Cisco AS5800 OAM&P Guide
App A: Advanced Quick Reference
Download this chapter
App A: Advanced Quick ReferenceApp A: Advanced Quick Reference
Download the complete book
Cisco AS5800 Operations, Administration, Maintenance, and Provisioning GuideCisco AS5800 Operations, Administration, Maintenance, and Provisioning Guide (PDF - 6 MB)
 Feedback

Table Of Contents

Advanced Quick Reference

Advanced Quick Reference Configurations

Functional Components

Egress Interface

Egress Requisites

Egress Configuration

Loopback Interface

Loopback Requisites

Loopback Configuration

Routing Protocol

Routing Protocol Requisites

Routing Protocol Configuration

Ingress Interface

Ingress Requisites

T3 Ingress Configuration

T1 Ingress Configuration

Line Signaling

Line Signaling Requisites

Line Signaling (ISDN) Configuration

Line Signaling (CAS) Configuration

D-Channels (ISDN)

D-Channel Requisites

D-Channel Configuration

AAA

AAA Plan and Requisites

AAA Authentication Configuration

AAA Authorization Configuration

AAA Accounting Configuration

AAA RADIUS Server Configuration

TACACS Server Configuration

Modem Pools

Modem Pool Requisites

Modem Pool Configuration

TTY Line

TTY Line Requisites

TTY Line Configuration

Async Interface

Async Interface Requisites

Async Interface Configuration

Dial Interface

Dial Interface Requisites

Dial Interface Configuration

IP Address Pools

IP Address Pools Requisites

IP Address Pools Configuration

Virtual Template

Virtual Template Requisites

Virtual Template Configuration

SGBP

SGBP Requisites

SGBP Configuration

VPDN

VPDN Requisites

VPDN Configuration

SNMP

SNMP Requisites

SNMP Configuration

Virtual Profiles

Virtual Profile Requisites

Virtual Profile Configuration

Multilink Virtual Template

Multilink Virtual Template Requisites

Multilink Virtual Template Configuration

V.120 Support

V.120 Requisites

V.120 Configuration

VoIP

Global Parameters

Global Parameter Requisites

Global Parameter Configuration

Finalizing Operational Configurations

Final Operational Requisites

Final Operational Configurations

Other Operational Configuration Considerations


Advanced Quick Reference

This appendix provides quick reference configurations for the advanced Cisco AS5800 user and system administrator who need to rapidly modify system functionality or enhance system performance. Interface and/or protocol configurations addressed in this section are listed categorically and sequenced logically by operation.

Remember, Cisco routers are configured using a command line interface (CLI) from a user interface, known as a port, that provides hardware connectivity. Routers are accessed from the routers console port or by Telnetting into the routers interface from another host. A command interpreter, called EXEC, is employed by the operating system to translate and execute Cisco IOS commands. This command interpreter provide the user with privileged mode of access that promotes security to the respective command levels, restricting users to a subset of mode-specific commands.

User EXEC mode (5800>) provides restricted access and limits router configuration or troubleshooting. At this level, miscellaneous functionality is performed, such as viewing system information, obtaining basic router status, changing terminal settings, or establishing remote device connectivity.

Privileged EXEC mode (5800#) includes user mode functionality and provides unrestricted access. It is used exclusively for router configuration, debugging, setting operating system (OS) parameters, and retrieving detailed router status information.

Global configuration mode [5800(config)#] is a preliminary configuration mode that recognizes commands affecting the whole router. Some of these commands cause the router to enter other configuration modes that recognize even more detailed commands.

There are many modes of configuration within global configuration mode that determine the type of configuration desired, such as interface configuration [5800(config-if)#]. Each configuration command mode restricts the user to a subset of mode-specific commands that individualize and secure a router.

ROM monitor mode (> or rommon>) is a CLI allowing router configuration if the router does not find a valid system image or if the bootup sequence is interrupted during startup.

The end (Ctrl-Z) command provides an escape from any configuration command mode: Terminal [5800(config)#], Interface [5800(config-if)#], Line [5800(config-line)#], Controller [5800(config-controll)#], Router [5800(config-router)#], etc., to privileged EXEC mode (5800#). The exit command provides an escape from any configuration command mode to one command prompt level higher, or completely out of the command line interface if you are in privileged EXEC or user EXEC mode. The disable command provides an escape from privileged EXEC mode to user EXEC mode. The logout command provides a complete escape out of the command line interface if you are in privileged EXEC or user EXEC mode.

Advanced Quick Reference Configurations

This section provides abridged interface and/or protocol configurations listed categorically and sequenced logically by operation. Each functional component is dependent on previous component configurations and includes the following reference information:

Basic operational summary

List of operational prerequisites

Configuration summary with:

a sample configuration script

a detailed line item description of the configuration script

a convenient list of the configuration commands for purposes of editing, copying, and pasting into your router

Other configuration considerations include:

access lists

route summarization

basic show commands

useful debug commands

Functional Components

Cisco AS5800 operational configurations are provided for the following functional components.

1. Egress Interface

2. Loopback Interface

3. Routing Protocol

4. Ingress Interface

5. Line Signaling

6. D-Channels (ISDN)

7. AAA

8. Modem Pools

9. TTY Line

10. Async Interface

11. Dial Interface

12. IP Address Pools

13. Virtual Template

14. SGBP

15. VPDN

16. SNMP

17. Virtual Profiles

18. Multilink Virtual Template

19. V.120 Support

20. VoIP

21. Global Parameters

22. Finalizing Operational Configurations

Egress Interface

Egress interfaces are network connections, or ports, used for outbound traffic flow.

Egress Requisites

The following requisites are significant considerations to identify before configuring an egress interface:

Interface type

IP configuration

Interface specific parameters (Duplex, Speed, PVC, Encapsulation, etc.)

Egress Configuration

The following Cisco IOS CLI script serves as a sample egress interface configuration or setup.

Sample Configuration 

5800(config)# interface FastEthernet0/0/0

5800(config-if)# ip address 1.1.1.1 255.255.255.0

5800(config-if)# no ip directed broadcast

5800(config-if)# no ip mroute-cache

5800(config-if)# no cdp enable

5800(config-if)# exit

5800(config)#

Command Line Description 

5800(config)# interface FastEthernet0/0/0

Defines the interface type. 

5800(config-if)# ip address 1.1.1.1 255.255.255.0

Assigns a primary IP address and subnet mask to the interface. 

5800(config-if)# no ip directed broadcast

Disables the translation of directed broadcast to physical broadcasts. It drops the directed broadcasts destined for this subnet. 

5800(config-if)# no ip mroute-cache

Turns off IP multicast fast switching. 

5800(config-if)# no cdp enable

Disables CDP (Cisco Discovery Protocol). 

5800(config-if)# exit

Exits interface configuration mode to global configuration mode. 

5800(config)#

Global configuration mode prompt.

To Modify, Copy, & Paste 

interface FastEthernet0/0/0

ip address 1.1.1.1 255.255.255.0

no ip directed broadcast

no ip mroute-cache

no cdp enable

exit

Loopback Interface

Loopback interface is a logical interface on the router that can be used for diagnostics and troubleshooting purposes. It is also used to conserve address space so other physical interfaces can be unnumbered to this interface. The state of the Loopback interface is always UP/UP.

Loopback Requisites

The following requisite is significant consideration to identify before configuring a loopback interface:

IP configuration

Loopback Configuration

The following Cisco IOS CLI script serves as a sample loopback configuration or setup.

