基於呼叫方ID的身份驗證通過不僅基於使用者ID和密碼而且基於撥號位置對遠端客戶端進行身份驗證提供了更高的安全性。
本文件沒有特定先決條件。
本文件所述內容不限於特定軟體和硬體版本。
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
本文檔首先說明在撥號程式配置檔案介面而不是撥號程式旋轉組介面上使用dialer caller命令的不同含義(除了用於回叫以外)。
在後一種情況下,它是一個類似ISDN介面上的isdn caller的遮蔽命令。在前一種情況下,它是一個命令,用於根據傳入的Q.931設定消息中顯示的呼叫方號碼,提供將傳入呼叫繫結到正確撥號程式配置檔案的機制。如果將物理介面配置為PPP身份驗證,如果無法在撥號程式配置檔案上將呈現的主叫方號碼與撥號程式主叫方號碼匹配,則不一定會導致呼叫被拒絕為不可繫結。您還可以將提供的主機名與配置的撥號程式遠端名稱值匹配,以便在此基礎上進行繫結。這是因為基於所呈現主叫方號碼的繫結不是成功繫結的唯一可能標準。有關繫結和撥號器配置檔案的詳細資訊,請參閱配置撥號器配置檔案和對其進行故障排除。
從Cisco IOS®軟體版本12.0(7)T及更高版本中,從物理介面刪除PPP身份驗證,以便僅根據主叫方號碼來遮蔽呼叫。在這種情況下,如果路由器找不到匹配的撥號程式呼叫方值,則這些呼叫會作為不可繫結項被拒絕。如果要正確驗證這些呼叫,可以使用PAP或CHAP在撥號器介面上配置PPP身份驗證。
初始呼叫被拒絕(未應答),並且回叫選項新增到呼叫者ID身份驗證。但是,將對主叫號碼發起回叫以進行連線。您可以使用回撥:
電話計費的整合和集中
收費電話的成本節省
訪問控制
此示例配置說明使用dialer caller number[callback]命令來配置呼叫者ID篩選,並可選擇為撥號器配置檔案DDR啟用ISDN呼叫者ID回撥。您也可以將此命令用於傳統DDR。此命令根據主叫方的PSTN號碼配置Cisco IOS軟體接受或拒絕ISDN呼叫。例如,dialer caller 1234命令允許路由器接受主叫號碼為1234的ISDN呼叫。
注意:此配置要求Telco將呼叫方ID資訊傳遞給路由器或接入伺服器。如果啟用來電者ID篩選,但沒有將來電者ID資訊傳遞給路由器,則不會接受任何呼叫。
請參閱配置ISDN來電者ID回撥,瞭解有關先決條件和其他可用於ISDN來電者ID身份驗證和回撥的可選功能的詳細資訊。
本節提供用於設定本文件中所述功能的資訊。
註:使用Command Lookup Tool(僅限註冊客戶)查詢有關本文檔中使用的命令的更多資訊。
註:這些配置將被截斷,以僅顯示相關資訊。
本檔案會使用以下網路設定:
本檔案會使用以下設定:
在此方案中,路由器2和路由器3均向路由器1發起DDR呼叫。路由器1僅根據呼叫方ID對路由器2和路由器3進行身份驗證。Router 1設定為回叫Router 2,而不是回叫Router 3。
提示:選擇配置的相應部分以配置來電者ID遮蔽或來電者ID回撥功能,但不能同時配置兩者。例如,圖中顯示回叫需要路由器2和路由器1的配置。但是,請只選擇與路由器2關聯的撥號器介面配置(在介面Dialer 1中清楚地標籤了該配置),因為路由器1同時執行這兩個任務。
路由器1 |
---|
version 12.1 service timestamps debug datetime msec service timestamps log datetime msec ! hostname Router1 ! isdn switch-type basic-net3 ! interface Loopback0 ip address 10.0.0.1 255.255.255.0 ! interface BRI0 no ip address dialer pool-member 1 !--- BRI 0 is a member of dialer pool 1 which is defined !--- under interface Dialer 1. isdn switch-type basic-net3 ! interface Dialer1 !--- DDR dialer interface to call Router 2. description for Router2 ip unnumbered Loopback0 encapsulation ppp dialer pool 1 !--- Interface BRI 0 is a member of dialer pool 1. dialer enable-timeout 2 !--- The time (in seconds) to wait before initiating callback. dialer string 6121 !--- This number is used to call back Router 2. dialer caller 6121 callback !--- Permits calls from 6121 and initiates callback !--- to the same number. dialer-group 1 !--- Use dialer-list 1 to define interesting traffic. ! interface Dialer2 !--- This interface is used to authenticate calls from Router 3. !--- (Callback is NOT initiated to Router 3.) description for Router3 ip unnumbered Loopback0 encapsulation ppp dialer pool 1 !--- Interface BRI 0 is a member of dialer pool 1. dialer caller 6101 !--- Permit calls from number 6101. dialer-group 1 !--- Use dialer-list 1 to define interesting traffic. ! dialer-list 1 protocol ip permit !--- Define IP as interesting traffic. |
