configuration Proto col (DHCP) server. Cisco 700 series routers provide
DHCP relay, DHCP server, Port Address Translation (PAT), and Internet Protocol Control
Protocol (IPCP).
This chapter pro vides descriptions, application not es, and example configurations for
configuring Dynamic Host Configuration Protocol (DHCP) relay, DHCP server, and Port
Address Translation (PAT) on the Cisco 700 series router. It contains the following
sections:
• DHCP Description
• PAT Description
• IPCP Description
• PPP IPCP Negotiation Example
• DHCP Relay with IPCP Negotiation Example
• DHCP Server with IPCP Negotiation Example
• PAT with IP CP Single-Destination Negotiation Example
• DHCP Server and PAT with IPCP Single-Destination Negoti ation Example
• DHCP Server with PAT and IPCP Dual-Destin ation PPP Negotiation Example
Configuring DHCP Relay, DHCP Server, and PAT 5-1
DHCP Description
DHCP Description
DHCP is a client-server protocol that allows devices on an IP network (the DHCP clients)
to request configuration informati on from a DHCP server. DHCP allocates network
addresses from a central pool on an a s-needed basis. DHCP is useful for assigning IP
addresses to hosts connect ed to the netw ork tempora ril y or for sharing a li mite d pool of IP
addresses among a group of hosts that do not need permanent IP addresses.
DHCP allows for inc reased automation and fewer network administrat ion problems by:
• Eliminating t he need for the manual co nfigurat ion of individua l computers, prin ters, and
shared file systems.
• Preventing the simultaneous use of the same IP address by two clients.
• Allowing configuration from a central site.
DHCP Server Application Notes
The followi ng are application not es for DHCP se rver:
• DHCP relay and DHCP server are mutually exclusive.
• When DHCP server is initialized, default addresses are us ed if no LAN or internal
address ex ists. The Ci sco 700 series router p icks up th e DHCP c lient ’s default gatewa y,
netmask, and starting DHCP addresses by using the LAN IP address , if one exists. If a
LAN address does not exist, the router uses the internal IP address. If neither exists, it
uses the defau lt settings: 10.0. 0.1 as the LAN IP address (default gateway for DHCP
clients), 255.0.0.0 as the subnet mask, and 10.0.0.2 as the starting DHCP client
addresses.
5-2
• For the DHCP valu es to be a utomatically generated based on the LAN or internal IP
address, each DHCP value must be set to 0.0.0.0 or none, for the new valu es to take
effect.
Cisco700 Series Router Configuration Guide
DHCP Relay Application Notes
The followi ng are application not es for DHCP relay:
• The IP ad dres s in t he Int er n al prof il e m ust be on the s am e network as that of the DHC P
clients.
• A firewall configu r ation (where there is an Internal profile and LAN IP address) does
not work with DHCP relay.
• A configuration where PAT is on and DHCP relay is enabled is not va lid. DHCP relay
will attempt to cross from a public to a private domain. PAT prevents access to the
priv ate dom ain. DHCP r elay fails because i t must re ferenc e the rou ter’s private a ddress.
• DHCP relay and DHCP server are mutually exclusive. The Cisco 700 series router can
function as one or the other, but not both.
PAT Description
Cisco 700 series routers provide PAT, enabling local hosts on a priv ate IP network to
communicate externally.
Packets destined for an external address have their private IP address plus port number
transl at ed t o th e r o ute r’s extern al I P add r ess bef or e the IP pac k et i s for w arde d t o th e WAN.
IP packets returning to the rout er have their externa l IP addresses (plus port number)
translated ba ck to the private I P addresse s, and the packets are forwarded to the LAN .
DHCP Relay Application Notes
When PAT is enabled, the transmission of RIP packets is automatically disabled to prevent
a broadcast of the private IP addresses externa lly.
