Access Server Dial-In IP/PPP Configuration With Dedicated V.120 PPP

Introduction

This document provides a sample configuration for access server dial-in IP/PPP with dedicated V.120 PPP

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco IOS® Software Release 11.2 or later, for V.120 with Virtual-Asynchronous Interfaces.

• Cisco IOS Software Release 11.3 or later, for V.120 with Virtual-Templates.

• Cisco IOS Enterprise Image for configuring more than five VTY lines.

Use the Software Advisor tool (registered customers only) to determine which Cisco IOS software feature sets support V.120 functionality. Within the tool, select the following features: V.120 Support, Protocol Translation, and Virtual-Templates for Protocol Translation. If you require additional features, select them as required.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Background Information

The International Telecommunication Union Telecommunication Standardization Sector (ITU-T) Recommendation V.120, allows for reliable transport of synchronous, asynchronous, or bit transparent data over ISDN bearer channels.

A V.120 connection can be in either PPP or non-PPP mode. This is because many V.120 Terminal Adapters are similar to modems, and support some AT command sets. The non-PPP mode can be used to verify whether the V.120 setup is correct on the client and router. PPP can then be configured on that link. See the Verify V.120 in non-PPP mode section for more information.

There are two primary methods to implement V.120:

• Virtual-Asynchronous interfaces

  Using Cisco IOS software, you can configure asynchronous protocol features, such as PPP and SLIP, on VTY lines. PPP and SLIP normally function only on asynchronous interfaces, not on VTY lines. When you configure a VTY line to support asynchronous protocol features, you are creating Virtual-Asynchronous interfaces on the VTY lines. A Virtual-Asynchronous interface (also known as vty-async) is created to support calls that enter the router through a non-physical interface. For example, asynchronous character stream calls terminate, or land on non-physical interfaces. Virtual-Asynchronous interfaces are not user configurable; rather, they are dynamically created, and torn down on demand.

• Virtual-Templates

  The Virtual-Template implementation supports tunneling of PPP, using a two-step protocol translation. When a V.120 user dials in through a virtual terminal line, the router creates a virtual access interface. Virtual access interface is a temporary interface that supports the asynchronous protocol configuration specified in the virtual interface template. That interface is created dynamically by cloning the Virtual-Template interface in the configuration. This virtual access interface is freed up as soon as the connection drops. The Virtual-Template is more flexible, because it gives more configuration options than the limited Virtual-Asynchronous implementation.

How V.120 Affects Router Performance

Cisco does not recommend that you run PPP over V.120 on Micamodem, because V.120 processing is extremely CPU-intensive. A Cisco AS5200 cannot handle many concurrently active V.120 PPP connections. Other AS5xxx routers can handle more concurrently active V.120 PPP connections. As an alternative, Cisco recommends configuring the client ISDN terminal adapter (TA) to do "sync-to-async PPP conversion" so that the connection comes into the network access server (NAS) as normal sync PPP instead of V.120.

However, with Nextport Modems, a new feature has been added, to off-load V.120 calls to the modem Digital Signal Processor (DSP). If you use Cisco IOS Software Release 12.2 XB (and 12.2(11)T and later), it is possible to terminate V.120 calls on the NextPort DSP instead of the CPU. For more information, see Terminating V.120 Sessions on the NextPort DSP.

Why implement PPP over V.120?

PPP over V.120 is CPU-intensive. Therefore, Cisco discourages an extensive implementation. However you may want to run PPP over V.120 for the following reasons:

• You are using a terminal adapter (TA) that is attached to an async data terminal equipment (DTE), and cannot do sync-to-async PPP conversion. In this case, you must use V.120.

• Your TA's default configuration is V.120, and you are unable to reconfigure your TA without the assistance of your Internet service provider (ISP).

• The application wants to have the PPP session start off with a character-cell terminal dialog (for example, a special one-time password challenge and response), so you do not want a pure sync PPP session.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

This section also describes the implementaion for vty-async and Virtual-Templates.

Note: These steps assume that the NAS is properly configured for basic ISDN or Async Dialin access, and that the client is properly configured for PPP over V.120.

Virtual-Asynchronous Interfaces (vty-async)

To implement vty-async, complete these steps:

1. Create Virtual-Asynchronous Interfaces using the vty-async global configuration command.

2. Configure the authentication for the vty-async connection. Use the vty-async ppp authen {chap | pap}command.

3. Configure other vty-async parameters such as, keepalive timers, mtu size, header compression, and so on, as required, for your setup. Refer to Protocol Translation and Virtual Asynchronous Device Commands for more information.

