配置路由器使用ISDN BRI撥打多個站點

簡介

在某些情況下，您需要配置路由器來撥打多個站點。例如，您可能必須撥打一台路由器以連線到公司網路的一部分，然後撥打Internet服務提供商(ISP)路由器以連線到Internet。

本文提供一個配置示例，其中中央路由器訪問網際網路，而遠端辦公室使用整合多業務數位網路(ISDN)。 遠端辦公室還可以通過中央路由器訪問中央路由器和網際網路。

必要條件

需求

繼續進行此配置之前，請確保：

• 驗證ISDN第1層和第2層是否已啟動。有關詳細資訊，請參閱使用show isdn status命令進行BRI故障排除。

• 從ISP獲取必要資訊，例如驗證方法(可能是Challenge Handshake驗證通訊協定(CHAP)或密碼驗證通訊協定(PAP))、使用者名稱和密碼、撥號器介面的IP位址（除非介面使用交涉位址）。 另外，瞭解是否需要使用NAT將多台主機連線到ISP。

• 從遠端路由器獲取有關身份驗證方法、使用者名稱和密碼、撥號號碼和IP地址的資訊。

採用元件

本文中的資訊係根據以下軟體和硬體版本：

• 採用Cisco IOS^®軟體版本12.1(11)IP plus的Cisco 803路由器。

  注意：如果需要配置NAT，請確保您設定了IP Plus（它在IOS檔名中具有「is」）功能。

• Cisco 2501路由器，是執行Cisco IOS軟體版本12.2(5)的遠端辦公室。

註：不包括ISP路由器的配置。請參閱撥號和存取技術支援頁面以取得一些組態範例。

本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您在即時網路中工作，請確保在使用任何命令之前瞭解其潛在影響。

慣例

如需文件慣例的詳細資訊，請參閱思科技術提示慣例。

相關產品

此組態可用於任何具有基本速率介面(BRI)介面的路由器。這包括具有內建BRI介面的路由器，例如Cisco 800（例如，801、802、803、804）和Cisco 1600（例如，1603-R和1604-R）系列路由器。它還包括接受BRI WAN介面卡(WIC)或網路模組（如1600、1700、2600和3600系列）的路由器。有關BRI WIC或網路模組的更多資訊，請參閱WAN介面卡(WIC)/1600、1700、2600和3600系列路由器的平台硬體相容性表。

注意：使用show version命令檢查路由器是否具有BRI介面。

設定

本節提供用於設定本文件中所述功能的資訊。

注意：要查詢有關本文檔中使用的命令的其他資訊，請使用命令查詢工具(僅限註冊客戶)。

網路圖表

本檔案會使用以下網路設定：

組態

在此配置中，中央路由器命名為「central」，遠端公司辦公室命名為「remote」。

在中心位置，撥號器介面1配置為訪問Internet。IP地址由ISP動態分配。NAT用於允許中央LAN、遠端LAN和中央 — 遠端WAN的IP網路通過一個動態分配的IP地址訪問Internet。聯絡您的ISP檢查是否需要NAT。

註：我們已經配置了PAP和CHAP，因為這取決於ISP的配置（但只使用其中一個）。

 version 12.1 
  no parser cache 
  service timestamps debug datetime msec 
  service timestamps log datetime msec 
  ! 
  hostname central 
  ! 
  username remote password 0 remote
 
 !--- Username and shared secret password for the router (remote) !--- (used for CHAP authentication). !--- Shared secret password must be the same on both sides.

  ! 
  isdn switch-type basic-net3
  !  
  ! 
  interface Ethernet0 
   ip address 10.1.0.1 255.255.255.0 
   ip nat inside 

 !--- Ethernet 0 is an inside NAT interface. !--- All traffic from this network will be translated.

   no cdp enable 
  ! 
  interface BRI0

 !--- If you have additional BRIs, copy this BRI 0 configuration to the other BRIs.

   no ip address 
   encapsulation ppp 
   dialer pool-member 1

 !--- Assign BRI0 as member of dialer pool 1. !--- Dialer pool 1 is specified in interface Dialer 1.

   dialer pool-member 2 

 !--- Assign BRI0 as member of dialer pool 2. !--- Dialer pool 2 is specified in interface Dialer 2.

   isdn switch-type basic-net3     

 !--- This depends on the country. 

   no cdp enable 
   ppp authentication chap pap callin

 !--- Permit one-way CHAP and PAP authentication. !--- Configure authentication on both the physical and dialer interface.