PAT Application Notes
A configurati on where PAT is on and DHCP relay is enable d is not v alid. DHCP relay will
attempt to cros s from a public to a priv ate domain. PAT prevents access to the private
domain. DHCP relay fails because it must reference the router’s private address.
Configuring DHCP Relay, DHCP Server, and PAT 5-3
IPCP Description
IPCP Description
If you are u sing IP routing, Cisco 700 series router s must be c onfig ured for IP CP to conne ct
to routers running Cisco IOS software. Use the set ip framing command in prof ile mode
to enable IPCP for user-defined WAN profiles by setting IP framing to none.
The following example illustrates IPCP enabled by disabli ng IP framing:
766:2503> set ip framing none
Note Do not set the ip framing or the ipx framing command s to none when configuring
the permanent LAN profile.
IPCP Address Negotiation Application Notes
The followi ng are application not es for IP CP address negotiation:
• Cisco 700 series routers require a user -def ined profi le, conf igured wit h IP routing on, to
receive an IP CP addres ses.
• A router running Cisco IOS software must be configured to hand off IPCP addresses.
5-4
• If a manually configured IP address exists on the Internal profile of a Cisco 700 series
router, the IPCP address is assigned to the WAN profile.
• If a manually configured IP address exists on the LAN profile, the IPCP address is
assigned to the Internal profile.
Cisco700 Series Router Configuration Guide
PPP IPCP Negotiation Example
This sectio n describes how to configure a remote Cisco 700 series router for PPP IPCP
negotiat ion to a c entra l site rout er , such as a Cis co4500 series router, t hat is running Ci sco
IOS software.
Figure 5-1 is an illustration of the configuration used in this example.
Figure 5-1PPP IPCP Negotiation
ISDN network
Cisco 765Cisco 4500
Cisco 765 Series Router Commands
Following are the commands for configuring the remote Cisco 765 series router for
point-to-point IPCP negotiation with a Cisco 4500 router:
set switch 5ess
1
dir
set
set 2 dir
set system
set user
set ppp secret client
set ppp password client
set active
set 1 number
set 2 number
set ip routing on
set ip route destination
set ip rip version 2
set ip rip receive v2
set ip rip update linkup
reboot
directory_number
directory_number
765
4500
phone_number
phone_number
0.0.0.0/0
gateway
PPP IPCP Negotiation Example
H9230
0.0.0.0
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series
Router Command Reference.
Configuring DHCP Relay, DHCP Server, and PAT 5-5
DHCP Relay with IPCP Negotiation Example
Verify the Configuration
Y ou can use the show ip configuration all and show ip route all comman ds t o see the IPCP
negotiation address.
DHCP Relay with IPCP Negotiation Example
This sectio n describes how to configure a remote Cisco 700 series router for DHCP relay
with IPCP negotiation to a central-site router running Cisco IOS software.
Figure 5-2 is an illustration of the configuration used in this example.
Figure 5-2DHCP Relay with IPCP Negotiation
DHCP
client
DHCP relay agent
ISDN network
Cisco 765
Cisco 765 Series Router Commands
Follo wing are the commands for conf i guring th e re mote Cis co 765 series router for DHCP
Relay with IPCP Ne gotiation with a Cisc o 4500 router:
set system
set dhcp relay
set user
set 1 number
set 2 number
set ip routing on
set ip rip version 2
set ip rip receive v2
set ip rip update linkup
reboot
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series
Router Command Reference.
765
172.168.100.2
4500
phone_number
phone_number
172.168.100.2Cisco 4500
DHCP
server
H9231
5-6
Cisco700 Series Router Configuration Guide
Verify the Configuration
Verify the Configuration
You can use the show ip configu ration and show ip route commands to see the IPCP
negotiation address.
You can use the show dhcp configuration command to see the IP address returned by
DHCP.
DHCP Server with IPCP Negotiation Example
This section de scrib es how to configure a r emote Ci sco 700 series route r as a DHCP serv er
with IPCP negotiation to a central-site router running Cisco IOS software.
