Table Of Contents
Advanced Quick Reference
CLI Command Modes
Functional Components
Egress Interface
Requisites
Configuration
Loopback Interface
Requisites
Configuration
Routing Protocol
Requisites
Configuration
Ingress Interface
Requisites
Configuration
Line Signaling
Requisites
Configuration: ISDN
Configuration: CAS
D Channels (ISDN)
Requisites
Configuration
AAA
Plan and Requisites
Configuration
Configuration: Authorization
Configuration: Accounting
Configuration: RADIUS Server
Configuration: TACACS Server
TTY Line
Requisites
Configuration
Async Interface
Requisites
Configuration
Dial Interface
Requisites
Configuration
IP Address Pools
Requisites
Configuration
Virtual Template
Requisites
Configuration
SGBP
Requisites
Configuration
VPDN
Requisites
Configuration
SNMP
Requisites
Configuration
Virtual Profiles
Requisites
Configuration
Multilink Virtual Template
Requisites
Configuration
V.120 Support
Requisites
Configuration
Global Parameters
Requisites
Configuration
Finalizing Operational Configurations
Requisites
Configurations
Other Operational Configuration Considerations
Advanced Quick Reference
This appendix provides quick-reference configurations for the advanced Cisco AS5850 user and system administrator who need to rapidly modify system functionality or enhance system performance. Interface and protocol configurations addressed in this section are listed by category and sequenced logically by operation in the following sections:
•
CLI Command Modes
•Functional Components
CLI Command Modes
You configure your gateway from a command-line interface (CLI) for your console port, which provides hardware connectivity. You access the gateway directly from the console port or by telnetting into the gateway from another host. A command interpreter, called EXEC, translates and runs Cisco IOS commands. This command interpreter provides you with a privileged mode of access that promotes security to the respective command levels, restricting users to a subset of mode-specific commands.
Table A-1 shows the available command modes.
Table A-1 CLI Command Modes
Mode
|
Prompt
|
Purpose
|
User EXEC mode
|
AS5850>
|
Provides restricted access to miscellaneous configuration and troubleshooting functionality such as viewing system information, obtaining basic gateway status, changing terminal settings, and establishing remote device connectivity.
|
Privileged EXEC mode
|
AS5850#
|
Provides unrestricted access. Is used exclusively for gateway configuration, debugging, setting operating system (OS) parameters, and retrieving detailed gateway status information.
|
Global configuration mode
|
AS5850(config)#
|
Provides access to commands affecting the whole gateway. Submodes exist within global configuration mode (examples: AS5850(config-if)#, AS5850(config-line)#, AS5850(config-SPE)).
|
ROM monitor mode
|
> or rommon>
|
Permits gateway configuration if the gateway does not find a valid system image or if the bootup sequence is interrupted during startup.
|
Table A-2 shows the commands with which you can escape and thus move among modes.
Table A-2 Escape Commands
Command
|
Purpose
|
end or Ctrl-Z
|
Escapes from any command mode to privileged EXEC mode, from any configuration command mode to one command-prompt level higher, or from privileged EXEC or user EXEC mode completely out of the CLI.
|
disable
|
Escapes from privileged EXEC mode to user EXEC mode.
|
logout
|
Escapes from the command-line interface, if you are in privileged EXEC or user EXEC mode.
|
Functional Components
The following sections show abridged interface and protocol configurations listed by category and sequenced logically by operation. Each functional component is dependent on previous component configurations and includes the following reference information:
•Basic operational summary
•List of operational requisites that you must consider before configuration
•Configuration summary with command list, sample configuration script, and list of commands for purposes of editing, copying, and pasting into your gateway
•Other configuration considerations, including access lists, route summarization, basic show commands, and useful debug commands
Configurations are provided for the following functional components:
•Egress Interface
•Loopback Interface
•Routing Protocol
•Ingress Interface
•Line Signaling
•D Channels (ISDN)
•AAA
•TTY Line
•Async Interface
•Dial Interface
•IP Address Pools
•Virtual Template
•SGBP
•VPDN
•SNMP
•Virtual Profiles
•Multilink Virtual Template
•Global Parameters
•Finalizing Operational Configurations
Egress Interface
Egress interfaces are network connections, or ports, used for outbound traffic flow.
Requisites
Identify the following before configuring egress interfaces:
•Interface type
•IP configuration
•Interface specific parameters (Duplex, Speed, PVC, Encapsulation, and so on)
Configuration
The following Cisco IOS software CLI script serves as a sample egress-interface configuration or setup.
