Configuring Backup Data Lines and Remote Management

This chapter describes configuring backup data lines and remote management in the following sections:

The Cisco 819 Integrated Services Router (ISR) supports backup data connectivity with a backup data line that enables them to mitigate WAN downtime.

Cisco 819 ISRs also support remote management functions through the auxiliary port on any Cisco 819 series ISRs.

Note On the Cisco 819 ISRs, the console port and the auxiliary port are on the same physical RJ-45 port. Therefore, the two ports cannot be activated simultaneously. You must use the command-line interface (CLI) to enable the desired function.

Configuring Backup Interfaces

When the router receives an indication that the primary interface is down, the backup interface becomes enabled. After the primary connection has been restored for a specified period, the backup interface is disabled.

Even if the backup interface comes out of standby mode, the router does not enable the backup interface unless the router receives the traffic specified for that backup interface.

Table 6-1 shows the backup interfaces available for each Cisco 819 ISR, along with their port designations. Basic configurations for these interfaces are given in the “Configuring WAN Interfaces”.

Table 6-1 Model Number and Data Line Backup Capabilities
Router Model Number
3G

819

 

Yes

 

To configure your router with a backup interface, perform these steps, beginning in global configuration mode:

SUMMARY STEPS

1. interface type number

2. backup interface interface-type interface-number

3. exit

DETAILED STEPS

Command
Purpose

Step 1

interface type number

Example:

Router(config)# interface xxx 0
Router(config-if)#
 

Enters interface configuration mode for the interface for which you want to configure backup.

This can be a serial interface, ISDN interface, or asynchronous interface.

Step 2

backup interface interface-type interface-number

Example:

Router(config-if)# backup interface serial 0
Router(config-if)#
 

Assigns an interface as the secondary or backup interface.

This can be a serial interface or asynchronous interface. For example, a serial 1 interface could be configured to back up a serial 0 interface.

The example shows a serial interface configured as the backup interface for the ATM 0 interface.

Step 3

exit

Example:

Router(config-if)# exit
Router(config)#
 

Exits the configuration interface mode.

Configuring Cellular Dial-on-Demand Routing Backup

To monitor the primary connection and initiate the backup connection over the cellular interface when needed, the router can use one of the following methods:

  • Backup Interface—The backup interface that stays in standby mode until the primary interface line protocol is detected as down and then is brought up. See the “Configuring Backup Interfaces” section.
  • Dialer Watch—Dialer watch is a backup feature that integrates dial backup with routing capabilities. See the “Configuring DDR Backup Using Dialer Watch”.
  • Floating Static Route—The route through the backup interface has an administrative distance that is greater than the administrative distance of the primary connection route and therefore would not be in the routing table until the primary interface goes down. When the primary interaface goes down, the floating static route is used. See the “Configuring DDR Backup Using Floating Static Route”

Note You cannot configure a backup interface for the cellular interface and any other asynchronous serial interface.

Configuring DDR Backup Using Dialer Watch

To initiate dialer watch, you must configure the interface to perform dial-on-demand routing (DDR) and backup. Use traditional DDR configuration commands, such as dialer maps, for DDR capabilities. To enable dialer watch on the backup interface and create a dialer list, use the following commands in interface configuration mode.

SUMMARY STEPS

1. configure terminal

2. interface type number

3. dialer watch group group-number

4. dialer watch-list group-number ip ip-address address-mask

5. dialer-list <dialer-group> protocol <protocol name> {permit | deny | list <access list number> | access-group}

6. ip access-list <access list number> permit <ip source address>

7. interface cellular 0

8. dialer string <string>

DETAILED STEPS

 

Command or Action
Purpose

Step 1

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 2

interface type number

 

Router (config)# interface 0

Specifies the interface.

Step 3

dialer watch-group

group-number

 

Router(config-if)# dialer watch-group 2

Enables dialer watch on the backup interface.

Step 4

dialer watch-list group-number ip ip-address address-mask

 

Router(config-if)# dialer watch-list 2 ip 10.4.0.254 255.255.0.0

Defines a list of all IP addresses to be watched.

Step 5

dialer-list <dialer-group> protocol <protocol-name> {permit | deny | list <access-list-number> | access-group}

 

Router(config)# dialer-list 2 protocol ip permit

Creates a dialer list for traffic of interest and permits access to an entire protocol.

Step 6

ip access-list <access list number> permit <ip source address>

 

Router(config)# access list 2 permit 10.4.0.0

Defines traffic of interest.

