使用 Dialer Watch 配置 ISDN 上的 IPSec 冗余

简介

本文档提供了如何加密从路由器1后的网络到路由器2后网络的流量的示例配置（本例中使用环回0作为网络）。 如果路由器1和路由器2之间的主链路（以太网）断开，IP安全(IPSec)流量将继续通过辅助链路(ISDN)。 实现这一目标有多种方法；您可以使用拨号器监视、备份接口、需求电路和浮动静态。此示例配置演示了拨号器监视机制。有关其他功能的详细信息，请参阅评估备份接口、浮动静态路由和DDR备份拨号器监视。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于以下软件和硬件版本：

• Cisco2621和3640个路由器

• Cisco IOS® 软件版本 12.3(3)

本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络是活的，在您使用指令前请切记您了解所有指令潜在影响。

规则

有关文件规则的更多信息请参见“ Cisco技术提示规则”。

配置

本部分提供有关如何配置本文档所述功能的信息。

注：要查找有关本文档中使用的命令的其他信息，请使用命令查找工具(仅注册客户)。

网络图

本文使用此图中的网络设置：

配置

本文档使用此处所示的配置：

• 路由器1(2621)

• 路由器2(3640)

r1#show running-config
Building configuration...
 
Current configuration : 2244 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
username r2 password 0 cisco

!--- This is the username for remote router (Router 2) !--- and shared secret. Shared secret (used for Challenge Handshake !--- Authentication Protocol [CHAP]) must be the same on both sides.

no aaa new-model
ip subnet-zero
ip tcp synwait-time 5
!
!
no ip domain lookup
!
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 222.222.222.222
!
!
  crypto ipsec transform-set abc esp-des esp-md5-hmac
!
crypto map cisco local-address Loopback1
crypto map cisco 10 ipsec-isakmp
 set peer 222.222.222.222

!--- Peer address, Loopback 1 of Router 2

 set transform-set abc
 match address 101

!--- Networks to encrypt (Loopback 0 on both ends)

!
isdn switch-type basic-ts013
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
!
!
interface Loopback0

!--- Network to encrypt

 ip address 11.11.11.11 255.255.255.0
!
interface Loopback1

!--- Used for peer address for IPSec

 ip address 111.111.111.111 255.255.255.0
!
interface FastEthernet0/0

!--- Primary link

 ip address 10.1.1.1 255.255.255.0
 no ip route-cache

!--- Enable process switching

 no ip mroute-cache
 duplex auto
 speed auto
 crypto map cisco

!--- Apply crypto map on primary interface

!
interface BRI0/0
 no ip address
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 1
 isdn switch-type basic-ts013
 no cdp enable
!
interface Dialer1

!--- Backup link

 ip address 20.1.1.1 255.255.255.0
 encapsulation ppp
 no ip route-cache

!--- Enable process switching

ip ospf cost 9999

!--- Increase the cost so that when primary comes up again, !--- Open Shortest Path First (OSPF) routes are !--- preferred using the primary link (due to better cost).

no ip mroute-cache
 dialer idle-timeout 180
 dialer pool 1
 dialer string 94134028
dialer watch-group 1

!--- Enable dialer watch on this backup interface. !--- Watch the route specified with the dialer watch-list 1 command.

 dialer-group 1

!--- Apply interesting traffic defined in dialer list 1.

 no peer neighbor-route
 ppp authentication chap
 crypto map cisco

!--- Apply crypto map on backup interface.

!
router ospf 1

!--- OSPF advertising Loopback 0, Loopback 1, !--- primary, and secondary links.