Figure 5-3 is an illustration of the configuration used in this example.
Figure 5-3DHCP Server with IPCP Negotiation
DHCP
client
DHCP
server
Cisco 765
ISDN network
Cisco 4500
H9232
Configuring DHCP Relay, DHCP Server, and PAT 5-7
DHCP Server with IPCP Negotiation Example
Cisco 765 Series Router Commands
Follo wing are the commands for conf iguri ng the remote Ci sco 765 series router as a DHCP
server with IPCP negotiati on with a Cisco 4500 router:
set switch NI-1
1
dir
4500
1
number
2
number
5551211
5551212
88855512110101
88855512120101
765
172.168.1.2 128
255.255.255.0
172.168.1.1
255.255.255.0
phone_number
phone_number
172.168.1.1
set
set 2 dir
set 1 spid
set 2 spid
set system
set dhcp server
set dhcp address
set dhcp netmask
set dhcp gateway primary
cd lan
set ip address
set ip netmask
set ip routing on
set user
set ip routing on
set active
set
set
set ip routing on
set ip rip version 2
set ip rip receive v2
set ppp address negotiation local on
set ip rip update periodic
reboot
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series
Router Command Reference.
Verify the Configuration
When a call is made, you can use the show ip configuration all and show ip route all
commands to see the IPCP negotiation address.
You can use the show dhcp configuration command to see the IP address returned by
DHCP.
5-8
Cisco700 Series Router Configuration Guide
PAT with IPCP Single-Destination Negoti ation Example
PAT with IPCP Single-Destination Negotiation Example
This section descri bes ho w to conf igure a remote C isco 700 series router f or PAT with IP CP
single-destination negotiation to a central-site router running Cisco IOS software.
Figure 5-4 is an illustration of the configuration used in this example.
Figure 5-4PAT with IPCP Single-Destinati on Negotiation
Internal
FTP
server
10.0.0.2
10.0.0.1
IPCP negotiated
address assigned
profile
Cisco 765
ISDN network
Cisco 4500
PAT on
A
H9233
Private
network
Public
network
Configuring DHCP Relay, DHCP Server, and PAT 5-9
PAT with IPCP Single-Destination Negotiation Example
Cisco 765 Series Router Commands
Following are the commands for configuring the remote Cisco 765 series router for PAT
with IPCP single-destination negotiation with a Cisco 4500 router:
set system
set ip pat po ftp
cd lan
set ip address
set ip netmask
set ip routing on
set user
set active
set 1 number
set 2 number
set ip routing on
set ip rip version 2
set ip rip receive v2
set ip pat on
reboot
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series
Router Command Reference.
765
10.0.0.1
255.0.0.0
4500
phone_number
phone_number
10.0.0.2
Verify the Configuration
When a de ma n d ca ll is made, yo u can use the show ip config all and show ip route all
commands to see the IPCP negotiation address.
You can use the show ip pat command to see the services returned by PAT.
5-10
Cisco700 Series Router Configuration Guide
DHCP Server and PAT with IPCP Single-Destination Negotiation Example
DHCP Server and PAT with IPCP Single-Destination
Negotiation Example
This section descri bes how to conf ig ure a remote Cisco 700 series router for DHCP server
with PAT and IPCP single-destination negotiation to a Cisco 4500 seri es router running
Cisco IOS software at a central site.
Figure 5-5 is an illustration of the configuration used in this example.