Sample Configuration 

5800(config)# interface loopback0

5800(config-if)# ip address 2.2.2.2 255.255.255.255

5800(config-if)# no ip directed broadcast

5800(config-if)# exit

5800(config)#

Command Line Description 

5800(config)# interface loopback0

Defines the interface type. 

5800(config-if)# ip address 2.2.2.2 255.255.255.255

Assigns an IP address to the interface. 

5800(config-if)# no ip directed broadcast

Disables the translation of directed broadcast to physical broadcasts. 

5800(config-if)# exit

Exits this interface configuration mode to global configuration mode. 

5800(config)#

Global configuration mode prompt.

To Modify, Copy, & Paste 

interface loopback0

ip address 2.2.2.2 255.255.255.255

no ip directed broadcast

exit

Routing Protocol

Routing protocol that accomplishes routing through the implementation of a specific routing algorithm. Examples of routing protocols include: RIP, IGRP, EIGRP, OSPF, and BGP.

Routing Protocol Requisites

The following requisites are significant considerations to identify before configuring routing protocols:

Routing protocol for egress network

Networks to advertise

IP summarization if supported

Interfaces to advertise routing on

Routing Protocol Configuration

The following Cisco IOS CLI script serves as a sample routing protocol configuration or setup.

Sample Configuration 

5800(config)# router rip

5800(config-router)# version 2

5800(config-router)# redistribute static

5800(config-router)# passive-interface Group-Async0

5800(config-router)# passive-interface Virtual-Template1

5800(config-router)# passive-interface Dialer0

5800(config-router)# passive-interface Loopback0

5800(config-router)# network 10.0.0.0

5800(config-router)# network 172.16.0.0

5800(config-router)# no auto-summary

5800(config-router)# exit

5800(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1

Command Line Description 

5800(config)# router rip

Defines the routing protocol used on the router and initiates the routing protocol processes. 

5800(config-router)# version 2

Defines the protocol version used. Enables sending and receiving of Version 2 RIP packets. 

5800(config-router)# redistribute static

Enables the redistribution of static routes in routing updates. Advertises static routes (including per-user static routes downloaded from RADIUS or TACACS+). 

5800(config-router)# passive-interface Group-Async0

Defines the Group-Async interface as a passive interface so no routing updates are sent out of these interfaces. Disables sending of updates across the interface and places the interface in listen mode. 

5800(config-router)# passive-interface Virtual-Template1

Defines the Virtual-Template as a passive interface so no routing updates are send out the Virtual-Access interfaces that are cloned off the Virtual-Template. 

5800(config-router)# passive-interface Dialer0

Defines the Dialer interface as a passive interface. 

5800(config-router)# passive-interface Loopback0

Defines the Loopback interface as a passive interface. 

5800(config-router)# network 10.0.0.0

Enables advertisement of interfaces in this network. Defines 10.0.0.0 network as part of the RIP routing process. The router exchanges routing updates about the 10.0.0.0 network dynamically. 

5800(config-router)# network 172.16.0.0

Defines 172.16.0.0 network as part of the RIP routing process. Updates regarding this network are exchanged dynamically between this router and its neighbors. 

5800(config-router)# no auto-summary

Turns off route summarization, so updates are not summarized to classful boundaries. 

5800(config-router)# exit

Exits the router configuration mode to global configuration mode. 

5800(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1

Defines a default route for this router. If the router does not have an address in its routing table, the table forwards the packets to this IP address. Default route for destinations are not learned through the routing protocol.

To Modify, Copy, & Paste 

router rip

version 2

redistribute static

passive-interface Group-Async0

passive-interface Virtual-Template1

passive-interface Dialer0

passive-interface Loopback0

network 10.0.0.0

network 172.16.0.0

no auto-summary

exit

ip route 0.0.0.0 0.0.0.0 172.16.1.1

Ingress Interface

Interfaces used for inbound traffic flow.

Ingress Requisites

The following requisites are significant considerations to identify before configuring ingress interfaces:

Facilities (T1 / T3 / E1 / E3)

Circuit type (ISDN CAS)

Telco parameters

ISDN switch type

CAS signaling

Dial-shelf slots

T3 Ingress Configuration

The following Cisco IOS CLI script serves as a sample T3 ingress interface configuration or setup.

Sample Configuration 

5800(config)# isdn switch-type primary-ni (ISDN)

5800(config)# controller t3 1/0/0

5800(config-controller)# framing m23

5800(config-controller)# cablelength 224

5800(config-controller)# t1 1 controller

5800(config-controller)# t1 2 controller

5800(config-controller)# . . .

5800(config-controller)# exit

5800(config)#

Command Line Description 

5800(config)# isdn switch-type primary-ni (ISDN)

Defines the ISDN switch-type to be used on the router. This is a global command but can also be configured under the D-channel in later versions of Cisco IOS software. 

5800(config)# controller t3 1/0/0

Identifies controller type and number to be configured. The controller type is a T3 and the controller is in shelf 1, slot 0, port 0. 

5800(config-controller)# framing m23

Enables m23 framing. Sets the framing type under the T3 controller. 

5800(config-controller)# cablelength 224

Sets the cable length to 224 feet. 

5800(config-controller)# t1 1 controller

Enables the first T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28. 

5800(config-controller)# t1 2 controller

Enables the second T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28. 

5800(config-controller)# . . .

Configures additional individual T1 controllers under the T3 controller. Range is 1-28. 

5800(config-controller)# exit

Exits this controller configuration mode to global configuration mode. 

5800(config)#

Global configuration mode prompt.

To Modify, Copy, & Paste 

isdn switch-type primary-ni (ISDN)

controller t3 1/0/0

framing m23

cablelength 224

t1 1 controller

t1 2 controller

exit

T1 Ingress Configuration

The following Cisco IOS CLI script serves as a sample T1 ingress interface configuration or setup.

Sample Configuration 

5800(config)# controller t1 1/0/0:1

5800(config-controller) # framing esf

5800(config-controller) # linecode b8zs     (t1-pri)

5800(config-controller) # pri-group timeslots 1-24

5800(config-controller)# controller t1 1/0/0:2

5800(config-controller)# framing esf

5800(config-controller)# pri-group timeslots 1-24

5800(config-controller)# exit

5800(config)#

Command Line Description 

5800(config)# controller t1 1/0/0:1

Configures the first T1 on the T3 card in slot 0. Enters the controller configuration mode and configures controller t1 1 under the T3 controller. 

5800(config-controller) # framing esf

Enables T1 Extended Superframe Framing. Sets framing to Extended Super Frame (ESF). 

5800(config-controller) # linecode b8zs     (t1-pri)

Enable Binary 8 Zero Substitution line coding. Sets the line coding to Binary 8 Zero Substitution (B8ZS). 

5800(config-controller) # pri-group timeslots 1-24

Configures the controller for ISDN PRI on time slots 1 through 24. Time slot 24 is the D-channel. 

5800(config-controller)# controller t1 1/0/0:2

Configures the second T1 on the T3 card in slot 0. Configures controller t1 2 under the T3 controller. 

5800(config-controller)# framing esf

Sets framing to Extended Super Frame (ESF). 

5800(config-controller)# pri-group timeslots 1-24

Configures the controller for ISDN PRI on time slots 1 through 24. Time slot 24 is the D-channel. 

5800(config-controller)# exit

Exits controller configuration mode to global configuration mode. 

5800(config)#

Global configuration mode prompt.

To Modify, Copy, & Paste 

controller t1 1/0/0:1

framing esf

linecode b8zs

pri-group timeslots 1-24

controller t1 1/0/0:2

framing esf

pri-group timeslots 1-24

Exit

Line Signaling

When configuring a router for signaling, line signaling can be used for both inbound and outbound calls. The line signaling configuration must match the corresponding telco switch configuration.