 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 0
 network 11.11.11.0 0.0.0.255 area 0
 network 20.1.1.0 0.0.0.255 area 0
 network 111.111.111.0 0.0.0.255 area 0
!
ip http server
no ip http secure-server
ip classless
!
!
access-list 101 permit ip host 11.11.11.11 host 22.22.22.22

!--- Access control list (ACL) 101 is the !--- IPSec traffic used in match address.

access-list 110 deny   ip any any

!--- ACL 110 is for the dialer list to mark !--- all IP traffic uninteresting. The dialer watch will !--- trigger the ISDN backup when the route is lost.

dialer watch-list 1 ip 222.222.222.222 255.255.255.255

!--- This defines the route(s) to be watched. !--- This exact route (including subnet mask) !--- must exist in the routing table. !--- Use the dialer watch-group 1 command to apply this !--- list to the backup interface.

dialer watch-list 1 delay route-check initial 10
dialer-list 1 protocol ip list 110

!--- Interesting traffic is defined by ACL 110. !--- This is applied to Dialer1 using dialer group 1.

!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 escape-character 27
line aux 0
line vty 0 4
 login
!
end

r2#show running-config
Building configuration...
 
Current configuration : 2311 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
!
boot-start-marker
boot-end-marker
!
username r1 password 0 cisco

!--- This is the username for remote router (Router 1) !--- and shared secret. Shared secret (used for CHAP) !--- must be the same on both sides.

no aaa new-model
ip subnet-zero
ip tcp synwait-time 5
!
!
no ip domain lookup
!
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key cisco address 111.111.111.111
!
!
  crypto ipsec transform-set abc esp-des esp-md5-hmac
!
!
crypto map cisco local-address Loopback1
crypto map cisco 10 ipsec-isakmp
 set peer 111.111.111.111

!--- Peer address, Loopback 1 of Router 1

 set transform-set abc
 match address 101

!--- Networks to encrypt (Loopback 0 on both ends)

!
isdn switch-type basic-ts013
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
!
!
!
!
interface Loopback0
 ip address 22.22.22.22 255.255.255.0

!--- Network to encrypt

!
interface Loopback1
 ip address 222.222.222.222 255.255.255.0

!--- Used for peer address for IPSec.

!
interface BRI0/0
 no ip address
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 1
 isdn switch-type basic-ts013
!
interface Ethernet0/0

!--- Primary link

 ip address 10.1.1.2 255.255.255.0
 no ip route-cache

!--- Enable process switching.

 no ip mroute-cache
 half-duplex
 crypto map cisco

!--- Apply crypto map on primary interface.

!
interface Dialer1
 ip address 20.1.1.2 255.255.255.0
 encapsulation ppp
 no ip route-cache
 ip ospf cost 9999
 no ip mroute-cache
 dialer pool 1
 dialer idle-timeout 600
 dialer remote-name r1

!--- Dialer for the BRI interface of the remote router !--- without a dial string.

 dialer-group 1

!--- Apply interesting traffic defined in dialer list 1.

 ppp authentication chap
 crypto map cisco

!--- Apply crypto map on backup interface.

!
router ospf 1
 log-adjacency-changes
 network 10.1.1.0 0.0.0.255 area 0
 network 20.1.1.0 0.0.0.255 area 0
 network 22.22.22.0 0.0.0.255 area 0
 network 222.222.222.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip classless
!
!
access-list 101 permit ip host 22.22.22.22 host 11.11.11.11
access-list 110 deny   ospf any any

!--- Mark OSPF as uninteresting. !--- This will not allow OSPF hellos !--- to try to bring the link up.

access-list 110 permit ip any any
dialer-list 1 protocol ip list 110

!--- Interesting traffic is defined by ACL 110. !--- This is applied to Dialer1 using dialer group 1.