Figure 5-5DHCP Server with PAT and IPCP Single-Destination Negotiation
ISDN network
Cisco 765
PAT on
Cisco 4500
H9234
Private
network
Public
network
Configuring DHCP Relay, DHCP Server, and PAT 5-11
DHCP Server and PAT with IPCP Single-Destination Negotiation Example
Cisco 765 Series Router Commands
Following are the commands for configuring the remote Cisco 765 series router for PAT
with IPCP single-destination negotiation with a Cisco 4500 router:
set system
set ppp secret client
set ppp password client
set dhcp server
set dhcp address
set dhcp netmask
set dhcp gateway primary
set ip pat porthandler ftp
cd lan
set ip routing on
set ip address
set ip netmask
set user
set 1 number
set 2 number
set ip routing on
set ip route destination
set ip address
set ip netmask
set ip pat on
set active
765
172.168.99.1
255.255.255.0
4500
phone_number
phone_number
0.0.0.0
0.0.0.0
172.168.99.2 128
255.255.255.0
172.168.99.1
172.168.99.3
0.0.0.0/0
gateway
0.0.0.0
For detailed info rmation re gardi ng the commands li sted here, re fer to the Cisco 700 Series
Router Command Reference.
Verify the Configuration
When a de ma n d ca ll is made, yo u can use the show ip config all and show ip route all
commands to se e the IPCP ne gotiati on address. Y o u can also use the show dhcp config and
show ip pat commands to verify the configuration.
5-12
Cisco700 Series Router Configuration Guide
DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example
DHCP Server with PAT and IPCP Dual-Destination PPP
Negotiation Example
This section descri bes how to conf ig ure a remote Cisco 700 series router for DHCP server
with PAT and IPCP dual-destination PPP negotiation to two routers running Cisco IOS
software.
Figure 5-6 is an illustration of the configuration used in this example.
Figure 5-6DHCP Server with PAT and IPCP and Dual-Destination PPP Negotiation
DHCP server
ISDN network
Cisco 765
Cisco 4500
Cisco 2500
S5815
Configuring DHCP Relay, DHCP Server, and PAT 5-13
DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example
Cisco 765 Series Router Commands
Follo wing are the commands for conf iguri ng the remote Ci sco 765 series router as a DHCP
server with PAT and IPCP multili nk PPP to two routers running Cis co IOS software:
set system
set ppp secret client
set ppp password client
set dhcp server
set dhcp address
set dhcp netmask
set dhcp gateway primary
set ip pat porthandler ftp
cd lan
set ip routing on
set ip address
set ip netmask
set user
set ppp clientname
set 1 number
set 2 number
set ip routing on
set ip route destination
set ip address
set ip netmask
set ip pat on
set active
set user
set ppp clientname
set 1 number
set 2 number
set ip routing on
set ip route destination
set ip address
set ip netmask
set ip pat on
set active
765
172.168.99.1
255.255.255.0
2500
phone_number
phone_number
30.169.100.1
255.255.255.0
4500
phone_number
phone_number
173.100.10.1
255.255.255.0
172.168.99.2 128
255.255.255.0
172.168.99.1
172.168.99.3
2500
0.0.0.0/0
4500
120.50.40.0/0
gateway
gateway
30.169.100.2
173.100.10.2
5-14
Note If you create a mult ipl e desti natio n co nf igur ation wi th PA T ena ble d in bot h prof i les,
the IP route destination must be specified, using the set ip route destination com man d .
Cisco700 Series Router Configuration Guide
Verify the Configuration
When a de ma n d ca ll is made, yo u can use the show ip configuration all command to see
the IPCP negotiation address.
You can use the show dhcp connections command to see the IP addresses retu rned by
DHCP.
Verify the Configuration
Configuring DHCP Relay, DHCP Server, and PAT 5-15
DHCP Server with PAT and IPCP Dual-Destination PPP Negotiation Example
5-16
Cisco700 Series Router Configuration Guide
CHAPTER
6
Configuring Re mote CAPI
This chapter pro vides procedures for confi guring Remote Common Applicat ion
Programming Interface (CAPI) support on a Cisco 700 series router.
CAPI is an application programming interfa ce standard used to access ISDN equipment
connected to Bas ic Rate Interfaces (BRIs ) and Pr im ary Rate Interfaces (PRI s). CAPI
provide s a standar dized int erfac e that allo ws app lication programs to use ISDN driv ers an d
controllers . One applica tion can use one or more contr ollers. Sev eral appl ications can s hare
one or more controllers.