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface GigabitEthernet6/0
|
Defines the interface type as Fast Ethernet.
|
AS5850(config-if)# ip address 1.1.1.1 255.255.255.0
|
Assigns a primary IP address and subnet mask to the Fast Ethernet interface.
|
AS5850(config-if)# no ip directed broadcast
|
Disables directed broadcasts to this subnet.
|
AS5850(config-if)# no ip mroute-cache
|
Disables IP multicast fast switching.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol.
|
AS5850(config-if)# exit
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface GigabitEthernet6/0
AS5850(config-if)# ip address 1.1.1.1 255.255.255.0
AS5850(config-if)# no ip directed broadcast
AS5850(config-if)# no ip mroute-cache
AS5850(config-if)# no cdp enable
To Modify, Copy, and Paste
interface GigabitEthernet6/0
ip address 1.1.1.1 255.255.255.0
Loopback Interface
A loopback interface is a logical interface on the gateway that can be used for diagnostics and troubleshooting purposes. It is also used to conserve address space so that other physical interfaces can be unnumbered to this interface. The state of the loopback interface is always UP/UP.
Requisites
Identify your IP configuration before configuring a loopback interface.
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface loopback0
|
Defines the interface type.
|
AS5850(config-if)# ip address 2.2.2.2 255.255.255.255
|
Assigns an IP address to the interface.
|
AS5850(config-if)# no ip directed broadcast
|
Disables directed broadcasts.
|
AS5850(config-if)# exit
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface loopback0
AS5850(config-if)# ip address 2.2.2.2 255.255.255.255
AS5850(config-if)# no ip directed broadcast
To Modify, Copy, and Paste
ip address 2.2.2.2 255.255.255.255
Routing Protocol
Routing protocol accomplishes routing through the implementation of a specific routing algorithm. Examples of routing protocols include RIP, IGRP, EIGRP, OSPF, and BGP.
Requisites
Identify the following before configuring routing protocols:
•Routing protocol for egress network
•Networks to advertise
•IP summarization, if supported
•Interfaces to advertise routing
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# router rip
|
Defines the routing protocol used on the gateway to RIP protocol and initiates the routing-protocol processes.
|
AS5850(config-router)# version 2
|
Defines the protocol version used to Version 2.
|
AS5850(config-router)# redistribute static
|
Enables redistribution of static routes in routing updates. Advertises static routes (including per-user static routes downloaded from RADIUS or TACACS+).
|
AS5850(config-router)# passive-interface Group-Async0
|
Defines the group-async interface as passive so that no routing updates are sent out of these interfaces. Disables sending of updates across the interface and places the interface in listen mode.
|
AS5850(config-router)# passive-interface Virtual-Template1
|
Defines the virtual template as a passive interface that so no routing updates are sent out of the virtual-access interfaces that are cloned off the virtual template.
|
AS5850(config-router)# passive-interface Dialer0
|
Defines the dialer interface as passive.
|
AS5850(config-router)# passive-interface Loopback0
|
Defines the loopback interface as passive.
|
AS5850(config-router)# network 10.0.0.0
|
Enables advertisement of interfaces in this network. Here, defines 10.0.0.0 network as part of the RIP routing process so that the gateway exchanges routing updates about the 10.0.0.0 network dynamically.
|
AS5850(config-router)# network 172.16.0.0
|
Enables advertisement of interfaces in this network. Here, defines 172.16.0.0 network as part of the RIP routing process so that updates to this network are exchanged dynamically between this gateway and its neighbors.
|
AS5850(config-router)# no auto-summary
|
Turns off route summarization so that updates are not summarized to class boundaries.
|
AS5850(config-router)# exit
|
Exits configuration mode.
|
AS5850(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1
|
Defines a default route for this gateway. If the gateway does not have an address in its routing table, it forwards the packets to this IP address. Default routes for destinations are not learned through the routing protocol.
|
Sample Configuration
AS5850(config)# router rip
AS5850(config-router)# version 2
AS5850(config-router)# redistribute static
AS5850(config-router)# passive-interface Group-Async0
AS5850(config-router)# passive-interface Virtual-Template1
AS5850(config-router)# passive-interface Dialer0
AS5850(config-router)# passive-interface Loopback0
AS5850(config-router)# network 10.0.0.0
AS5850(config-router)# network 172.16.0.0
AS5850(config-router)# no auto-summary
AS5850(config-router)# exit
AS5850(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1
To Modify, Copy, and Paste
passive-interface Group-Async0
passive-interface Virtual-Template1
passive-interface Dialer0
passive-interface Loopback0
ip route 0.0.0.0 0.0.0.0 172.16.1.1
Ingress Interface
Interfaces used for inbound traffic flow.