Do not use the access list permit all command to avoid sending traffic to the IP network. This may result in call termination.

Step 7
interface cellular 0
 

Router (config)# interface cellular 0

Specifies the cellular interface.

Step 8
dialer string <string>

or

dialer group <dialer group number>
 

Router (config-if)# dialer string cdma *** cdma ***

 

or

Router (config-if)# dialer group 2 *** gsm ***

CDMA only. Specifies the dialer script (defined using the chat script command).

GSM only. Maps a dialer list to the dialer interface.

Configuring DDR Backup Using Floating Static Route

To configure a floating static default route on the secondary interface, use the following commands, beginning in the global configuration mode.

Note Make sure you have ip classless enabled on your router.

SUMMARY STEPS

1. configure terminal

2. ip route network-number network-mask {ip address | interface} [administrative distance] [name name]

DETAILED STEPS

 

Command or Action
Purpose

Step 1

configure terminal

 

Router# configure terminal

Enters global configuration mode from the terminal.

Step 2

ip route network-number network-mask

{ip-address | interface} [administrative distance] [name name]

 

Router (config)# ip route 0.0.0.0 Dialer 2 track 234

Establishes a floating static route with the configured administrative distance through the specified interface.

A higher administrative distance should be configured for the route through the backup interface, so that the backup interface is used only when the primary interface is down.

Cellular Wireless Modem as Backup with NAT and IPsec Configuration

The following example shows how to configure the 3G wireless modem as backup with NAT and IPsec on either GSM or CDMA networks.

Note The receive and transmit speeds cannot be configured. The actual throughput depends on the cellular network service.

Current configuration : 3433 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key gsm address 128.107.241.234
!
!
crypto ipsec transform-set gsm ah-sha-hmac esp-3des
!
crypto map gsm1 10 ipsec-isakmp
set peer 128.107.241.234
set transform-set gsm
match address 103
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.4.0.254
!
ip dhcp pool gsmpool
network 10.4.0.0 255.255.0.0
dns-server 66.209.10.201 66.102.163.231
default-router 10.4.0.254
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
chat-script gsm "" "atdt*98*1#" TIMEOUT 30 "CONNECT"
!
!
archive
log config
hidekeys
!
!
interface 0
no ip address
ip virtual-reassembly
load-interval 30
no ilmi-keepalive
!
interface 0.1 point-to-point
backup interface Cellular0
ip nat outside
ip virtual-reassembly
pvc 0/35
pppoe-client dial-pool-number 2
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer in-band
dialer idle-timeout 0
dialer string gsm
dialer-group 1
async mode interactive
no ppp lcp fast-start
ppp chap hostname chunahayev@wwan.ccs
ppp chap password 0 B7uhestacr
ppp ipcp dns request
crypto map gsm1
!
interface Vlan1
description used as default gateway address for DHCP clients
ip address 10.4.0.254 255.255.0.0
ip nat inside
ip virtual-reassembly
!
interface Dialer2
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap password 0 cisco
ppp ipcp dns request
crypto map gsm1
!
ip local policy route-map track-primary-if
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer2 track 234
ip route 0.0.0.0 0.0.0.0 Cellular0 254
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map nat2cell interface Cellular0 overload
!
ip sla 1
icmp-echo 209.131.36.158 source-interface Dialer2
timeout 1000
frequency 2
ip sla schedule 1 life forever start-time now
access-list 1 permit any
access-list 2 permit 10.4.0.0 0.0.255.255
access-list 3 permit any
access-list 101 permit ip 10.4.0.0 0.0.255.255 any
access-list 102 permit icmp any host 209.131.36.158
access-list 103 permit ip host 166.136.225.89 128.107.0.0 0.0.255.255
access-list 103 permit ip host 75.40.113.246 128.107.0.0 0.0.255.255
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
!
!
route-map track-primary-if permit 10
match ip address 102
set interface Dialer2
!
route-map nat2cell permit 10
match ip address 101
match interface Cellular0
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 3
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
line vty 0 4
login
!
scheduler max-task-time 5000
 
!
webvpn cef
end
 

Configuring Dial Backup and Remote Management Through the Console Port

When customer premises equipment, such as a Cisco 819 ISR, is connected to an ISP, an IP address is dynamically assigned to the router or the IP address may be assigned by the router peer through the centrally managed function. The dial backup feature can be added to provide a failover route in case the primary line fails. The Cisco 819 ISRs can use the auxiliary port for dial backup and remote management.