CAPI provide s a selection mechanism that suppor ts applicat ions that use dif ferent p rotocols
at diff erent prot ocol le vels. CAP I also pro vides standar dized netw ork access by performing
an abstraction from different protocol variables. All connection-related data, such as
connection state, display mess ages, and so on, is available to the applications at any time.
The framing protoco ls supported by CAPI consist of High-Level Data L ink Control
(HDLC), HDLC inverted, bit-transparent (speech), and V.110 synchronou s/ as ynchronous.
CAPI integra tes the following data link and network layer protocols:
• Link Access Procedure on the D channel (LAPD) in accordance with Q.921 for X.25
D-channel implementation
• Point-to-Point Protocol (PPP)
• ISO 8208 (X.25 DTE-DTE)
• X.25 DCE, T.90NL, and T.30 (fax group 3)
Configuring Remote CAPI 6-1
CAPI and RVS-COM
CAPI and RVS-COM
The Cisco 700 series router supports the ISDN De vice Control Protocol (I SDN-DCP) from
RVS-COM. ISDN-DCP allows a workstation on the LAN to use le gacy dial compute r
telepho ny integration (CTI) app lications. These applications incl ude fax transmitting and
receiving and placing and receiving phone calls.
Using ISDN - D CP, the router acts as a DCP server. By default, the router listens f o r DCP
messages on TCP port number 2578 (th e Internet-assigned number for RVS-COM DCP)
on its LAN port.
When the route r rece iv e s a DCP message from a DCP c li ent (conne cted to t he LAN p ort of
the router), the router processe s the message and acts on it. The actions c onsist of sending
confir ma tions to the DCP clients and sending ISDN packets through the router BRI port.
When the router receives a packet on its BRI port for one of the DCP clients, the router
formats the packet as a DCP message and sends it to the corres ponding client. The router
supports all the DCP messages specified in the ISDN-DCP specification.
The router provides two 64-kbps B channels to CAPI clients. Each B channel can be
config ured separately to work in ei ther HDLC mode or bit-transpar ent mode. For CAPI
support, the higher layer protocols (B2 through B7) are transparent to the applications
using these B channels.
6-2
The ISDN Core Engine of RVS-COM supports the fol lowing B channel protocols:
• CAPI layer B1
— 64 kbps with HDLC framing
— 64-kbps bit-transparent operation with byte framing from the network
— T. 30 mo dem for fax group 3
— Modem with full negotiation
• CAPI layer B2
— X.75 SLP (ISO 7776) with V.42bis compression option (negotiated)
— V.120 with V.42bis compression option (negotiated)
— Transparent
— T. 30 mo dem for fax group 3
Cisco700 Series Router Configuration Guide
— Modem with full negotiation
• CAPI layer B3
— Transparent
— T. 90NL with compatibility with T.70NL, according to T.90 Appendix II
— ISO 8208 (X.25 DTE-DTE) modulo 8 and windows size 2, no multiple logical
connections
— T. 30 for fax group 3
— Modem with full negotiation
• T.30 for fax group 3 (SFF file format [default], sending and receiving up to 14400 bps
with ECM option, modula tions V.17, V.21, V.27ter, V.29)
• Analog modem (sending and receiving up to 14400 bps with V.42 error correction and
CAPI support is available only for the ISDN switch type Net3.
Supported D-Channel Prot ocols
Supported Applications
ISDN-DCP supports CAPI and non-CAPI applications. Supported applications consist of
those that use one or two B channels for data transfer, different HDLC-based protocols,
Euro File tra nsfe r , or fa x G4; also s upported are a ppli cati ons th at se nd bit -tra nsparent dat a,
such as A/Mu lay audio, fax G3, analog modem, or analog telephones.