!
line con 0
 exec-timeout 0 0
 logging synchronous
 escape-character 27
line aux 0
line vty 0 4
 login
!
end

验证

本部分提供可用于确认配置是否正常运行的信息。

命令输出示例

命令输出解释程序工具（仅限注册用户）支持某些 show 命令，使用此工具可以查看对 show 命令输出的分析。

• 路由器1的路由表(2621) — 主链路打开

  r1#show ip route
   
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, 
         L2 - IS-IS level-2, ia - IS-IS inter area, 
         * - candidate default, U - per-user static route,
         o - ODR, P - periodic downloaded static route
   
  Gateway of last resort is not set
   
       222.222.222.0/32 is subnetted, 1 subnets
  O       222.222.222.222 [110/2] via 10.1.1.2, 00:00:25, FastEthernet0/0
        20.0.0.0/24 is subnetted, 1 subnets
  C       20.1.1.0 is directly connected, Dialer1
       22.0.0.0/32 is subnetted, 1 subnets
  O       22.22.22.22 [110/2] via 10.1.1.2, 00:00:25, FastEthernet0/0
       111.0.0.0/24 is subnetted, 1 subnets
  C       111.111.111.0 is directly connected, Loopback1
       10.0.0.0/24 is subnetted, 1 subnets
  C       10.1.1.0 is directly connected, FastEthernet0/0
       11.0.0.0/24 is subnetted, 1 subnets
  C       11.11.11.0 is directly connected, Loopback0

• 路由器2(3640)的路由表 — 主链路打开

  r2#show ip route
   
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, 
         L2 - IS-IS level-2, ia - IS-IS inter area, 
         * - candidate default, U - per-user static route,
         o - ODR, P - periodic downloaded static route
   
  Gateway of last resort is not set.
   
  C    222.222.222.0/24 is directly connected, Loopback1
       20.0.0.0/24 is subnetted, 1 subnets
  C       20.1.1.0 is directly connected, Dialer1
       22.0.0.0/24 is subnetted, 1 subnets
  C       22.22.22.0 is directly connected, Loopback0
       111.0.0.0/32 is subnetted, 1 subnets
  O       111.111.111.111 [110/11] via 10.1.1.1, 00:06:22, Ethernet0/0
       10.0.0.0/24 is subnetted, 1 subnets
  C       10.1.1.0 is directly connected, Ethernet0/0
       11.0.0.0/32 is subnetted, 1 subnets
  O       11.11.11.11 [110/11] via 10.1.1.1, 00:06:23, Ethernet0/0
  

• 路由器1的OSPF邻居(2621) — 主链路打开

  r1#show ip ospf neighbor
  Neighbor ID     Pri   State      Dead Time   Address    Interface
  222.222.222.222   1   FULL/DR    00:00:33    10.1.1.2   FastEthernet0/0
  

• 路由器2的OSPF邻居(3640) — 主链路打开

  r2#show ip ospf neighbor
  Neighbor ID     Pri   State      Dead Time   Address    Interface
  111.111.111.111   1   FULL/BDR   00:00:31    10.1.1.1   Ethernet0/0
  

• 路由器1的路由表(2621) — 主链路关闭

  r1#show ip route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, 
         ia - IS-IS inter area, * - candidate default, 
         U - per-user static route, o - ODR,
         P - periodic downloaded static route
   
  Gateway of last resort is not set.
   
       222.222.222.0/32 is subnetted, 1 subnets
  O       222.222.222.222 [110/10000] via 20.1.1.2, 00:00:09, Dialer1
       20.0.0.0/24 is subnetted, 1 subnets
  C       20.1.1.0 is directly connected, BRI0/0
       20.0.0.0/24 is subnetted, 1 subnets
  C       20.1.1.0 is directly connected, Dialer1
       22.0.0.0/32 is subnetted, 1 subnets
  O       22.22.22.22 [110/10000] via 20.1.1.2, 00:00:09, Dialer1
       111.0.0.0/24 is subnetted, 1 subnets
  C       111.111.111.0 is directly connected, Loopback1
       10.0.0.0/24 is subnetted, 1 subnets
  O       10.1.1.0 [110/10009] via 20.1.1.2, 00:00:09, Dialer1
       11.0.0.0/24 is subnetted, 1 subnets
  C       11.11.11.0 is directly connected, Loopback0

• 路由器2的路由表(3640) — 主链路关闭

  r2#show ip route
   
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, 
         ia - IS-IS inter area, * - candidate default, 
         U - per-user static route, o - ODR,
         P - periodic downloaded static route
   
  Gateway of last resort is not set.
   