Line Signaling Requisites

The following requisites are significant considerations to identify before configuring line signaling:

Facilities(T1 / T3 / E1 / E3)

Circuit type (ISDN CAS)

Telco parameters

ISDN switch type

CAS signaling

Dial-shelf slots

Line Signaling (ISDN) Configuration

The following Cisco IOS CLI script serves as a sample ISDN line signaling configuration or setup.

Sample Configuration 

5800(config)# isdn switch-type primary-ni1

5800(config)# controller t1 1/0/0

5800(config-controller)# pri-group timeslots 1-24

5800(config-controller)# exit

5800(config)#

Command Line Description 

5800(config)# isdn switch-type primary-ni1

Configures the ISDN switch-type that the access server is connected to. 

5800(config)# controller t1 1/0/0

Configures the first T1 on slot 0. 

5800(config-controller)# pri-group timeslots 1-24

Enables this T1 to use ISDN PRI signaling on all 24 timeslots. 

5800(config-controller)# exit

Exits controller configuration mode to global configuration mode. 

5800(config)#

Global configuration mode prompt.

To Modify, Copy, & Paste 

isdn switch-type primary-ni1

controller t1 1/0/0

pri-group timeslots 1-24

exit

Line Signaling (CAS) Configuration

The following Cisco IOS CLI script serves as a sample CAS line signaling configuration or setup.

Sample Configuration 

5800(config)# controller t1 1/0/11

5800(config-controll)# framing esf

5800(config-controll)# linecode b8zs

5800(config-controll)# ds0-group 0 timeslots 1-24 type e&m-fgb

5800(config-controller)# exit

5800(config)#

Command Line Description 

5800(config)# controller t1 1/0/11

Enters the controller configuration mode. 

5800(config-controll)# framing esf

Sets framing to Extended Super Frame (ESF). 

5800(config-controll)# linecode b8zs (t1-cas)

Sets the line coding to Binary 8 Zero Substitution (B8ZS). 

5800(config-controll)# ds0-group 0 timeslots 1-24 type e&m-fgb

Configures this T1 CAS line to use E&M feature-group B signaling on all 24 timeslots. 

5800(config-controller)# exit

Exits controller configuration mode to global configuration mode.

To Modify, Copy, & Paste 

controller t1 1/0/0:1

framing esf

linecode b8zs

ds0-group 0 timeslots 1-24 type

exit

D-Channels (ISDN)

This is the 24th timeslot on T1/PRI or the 16th timeslot on E1/PRI and is used for signaling information. Call setup and tear down information is sent over the D-channel.

D-Channel Requisites

The following requisites are significant considerations to identify before configuring ISDN D-Channels:

Interface switch-type

IP configuration

Encapsulation

Analog (voice) access

Cause code for hunting

Rotary configuration

D-Channel Configuration

The following Cisco IOS CLI script serves as a sample ISDN D-Channel configuration or setup.

Sample Configuration 

5800(config)# interface s 1/0/0:1:23

5800(config-if)# no ip address

5800(config-if)# no ip directed-broadcast

5800(config-if)# encapsulation ppp

5800(config-if)# dialer rotary-group 0

5800(config-if)# isdn switch-type primary-5ess

5800(config-if)# isdn incoming-voice modem

5800(config-if)# no cdp enable

5800(config-if)# exit

5800(config)#

Command Line Description 

5800(config)# interface s 1/0/0:1:23

Defines the D-channel to configure. Configure the D-channel on controller T1 1 under the T3 controller in shelf 1, slot 0, and port 0. 

5800(config-if)# no ip address

Not assigning an IP address on the D-channel. 

5800(config-if)# no ip directed-broadcast

Disables the translation of directed broadcast to physical broadcasts 

5800(config-if)# encapsulation ppp

Sets the encapsulation type to PPP. 

5800(config-if)# dialer rotary-group 0

Configures the D-channel for rotary-group. Make this interface a member of the Dialer 0 rotary interface. This is legacy DDR configuration and it assigns the physical interface serial 1/0/0:1:23 to rotary-group 0. 

5800(config-if)# isdn switch-type primary-5ess

Sets the ISDN switch-type to primary-5ess. 

5800(config-if)# isdn incoming-voice modem

Incoming voice calls should be handed off to the CSM and terminated on a modem. Accept speech (voice) bearer-type calls and route them to a voice or modem resource. 

5800(config-if)# no cdp enable

Disables Cisco Discovery Protocol (CDP). If an incoming speech call cannot be terminated because all voice/modem resources are in use, disconnect the call with a cause code of user-busy. 

5800(config-if)# exit

Exits interface configuration mode to global configuration mode.

To Modify, Copy, & Paste 

interface s 1/0/0:1:23

no ip address

no ip directed-broadcast

encapsulation ppp

dialer rotary-group 0

isdn switch-type primary-5ess

isdn incoming-voice modem

no cdp enable

AAA

Triple A security in billing that stands for Authentication, Authorization and Accounting.

AAA Plan and Requisites

The following requisites are significant considerations to identify before configuring AAA:

Dial in authentication method

Dial in authorization method

Dial in accounting method

Administrative AAA method

For detailed AAA configuration information, refer to Authentication, Authorization, and Accounting (AAA), available online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt1/

AAA Server Options

The following AAA server options are significant network design considerations:

AAA servers

Backup plan

For detailed RADIUS Server configuration information, refer to RADIUS Commands, available online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_r/srprt2/

AAA Authentication Configuration

The following Cisco IOS CLI script serves as a sample AAA authentication configuration or setup.

Sample Configuration 

5800(config)# aaa new-model

5800(config)# aaa authentication login CONSOLE none

5800(config)# aaa authentication login LOCAL none

5800(config)# aaa authentication login USE-RADIUS group radius local

5800(config)# aaa authentication login USE-TACACS tacacs+ enable

5800(config)# aaa authentication enable default enable tacacs+

5800(config)# aaa authentication ppp USE-RADIUS if-needed radius

5800(config)# username cisco password cisco

Command Line Description 

5800(config)# aaa new-model

Turns on the AAA process on a Cisco router. Enables the AAA security paradigm. 

5800(config)# aaa authentication login CONSOLE none

Configure an authentication method list called CONSOLE that requires no authentication. Defines the login authentication method for EXEC users. The method list is called CONSOLE and it points to none so there is no authentication for method list CONSOLE. 

5800(config)# aaa authentication login LOCAL none

Configures an authentication method list called LOCAL that consults the local database of user names and passwords. 

5800(config)# aaa authentication login USE-RADIUS group radius local

Defines the login authentication for method list USE-RADIUS that points to RADIUS server. User will be authenticated against the RADIUS database. Configure an authentication method list called USE-RADIUS that uses the global RADIUS server list. If the RADIUS servers do not respond, then fallback to the local user database. 

5800(config)# aaa authentication login USE-TACACS tacacs+ enable

Defines the login authentication for method list USE-TACACS that point to TACACS+ server. Users will be authenticated against the TACACS+ database. Configure an authentication method list called USE-TACACS that uses the global TACACS+ server list. If the TACACS+ servers do not respond, fallback to using the enable password. 

5800(config)# aaa authentication enable default enable tacacs+

Defines the authentication method for enable privilege on the router. The method list is called "default" and it points to the enable password defined on the router and then to the TACACS+ server. 

5800(config)# aaa authentication ppp USE-RADIUS if-needed radius

Defines the authentication method for PPP users. Method list is called "USE-RADIUS" and it points to the radius server if authentication is required. The "if-needed" option states that if users have already been authenticated then do not re-authenticate them. Configure an authentication method list called USE-RADIUS that uses the global RADIUS server list. 