Requisites
Identify the following before configuring ingress interfaces:
•Facilities(T3 / E1)
•Circuit type (ISDN CAS)
•Telco parameters
•ISDN switch type
•CAS signaling
•Dial slots
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# isdn switch-type primary-ni (ISDN)
|
Defines ISDN switch type to be used on the gateway. This global command can also be used under the D channel in later versions of Cisco IOS images.
|
AS5850(config)# controller t3 0/0
|
Identifies controller type as T3 and that controller is in shelf 1, slot 0, port 0.
|
AS5850(config-controller)# framing m23
|
Enables m23 framing. Sets framing type under the T3 controller.
|
AS5850(config-controller)# cablelength 224
|
Sets cable length to 224 feet.
|
AS5850(config-controller)# t1 1 controller
|
Enables the first T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28.
|
AS5850(config-controller)# t1 2 controller
|
Enables the second T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28.
|
AS5850(config-controller)# . . .
|
Configures additional individual T1 controllers under the T3 controller. Range is 1-28.
|
AS5850(config-controller)# exit
|
Exits controller configuration mode.
|
Sample Configuration
AS5850(config)# isdn switch-type primary-ni (ISDN)
AS5850(config)# controller t3 0/0
AS5850(config-controller)# framing m23
AS5850(config-controller)# cablelength 224
AS5850(config-controller)# t1 1 controller
AS5850(config-controller)# t1 2 controller
AS5850(config-controller)# . . .
AS5850(config-controller)# exit
To Modify, Copy, and Paste
isdn switch-type primary-ni (ISDN)
Line Signaling
When you configure a gateway for signaling, you can use line signaling for both inbound and outbound calls. Line-signaling configuration must match the corresponding telco-switch configuration.
Requisites
Identify the following before configuring line signaling:
•Facilities(T3 / E1)
•Circuit type (ISDN CAS)
•Telco parameters
•ISDN switch type
•CAS signaling
•Dial slots
Configuration: ISDN
Sample Commands
Command
|
Purpose
|
AS5850(config)# isdn switch-type primary-ni1
|
Configures ISDN switch type to which the gateway is connected.
|
AS5850(config)# controller e1 0/0
|
Configures the first E1 on slot 0.
|
AS5850(config-controller)# pri-group timeslots 1-24
|
Enables this E1 to use ISDN PRI signaling on all 24 time slots.
|
AS5850(config-controller)# exit
|
Exits controller configuration mode.
|
Sample Configuration
AS5850(config)# isdn switch-type primary-ni1
AS5850(config)# controller e1 0/0
AS5850(config-controller)# pri-group timeslots 1-24
AS5850(config-controller)# exit
To Modify, Copy, and Paste
isdn switch-type primary-ni1
Configuration: CAS
Sample Commands
Command
|
Purpose
|
AS5850(config)# controller e1 0/11
|
Enters controller configuration mode.
|
AS5850(config-controll)# framing esf
|
Sets framing to extended super frame (ESF).
|
AS5850(config-controll)# linecode b8zs
(e1-cas)
|
Sets line coding to binary 8 zero substitution (B8ZS).
|
AS5850(config-controll)# ds0-group 0
timeslots 1-24 type e&m-fgb
|
Configures this E1 CAS line to use E&M feature-group B signaling on all 24 time slots.
|
AS5850(config-controller)# exit
|
Exits controller configuration mode.
|
Sample Configuration
AS5850(config)# controller e1 1/0/11
AS5850(config-controll)# framing esf
AS5850(config-controll)# linecode b8zs
AS5850(config-controll)# ds0-group 0 timeslots 1-24 type e&m-fgb
AS5850(config-controller)# exit
To Modify, Copy, and Paste
ds0-group 0 timeslots 1-24 type
D Channels (ISDN)
The ISDN D channel is the 16th time slot on E1/PRI and is used for signaling information. Call setup and tear-down information is sent over the D channel.