  C    222.222.222.0/24 is directly connected, Loopback1
       20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C       20.1.1.0/24 is directly connected, Dialer1
  C       20.1.1.1/32 is directly connected, Dialer1
       22.0.0.0/24 is subnetted, 1 subnets
  C       22.22.22.0 is directly connected, Loopback0
       111.0.0.0/32 is subnetted, 1 subnets
  O       111.111.111.111 [110/10000] via 20.1.1.1, 00:00:07, Dialer1
       10.0.0.0/24 is subnetted, 1 subnets
  C       10.1.1.0 is directly connected, Ethernet0/0
       11.0.0.0/32 is subnetted, 1 subnets
  O       11.11.11.11 [110/10000] via 20.1.1.1, 00:00:08, Dialer1
  

• 路由器1的OSPF邻居(2621) — 主链路关闭

  r1#show ip ospf neighbor
  Neighbor ID     Pri   State      Dead Time   Address     Interface
  222.222.222.222   0   FULL/  -   00:00:32    20.1.1.2    Dialer1
  

• 路由器2的OSPF邻居(3640) — 主链路关闭

  r2#show ip ospf neighbor
  Neighbor ID     Pri   State      Dead Time   Address     Interface
  111.111.111.111   0   FULL/  -   00:00:31    20.1.1.1    Dialer1
  

此处显示的debug dialer和多个show命令输出显示主链路发生故障，而dialer watch则识别丢失的路由。然后，路由器启动备用链路，OSPF通过辅助链路收敛。每次空闲超时到期时，路由器都会检查主链路是否关闭。如果发现主链路为up状态，则在禁用计时器到期并断开呼叫后，Dialer Watch会断开备用链路，OSPF会像往常一样通过主链路收敛。

这些是主链路断开并再次启动时路由器1(2621)的debug和show命令输出。

r1#show debug
Dial on demand:
  Dial on demand events debugging is on

r1#
03:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, 
   changed state to down

!--- Primary link was brought down manually when you disable the switch ports.

03:00:21: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/0
   from FULL to DOWN, Neighbor Down: Interface down or detached

!--- Primary link goes down. !--- OSPF loses neighbor adjacency.

r1#

!--- Dialer watch kicks in.

03:00:21: DDR: Dialer Watch: watch-group = 1
03:00:21: DDR:    network 222.222.222.222/255.255.255.255 DOWN,
03:00:21: DDR:    primary DOWN
03:00:21: DDR: Dialer Watch: Dial Reason: Primary of group 1 DOWN
03:00:21: DDR: Dialer Watch: watch-group = 1, 
03:00:21: BR0/0 DDR: rotor dialout [best] 
   least recent failure is also most recent failure
03:00:21: BR0/0 DDR: rotor dialout [best] also has most recent failure
03:00:21: BR0/0 DDR: rotor dialout [best]
03:00:21: DDR:    dialing secondary by dialer string 94134028 on Di1
03:00:21: BR0/0 DDR: Attempting to dial 94134028
03:00:21: DDR: Dialer Watch: watch-group = 1
r1#
03:00:21: DDR:    network 222.222.222.222/255.255.255.255 DOWN,
03:00:21: DDR:    primary DOWN
03:00:21: DDR: Dialer Watch: Dial Reason: Secondary of group 1 AVAILABLE
03:00:21: DDR: Dialer Watch: watch-group = 1, 
03:00:21: DDR: Dialer Watch: watch-group = 1
03:00:21: DDR:    network 222.222.222.222/255.255.255.255 DOWN,
03:00:21: DDR:    primary DOWN
03:00:21: DDR: Dialer Watch: Dial Reason: Secondary of group 1 AVAILABLE
03:00:21: DDR: Dialer Watch: watch-group = 1, 
03:00:21: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 82 changed to up
03:00:94489280514: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
03:00:94489280516: BR0/0:1 DDR: Dialer Watch: resetting call in progress
03:00:94489280512: BR0/0:1: interface must be fifo queue, force fifo
03:00:94489280512: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
r1#
03:00:22: BR0/0:1 DDR: Remote name for r2
03:00:22: BR0/0:1 DDR: dialer protocol up
03:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, 
   changed state to up
r1#
03:00:28: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 94134028 r2