Figure 6-1 shows the network configuration used for remote management access and for providing backup to the primary WAN line.

Figure 6-1 Dial Backup and Remote Management Through the Auxiliary Port

 

 

1

Cisco 819 router
A

Main WAN link; primary connection to Internet service provider
2

Modem
B

Dial backup; serves as a failover link for Cisco 819 routers when primary line goes down
3

PC
C

Remote management; serves as dial-in access to allow changes or updates to Cisco IOS configurations

To configure dial backup and remote management for these routers, perform these steps, beginning in global configuration mode:

SUMMARY STEPS

1. ip name-server server-address

2. ip dhcp pool name

3. exit

4. chat-script script-name expect-send

5. interface type number

6. exit

7. interface type number

8. dialer watch-group group-number

9. exit

10. ip nat inside source { list access-list-number }{ interface type number | pool name } [ overload ]

11. ip route prefix mask { ip-address | interface-type interface-number [ ip-address ]}

12. access-list access-list-number { deny | permit } source [ source-wildcard ]

13. dialerwatch-list group-number { ip ip-address address-mask | delay route-check initial seconds }

14. line [aux | console | tty | vty] line-number [ ending-line-number ]

15. modem enable

16. exit

17. line [aux | console | tty | vty] line-number [ ending-line-number ]

18. flowcontrol {none | software [lock] [in | out] | hardware [in | out]}

DETAILED STEPS

Command
Purpose

Step 1

ip name-server server-address

Example:

Router(config)#ip name-server 192.168.28.12
Router(config)#
 

Enters your ISP DNS IP address.

Tip You may add multiple server addresses if available.

Step 2

ip dhcp pool name

Example:

Router(config)#ip dhcp pool 1
Router(config-dhcp)#
 

Creates a DHCP address pool on the router and enters DHCP pool configuration mode. The name argument can be a string or an integer.

  • Configure the DHCP address pool. For sample commands that you can use in DHCP pool configuration mode, see the “Example” section.

Step 3

exit

Example:

Router(config-dhcp)#exit
Router(config)#
 

Exits config-dhcp mode and enters global configuration mode.

Step 4

chat-script script-name expect-send

Example:

Router(config)# chat-script Dialout ABORT ERROR ABORT BUSY ““ “AT” OK “ATDT 5555102 T” TIMEOUT 45 CONNECT \c
Router(config)#
 

Configures a chat script used in dial-on-demand routing (DDR) to give commands for dialing a modem and for logging in to remote systems. The defined script is used to place a call over a modem connected to the PSTN.

Step 5

interface type number

Example:

Router(config)# interface Async 1
Router(config-if)#
 

Creates and enters configuration mode for the asynchronous interface.

Configure the asynchronous interface. For sample commands that you can use in asynchronous interface configuration mode, see the “Example” section.

Step 6

exit

Example:

Router(config-if)# exit
Router(config)#
 

Enters global configuration mode.

Step 7

interface type number

Example:

Router(config)# interface Dialer 3
Router(config-if)#
 

Creates and enters configuration mode for the dialer interface.

Step 8

dialer watch-group group-number

Example:

Router(config-if)# dialer watch-group 1
Router(config-if)#
 

Specifies the group number for the watch list.

Step 9

exit

Example:

Router(config-if)# exit
Router(config)#
 

Exits the interface configuration mode.

Step 10

ip nat inside source {list access-list-number} {interface type number | pool name} [overload]

Example:

Router(config)# ip nat inside source list 101 interface Dialer 3 overload
 

Enables dynamic translation of addresses on the inside interface.

Step 11

ip route prefix mask {ip-address | interface-type interface-number [ip-address]}

Example:

Router(config)# ip route 0.0.0.0 0.0.0.0 22.0.0.2
Router(config)#
 

Sets the IP route to point to the dialer interface as a default gateway.

Step 12

access-list access-list-number {deny | permit} source [source-wildcard]

Example:

Router(config)# access-list 1 permit 192.168.0.0 0.0.255.255 any
 

Defines an extended access list that indicates which addresses need translation.

Step 13

dialerwatch-list group-number {ip ip-address address-mask | delay route-check initial seconds}

Example:

Router(config)# dialer watch-list 1 ip 22.0.0.2 255.255.255.255
Router(config)#
 

Evaluates the status of the primary link, based on the existence of routes to the peer. The address 22.0.0.2 is the peer IP address of the ISP.