  ! 
  interface Dialer1 

 !--- Create a dialer interface for every device to which you need to connect.

   description CONNECTION TO INTERNET 
   ip address negotiated 
   
!--- This IP address is obtained from the ISP. If the ISP permits a static !--- address, configure that address instead.

   ip nat outside 

 !--- The Outside NAT interface. Because this interface only has one IP address, !--- all traffic from the inside network will be Port Address Translated (PAT).

   encapsulation ppp 
   dialer pool 1 

 !--- Dialer profile 1. Remember that interface BRI 0 is a member of this profile.

   dialer remote-name ISP  
   dialer idle-timeout 180 
   dialer string 6122 

 !--- The number used to dial the ISP.

   dialer-group 1 
   
!--- Apply interesting traffic definition from dialer-list 1.

   no cdp enable 
   ppp authentication chap pap callin 
   ppp chap hostname XXXXX   

 !--- XXXXX is the username the ISP expects in order to authenticate this router. !--- For more information, refer to the document on ppp chap hostname.

   ppp chap password YYYYY    
  
 !--- YYYYY is the password the ISP expects in order to authenticate this router.

   ppp pap sent-username XXXXX password YYYYY 

 !--- PAP username and password. !--- This is required only if the ISP does not support CHAP.

  ! 
  interface Dialer2 
   description CONNECTION TO REMOTE OFFICE 
   ip address 192.168.17.2 255.255.255.252

 !--- IP address for the connection to the remote office. !--- The remote office BRI interface is in the same subnet.

   ip nat inside

 !--- Dialer 2 is an inside NAT interface. !--- With this configuration, traffic from remote office is translated !--- before it is sent to the ISP.

   encapsulation ppp 
   dialer pool 2 

 !--- Dialer profile 2. Remember that interface BRI 0 is a member of this profile.

   dialer remote-name remote 

 !--- Specifies the remote router name (remote). !--- This name must match that used by the remote router to authenticate itself. !--- Remember that we configured the router username and password earlier.

   dialer idle-timeout 180 
   dialer string 6121 

 !--- Number used to dial the remote office router.

   dialer-group 1 

 !--- Apply interesting traffic definition from dialer-list 1.

   no cdp enable 
   ppp authentication chap callin 
  ! 
  ip nat inside source list 101 interface Dialer1 overload 

 !--- Establishes dynamic source translation (with PAT) for addresses that are !--- identified by the access list 101.

  no ip http server 
  ip classless 
  ip route 0.0.0.0 0.0.0.0 Dialer1 

 !--- Default route. Such traffic will use dialer 1 to the ISP.

  ip route 10.2.0.0 255.255.255.0 Dialer2 

 !--- Route to remote router network. Traffic for 10.2.0.0/24 uses Dialer2.

  ! 
  access-list 101 permit ip 10.1.0.0 0.0.0.255 any 
  access-list 101 permit ip 10.2.0.0 0.0.0.255 any 
  access-list 101 permit ip 192.168.17.0 0.0.0.3 any 
  
!--- Defines an access list that permits the addresses to be translated. !--- Note that the Ethernet 0 network, the remote router network and the !--- BRI network (between this router and the remote one) will be translated.

  dialer-list 1 protocol ip permit 

 !--- Interesting traffic definition. !--- This definition is applied to both connections. !--- If you need to define different interesting traffic for each connection, !--- create two dialer-lists and apply one to each dialer profile with dialer-group.

  no cdp run 
  ! 
  line con 0 
   exec-timeout 3 0 
  line vty 0 4 
   exec-timeout 3 0 
  ! 
  !  
  end

version 12.2 
  service timestamps debug datetime msec 
  service timestamps log datetime msec 
  ! 
  hostname remote 
  ! 
  username central password 0 remote 

 !--- Username and shared secret password for the router (central) !--- (used for CHAP authentication). !--- Shared secret must be the same on both sides. 

  ! 
  isdn switch-type basic-net3
  ! 
  interface Ethernet0 
   ip address 10.2.0.1 255.255.255.0 

 !--- Remember that this network is included in the NAT statements on central.

   no cdp enable 
  ! 
  interface BRI0 
    no ip address 
   encapsulation ppp 
   dialer pool-member 1 

 !--- Assign BRI0 as member of dialer pool 1. !--- Dialer pool 1 is specified in interface Dialer 1.

   isdn switch-type basic-net3 
   no cdp enable 
   ppp authentication chap 
  ! 
  interface Dialer1 
   ip address 192.168.17.1 255.255.255.252 
   encapsulation ppp 
   dialer pool 1 

 !--- Dialer profile 1. Remember that interface BRI 0 is a member of this profile. 

   dialer remote-name central 

 !--- Specifies the name of the other router (central). !--- This name must match that used by the remote router to authenticate itself. !--- Remember that we configured the router username and password earlier.

   dialer string 6131

 !--- The number used to dial the central router. 

   dialer-group 1 
   
!--- Apply interesting traffic definition from dialer-list 1.

   pulse-time 0 
   no cdp enable 
   ppp authentication chap callin 
  ! 
  ip classless 
  ip route 0.0.0.0 0.0.0.0 Dialer1 

 !--- Default route. Such traffic will use dialer 1 to the central router.

  no ip http server 
  ! 
  dialer-list 1 protocol ip permit

 !--- All IP traffic is interesting. 