路由器2 |
---|
version 12.1 service timestamps debug datetime msec service timestamps log datetime ms ! hostname Router2 ! isdn switch-type basic-net3 ! interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 ! interface Dialer1 ip address 10.0.0.2 255.255.255.0 encapsulation ppp dialer pool 1 dialer string 6122 !--- The number to dial for Router 1 !--- (which initiates a callback). dialer caller 6122 !--- Accept calls from 6122 (Router 1). dialer-group 1 no cdp enable ! dialer-list 1 protocol ip permit |
路由器3 |
---|
version 12.1 service timestamps debug datetime msec service timestamps log datetime msec ! hostname Router3 ! isdn switch-type basic-net3 ! interface BRI0 no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 ! interface Dialer1 ip address 10.0.0.3 255.255.255.0 dialer pool 1 encapsulation ppp dialer string 6122 !--- The number to dial for Router 1. dialer-group 1 no cdp enable ! dialer-list 1 protocol ip permit |
注意:在大多數回撥方案中,客戶端路由器都會撥打回撥伺服器。然後,兩台路由器協商回撥引數。伺服器斷開呼叫並啟動回叫。在初始呼叫斷開和回叫之間的間隔內,呼叫方在等待伺服器回叫時,可能會向伺服器發出幾個連續的傳出呼叫。這是正常的DDR行為,因為客戶端檢測到初始呼叫失敗,並且不知道正在進行回撥。
在呼叫端發出dialer redial命令,以防止客戶端持續撥打回叫伺服器。這會抑制在等待回叫時向伺服器發出的其他傳出呼叫。在預定義的計時器到期之前,會抑制呼叫。例如,如果撥號程式重撥間隔時間為15秒,則客戶端會等待15秒後啟動重撥。回叫完成,客戶端不必在該時間內再次撥號。
有關實施撥號器重撥的詳細資訊,請參閱回撥嘗試失敗後配置重撥計時器。
使用本節內容,確認您的組態是否正常運作。
輸出直譯器工具(僅供已註冊客戶使用)(OIT)支援某些show命令。使用OIT檢視show命令輸出的分析。
OIT支援某些show命令,允許您檢視show命令輸出的分析。
show isdn active — 顯示有關當前呼叫的資訊,並提供有關當前呼入和撥出的ISDN呼叫的資訊。
show users — 顯示路由器上活動線路的資訊。如果您的Cisco IOS版本支援show caller命令,也可以使用。
show dialer — 顯示為DDR配置的介面的一般診斷資訊。
Router1#show isdn active --------------------------------------------------------------------------- ISDN ACTIVE CALLS --------------------------------------------------------------------------- Call Calling Called Remote Seconds Seconds Seconds Charges Type Number Number Name Used Left Idle Units/Currency --------------------------------------------------------------------------- Out 6121 6121 24 96 23 0 In 6101 6101 7 113 6 ---------------------------------------------------------------------------
請注意,一個呼入呼叫和一個撥出呼叫正在進行中。傳出呼叫的號碼是6121,對應於路由器2。傳入呼叫的號碼是6101,對應於路由器3。另請注意,由於未配置PPP身份驗證,因此在「遠端名稱」欄位中用數字標識遠端路由器而不是名稱。
Router1#show user Line User Host(s) Idle Location * 0 con 0 idle 00:00:00 BR0:1 Sync PPP 00:00:33 PPP: 10.0.0.2 BR0:2 Sync PPP 00:00:15 PPP: 10.0.0.3 Interface User Mode Idle Peer Address
請注意,一個B通道用於連線到Router 2,而另一個B通道連線到路由器3。檢驗IP地址是否與路由器2和3上配置的IP地址匹配。
使用本節內容,對組態進行疑難排解。
輸出直譯器工具(僅供已註冊客戶使用)(OIT)支援某些show命令。使用OIT檢視show命令輸出的分析。
附註:使用 debug 指令之前,請先參閱有關 Debug 指令的重要資訊。
debug dialer [events |資料包]
debug isdn event
debug isdn q931
debug ppp negotiation — 在協商PPP元件(包括鏈路控制協定(LCP)、身份驗證和網路控制協定(NCP))時顯示有關PPP流量和交換的資訊。成功的PPP協商首先開啟LCP狀態,然後進行身份驗證,最後協商NCP。