5800(config)# username cisco password cisco

Defines the username and password locally on the router for local authentication. Configure a local user account to authenticate when the RADIUS server is not available.

To Modify, Copy, & Paste 

aaa new-model

aaa authentication login CONSOLE none

aaa authentication login USE-RADIUS radius

aaa authentication login TAC_PLUS tacacs+ enable

aaa authentication login LOCAL local

aaa authentication enable default enable tacacs+

aaa authentication ppp USE-RADIUS if-needed radius

username cisco password cisco

AAA Authorization Configuration

The following Cisco IOS CLI script serves as a sample AAA authorization configuration or setup.

Sample Configuration 

5800(config)# aaa authorization exec USE-RADIUS group radius if-authenticated

5800(config)# aaa authorization exec USE-TACACS group tacacs+ if-authenticated

5800(config)# aaa authorization network default radius if-authenticated

5800(config)# aaa authorization network USE-RADIUS group radius if-authenticated

Command Line Description 

5800(config)# aaa authorization exec USE-RADIUS group radius if-authenticated

Configures an authorization method list called USE-RADIUS that uses the global RADIUS server list. EXEC authorization is required to process per-user attribute such as autocommands. Defines the authorization method for EXEC (shell). Method list is called "USE-RADIUS" and it points to the radius server. If the radius server does not respond, the user, if authenticated, is automatically authorized due to the "if-authenticated" option. 

5800(config)# aaa authorization exec USE-TACACS group tacacs+ if-authenticated

Configure an authorization method list called USE-TACACS that uses the global TACACS+ server list. EXEC authorization is required to process per-user attribute such as autocommands. Defines the authorization method for EXEC (shell). Method list is called "USE-TACACS" and it points to the TACACS+ server. If the TACACS+ server does not respond, the user, if authenticated, is automatically authorized due to the "if-authenticated" option. 

5800(config)# aaa authorization network default radius if-authenticated

Defines the authorization method for network services (PPP, SLIP, ARAP). Method list is called "default" and it points to the radius server. If the radius server does not respond the user, if already authenticated, will be automatically authorized due to the "if-authenticated" option. 

5800(config)# aaa authorization network USE-RADIUS group radius if-authenticated

Defines the authorization method for network services (PPP, SLIP, ARAP). Method list is called "USE-RADIUS" and it points to the radius server. If the radius server does not respond the user, if already authenticated, will be automatically authorized due to the "if-authenticated" option.

To Modify, Copy, & Paste 

aaa authorization exec USE-RADIUS group radius if-authenticated

aaa authorization exec USE-TACACS group tacacs+ if-authenticated

aaa authorization network default radius if-authenticated

aaa authorization network USE-RADIUS group radius if-authenticated

AAA Accounting Configuration

The following Cisco IOS CLI script serves as a sample AAA accounting configuration or setup.

Sample Configuration 

5800(config)# aaa accounting suppress null-username

5800(config)# aaa accounting exec default start-stop group radius

5800(config)# aaa accounting network default start-stop group radius

5800(config)# aaa accounting system default start-stop group radius

Command Line Description 

5800(config)# aaa accounting suppress null-username

Do not generate accounting records for users with a null-username. 

5800(config)# aaa accounting exec default start-stop group radius

Generates accounting records for EXEC (shell) service. Start and Stop records should be generated without wait. Radius server is being used for this accounting. This enables accounting records for all EXEC sessions. The accounting record will be sent at the beginning and the end of the EXEC session. The record will be sent to the global RADIUS server list. 

5800(config)# aaa accounting network default start-stop group radius

Generates accounting records for network services (PPP, SLIP, ARAP). Start and Stop records should be generated without wait. Radius server is being used for this accounting. This enables accounting records for all network sessions (PPP/SLIP). The accounting record will be sent at the beginning and the end of the network session. The record will be sent to the global RADIUS server list. 

5800(config)# aaa accounting system default start-stop group radius

Generates accounting records for systems events. Start and Stop records should be generated using the Radius server. This enables accounting records for system events. The accounting record will be sent when the access server is booted and when accounting is turned on or off. The record will be sent to the global RADIUS server list.

To Modify, Copy, & Paste 

aaa accounting suppress null-username

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

aaa accounting system default start-stop group radius

AAA RADIUS Server Configuration

The following Cisco IOS CLI script serves as a sample AAA Radius Server configuration or setup.

Sample Configuration 

5800(config)# radius-server host x.x.x.x auth-port x acct-port x non-standard

5800(config)# radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret

5800(config)# radius-server deadtime 5

5800(config)# radius-server timeout 3

5800(config)# radius-server retransmit 2

5800(config)# radius-server attribute nas-port format c

Command Line Description 

5800(config)# radius-server host x.x.x.x auth-port x acct-port x non-standard

Defines the radius server IP address and the authentication (UDP 1645) and accounting (UDP 1646) ports. The non-standard option enable the parsing of attributes that violate the RADIUS standard. 

5800(config)# radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret

Defines a RADIUS server at IP address a.b.c.d, with authentication being done on UDP port x and accounting being done on UDP port y. The key "mysharedsecret" is used to encrypt the wire password. 

5800(config)# radius-server deadtime 5

Defines the time to stop using a server that does not respond. The time is defined in minutes. 

5800(config)# radius-server timeout 3

Defines the time to wait for a RADIUS server to reply. The time is defined in seconds. 

5800(config)# radius-server retransmit 2

Specifies the number of retries to active server. 

5800(config)# radius-server attribute nas-port format c

Sets the format of the NAS-Port attribute to "c" which means:
Data format(bits): shelf(2), slot(4), port(5), channel(5).

To Modify, Copy, & Paste 

radius-server host x.x.x.x auth-port x acct-port x non-standard

radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret

radius-server deadtime 5

radius-server timeout 3

radius-server retransmit 2

radius-server attribute nas-port format c

TACACS Server Configuration

The following Cisco IOS CLI script serves as a sample TACACS Server configuration or setup.

Sample Configuration 

5800(config)# tacacs-server host x.x.x.x key mysharedsecret

Command Line Description 

5800(config)# tacacs-server host x.x.x.x key mysharedsecret

Defines a TACACS+ server at IP address a.b.c.d. The key "mysharedsecret" is used to encrypt the all transactions with the TACACS+ server on the wire.

To Modify, Copy, & Paste 

tacacs-server host x.x.x.x key mysharedsecret

Modem Pools

The modem pool covers a specified range of modems that accept calls based on the number called by dial in users. If there is only one dialin number, then all modems can be defined under the default modem pool. It is also used for modem firmware upgrades.

Modem Pool Requisites

The following requisites are significant considerations to identify before configuring modem pools:

Modem firmware

Modem pool plan

DNIS pooling

Dial-shelf slots

For information, refer to Modem Management Commands, available online at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_r/drprt1/drmodmgt.htm

Modem Pool Configuration

The following Cisco IOS CLI script serves as a sample modem pool configuration or setup.

Sample Configuration 

5800(config)# modem-pool Default

5800(config-modem-pool)# pool-range 1/2/00-1/11/143

5800(config-modem-pool)# firmware 2.6.2.0

5800(config-modem-pool)# exit

5800(config)# modem recovery action none

5800(config)# modem call-record terse

Command Line Description 

5800(config)# modem-pool Default

Defines the default modem pool by creating a new modem pool called "Default". 

5800(config-modem-pool)# pool-range 1/2/00-1/11/143

Defines the pool range for the modems to be included in the modem pool. The modem pool spans all modems between 1/2/00 and 1/11/143. Empty slots are ignored. 