!--- Backup link is now connected to Router 2.

r1#
03:00:31: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on Dialer1 
   from LOADING to FULL, Loading Done

!--- OSPF converges over the backup link.

r1#
r1#show dialer
 
BRI0/0 - dialer type = ISDN
 
Dial String   Successes   Failures   Last DNIS   Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
 
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss

!--- Dial reason is the lost route.

Interface bound to profile Di1
Time until disconnect 154 secs

!--- Idle timeout is ticking.

Current call connected 00:00:25
Connected to 94134028 (r2)
 
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
 
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
 
Dial String      Successes   Failures    Last DNIS   Last status
94134028                45         24    00:00:27       successful   Default
r1#show isdn active
-----------------------------------------------------------------------------
                                ISDN ACTIVE CALLS
-----------------------------------------------------------------------------
Call    Calling     Called     Remote  Seconds Seconds Seconds Charges
Type    Number      Number     Name    Used    Left    Idle    Units/Currency
-----------------------------------------------------------------------------
Out   ---N/A---   94134028         r2       37     142      37      0        
-----------------------------------------------------------------------------
r1#show dialer
 
BRI0/0 - dialer type = ISDN
 
Dial String      Successes   Failures    Last DNIS   Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
 
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
Interface bound to profile Di1
Time until disconnect 47 secs

!--- Idle timeout is ticking.

Current call connected 00:02:12
Connected to 94134028 (r2)
 
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
 
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
 
Dial String   Successes   Failures   Last DNIS   Last status
94134028             45         24   00:02:14    successful   Default
r1#show dialer
 
BRI0/0 - dialer type = ISDN
 
Dial String      Successes   Failures    Last DNIS   Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
 
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
Interface bound to profile Di1
Time until disconnect 0 secs

!--- Idle timeout is ticking.

Current call connected 00:02:59
Connected to 94134028 (r2)
 
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
 
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
 
Dial String   Successes   Failures   Last DNIS   Last status
94134028             45         24   00:03:05    successful   Default
r1#
03:03:22: BR0/0:1 DDR: idle timeout

!--- Idle timed out. !--- Dialer watch checks lost routes !--- again and reset the idle time since primary is not up yet.

03:03:22: DDR: Dialer Watch: watch-group = 1
03:03:22: DDR:    network 222.222.222.222/255.255.255.255 UP,
03:03:22: DDR:    primary DOWN

!--- Primary link is still down.

r1#
r1#show dialer
 
BRI0/0 - dialer type = ISDN
 
Dial String    Successes   Failures    Last DNIS   Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
 
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
Interface bound to profile Di1
Time until disconnect 154 secs

!--- Idle timeout was reset by dialer watch.

Current call connected 00:03:25
Connected to 94134028 (r2)
 
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
 
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
 
Dial String   Successes   Failures   Last DNIS   Last status
94134028             45         24   00:03:28    successful   Default
r1#
03:04:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
   changed state to up

!--- Primary link was brought up manually when the switch ports are enabled.

r1#
r1#
03:05:50: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/0
   from LOADING to FULL, Loading Done
r1#
r1#show ip ospf neigh
 
Neighbor ID     Pri   State      Dead Time   Address     Interface
222.222.222.222   0   FULL/  -   00:00:02    20.1.1.2    Dialer1

!--- OSPF over secondary link is still up because !--- the call is not terminated yet, waiting for idle timeout.