如果遇到ISDN下層問題,請參閱使用show isdn status命令進行BRI故障排除。
Router1#show debug Dial on demand: Dial on demand events debugging is on PPP: PPP protocol negotiation debugging is on ISDN: ISDN Q931 packets debugging is on
本部分顯示路由器1的調試輸出,並顯示Router 2正在呼叫路由器1。然後Router 1會向路由器2發起回叫並建立連線。
注意:為了列印目的,其中一些調試輸出行被分成多行。
*Mar 1 04:50:34.782: ISDN BR0: RX <- SETUP pd = 8 callref = 0x0B *Mar 1 04:50:34.790: Bearer Capability i = 0x8890 *Mar 1 04:50:34.798: Channel ID i = 0x89 *Mar 1 04:50:34.802: Calling Party Number i = 0xA1, '6121 ',Plan:ISDN, Type:National !--- Calling party information is provided by the switch. *Mar 1 04:50:34.818: Called Party Number i = 0xC1, '6122',Plan:ISDN, Type:Subscriber(local) !--- Called party information is provided by the switch. *Mar 1 04:50:34.838: ISDN BR0: Event: Received a DATA call from 6121 on B1at 64 Kb/s *Mar 1 04:50:34.842: BR0:1 DDR: Caller id 6121 matched to profile !--- The ISDN call (from Router 2) is authenticated. *Mar 1 04:50:34.842: Di1 DDR: Caller id Callback server starting to 6121 !--- Initiates callback to 6121. *Mar 1 04:50:34.866: ISDN BR0: TX -> RELEASE_COMP pd = 8 callref = 0x8B *Mar 1 04:50:34.870: Cause i = 0x8095 - Call rejected *Mar 1 04:50:36.778: ISDN BR0: RX <- SETUP pd = 8 callref = 0x0C *Mar 1 04:50:36.786: Bearer Capability i = 0x8890 *Mar 1 04:50:36.794: Channel ID i = 0x89 *Mar 1 04:50:36.798: Calling Party Number i = 0xA1, '6121',Plan:ISDN, Type:National *Mar 1 04:50:36.814: Called Party Number i = 0xC1, '6122',Plan:ISDN, Type:Subscriber(local) *Mar 1 04:50:36.834: ISDN BR0: Event: Received a DATA call from 6121 on B1at 64 Kb/s *Mar 1 04:50:36.838: BR0:1 DDR: Caller id 6121 matched to profile *Mar 1 04:50:36.838: Di1 DDR: callback to 6121 already started *Mar 1 04:50:36.862: ISDN BR0: TX -> RELEASE_COMP pd = 8 callref = 0x8C *Mar 1 04:50:36.866: Cause i = 0x8095 - Call rejected !--- Reject call (then initiate callback). *Mar 1 04:50:36.878: DDR: Callback timer expired !--- The timer is configured with the dialer enable-timeout command. *Mar 1 04:50:36.878: Di1 DDR: beginning callback to 6121 *Mar 1 04:50:36.882: BR0 DDR: rotor dialout [priority] *Mar 1 04:50:36.882: BR0 DDR: Dialing cause Callback return call !--- The dialing cause is callback. *Mar 1 04:50:36.886: BR0 DDR: Attempting to dial 6121 !--- Dialing 6121 (Router 2). *Mar 1 04:50:36.902: ISDN BR0: TX -> SETUP pd = 8 callref = 0x0E *Mar 1 04:50:36.906: Bearer Capability i = 0x8890 *Mar 1 04:50:36.914: Channel ID i = 0x83 *Mar 1 04:50:36.922: Called Party Number i = 0x80, '6121',Plan:Unknown, Type:Unknown *Mar 1 04:50:36.998: ISDN BR0: RX <- CALL_PROC pd = 8 callref = 0x8E *Mar 1 04:50:37.002: Channel ID i = 0x89 *Mar 1 04:50:37.402: ISDN BR0: RX <- CONNECT pd = 8 callref = 0x8E *Mar 1 04:50:37.418: ISDN BR0: TX -> CONNECT_ACK pd = 8 callref = 0x0E *Mar 1 04:50:37.426: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up !