5800(config-modem-pool)# firmware 2.6.2.0

Defines the firmware to be loaded onto the modems. Configures all modems within a modem-pool to run version 2.6.2.0 of Portware. 

5800(config-modem-pool)# exit

Exits from the configuration mode. 

5800(config)# modem recovery action none

Disables the modem recovery process. Disables the automatic recovery of faulty modems. Modem recovery may be enabled if you are temporarily working around a specific problem of hung modems. 

5800(config)# modem call-record terse

Generates a Terse Modem Call Record at the end of a call. Enables modem call records logging that provide detailed connection information, which aids in troubleshooting call failure patterns.

To Modify, Copy, & Paste 

modem-pool Default

pool-range 1/2/00-1/11/143

firmware 2.6.2.0

exit

modem recovery action none

modem call-record terse

TTY Line

These are asynchronous lines on the router. TTY is a line configuration, not an interface configuration. These lines correspond to async interfaces that are configured separately.

TTY Line Requisites

The following requisites are significant considerations to identify before configuring a TTY line:

Timeouts

Autoselected protocols

Authorization/Authentication

Modem service

Transport

TTY Line Configuration

The following Cisco IOS CLI script serves as a sample TTY line configuration or setup.

Sample Configuration 

5800(config)# line 1/2/00 1/11/143

5800(config-line)# location "Async call"

5800(config-line)# exec-timeout 0 0

5800(config-line)# autoselect PPP

5800(config-line)# autoselect during-login

5800(config-line)# login authentication USE-RADIUS

5800(config-line)# authorization exec USE-RADIUS

5800(config-line)# modem Dialin

5800(config-line)# no modem log rs232

5800(config-line)# transport preferred none

5800(config-line)# exit

5800(config)#

Command Line Description 

5800(config)#  line 1/2/00 1/11/143

Defines the range for lines to be configured. 

5800(config-line)# location "Async call"

Defines the location of the async line. 

5800(config-line)# exec-timeout 0 0

Sets the EXEC-timeout under the line to indefinite. 

5800(config-line)# autoselect ppp

Sets line to allow PPP autoselection. Enables the automatic the detection of PPP packets. 

5800(config-line)# autoselect during-login

Automatically selects at the Username/Password prompt. Present the login prompt before beginning autoselect process. 

5800(config-line)# login authentication USE-RADIUS

Defines the authentication method for login and points it to the "USE-RADIUS" list defined in the AAA process. Configures EXEC authentication on this line to use the USE-RADIUS method list. 

5800(config-line)# authorization exec USE-RADIUS

Defines the authorization method for EXEC service and point it to the "USE-RADIUS" list defined in the AAA process. Configures EXEC authorization on the line to use the USE-RADIUS method list. 

5800(config-line)# modem Dialin

Configures the line to allow a modern modem to dial-in (dial-out not allowed). 

5800(config-line)# no modem log rs232

Turns off the rs232 log events. Does not log EIA/TIA-232 events in the modem log. 

5800(config-line)# transport preferred none

Sets the preferred protocol to none. Does not try to auto-connect the user to a host with a particular protocol. 

5800(config-line)# exit

Exits line configuration mode to global configuration mode.

To Modify, Copy, & Paste 

line 1/2/00 1/11/143

location "Async call"

exec-timeout 0 0

autoselect ppp

autoselect during-login

login authentication USE-RADIUS

authorization exec USE-RADIUS

modem Dialin

no modem log rs232

transport preferred none

Async Interface

Asychronous interface is used to terminate analog (async) dialin calls.

Async Interface Requisites

The following requisites are significant considerations to identify before configuring an async interface:

IP configuration

Encapsulation

Dialer parameters

Default IP allocation

PPP authentication

Multilink

Async mode

Default timeouts

Modem range

Async Interface Configuration

The following Cisco IOS CLI script serves as a sample async interface configuration or setup.

Sample Configuration 

5800(config)# interface group-async0

5800(config-if)# ip unnumbered loopback0

5800(config-if)# encapsulation ppp

5800(config-if)# dialer in-band

5800(config-if)# dialer idle-timeout 2700

5800(config-if)# dialer-group 1

5800(config-if)# async mode interactive

5800(config-if)# ntp disable

5800(config-if)# no snmp trap link-status

5800(config-if)# peer default ip address pool default

5800(config-if)# no cdp enable

5800(config-if)# ppp authentication pap callin USE-RADIUS

5800(config-if)# ppp multilink

5800(config-if) group-range 1/2/00 1/11/143

5800(config-if) exit

5800(config)#

Command Line Description 

5800(config)# interface group-async0

Creates a group-async interface used to configure all the async interfaces at one time. 

5800(config-if)# ip unnumbered loopback0

Unnumbers the interface to the IP address of loopback 0 interface. 

5800(config-if)# encapsulation ppp

Sets the default encapsulation type to PPP. 

5800(config-if)# dialer in-band

Enables dial on demand routing on this interface. Establishes a dialer interface. 

5800(config-if)# dialer idle-timeout 2700

Defines the idle-timeout under the interface. If the call is idle for 45 minutes (2700 seconds) then the command disconnects the user. Default is 120 seconds. 

5800(config-if)# dialer-group 1

Assigns interface to dialer-list 1. Use dialer-list 1 to determine what kind of traffic is valid. 

5800(config-if)# async mode interactive

Allows the user to run PPP or SLIP on this interface. Line may be switched between interactive use and async interface. 

5800(config-if)# ntp disable

Disables the processing of Network Time Protocol (NTP) on this interface. 

5800(config-if)# no snmp trap link-status

Disables SNMP LINKUP and LINKDOWN traps. Do not send SNMP traps when this interface goes up or down. 

5800(config-if)# peer default ip address pool default

Use IP pool mechanism to allocate a peer IP address. The pool in this case is called "default". 

5800(config-if)# no cdp enable

Disables Cisco Discovery Protocol (CDP) on this interface. 

5800(config-if)# ppp authentication pap callin USE-RADIUS

Defines the authentication protocol (PAP) to be used for authenticating incoming calls only. The USE-RADIUS list is defined in the AAA process. PPP clients must authenticate themselves using the Password Authentication Protocol. Authentication will be done using the USE-RADIUS method list. 

5800(config-if)# ppp multilink

Configures the interface for multilink. Enable this interface to negotiate PPP multilink. 

5800(config-if) group-range 1/2/00 1/11/143

Defines the group-range for interface to be covered under this group-async interface. Apply this configuration to interfaces from Async1/2/00 to Async1/11/143. 

5800(config-if) exit

Exits interface configuration mode to global configuration mode. 

5800(config)#

Global configuration mode prompt.

To Modify, Copy, & Paste 

interface group-async0

ip unnumbered loopback0

encapsulation ppp

dialer in-band

dialer idle-timeout 2700

dialer-group 1

async mode interactive

ntp disable

no snmp trap link-status

peer default ip address pool default

no cdp enable

ppp authentication pap callin USE-RADIUS

ppp multilink

group-range 1/2/00 1/11/143

exit

Dial Interface

These interfaces are used for ending digital calls. Dialer interfaces are also used for async calls.

Dial Interface Requisites

The following requisites are significant considerations to identify before configuring a dial interface:

IP configuration

Encapsulation

Dialer parameters

PPP authentication

Multilink

Default timeouts

Dial Interface Configuration

The following Cisco IOS CLI script serves as a sample dial interface configuration or setup.