Remote CAPI Router Commands
The command s used in th is chapter have been added to the router user interface to support
CAPI. Note that CAPI runs o n a remote ne twork de vice, not the route r; the Cisco 700 series
router enables remote CAPI applications.
Configuring Remote CAPI 6-3
Configuring the Cisco 700 Router as an RCAPI Server
Configuring the Cisco 700 Router as an RCAPI Server
This section de scri bes how to configu re t he Cisco 700 series router t o be an RC API serv er.
By default, RCAPI is disabled in the router. Enabling RCAPI causes the router to become
an RCAPI se r ver. When RCAPI is enabled, the router listens for i n coming RCAPI
messages from PCs connected on its LAN side. By default, the router listens for RCAPI
messages on TCP port 2578.
Figure 6-1 illustrates the confi guration used in this example. The PCs in the figure have
RVS-COM softwa r e installed.
Figure 6-1RCAPI Server Configuration Example
Local PCRemote PC
IP address
192.168.2.2
Local 7xx
router
IP address
192.168.2.1
Directory numbers
5554000/5552000
RCAPI Command Summary
Following is the command summa r y for configuring the RCAPI on the local Cisco 700
series router.
set rcapi on
set dir
set rcapi 1 number
set rcapi server port
reboot
5554000
5554000
2578
Remote 7xx
router
IP address
192.168.3.1
Directory numbers
5553000/551000
IP address
192.168.3.2
26547
6-4
Cisco700 Series Router Configuration Guide
Verify the Configuration
You can use the command show rcapi status to see the status of RCAPI server, the clients
that are in the listening state, and the status of RCAPI calls:
local-router> show rcapi status
Rcapi Sever ON
Rcapi Server Port 2578
Rcapi Number(s) 5554000
Configuring the Cisco 700 Router as an RCAPI Server
6-6
Cisco700 Series Router Configuration Guide
APPENDIXA
Token Card and Cisco Secure
Authentication Support
This appendix provides Token Card and Cisco Secure Authentication support concepts as
they apply to the Cisco 700 series router. Cisco Secure Authent ication Agent supports
single-user mode, which extends B channel authentication to a Cisco Secure
Authentication Agent client.
T ok en car ds ar e consi dere d the most s ecure authe ntica tion s oluti on av ai lable . The re are two
kinds of token cards, synchronous and asynchronous. Currently, Cisco Secure
Authenticat ion Agent only supports sync hronous token card, which does not need a
challenge from a to ken server to generate a token.
Figure A-1 shows the connection between the client and the token server.
Figure A-1Cisco Secure Authentication Agent Client-to-Token Server
Connection
LANISDNLANLAN
10259
Cisco Secure AA
client
The following steps illust rate how a link is established using a profile:
Step 1Demand tr affic or a ca ll command makes a connection.
Step 2The router sends a User Datagram Protocol (UDP) packet to a Token
Authorizati on agent (also known as Cisco Secure Authentication Agent),
requesting a username and passw ord for PAP and CHAP. If T oken Aut horizatio n
Support (TAS) is set to central, the router always sends the authentication
inform ation request to the des i gnated client.
Cisco 700NASAuthentication
Authorization
Accounting
Token Card and Cisco Secure Authentication Support A-1
Token
server
Token Caching
Otherwise, the router sends the request to the source of the interesting packet
recei v e d if t he i n ter esti ng pa ck et is an I P pa ck et . T he route r sends t he r equ est to
the designated client if the interesting packet is not an IP packet.
Step 3The agent software recognizes the UDP/IP packet and opens an authentication
window on the terminal. The user enters the username and token. The agent
organizes the information into the PAP and CHAP username and password,
based on the rout er conf igurati on. It then sends the use rname and pass word back
to the ro uter as a rep ly packet.
Step 4The reply packet is received, and the router opens an ISDN connection with
Network Access Server (NAS).
Step 5The router negotiates all line-control protocol options, including which
authentication protocol to use (PAP or CHAP).