Step 14

line [aux | console | tty | vty] line-number [ending-line-number]

Example:

Router(config)# line console 0
Router(config-line)#
 

Enters configuration mode for the line interface.

Step 15

modem enable

Example:

Router(config-line)# modem enable
Router(config-line)#
 

Switches the port from console to auxiliary port function.

Step 16

exit

Example:

Router(config-line)# exit
Router(config)#
 

Exits the configure interface mode.

Step 17

line [aux | console | tty | vty] line-number [ending-line-number]

Example:

Router(config)# line aux 0
Router(config)#
 

Enters configuration mode for the auxiliary interface.

Step 18

flowcontrol { none | software [ lock ] [ in | out ] | hardware [ in | out ]}

Example:

Router(config)# flowcontrol hardware
Router(config)#
 

Enables hardware signal flow control.

Example

The following configuration example specifies an IP address for the interface through PPP and IPCP address negotiation and dial backup over the console port:

!
ip name-server 192.168.28.12
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool 1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
! Need to use your own correct ISP phone number.
modemcap entry MY-USER_MODEM:MSC=&F1S0=1
chat-script Dialout ABORT ERROR ABORT BUSY ““ “AT” OK “ATDT 5555102\T”
TIMEOUT 45 CONNECT \c
!
!
!
!
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
!
! Dial backup and remote management physical interface.
interface Async1
no ip address
encapsulation ppp
dialer in-band
dialer pool-member 3
async default routing
async dynamic routing
async mode dedicated
ppp authentication pap callin
!
interface ATM0
mtu 1492
no ip address
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
!
! Primary WAN link.
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username account password 7 pass
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp mask request
!
! Dialer backup logical interface.
interface Dialer3
ip address negotiated
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 3
dialer idle-timeout 60
dialer string 5555102 modem-script Dialout
dialer watch-group 1
!
! Remote management PC IP address.
peer default ip address 192.168.2.2
no cdp enable
!
! Need to use your own ISP account and password.
ppp pap sent-username account password 7 pass
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp mask request
!
! IP NAT over Dialer interface using route-map.
ip nat inside source route-map main interface Dialer1 overload
ip nat inside source route-map secondary interface Dialer3 overload
ip classless
!
! When primary link is up again, distance 50 will override 80 if dial backup
! has not timed out. Use multiple routes because peer IP addresses are alternated
! among them when the CPE is connected.
ip route 0.0.0.0 0.0.0.0 64.161.31.254 50
ip route 0.0.0.0 0.0.0.0 66.125.91.254 50
ip route 0.0.0.0 0.0.0.0 64.174.91.254 50
ip route 0.0.0.0 0.0.0.0 63.203.35.136 80
ip route 0.0.0.0 0.0.0.0 63.203.35.137 80
ip route 0.0.0.0 0.0.0.0 63.203.35.138 80
ip route 0.0.0.0 0.0.0.0 63.203.35.139 80
ip route 0.0.0.0 0.0.0.0 63.203.35.140 80
ip route 0.0.0.0 0.0.0.0 63.203.35.141 80
ip route 0.0.0.0 0.0.0.0 Dialer1 150
no ip http server
ip pim bidir-enable
!
! PC IP address behind CPE.
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip 192.168.0.0 0.0.255.255 any
!
! Watch multiple IP addresses because peers are alternated
! among them when the CPE is connected.
dialer watch-list 1 ip 64.161.31.254 255.255.255.255
dialer watch-list 1 ip 64.174.91.254 255.255.255.255
dialer watch-list 1 ip 64.125.91.254 255.255.255.255
!
! Dial backup will kick in if primary link is not available
! 5 minutes after CPE starts up.
dialer watch-list 1 delay route-check initial 300
dialer-list 1 protocol ip permit
!
! Direct traffic to an interface only if the dialer is assigned an IP address.
route-map main permit 10
match ip address 101
match interface Dialer1
!
route-map secondary permit 10
match ip address 103
match interface Dialer3
!
! Change console to aux function.
line con 0
exec-timedout 0 0
modem enable
stopbits 1
line aux 0
exec-timeout 0 0
! To enable and communicate with the external modem properly.
script dialer Dialout
modem InOut
modem autoconfigure discovery
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
exec-timeout 0 0
password cisco
login
!
scheduler max-task-time 5000
end