  ! 
  line con 0 
   exec-timeout 3 0 
  line aux 0 
  line vty 0 4 
   exec-timeout 3 0 
  ! 
  end

驗證

本節提供的資訊可用於確認您的組態是否正常運作。

輸出直譯器工具(僅供註冊客戶使用)支援某些show命令，此工具可讓您檢視show命令輸出的分析。

• show isdn active — 顯示您用於發出呼叫的ISDN號碼，並指示呼叫是入站還是出站。

• show caller ip — 顯示您提供的IP地址的呼叫者資訊摘要。

• show ip interface dialer 1 | include Internet — 列出撥號器介面IP資訊和狀態的摘要。

• show dialer [interface type number] — 顯示為按需撥號路由(DDR)配置的介面的一般診斷資訊。 如果撥號器正常啟動，系統會顯示以下訊息：

  Dialer state is data link layer up

  如果出現物理層啟動，則表示線路協定啟動，但網路控制協定(NCP)未啟動。發起撥號的資料包的源地址和目的地址顯示在撥號原因行中。此show命令還會顯示計時器的配置以及連線超時之前的時間。

疑難排解

本節提供的資訊可用於對組態進行疑難排解。

疑難排解指令

輸出直譯器工具(僅供註冊客戶使用)支援某些show命令，此工具可讓您檢視show命令輸出的分析。

注意：發出debug指令之前，請先參閱有關Debug指令的重要資訊。

• debug dialer — 顯示有關撥號器介面上的資料包或事件的調試資訊。

• debug isdn q931 — 顯示有關本地路由器（使用者端）與網路之間的ISDN網路連線（第3層）的呼叫建立和拆除的資訊。

• debug ppp negotiation — 顯示有關點對點協定(PPP)流量以及在PPP元件協商期間交換的資訊，並包含有關鏈路控制協定(LCP)、身份驗證和NCP的資訊。成功的PPP協商將首先開啟LCP狀態，然後進行身份驗證，最後協商NCP。

• debug ppp authentication — 使debug ppp命令顯示身份驗證協定消息，包括CHAP資料包交換和PAP交換。

• debug ip peer — 包含對等體的資訊。

調試輸出

要對配置進行故障排除，請使用以下調試：

   central#debug isdn q931 
   ISDN Q931 packets debugging is on 
   
   central#debug dialer 
   Dial on demand events debugging is on 
   
   central#debug ppp negotiation 
   PPP protocol negotiation debugging is on 
   
   central#debug ppp authentication 
   PPP authentication debugging is on 
   
   central#debug ip peer 
   IP peer address activity debugging is on 

被呼叫的路由器發起對Internet的呼叫：198.133.219.25是Internet上的IP地址。

   central#ping 198.133.219.25

   :.!!!! 
   Success rate is 80 percent (4/5), round-trip min/avg/max = 40/41/44 ms 

   *Mar 1 00:06:12.984: BR0 DDR: rotor dialout [priority] 
   *Mar 1 00:06:12.988: BR0 DDR: Dialing cause ip (s=172.17.243.115, 
    d=198.133.219.25)    
   *Mar 1 00:06:12.988: BR0 DDR: Attempting to dial 6122 
   *Mar 1 00:06:12.996: ISDN BR0: TX -> SETUP pd = 8 callref = 0x01 

 !--- central initiates the call to ISDN number 6122. 

   *Mar 1 00:06:13.000: Bearer Capability i = 0x8890 
   *Mar 1 00:06:13.008: Channel ID i = 0x83 
   *Mar 1 00:06:13.008: Called Party Number i = 0x80, '6122', Plan:Unknown,
   Type:Unknown 
   *Mar 1 00:06:13.088: ISDN BR0: RX <- CALL_PROC pd = 8 callref = 0x81 
   *Mar 1 00:06:13.092: Channel ID i = 0x89 
   *Mar 1 00:06:13.244: ISDN BR0: RX <- CONNECT pd = 8 callref = 0x81 

 !--- central receives a connect message : the ISDN B channel is established. 

   *Mar 1 00:06:13.252: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x01 
   *Mar 1 00:06:13.260: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 
   *Mar 1 00:06:13.268: BR0:1: interface must be fifo queue, force FIFO 
   *Mar 1 00:06:13.272: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1 
   *Mar 1 00:06:13.280: BR0:1 PPP: Treating connection as a callout 
   *Mar 1 00:06:13.280: BR0:1 PPP: Phase is ESTABLISHING, Active Open 
   *Mar 1 00:06:13.284: BR0:1 PPP: No remote authentication for call-out 
   *Mar 1 00:06:13.284: BR0:1 LCP: O CONFREQ [Closed] id 1 len 10 
   *Mar 1 00:06:13.284: BR0:1 LCP: MagicNumber 0x108130DD (0x0506108130DD) 
   *Mar 1 00:06:13.300: BR0:1 LCP: I CONFREQ [REQsent] id 132 Len 15 
   *Mar 1 00:06:13.300: BR0:1 LCP: AuthProto CHAP (0x0305C22305) 

 !--- The ISP wants to use CHAP authentication. 