Step 6Depending on whi ch aut hentic ation proto col is ne goti ated, the ro uter asse mbles
a PAP request or CHAP response packet and sends it to NA S. If authentication
fails, NAS passe s the failure m es sage from authentication, authorization, and
accounting (AAA) to the r outer. The router sends one more request to the agent
with a messag e to re try onc e more . If a uthent icati on fails aga in, t he rout er se nds
another PAP request with the pppautheninfotype parameter set to
message-only to in f orm the Cisco Sec ur e Authentication Agent client that the
authentication failed ag ain and that the router has stopped authoriz ation
attempts.
Token Caching
Cisco 700 series routers do not do token cachi ng. A token is cached at the client, and the
client sends the router the cached token in response to the authentication request from a link
that uses a multilink PPP bundle. Wi th its built-in algorithm, the agent can also generate a
new token, called a soft token, instead of prompting the user to enter a new hard token.
There are two authentication modes, PAP and CHAP local secret, shown in the following
figures.
A-2
Cisco700 Series Router Configuration Guide
Figure A-2PAP Client Packet
Token Caching
Client
username
token
Figure A-3CHAP Local Secret
Client
username*token
PPP PAP Packet
username
token
Cisco 700 Series Router Configuration
authorization protocol = PAP
local secret = N/A
PPP PAP Packet
MD5 (challenge, knock)username*token
Cisco 700 Series Router Configuration
authorization protocol = CHAP
use local secret = Yes
secret = knock
10260
10262
Token Card and Cisco Secure Authentication Support A-3
Token Caching
A-4
Cisco700 Series Router Configuration Guide
INDEX
Numerics
5ESS3-6
A
Address Resolution Protocol
See ARP
address, MAC3-8
addressing, DHCP5-2
AppleTalk4-15
ARP, supported proto col1-1
authentication2-4
CHAP3-4
PPP3-8
autodetection
set autodetection command3-5
troubleshooting3-6
B
B channel3-6
BCP, supported protocol1-1
Bridge Con trol Protocol
See BCP
bridging3-7, 4-15
configuration example3-7
interoperability issues4-15
C
CAPI6-1
cautio n descriptionx
cd command2-5
Challenge Handshake Authentication Protocol
See CHAP
changing a profile name2-6
CHAP3-10
authenticatio n3-10
config uration example
IP static routing and callback4-2
IP stati c routing with M LP4-4
IP unnumbered routing with MLP4-8
with Cisco IOS software4-2, 4-4, 4-8
secret3-4
supported protocol1-2
Cisco Fast Step1-3
Cisco Internetwork Operating System
See Cisco IOS
Cisco IOS
configurationvii, 4-1
Release 11.0(3)4-14
Release 11.14-15
software, inter operability with IPC P and IPXCP5-4
with bridging4-15
Cisco IOS-700 software1-2
command referenceviii
Common Application Program m ing Interface
See CAPI
See Remote CAPI
configuration
bridging example3-7
changing profiles2-2
displa ying profiles2-5
example
bridging3-7
IP static and callback with CHAP4-2
IP static with CHAP and MLP4-4
IP static with PAP4-6
IP unnumbered and CHAP with MLP4-8
RCAPI6-4
routing a Cisco 700 series router3-9
rout in g IP an d IPX on- de m a nd3-14
Index 1
routing to an ISP3-9
ISDN PRI4-1
line3-5
options1-3
port1-3
profiles2-1
Remote CAPI example6-4
system level2-2
Telnet1-3
Web sourcesviii
connect io ns
ISP3-9
creating profiles2-5
D
deleting profiles2-6
dema n d R IP4-14
DHCP
clients5-2
defa ul t gatewa y5 -2
network addresses5-2
relay5-1
ICMP, supported protocol1-1
image (software)1-3