Sample Configuration 

5800(config)# interface dialer0

5800(config-if)# ip unnumbered loopback0

5800(config-if)# encapsulation ppp

5800(config-if)# no ip mroute-cache

5800(config-if)# dialer in-band

5800(config-if)# dialer idle-timeout 2700

5800(config-if)# dialer-group 1

5800(config-if)# ntp disable

5800(config-if)# no snmp trap link-status

5800(config-if)# peer default ip address pool default

5800(config-if)# no cdp enable

5800(config-if)# ppp authentication pap callin USE-RADIUS

5800(config-if)# ppp multilink

5800(config-if)# exit

5800(config)# dialer-list 1 protocol ip permit

Command Line Description 

5800(config)# interface dialer0

Defines the dialer interface. Creates a dialer interface used to configure all dialer interfaces at one time. 

5800(config-if)# ip unnumbered loopback0

Unnumbers the interface to the IP address of loopback 0 interface. 

5800(config-if)# encapsulation ppp

Sets the default encapsulation type to PPP. 

5800(config-if)# no ip mroute-cache

Turns off fast switching for multicast traffic. 

5800(config-if)# dialer in-band

Enables dial on demand routing on this interface. Enables this interface to be a dialer interface. 

5800(config-if)# dialer idle-timeout 2700

Defines the idle-timeout under the interface. If the call is idle for 45 minutes (2700 seconds) then the command disconnects the user. Default is 120 seconds. 

5800(config-if)# dialer-group 1

Assigns interface to dialer-list 1. Use dialer-list 1 to determine what kind of traffic is considered interesting. 

5800(config-if)# ntp disable

Disables the processing of Network Time Protocol (NTP) on this interface. 

5800(config-if)# no snmp trap link-status

Disables SNMP LINKUP and LINKDOWN traps. Do not send SNMP traps when this interface goes up or down. 

5800(config-if)# peer default ip address pool default

Use IP pool mechanism to allocate a peer IP address. The pool in this case is called "default". 

5800(config-if)# no cdp enable

Disables Cisco Discovery Protocol (CDP) on this interface. 

5800(config-if)# ppp authentication pap callin USE-RADIUS

Defines the authentication protocol (PAP) to be used for authenticating incoming calls only. The USE-RADIUS list is defined in the AAA process. PPP clients must authenticate themselves using the Password Authentication Protocol. Authentication will be done using the USE-RADIUS method list. 

5800(config-if)# ppp multilink

Configures the interface for multilink. Enable this interface to negotiate PPP multilink. 

5800(config-if)# exit

Exits interface configuration mode to global configuration mode. 

5800(config)# dialer-list 1 protocol ip permit

Configures dialer-list 1 to consider all IP traffic as interesting.

To Modify, Copy, & Paste 

interface dialer0

ip unnumbered loopback0

no ip directed broadcast

encapsulation ppp

no ip mroute-cache

dialer in-band

dialer idle-timeout 2700

dialer-group 1

ntp disable

no snmp trap link-status

peer default ip address pool default

no cdp enable

ppp authentication pap callin USE-RADIUS

ppp multilink

exit

dialer-list 1 protocol ip permit

IP Address Pools

Administratively defined numeric group of available internet protocol (IP) network device identifier. Range of numeric IP addresses set aside for a specific allocation purpose, such as DHCP. As clients connect to the Network Access Server (NAS), they request and are assigned an IP address from the configured IP address pool.

IP Address Pools Requisites

The following requisites are significant considerations to identify before configuring an IP address pool:

Local IP pools

DHCP pools

IP Address Pools Configuration

The following Cisco IOS CLI script serves as a sample IP address pool configuration or setup.

Sample Configuration 

5800(config)# ip dhcp-server x.x.x.x (if using dhcp)

5800(config)# ip local pool default 1.1.1.1 1.1.1.255

5800(config)# ip local pool default 1.1.2.1 1.1.2.255

5800(config)# ip local pool default 21.21.21.1 21.21.21.255

5800(config)# ip local pool 1 10.100.1.1 10.100.1.64

5800(config)# ip local pool 1 172.17.18.1 172.17.18.255

Command Line Description 

5800(config)# ip dhcp-server x.x.x.x (if using dhcp)

Defines the IP address for the DHCP server. Cisco IOS queries this particular DHCP server (instead of broadcasting on all interfaces) when it needs to get an address for a client from DHCP. 

5800(config)# ip local pool default 1.1.1.1 1.1.1.255

Defines the IP address pool for network 1.1.1.0. The range is from 1 to 254 as 255 is a broadcast address. Configures a local address pool called "default" with addresses spanning 1.1.1.1 to 1.1.1.255. 

5800(config)# ip local pool default 1.1.2.1 1.1.2.255

Defines the IP address pool for network 1.1.2.0. The range is from 1 to 254 since 255 is a broadcast address. Appends the address range 1.1.2.1 to 1.1.2.255 to the address pool called "default". 

5800(config)# ip local pool default 21.21.21.1 21.21.21.255

Defines the IP address pool for network 1.1.2.0. The range is from 1 to 254 since 255 is a broadcast address. Appends the address range 21.21.21.1 to 21.21.21.255 to the address pool called "default". 

5800(config)# ip local pool 1 10.100.1.1 10.100.1.64

Defines the IP address pool for network 1.1.2.0. Range is from 1 to 64. Configures a local address pool called "1" with the address spanning from 10.100.1.1 to 10.100.1.64. 

5800(config)# ip local pool 1 172.17.18.1 172.17.18.255

Defines the IP address pool for network 1.1.2.0. The range is from 1 to 254 since 255 is a broadcast address. Appends the address range 172.16.18.1 to 172.17.18.255 to the address pool called "1".

To Modify, Copy, & Paste 

ip dhcp-server x.x.x.x

ip local pool default 1.1.1.1 1.1.1.255

ip local pool default 1.1.2.1 1.1.2.255

ip local pool default 21.21.21.1 21.21.21.255

ip local pool 1 10.100.1.1 10.100.1.64

ip local pool 1 172.17.18.1 172.17.18.255

Virtual Template

Virtual Templates are used for cloning virtual-access interfaces for inbound calls.

Virtual Template Requisites

The following requisites are significant considerations to identify before configuring a virtual template:

IP configuration

Encapsulation

Default IP allocation

PPP authentication

Virtual Template Configuration

The following Cisco IOS CLI script serves as a sample virtual template configuration or setup.

Sample Configuration 

5800(config)# interface virtual-template 1

5800(config-if)# ip unnumbered loopback0

5800(config-if)# no ip directed broadcast

5800(config-if)# no ip mroute-cache

5800(config-if)# ntp disable

5800(config-if)# no snmp trap link-status

5800(config-if)# ppp authentication pap callin USE-RADIUS

5800(config-if)# ppp multilink

5800(config-if)# exit

Command Line Description 

5800(config)# interface virtual-template 1

Defines the Virtual-Template interface used for cloning virtual-access interfaces. 

5800(config-if)# ip unnumbered loopback0

Unnumbers the interface to the IP address of loopback 0 interface. 

5800(config-if)# no ip directed broadcast

Disables the translation of directed broadcast to physical broadcasts. It drops the directed broadcasts destined for this subnet. 

5800(config-if)# no ip mroute-cache

Turns off fast switching for multicast traffic. 

5800(config-if)# ntp disable

Disables the processing of Network Time Protocol (NTP) on this interface. 

5800(config-if)# no snmp trap link-status

Disables SNMP LINKUP and LINKDOWN traps. Do not send SNMP traps when this interface goes up or down. 