--- The interface is up. *Mar 1 04:50:37.446: DDR: Freeing callback to 6121 *Mar 1 04:50:37.446: BRI0:1: interface must be fifo queue, force FIFO *Mar 1 04:50:37.450: BR0:1 PPP: Phase is DOWN, Setup *Mar 1 04:50:37.454: BR0:1 PPP: Treating connection as a callout *Mar 1 04:50:37.454: BR0:1 PPP: Phase is ESTABLISHING, Active Open *Mar 1 04:50:37.462: BR0:1 LCP: O CONFREQ [Closed] id 1 len 10 *Mar 1 04:50:37.462: BR0:1 LCP: MagicNumber 0xE1288054 (0x0506E1288054) *Mar 1 04:50:37.466: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1 *Mar 1 04:50:37.478: BR0:1 PPP: Treating connection as a callout *Mar 1 04:50:37.486: BR0:1 LCP: I CONFREQ [REQsent] id 2 Len 10 *Mar 1 04:50:37.490: BR0:1 LCP: MagicNumber 0x000F4499 (0x0506000F4499) *Mar 1 04:50:37.494: BR0:1 LCP: O CONFACK [REQsent] id 2 Len 10 *Mar 1 04:50:37.498: BR0:1 LCP: MagicNumber 0x000F4499 (0x0506000F4499) *Mar 1 04:50:37.502: BR0:1 LCP: I CONFACK [ACKsent] id 1 Len 10 *Mar 1 04:50:37.506: BR0:1 LCP: MagicNumber 0xE1288054 (0x0506E1288054) *Mar 1 04:50:37.506: BR0:1 LCP: State is Open !--- The LCP negotiation is complete. *Mar 1 04:50:37.510: BR0:1 PPP: Phase is UP *Mar 1 04:50:37.514: BR0:1 IPCP: O CONFREQ [Closed] id 1 Len 10 *Mar 1 04:50:37.518: BR0:1 IPCP: Address 10.0.0.1 (0x03060A000001) *Mar 1 04:50:37.522: BR0:1 IPCP: I CONFREQ [REQsent] id 2 Len 10 *Mar 1 04:50:37.526: BR0:1 IPCP: Address 10.0.0.2 (0x03060A000002) *Mar 1 04:50:37.530: BR0:1 IPCP: O CONFACK [REQsent] id 2 Len 10 *Mar 1 04:50:37.534: BR0:1 IPCP: Address 10.0.0.2 (0x03060A000002) *Mar 1 04:50:37.550: BR0:1 IPCP: I CONFACK [ACKsent] id 1 Len 10 *Mar 1 04:50:37.550: BR0:1 IPCP: Address 10.0.0.1 (0x03060A000001) !--- IPCP address negotiation. *Mar 1 04:50:37.554: BR0:1 IPCP: State is Open *Mar 1 04:50:37.562: BR0:1 DDR: dialer protocol up *Mar 1 04:50:37.570: Di1 IPCP: Install route to 10.0.0.2 !--- Route to Router 2 is installed. *Mar 1 04:50:38.510: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceBRI0:1, changed state to up
在本節中,調試輸出顯示Router 3正在呼叫Router 1。然後根據呼叫者ID資訊對Router 3進行身份驗證,並且連線到Router 1而沒有回撥。