4. Configure Automatic Detection of V.120 Encapsulation using the autodetect encapsulation v120 ppp command. This command must be applied to the physical interface of the incoming call (for example, interface BRI 0, interface Serial 1:23). However, if the calling V.120 TA correctly signals V.120 in the Q.931 SETUP low-level compatibility field, autodetect encapsulation is not needed. Unfortunately, many TAs fail to do this.

5. Disable the Username and Password prompt under the VTY line configuration. You can do this by configuring no login and no password in VTY line configuration mode. If you are using AAA, define a list that has the method none and then apply it to the VTY interface. For example:

   maui-soho-01(config)#aaa new-model
   maui-soho-01(config)#aaa authentication login NO_AUTHEN none
   maui-soho-01(config)#line vty 0 4
   maui-soho-01(config-line)#login authentication NO_AUTHEN
   

6. Configure the autocommand ppp default command in VTY line configuration mode. With no login authentication and autocommand ppp, the VTY initiates PPP as soon as a V.120 connection comes in. This allows the V.120 peer to start PPP negotiations immediately, without having to run a script, or enter username and password in a terminal window. The autoselect command is not supported on VTYs.

   Note: Since the VTYs start running PPP as soon as the connection is established, you will not be able to issue the telnet command on the NAS for administrative purposes. To get around this restriction, apply the transport input v120 command on the VTYs used for the V.120 PPP connections, and apply the transport input telnet command on those used for administrative telnet.

Virtual-Templates

To implement Virtual-Templates, complete these steps:

1. Create and configure a virtual interface template by using the interface virtual-template command. Configure this virtual interface just as you would configure a regular asynchronous serial interface. To do so, assign the virtual interface template the IP address of an active interface (using the ip unnumbered interface command) , and configure addressing, just as you would configure it on an asynchronous interface. You can also enter commands in interface configuration mode that compress TCP headers or configure Challenge Handshake Authentication Protocol (CHAP) authentication for PPP. For example:

   interface Virtual-Template1
     ip unnumbered Ethernet0
     no ip directed-broadcast
     ip tcp header-compression passive
     peer default ip address pool IPaddressPool
     ppp authentication chap

2. Create Virtual-Asynchronous Interfaces using the vty-async global configuration command.

3. Configure virtual terminal lines to support asynchronous protocol functions, based on the definition of a virtual interface template. You can do this using the vty-async virtual-template number command in global configuration mode. For example:

   vty-async
   vty-async Virtual-Template 1

4. Configure Automatic Detection of V.120 Encapsulation using the autodetect encapsulation v120 ppp command. Apply this command to the physical interface of the incoming call (for example, interface BRI 0, interface Serial 1:23). However, If the calling V.120 TA correctly signals V.120 in the Q.931 SETUP low-level compatibility field, autodetect encapsulation is not required. Unfortunately, many TAs fail to do this.

5. Disable the Username and Password prompt under the vty line configuration. Do this by configuring no login and no password in vty line configuration mode. If you are using AAA, define a list that has the method none and then apply it to the vty interface. For example:

   maui-soho-01(config)#aaa new-model
   maui-soho-01(config)#aaa authentication login NO_AUTHEN none
   maui-soho-01(config)#line vty 0 4
   maui-soho-01(config-line)#login authentication NO_AUTHEN
   

6. Configure the autocommand ppp default command in vty line configuration mode. With no login authentication and autocommand ppp, the VTY initaites PPP as soon as a V.120 connection comes in. This will allow the V.120 peer to start PPP negotiations immediately, without having to run a script or enter username and password in a terminal window. Note that the autoselect command is not supported on VTYs.

   Note: Since the VTYs start running PPP as soon as the connection is established, you will not be able to issue the telnet command on the NAS for administrative purposes. To get around this restriction, apply the transport input v120 command on the VTYs used for the V.120 PPP connections, and apply the transport input telnet command on those used for administrative telnet.

Network Diagram

This document uses this network setup:

Configurations

This document uses this configuration:

• Cisco AS5200 that supports dial-in IP or PPP clients for synchronous ISDN PPP (not multilink), asynchronous PPP, and V.120 PPP.