Requisites
Identify the following before configuring ISDN D channels:
•Interface switch-type
•IP configuration
•Encapsulation
•Analog (voice) access
•Cause code for hunting
•Rotary configuration
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface s 0/0:1:23
|
Defines the D channel to configure. Configure the D channel on controller T1 1 under the T3 controller in shelf 1, slot 0, port 0.
|
AS5850(config-if)# no ip address
|
Prohibits assigning an IP address on the D channel.
|
AS5850(config-if)# no ip directed-broadcast
|
Disables directed broadcasts.
|
AS5850(config-if)# encapsulation ppp
|
Sets encapsulation type to PPP.
|
AS5850(config-if)# dialer rotary-group 0
|
Configures the D channel for rotary-group and makes this interface a member of the dialer 0 rotary interface. Assigns physical interface serial 0/0:1:23 to rotary-group 0. This is legacy DDR configuration.
|
AS5850(config-if)# isdn switch-type
primary-5ess
|
Sets the ISDN switch type to primary-5ess.
|
AS5850(config-if)# isdn incoming-voice
modem
|
Hands off incoming voice calls to the CSM and terminates them on a port. Accepts speech (voice) bearer-type calls and routes them to a voice or port resource.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol (CDP). If an incoming voice call cannot be terminated because all voice/port resources are in use, disconnects the call with a cause code of user-busy.
|
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface s 0/0:1:23
AS5850(config-if)# no ip address
AS5850(config-if)# no ip directed-broadcast
AS5850(config-if)# encapsulation ppp
AS5850(config-if)# dialer rotary-group 0
AS5850(config-if)# isdn switch-type primary-5ess
AS5850(config-if)# isdn incoming-voice modem
AS5850(config-if)# no cdp enable
To Modify, Copy, and Paste
isdn switch-type primary-5ess
isdn incoming-voice modem
AAA
Triple A (AAA) security in billing stands for authentication, authorization, and accounting.
Plan and Requisites
Identify the following before configuring AAA:
•Dial-in authentication method
•Dial-in authorization method
•Dial-in accounting method
•Administrative AAA method
•AAA servers
•Backup plan
For detailed AAA configuration information, see the chapter on AAA in the Security Configuration Guide, available online at http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
For detailed RADIUS server configuration information, see the chapter on security server protocols (and, under that, RADIUS commands) in Security Command Reference, available online at http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_r/
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# aaa new-model
|
Enables the AAA security paradigm.
|
AS5850(config)# aaa authentication login
CONSOLE none
|
Defines an authentication method list called CONSOLE that requires no authentication.
|
AS5850(config)# aaa authentication login
LOCAL none
|
Defines an authentication method list called LOCAL that consults the local database of user names and passwords.
|
AS5850(config)# aaa authentication login
USE-RADIUS group radius local
|
Defines an authentication method list called USE-RADIUS that points to the database on the RADIUS server. If that server does not respond, falls back to the local user database.
|
AS5850(config)# aaa authentication login
USE-TACACS tacacs+ enable
|
Defines an authentication method list called USE-TACACS that points to the database on the TACACS+ server. If that server does not respond, falls back to the enable password.
|
AS5850(config)# aaa authentication enable
default enable tacacs+
|
Defines an authentication method list called default that points to the enable password defined on the gateway for enable privilege on the gateway. Falls back to the TACACS+ server.
|
AS5850(config)# aaa authentication ppp
USE-RADIUS if-needed radius
|
Defines an authentication method list for PPP users called USE-RADIUS that points to the RADIUS server. The if-needed option signifies that, if users have already been authenticated, they need not be reauthenticated.
|
AS5850(config)# username cisco password
cisco
|
Defines a user name and password on the gateway for local authentication.