Integrated Services Digital Network
See ISDN
Internal profile2-4, 5-3
Interne t Control Message Protocol
See ICMP
Interne t Packet Exchange Control Protocol
See IPXCP
Interne t Protocol Cont rol Protocol
See IPCP
Internet service p rovider
See ISP
Interne tw ork Packet Exchange
See IPX
interoperab il ity w ith Ci sc o IOS softw a re
bridging4-15
IPCP and IPXCP5-4
multili nk PP P en ca p sulatio n4-1 4
IP3-14, 3-17
config uration example
IP static and callback with CHAP4-2
IP static with CHAP and MLP4-4
IP static with PAP4-6
IP unnumbered and CHAP with MLP4-8
rout in g IP an d IPX on- de m a nd3-14
Cisco 700 Series Rout er Configuration GuideIndex 2
IPX3-14, 3-17
configuration example, routin g IP and IPX
on-demand3-14
IPXCP
interoperability issues5-1
supporte d protocol1-1
ISDN
BRI number3-6
PRI configuration4-1
ISDN Device Control Protocol
See ISDN-DCP
ISDN-DCP , supported protocol1-2
ISP, connections3-9
L
N
NCP3-11
NetBIOS4-15
network add ress
DHCP5-2
space limitations4-15
Network Control Protocol
See NCP
NI1 switch3-7
nonvolatile random access memory
See NVRAM
note, descriptionx
Novell IPX4-15
NVRAM2-1
LAN
Ethernet 10B aseT connection3-2
profile2-4
LCP3-11
line configuration3-5
Link Control Protocol
See LCP
M
MAC address table3-8
MLP, confi guration example
IP static routing with CHAP4-4
IP unnumbered routing wi th CH A P4-8
MLPPP
encapsul ation4-14
supporte d protocol1-1
Mult il i nk Point-to- Point Pr otocol
See MLPPP
O
operati ng system (router)1-1
overview of Cisco 700 series routers1-1
P
PAP3-4
config uration example
IP stati c routing4-6
with a router running Cisco IOS sof tware4-6
supported protocol1-1
Password Authentication Protocol
See PAP
PAT with IPCP single-dest ination negotiation5-9
PAT, supported protocol1-2
permanent profiles2-4, 2-6
Point-to-Point Protocol
See PPP
Port Address Translation
See PAT
Index 3
PPP3-11
configuration example
routin g IP and IPX on-demand3-14
IP and IPX ro uting3-14
IPCP negotiation5-5
multil in k enc a ps u la tio n, intero p er ab i lity4-14
supporte d protocol1-1
private IP addresses5-3
profil e-level parameters2-1
profiles
Standard2-4
redefin ed values indi cator2-5
removing parameters2-5
system mode parameters2- 3
user-defined3-10
using with the routers2-1 to 2-7
protocols supported1-1
Q
quick referenceviii
R
release notes for Cis co IO S 700 softwareviii
Remote CAPI6-3
configuration6-4
config uration example6-4
TCP port6-4
Remote CAPI, su pported protocol1-2
Remote Common App lication Programmers Interface
See RCAPI
removing profile parameters2-5
reset user command2-6
RIP
dynamic routing protocols4-14
PAT enabled5-3
supported protocol
router manualsviii
routing
config uration example
bridging3-7
central site3-11
routing a Cisco 700 series router3-9
rout in g IP an d IPX on- de m a nd3-14
routing to an ISP3-9
Routing Inf ormation Protocol
See RIP
S
SAP, supported protocol1-1
secret, CHAP3-4
Service Advertisement Protocol
See SAP
set autodetectio n com mand3-5
set default command3-4
set ip framing command5-4
set ip rip update command4-14
set ppp multilink command4-14
set profi le user comma nd2-6
set switch command3-6
set user command2-3
show commands, defined2-5
show configuration command3-3
Cisco 700 Series Rout er Configuration GuideIndex 4
show dhcp configuration5-7
show dhcp connections5-15
show ip configuration command5-6
show ip route command5-6
show rcapi status command6-5
Simple Network Management Protocol