*Mar 1 04:50:54.230: ISDN BR0: RX <- SETUP pd = 8 callref = 0x0D !--- Receive a call setup. *Mar 1 04:50:54.238: Bearer Capability i = 0x8890 *Mar 1 04:50:54.242: Channel ID i = 0x8A *Mar 1 04:50:54.250: Calling Party Number i = 0xA1, '6101',Plan:ISDN, Type:National !--- Calling party (Router 3) information is provided by the switch. *Mar 1 04:50:54.266: Called Party Number i = 0xC1, '6122',Plan:ISDN, Type:Subscriber(local) !--- Called party (Router 1) information is provided by the switch. *Mar 1 04:50:54.286: ISDN BR0: Event: Received a DATA call from 6101 on B2at 64 Kb/s *Mar 1 04:50:54.290: BR0:2 DDR: Caller id 6101 matched to profile !--- The ISDN call (from Router 3) is authenticated. *Mar 1 04:50:54.290: BRI0:2: interface must be FIFO queue, force FIFO *Mar 1 04:50:54.294: BR0:2 PPP: Phase is DOWN, Setup *Mar 1 04:50:54.298: %DIALER-6-BIND: Interface BR0:2 bound to profile Di2 !--- The interface is bound to interface Dialer 2. *Mar 1 04:50:54.314: ISDN BR0: TX -> CALL_PROC pd = 8 callref = 0x8D *Mar 1 04:50:54.318: Channel ID i = 0x8A *Mar 1 04:50:54.326: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up *Mar 1 04:50:54.350: BR0:2 PPP: Treating connection as a callin *Mar 1 04:50:54.354: BR0:2 PPP: Phase is ESTABLISHING, Passive Open *Mar 1 04:50:54.354: BR0:2 LCP: State is Listen *Mar 1 04:50:54.630: ISDN BR0: TX -> CONNECT pd = 8 callref = 0x8D *Mar 1 04:50:54.698: ISDN BR0: RX <- CONNECT_ACK pd = 8 callref = 0x0D *Mar 1 04:50:54.706: Channel ID i = 0x8A *Mar 1 04:50:54.766: BR0:2 LCP: I CONFREQ [Listen] id 31 Len 10 *Mar 1 04:50:54.770: BR0:2 LCP: MagicNumber 0x099285FD (0x0506099285FD) *Mar 1 04:50:54.774: BR0:2 LCP: O CONFREQ [Listen] id 1 Len 10 *Mar 1 04:50:54.778: BR0:2 LCP: MagicNumber 0xE128C3F7 (0x0506E128C3F7) *Mar 1 04:50:54.782: BR0:2 LCP: O CONFACK [Listen] id 31 Len 10 *Mar 1 04:50:54.786: BR0:2 LCP: MagicNumber 0x099285FD (0x0506099285FD) *Mar 1 04:50:54.790: BR0:2 LCP: I CONFACK [ACKsent] id 1 Len 10 *Mar 1 04:50:54.794: BR0:2 LCP: MagicNumber 0xE128C3F7 (0x0506E128C3F7) *Mar 1 04:50:54.798: BR0:2 LCP: State is Open !--- LCP negotiation is complete. *Mar 1 04:50:54.802: BR0:2 PPP: Phase is UP *Mar 1 04:50:54.806: BR0:2 IPCP: O CONFREQ [Closed] id 1 Len 10 *Mar 1 04:50:54.810: BR0:2 IPCP: Address 10.0.0.1 (0x03060A000001) *Mar 1 04:50:54.814: BR0:2 IPCP: I CONFREQ [REQsent] id 17 Len 10 *Mar 1 04:50:54.818: BR0:2 IPCP: Address 10.0.0.3 (0x03060A000003) *Mar 1 04:50:54.822: BR0:2 IPCP: O CONFACK [REQsent] id 17 Len 10 *Mar 1 04:50:54.826: BR0:2 IPCP: Address 10.0.0.3 (0x03060A000003) *Mar 1 04:50:54.830: BR0:2 IPCP: I CONFACK [ACKsent] id 1 Len 10 *Mar 1 04:50:54.834: BR0:2 IPCP: Address 10.0.0.1 (0x03060A000001) !--- IPCP address negotiation is complete. *Mar 1 04:50:54.834: BR0:2 IPCP: State is Open *Mar 1 04:50:54.842: BR0:2 DDR: dialer protocol up *Mar 1 04:50:54.850: Di2 IPCP: Install route to 10.0.0.3 !--- Route to Router 3 is installed. *Mar 1 04:50:55.802: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceBRI0:2, changed state to up
修訂 | 發佈日期 | 意見 |
---|---|---|
1.0 |
29-Jan-2008 |
初始版本 |