5800(config-if)# ppp authentication pap callin USE-RADIUS

Defines the authentication protocol (PAP) to be used for authenticating incoming calls only. The USE-RADIUS list is defined in the AAA process. PPP clients must authenticate themselves using the Password Authentication Protocol. Authentication will be done using the USE-RADIUS method list. 

5800(config-if)# ppp multilink

Configures the interface for multilink. Enables this interface to negotiate PPP multilink. 

5800(config-if)# exit

Exits interface configuration mode to global configuration mode.

To Modify, Copy, & Paste 

interface virtual-template 1

ip unnumbered loopback0

no ip directed broadcast

no ip mroute-cache

ntp disable

no snmp trap link-status

ppp authentication pap callin USE-RADIUS

ppp multilink

exit

SGBP

Stack Group Bidding Protocol (SGBP) is a protocol used for configuring Multichassis multilink PPP.

SGBP Requisites

The following requisites are significant considerations to identify before configuring SGBP:

Global SGBP password

Member list hostnames

Member list IP addresses

Bidding priority—refer to Multichassis Multilink PPP (MMP), available online at
http://www.cisco.com/warp/public/131/3.html

SGBP Configuration

The following Cisco IOS CLI script serves as a sample SGBP configuration or setup.

Sample Configuration 

5800(config)# username sg-group password anything

5800(config)# sgbp group sg-group

5800(config)# sgbp source-ip [loopback0 ip address]

5800(config)# sgbp member nas01 [nas01 loop0 ip]

5800(config)# sgbp member nas02 [nas02 loop0 ip]

Command Line Description 

5800(config)# username sg-group password anything

Defines the username and password for the SGBP stack group. Configures a shared secret for the SGBP group name that will be used to authenticate peers into the stack group. 

5800(config)# sgbp group sg-group

Defines "sg-group" as the sgbp stack group name. 

5800(config)# sgbp source-ip [loopback0 ip address]

Defines the source IP address for the SGBP stack. Forces the NAS to source the SGBP packets from the loopback0 interface. 

5800(config)# sgbp member nas01 [nas01 loop0 ip]

Defines the SGBP member "nas01" and its IP address. Statically configures the peer, name, and IP addresses of other peers in the stack group. 

5800(config)# sgbp member nas02 [nas02 loop0 ip]

Defines the member "nas02" and its IP address. Statically configures the peer, name, and IP addresses of other peers in the stack group.

To Modify, Copy, & Paste 

username sg-group password anything

sgbp group sg-group

sgbp source-ip

sgbp member nas01

sgbp member nas02

VPDN

Virtual Private Dialup Network (VPDN) enables forwarding of PPP links from an Internet Service Provider (ISP) to a Home Gateway. L2TP and L2F are common options for tunneling protocol.

VPDN Requisites

The following requisites are significant considerations to identify before configuring VPDN:

L2TP

L2F

DNIS/Domain based VPDN

LNS load-balancing/backup

VPDN Configuration

The following Cisco IOS CLI script serves as a sample VPDN configuration or setup.

Sample Configuration 

5800(config)# vpdn enable

5800(config)# vpdn search-order dnis domain

Command Line Description 

5800(config)# vpdn enable

Enables VPDN on the router. Enables the processing of VPDN calls. VPDN calls are determined either by a special DNIS number or a special format to the username. 

5800(config)# vpdn search-order dnis domain

Configures the order for searching different VPDN tunnel types. It looks for DNIS based tunnels first and then looks for DOMAIN based tunnels.

To Modify, Copy, & Paste 

vpdn enable

vpdn search-order dnis domain

SNMP

Simple Network Management Protocol (SNMP) is used for monitoring and managing network devices.

SNMP Requisites

The following requisites are significant considerations to identify before configuring SNMP:

RO community

RW community

Trap hosts

Traps list

SNMP Configuration

The following Cisco IOS CLI script serves as a sample SNMP configuration or setup.

Sample Configuration 

5800(config)# snmp-server community public RO

5800(config)# snmp-server community private RW

5800(config)# snmp-server enable traps snmp

5800(config)# snmp-server enable traps envmon

5800(config)# snmp-server enable traps syslog

5800(config)# snmp-server host 9.9.9.9 public

5800(config)# snmp-server host 10.10.10.10 public

Command Line Description 

5800(config)# snmp-server community public RO

Enables SNMP and sets community string and access privileges for public to read-only. Allows users with the public community string to read-only. 

5800(config)# snmp-server community private RW

Sets community string and access privileges for private to read-write. Allows users with the private community string to read and write. 

5800(config)# snmp-server enable traps snmp

Enables SNMP traps. 

5800(config)# snmp-server enable traps envmon

Enables SNMP environmental monitor traps. Sends an SNMP trap when the router detects an anomaly in the environmental conditions. 

5800(config)# snmp-server enable traps syslog

Enables SNMP syslog traps. Sends traps to the syslog server. 

5800(config)# snmp-server host 9.9.9.9 public

Specifies host 9.9.9.9 to receive SNMP notifications for public. Defines the SNMP server and community string. 

5800(config)# snmp-server host 10.10.10.10 public

Specifies host 10.10.10.10 to receive SNMP notifications for public. Defines the SNMP server and community string.

To Modify, Copy, & Paste 

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps snmp

snmp-server enable traps envmon

snmp-server enable traps syslog

snmp-server host 9.9.9.9 public

snmp-server host 10.10.10.10 public

Virtual Profiles

Virtual Profiles is a unique Point-to-Point application. It can create and configure a virtual access interface dynamically when a dial-in call is received, and tear down the interface dynamically when the call ends.

Virtual Profile Requisites

The following requisites are significant considerations to identify before configuring a virtual profile:

User profile in AAA server

Interface virtual-template

Virtual-profile AAA

Virtual-profile virtual-template

Virtual Profile Configuration

The following Cisco IOS CLI script serves as a sample virtual profile configuration or setup.

Sample Configuration 

5800(config)# virtual-profile virtual-template 1

5800(config)# virtual-profile aaa

Command Line Description 

5800(config)# virtual-profile virtual-template 1

Enables virtual profiles by virtual interface template. Creates a virtual-access interface for every user that is connected to the access server. This is necessary when applying certain per-user attributes (such as timeouts). 

5800(config)# virtual-profile aaa

Enables virtual profiles by AAA configuration. Allows the installation of per-user configurations specified by the interface-config attributes in a user's TACACS+/RADIUS profile.

To Modify, Copy, & Paste 

virtual-profile virtual-template 1

virtual-profile aaa

Multilink Virtual Template

A virtual template from which the specified Multilink PPP bundle can clone its interface parameters.

Multilink Virtual Template Requisites

The following requisites are significant considerations to identify before configuring a multilink virtual template:

IP configuration

Encapsulation

Default IP allocation

PPP authentication

Multilink Virtual Template Configuration

The following Cisco IOS CLI script serves as a sample multilink virtual template configuration or setup.

Sample Configuration 

5800(config)# multilink virtual-template 1

5800(config)# multilink bundle-name both

Command Line Description 

5800(config)# multilink virtual-template 1

Defines a virtual template used to clone parameters for a virtual access interface for Multilink PPP. Allows the virtual-access interface for a user to clone form the virtual-template interface in case there is no physical/dialer interface to clone from. This is necessary on all stack group members. 

5800(config)# multilink bundle-name both

Uses peer's authenticated name and endpoint discriminator for naming multilink bundles. Sets the router to uniquely identify this multilink session through a combination of the authentication username and the endpoint discriminator. This is necessary when multiple users are dialing in with the same username.

To Modify, Copy, & Paste 

multilink virtual-template 1

multilink bundle-name both

V.120 Support

V.120 dedicated PPP Dialin.