This configuration uses the Virtual-Asynchronous interfaces (vty-async) method described above.

aaa new-model
aaa authentication login default local
aaa authentication login NOAUTH none             

!--- The aaa list NOAUTH has no authentication. !--- This list will be applied to the vty interface.

! 
username fred password FLINTSTONE
!
ip local pool default 10.1.1.2 10.1.1.47

!--- Define local IP address pool.


vty-async                                        

!--- Configures all virtual terminal lines on a router to !--- support asynchronous protocol features. !--- The vty-async parameters are required for Async V.120. 

vty-async keepalive 0       

!--- Disable PPP keepalives.

vty-async ppp authen chap pap 

!--- Async V.120 PPP authentication methods.

!
interface Ethernet0
  ip address 10.1.1.1 255.255.255.0
!
interface serial0:23

!--- ISDN D-channel configuration for T1 0.

  no ip address
  encapsulation ppp
  isdn incoming-voice modem

!--- Analog calls are forwarded to the internal digital modem.

  ppp authentication chap pap
  dialer rotary-group 1

!--- Member of rotary group 1. 


!--- The rotary group configuration is interface Dialer 1.

  autodetect encapsulation v120 ppp  

!--- Automatic detection of encapsulation type on the specified interface. !--- This interface will automatically detect whether the call is normal PPP or V.120 !--- If the calling V.120 TA correctly signals V.120 in the Q.931 !--- SETUP low-level compatibility field, autodetect encapsulation is !--- not needed. Unfortunately, many TAs fail to do this. 
   
!
interface Dialer1

!--- Rotary group 1 logical interface.

  description Dialer interface for sync ISDN calls
  ip unnumbered Ethernet0
  encapsulation ppp
  peer default ip address pool
  dialer-group 1
  dialer idle-timeout 300                      
  no cdp enable
  ppp authentication chap pap 
!
interface Group-Async1
  description Interface for async modem calls
  async mode dedicated                           

!--- PPP only, no exec dial-ins (or Teminal window after dial).
 
  ip unnumbered Ethernet0
  encapsulation ppp
  ip tcp header-compression
  peer default ip address pool default
  dialer-group 1
  dialer idle-timeout 300                        
  no cdp enable
  ppp authentication chap pap
!
dialer-list 1 protocol ip permit
!
line con 0
  login authentication NOAUTH
line 1 48

!--- Modems used for normal async calls.

  no exec
  modem inout
!                                                
line vty 0 45

!--- V.120 call will be terminated on vty 0 45. !--- If your router does not support more than five vtys refer !--- to the Components Used section.

  login authentication NOAUTH    

!--- Use the AAA list NOAUTH (which specified no authentication) !--- configured previously with this method. There will be no !--- Username/password exec prompt. Use the no login command !--- if this NAS does not do AAA.

  autocommand ppp default

!--- This command is ONLY required for V.120 with PPP.

  session-timeout 5 output                       

!--- Timeout of 5 minutes.

  transport input v120                           

!--- Allow only V.120 connections into these VTYs.

line vty 46 50

!--- These vtys will be used for normal telnets into the router.

  login authentication default

!--- Use AAA list "default" for vty 46-50. !--- This method uses local authentication (configured previously).

  exec-timeout 30
  transport input telnet

!--- Permit only incoming telnet connections to use vty 46-50.

Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

• show ip route—displays the IP routing table entries.

• show users—displays information about the active lines of the network server, including the line number, connection names, and terminal location.

Verify the V.120 Connection

To verify the V.120 connection, complete these steps:

1. Use debug v120, and generate an incoming V.120 call. You should see this debug output on the NAS:

   19:25:16: V120: Autodetect trying to detect V120 mode on Se0:18
   19:25:16: V120 sampled pkt:  3 bytes:  8 1 7F
   19:25:16: Se0:18-v120 started - Setting default V.120 parameters
   19:25:16: V120extablished handle = 4

   If this message does not appear, the incoming call was probably not V.120, and hence the router did not detect it as such.

2. Verify whether the vty-async interface comes up. If your configuration uses V.120 with Virtual-Templates, check whether a virtual-access interface is created. In the following console log output, the the vty-async 32 interface is up:

   19:25:17: %LINK-3-UPDOWN: Interface VTY-Async32, 
   changed state to up

3. Use debug ppp negotiation and debug ppp authentication. to ensure that PPP parameters are properly negotiated. For more information on PPP debugging, see Dialup Technology: Troubleshooting Techniques.