222.222.222.222   1   FULL/DR    00:00:38    10.1.1.2    FastEthernet0/0

!--- OSPF is now starts to converge over primary link.

r1#
r1#show ip route 222.222.222.222

!--- The watched route is now learned through the primary link. !--- Check the cost.

Routing entry for 222.222.222.222/32
  Known via "ospf 1", distance 110, metric 2, type intra area
  Last update from 10.1.1.2 on FastEthernet0/0, 00:00:16 ago
  Routing Descriptor Blocks:
  * 10.1.1.2, from 222.222.222.222, 00:00:16 ago, via FastEthernet0/0
      Route metric is 2, traffic share count is
r1#
03:06:22: BR0/0:1 DDR: idle timeout

!--- Idle timed out. !--- Dialer watch checks lost routes. Since primary is up, !--- it tears down the call.

03:06:22: DDR: Dialer Watch: watch-group = 1
03:06:22: DDR:    network 222.222.222.222/255.255.255.255 UP,
03:06:22: DDR:    primary UP
03:06:22: BR0/0:1 DDR: disconnecting call
03:06:22: BR0/0:1 DDR: Dialer Watch: resetting call in progress
03:06:22: DDR: Dialer Watch: watch-group = 1
03:06:22: DDR:    network 222.222.222.222/255.255.255.255 UP,
03:06:22: DDR:    primary UP
03:06:22: %ISDN-6-DISCONNECT: Interface BRI0/0:1  
   disconnected from 94134028 r2,
   call lasted 360 seconds
03:06:96677768412: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
03:06:94489281195: BR0/0 DDR: has total 0 call(s), dial_out 0, dial_in 0
r1#
03:06:94489280544: %DIALER-6-UNBIND: Interface BR0/0:1 
   unbound from profile Di1
03:06:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,
   changed state to down
r1#
03:06:37: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0/0, 
   TEI 82 changed to down
r1#
03:07:01: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on Dialer1 
   from FULL to DOWN, Neighbor Down: Dead timer expired

!--- OSPF neighbor is down because the secondary link is down. !--- Dead timer has expired.

r1#
r1#show ip ospf neigh
 
Neighbor ID     Pri   State       Dead Time   Address     Interface
222.222.222.222   1   FULL/DR     00:00:38    10.1.1.2    FastEthernet0/0

!--- OSPF neighbor is through the primary link only.

r1#u all
All possible debugging has been turned off
r1#

故障排除

本部分提供的信息可用于对配置进行故障排除。有关排除ISDN第1层、第2层和第3层一般问题的信息，请参阅使用show isdn status命令进行BRI故障排除。

故障排除命令

命令输出解释程序工具（仅限注册用户）支持某些 show 命令，使用此工具可以查看对 show 命令输出的分析。

注意：在发出debug命令之前，请参阅有关debug命令的重要信息。

这些debug命令可在两个IPSec对等体上运行。

• debug crypto isakmp -显示在阶段1期间的错误。

• debug crypto ipsec -显示在阶段2期间的错误。

• debug crypto engine - 显示来自加密引擎的信息。

这些show命令可在两个IPSec对等体上运行。

• show crypto isakmp sa -显示所有当前在对等端的互联网密钥交换(IKE)安全关联(SAs)。

• show crypto ipsec sa — 显示当前[IPSec] SA使用的设置。

• show crypto engine connections active — 显示当前连接和有关加密和解密数据包的信息。

这些clear命令可用于清除SA。

• clear crypto isakmp — 清除第1阶段安全关联。

• clear crypto sa — 清除阶段2安全关联。

相关信息

• IPSec 支持页面
• DDR 备份的配置与故障排除
• 用于 DDR 备份的备份接口、浮动静态路由与 Dialer Watch 的比较
• 使用 Dialer Watch 配置拨号备份
• 使用 show isdn status 命令用于 BRI 故障排除
• 技术支持 - Cisco Systems