Access-dial technical tips, available online at
http://www.cisco.com/warp/public/471/index.shtml

V.120 Requisites

None.

V.120 Configuration

The following Cisco IOS CLI script serves as a sample V.120 configuration or setup.

Sample Configuration 

5800(config)# interface s 1/0/0:1:23

5800(config-if)# autodetect encapsulation v120 ppp

5800(config-if)# line vty 5 20

5800(config-line)# transport input v120

5800(config-line)# login authentication USE-RADIUS

5800(config-line)# authorization exec USE-RADIUS

5800(config-line)# exit

5800(config)#

Command Line Description 

5800(config)# interface s 1/0/0:1:23

Defines the serial interface to configure. 

5800(config-if)# autodetect encapsulation v120 ppp

Configures the router to automatically switch between ISDN PPP users and ISDN V.120 users. Creates new VTY's for V.120 users to start on. 

5800(config-if)# line vty 5 20

Creates new VTY's for V.120 users to start on. 

5800(config-line)# transport input v120

Only allows V.120 users to connect to this VTY. 

5800(config-line)# login authentication USE-RADIUS

Configures EXEC authentication on this line to use the USE-RADIUS method list. 

5800(config-line)# authorization exec USE-RADIUS

Configures EXEC authorization on the line to use the USE-RADIUS method list. 

5800(config-line)# exit

Exits line configuration mode to global configuration mode. 

5800(config)#

Return to global configuration mode.

To Modify, Copy, & Paste 

interface s 1/0/0:1:23

autodetect encapsulation v120 ppp

line vty 5 20

transport input v120

login authentication USE-RADIUS

authorization exec USE-RADIUS

exit

VoIP

A technology used to transport voice traffic over the Internet using the existing IP network infrastructure. For sample configurations and command line descriptions, refer to Voice Over IP for the Cisco AS5800, available online at
http://www.cisco.com/univercd/cc/td/doc/product/access/nubuvoip/

Global Parameters

These following parameters are defined in global configuration mode on the router.

Hostname

Service timestamps

Service password

Network time protocol

Timezone

Enable secret

Global Parameter Requisites

None.

Global Parameter Configuration

The following Cisco IOS CLI script serves as sample configurations or setups for global parameters.

Sample Configuration 

5800(config)# service timestamps debug datetime msec localtime

5800(config)# service timestamps log datetime msec localtime

5800(config)# service password-encryption

5800(config)# hostname [name of your nas]

5800(config)# enable secret thisissecret

5800(config)# clock timezone EST - 5

5800(config)# clock summer-time EDT recurring

5800(config)# ip subnet-zero

5800(config)# no ip source-route

5800(config)# async-bootp dns-server x.x.x.x

5800(config)# ntp server x.x.x.x prefer

5800(config)# ntp server y.y.y.y

Command Line Description 

5800(config)# service timestamps debug datetime msec localtime

Turns on millisecond timestamps for debugs. The debugs are printed with a date and time in millisecond timestamps. Enables debugs to be timestamped with millisecond resolution. This is critical to have when sending in debug traces to the TAC. 

5800(config)# service timestamps log datetime msec localtime

Turns on millisecond timestamps for log messages. Log messages are printed with a date and time in millisecond timestamps. Enables log messages to be timestamped with millisecond resolution. This is critical to have when sending in debug traces to the TAC. 

5800(config)# service password-encryption

Turns on service password encryption so the passwords defined on the router are encrypted when displayed in the running and startup config. Enables "light" encryption of passwords. 

5800(config)# hostname [name of your nas]

Defines and changes the hostname of the router. 

5800(config)# enable secret thisissecret

Configures a cryptographically strong version of the password used to gain access to the router. 

5800(config)# clock timezone EST - 5

Sets the clock with the appropriate timezone. Sets the timezone and clock offset from GMT time. 

5800(config)# clock summer-time EDT recurring

Configures recurring summer (daylight savings) time. Sets the clock to adjust for daylight savings time. 

5800(config)# ip subnet-zero

Allows "subnet zero" subnets. Allows the router to use subnet zero. 

5800(config)# no ip source-route

Disables processing of packets with source routing header options. 

5800(config)# async-bootp dns-server x.x.x.x

Sets DNS name servers. Configures the DNS server the router responds with when dealing with PPP clients that implement RFC1877. 

5800(config)# ntp server x.x.x.x prefer

Configures NTP server and prefers this peer when possible. 

5800(config)# ntp server y.y.y.y

Configures NTP server. Configures the router to sync to the NTP server at y.y.y.y.

To Modify, Copy, & Paste 

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

hostname [name of your nas]

clock timezone EST - 5

clock summer-time EDT recurring

ip subnet-zero

no ip source-route

async-bootp dns-server x.x.x.x

ntp server x.x.x.x prefer

ntp server y.y.y.y

Finalizing Operational Configurations

Finishing up the router configurations and getting the router ready for operational mode.

Final Operational Requisites

None.

Final Operational Configurations

The following Cisco IOS CLI script serves as a sample finalized operational configurations or setups.

Sample Configuration 

5800(config)# no logging console

5800(config)# line con 0

5800(config)# login authentication CONSOLE

5800(config)# exec-timeout 0 0

5800(config)# line vty 0 4

5800(config)# exec-timeout 0 0

5800(config)# login authentication LOCAL

5800(config)# exit

5800#

Command Line Description 

5800(config)# no logging console

Turns off console logging so messages do not appear on the router console. Prevents debug messages to be sent to the console. Flooding of debug messages on the console has an operational impact on the router. 

5800(config)# line con 0

Enters console configuration mode. 

5800(config)# login authentication CONSOLE

Sets the login authentication for console access. The method list CONSOLE is defined in the global AAA process. User will be prompted for a username and password when attempting console access. Configures EXEC authentication on this line to use the CONSOLE method list. 

5800(config)# exec-timeout 0 0

Sets EXEC timeout for the console to indefinite. Disables idle timeout for EXEC sessions on this line. 

5800(config)# line vty 0 4

Enters virtual terminal line configuration mode. These lines are used for Telnetting to the router. 

5800(config)# exec-timeout 0 0

Sets the EXEC timeout to indefinite. Disables the idle timeout for EXEC sessions on this line. 

5800(config)# login authentication LOCAL

Sets the login authentication under the virtual terminal lines. The method list LOCAL is defined in the global AAA process. Configures EXEC authentication on this line to use the LOCAL method list. 

5800(config)# exit

Exits global configuration mode to privileged EXEC mode. 

5800#

Privileged EXEC mode prompt.

To Modify, Copy, & Paste 

no logging console

line con 0

login authentication CONSOLE

exec-timeout 0 0

line vty 0 4

exec-timeout 0 0

login authentication LOCAL

exit

Other Operational Configuration Considerations

Access Lists

Access lists are defined on the router to control the flow of incoming and outgoing traffic. Access lists define the kind of traffic permitted and denied.

Route Summarization

Route summarization is used to summarize the routes advertised to other routers in the network. Routes are normally summarized to classful boundaries.

Show Commands

The show commands are used to look at various information and statistics on the router.

show version

show controller {t1}

show isdn {status | service}

show modem {summary}

show ip local pool

show line summary

show caller

show caller user username

show dial-shelf

Debug Commands

The debug commands are used for isolating and troubleshooting problems on the router. If something is not working on the router, use debug commands to find the cause of the problem.

debug isdn q931

debug isdn q921

debug csm modem

debug aaa authentication

debug aaa authorization

debug aaa accounting

debug aaa per-user

debug ppp authentication

debug ppp negotiation

debug radius

debug vpdn l2x-events

debug vpdn l2x-errors