4. Perform a show ip route and show users to check that the V.120 call is properly established.

The following examples are outputs from a setup where we do not have V.120 Virtual-Templates:

DSL4-5300A#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     172.68.0.0/32 is subnetted, 1 subnets
S       172.68.186.41 [1/0] via 172.18.120.1
     172.18.0.0/24 is subnetted, 1 subnets
S       172.18.120.0 [1/0] via 10.92.1.1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.92.1.0 is directly connected, FastEthernet0
C    192.168.1.0/24 is directly connected, Loopback0
     172.0.0.0/32 is subnetted, 1 subnets
C       172.22.53.1 is directly connected, VTY-Async32

Note: The call is connected on interface VTY-Async 32, and there is a route to the client.

Note: The IP address of NAS side of the link will be that of either the ethernet or fast-ethernet interface on the NAS, when using the non Virtual-Template configuration option. Hence verify whether the ethernet or fast-ethernet interface is up and can be pinged.

DSL4-5300A#show users
  Line          User       Host(s)              Idle     Location
*0 con 0                   idle                 00:00:00
 32 vty 0     wan-2520-5  VTY-Async32           00:01:37 Serial0:18
Interface        User      Mode                 Idle     Peer Address
  VT32         wan-2520-5 Async PPP             00:01:14 172.22.53.1

Note: The call is connected on interface VTY-Async 32, and the peer IP address is specified.

If you use the Virtual-Template option with V.120 the show ip route and show user output appears like this:

DSL4-5300A#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     192.168.199.0/32 is subnetted, 1 subnets
C       192.168.199.5 is directly connected, Virtual-Access1
     172.22.0.0/32 is subnetted, 1 subnets
S       172.22.186.41 [1/0] via 172.18.120.1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.20.20.0 is directly connected, Virtual-Access1
.........

Note: The call is connected on interface Virtual-Access 1, and there is a route to the client.

DSL4-5300A#show users
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00
  32 vty 0     wan-2520-5 Virtual-Access1      00:00:05 Serial0:18

Note: The call is connected on interface Virtual-Access 1.

Verify V.120 in Non-PPP Mode

Many V.120 terminal adapters are similar to modems, and support some AT command sets. Hence, you can use the non-PPP mode to verify whether the V.120 setup on the client and router are correct. You can then conffigure PPP on that link. Testing the V.120 by itself allows us to troubleshoot V.120 related problems without adding the complexity of PPP.

To test the V.120 connection in non-PPP mode, complete these steps:

1. Enable the Username and Password prompt under the vty line configuration. Use the login command to enable login. Use the password password command to set the line password. If you are using AAA, remove the login authentication list command under the vty.

2. Remove the autocommand ppp default command in vty line configuration mode. For example:

   maui-soho-01(config)#line vty 0 4
   maui-soho-01(config-line)#login
   maui-soho-01(config-line)#password letmein
   maui-soho-01(config-line)#no autocommand ppp default
   

3. Turn on debug v120, and initiate a call from the client. The router should display this:

   19:25:16: V120: Autodetect trying to detect V120 mode on Se0:18
   19:25:16: V120 sampled pkt:  3 bytes:  8 1 7F
   19:25:16: Se0:18-v120 started - Setting default V.120 parameters
   19:25:16: V120extablished handle = 4       

4. Continue the rest of the V.120 configuration. Complete the steps described in the Configure section.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands (Optional)

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

Note: Before you issue debug commands, refer to Important Information on Debug Commands for more information.

• debug v120—indicates when V.120 processing is started or terminated, and the interface on which it is running.

• debug ppp negotiation—displays information on PPP traffic and exchanges, while negotiating the PPP components including Link Control Protocol (LCP), Authentication, and NCP. A successful PPP negotiation will first open the LCP state, then authenticate, and finally negotiate NCP (usually IPCP).

• debug ppp authentication—displays the PPP authentication protocol messages, including CHAP packet exchanges and Password Authentication Protocol (PAP) exchanges.

Related Information

• Configuring V.120 Access
• V.120 Access Commands
• Configuring Virtual Asynchronous Traffic over ISDN
• Protocol Translation and Virtual Asynchronous Device Commands
• Technical Support & Documentation - Cisco Systems