   *Mar 1 00:06:13.304: BR0:1 LCP: MagicNumber 0xE4225290 (0x0506E4225290) 
   *Mar 1 00:06:13.304: BR0:1 LCP: O CONFACK [REQsent] id 132 Len 15 
   *Mar 1 00:06:13.308: BR0:1 LCP: AuthProto CHAP (0x0305C22305) 
   *Mar 1 00:06:13.308: BR0:1 LCP: MagicNumber 0xE4225290 (0x0506E4225290) 
   *Mar 1 00:06:13.308: BR0:1 LCP: I CONFACK [ACKsent] id 1 Len 10 
   *Mar 1 00:06:13.312: BR0:1 LCP: MagicNumber 0x108130DD (0x0506108130DD) 
   *Mar 1 00:06:13.312: BR0:1 LCP: State is Open 
   *Mar 1 00:06:13.320: BR0:1 PPP: Phase is AUTHENTICATING, by the peer 
   *Mar 1 00:06:13.328: BR0:1 AUTH: Started process 0 pid 22 
   *Mar 1 00:06:13.328: BR0:1 CHAP: I CHALLENGE id 118 Len 27 from "posets"    
   *Mar 1 00:06:13.332: BR0:1 CHAP: Using alternate hostname XXXXX 
   *Mar 1 00:06:13.332: BR0:1 CHAP: Username posets not found 
   *Mar 1 00:06:13.336: BR0:1 CHAP: Using default password 
   *Mar 1 00:06:13.336: BR0:1 CHAP: O RESPONSE id 118 Len 26 from "XXXXX"    
   *Mar 1 00:06:13.360: BR0:1 CHAP: I SUCCESS id 118 Len 4 
   
!--- central receives a CHAP SUCCESS from ISP. 

   *Mar 1 00:06:13.360: BR0:1 PPP: Phase is UP 
   *Mar 1 00:06:13.364: BR0:1 IPCP: O CONFREQ [Not negotiated] id 1 Len 10 
   *Mar 1 00:06:13.364: BR0:1 IPCP: Address 0.0.0.0 (0x030600000000) 
   *Mar 1 00:06:13.368: BR0:1 IPCP: I CONFREQ [REQsent] id 108 Len 10 
   *Mar 1 00:06:13.368: BR0:1 IPCP: Address 194.183.201.1 (0x0306C2B7C901) 
   *Mar 1 00:06:13.368: BR0:1: IPPOOL: validate address = 194.183.201.1 
   *Mar 1 00:06:13.372: BR0:1 set_ip_peer(3): new address 194.183.201.1 
   *Mar 1 00:06:13.372: BR0:1 IPCP: O CONFACK [REQsent] id 108 Len 10 
   *Mar 1 00:06:13.376: BR0:1 IPCP: Address 194.183.201.1 (0x0306C2B7C901) 
   *Mar 1 00:06:13.380: BR0:1 IPCP: I CONFNAK [ACKsent] id 1 Len 10 
   *Mar 1 00:06:13.380: BR0:1 IPCP: Address 194.183.201.3 (0x0306C2B7C903) 

 !--- 194.183.201.3 is assigned by ISP to dialer 1 of central. 

   *Mar 1 00:06:13.384: BR0:1 IPCP: O CONFREQ [ACKsent] id 2 Len 10 
   *Mar 1 00:06:13.384: BR0:1 IPCP: Address 194.183.201.3 (0x0306C2B7C903) 
   *Mar 1 00:06:13.396: BR0:1 IPCP: I CONFACK [ACKsent] id 2 Len 10 
   *Mar 1 00:06:13.400: BR0:1 IPCP: Address 194.183.201.3 (0x0306C2B7C903) 
   *Mar 1 00:06:13.400: BR0:1 IPCP: State is Open 
   *Mar 1 00:06:13.400: Di1 IPCP: Install negotiated IP interface address
   194.183.201.3 
   *Mar 1 00:06:13.412: BR0:1 DDR: dialer protocol up 
   *Mar 1 00:06:13.416: Di1 IPCP: Install route to 194.183.201.1 
   *Mar 1 00:06:14.360: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1,
   changed state to up 
   *Mar 1 00:06:19.276: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 6122
   unknown

相關資訊

• 撥號和存取技術支援
• 技術支援與文件 - Cisco Systems