|
Sample Configuration
AS5850(config)# aaa new-model
AS5850(config)# aaa authentication login CONSOLE none
AS5850(config)# aaa authentication login LOCAL none
AS5850(config)# aaa authentication login USE-RADIUS group radius local
AS5850(config)# aaa authentication login USE-TACACS tacacs+ enable
AS5850(config)# aaa authentication enable default enable tacacs+
AS5850(config)# aaa authentication ppp USE-RADIUS if-needed radius
AS5850(config)# username cisco password cisco
To Modify, Copy, and Paste
aaa authentication login CONSOLE none
aaa authentication login USE-RADIUS radius
aaa authentication login TAC_PLUS tacacs+ enable
aaa authentication login LOCAL local
aaa authentication enable default enable tacacs+
aaa authentication ppp USE-RADIUS if-needed radius
username cisco password cisco
Configuration: Authorization
Sample Commands
Command
|
Purpose
|
AS5850(config)# aaa authorization exec
USE-RADIUS group radius if-authenticated
|
Defines an authorization method list called USE-RADIUS for EXEC that points to the RADIUS server. EXEC authorization is required to process per-user attributes such as autocommands. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
AS5850(config)# aaa authorization exec
USE-TACACS group tacacs+ if-authenticated
|
Defines an authorization method list called USE-TACACS for EXEC that points to the TACACS+ server. EXEC authorization is required to process per-user attributes such as autocommands. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
AS5850(config)# aaa authorization network
default radius if-authenticated
|
Defines an authorization method list called default for network services (PPP, SLIP, ARAP) that points to the RADIUS server. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
AS5850(config)# aaa authorization network
USE-RADIUS group radius if-authenticated
|
Defines an authorization method called USE-RADIUS for network services (PPP, SLIP, ARAP) that points to the RADIUS server. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
Sample Configuration
AS5850(config)# aaa authorization exec USE-RADIUS group radius if-authenticated
AS5850(config)# aaa authorization exec USE-TACACS group tacacs+ if-authenticated
AS5850(config)# aaa authorization network default radius if-authenticated
AS5850(config)# aaa authorization network USE-RADIUS group radius if-authenticated
To Modify, Copy, and Paste
aaa authorization exec USE-RADIUS group radius if-authenticated
aaa authorization exec USE-TACACS group tacacs+ if-authenticated
aaa authorization network default radius if-authenticated
aaa authorization network USE-RADIUS group radius if-authenticated
Configuration: Accounting
Sample Commands
Command
|
Purpose
|
AS5850(config)# aaa accounting suppress
null-username
|
Suppresses generation of accounting records for users with a null username.
|
AS5850(config)# aaa accounting exec default
start-stop group radius
|
Generates accounting records for all EXEC sessions and sends them, at the beginning and end of a session, to the RADIUS server.
|
AS5850(config)# aaa accounting network
default start-stop group radius
|
Generates accounting records for network services (PPP, SLIP, ARAP) and sends them, at the beginning and end of a session, to the RADIUS server.
|
AS5850(config)# aaa accounting system
default start-stop group radius
|
Generates accounting records for system events and sends them, when the gateway is booted and at the beginning and end of an event, to the RADIUS server.
|
Sample Configuration
AS5850(config)# aaa accounting suppress null-username
AS5850(config)# aaa accounting exec default start-stop group radius
AS5850(config)# aaa accounting network default start-stop group radius
AS5850(config)# aaa accounting system default start-stop group radius
To Modify, Copy, and Paste
aaa accounting suppress null-username
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
Configuration: RADIUS Server
Sample Commands
Command
|
Purpose
|
AS5850(config)# radius-server host x.x.x.x
auth-port x acct-port x non-standard
|
Defines a RADIUS server at IP address x.x.x.x. Authentication is to be done at UDP port x; accounting is to be done at UDP port y. The option nonstandard enables parsing of attributes that violate the RADIUS standard.
|
AS5850(config)# radius-server host a.b.c.d
auth-port x acct-port y key mysharedsecret
|
Defines a RADIUS server at IP address a.b.c.d. Authentication is to be done on UDP port x; accounting is to be done on UDP port y. The key mysharedsecret is to be used for encryption.
|
AS5850(config)# radius-server deadtime 5
|
Defines when, in minutes, to stop using a RADIUS server that does not respond.
|
AS5850(config)# radius-server timeout 3
|
Defines how long, in seconds, to wait for a RADIUS server to reply.
|
AS5850(config)# radius-server retransmit 2
|
Specifies the number of retries to an active RADIUS server.
|
AS5850(config)# radius-server attribute
nas-port format c
|
Sets the format of the network gateway (NAS) port attribute to c, which is shelf (2 bits), slot (4 bits), port (5 bits), channel (5 bits).
|
Sample Configuration
AS5850(config)# radius-server host x.x.x.x auth-port x acct-port x non-standard
AS5850(config)# radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret
AS5850(config)# radius-server deadtime 5
AS5850(config)# radius-server timeout 3
AS5850(config)# radius-server retransmit 2
AS5850(config)# radius-server attribute nas-port format c
To Modify, Copy, and Paste
radius-server host x.x.x.x auth-port x acct-port x non-standard
radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret
radius-server retransmit 2
radius-server attribute nas-port format c
Configuration: TACACS Server
Sample Commands
Command
|
Purpose
|
AS5850(config)# tacacs-server host x.x.x.x
key mysharedsecret
|
Defines a TACACS+ server at IP address x.x.x.x. The key mysharedsecret is to be used for encryption.
|
Sample Configuration
AS5850(config)# tacacs-server host x.x.x.x key mysharedsecret
To Modify, Copy, and Paste
tacacs-server host x.x.x.x key mysharedsecret
TTY Line
TTY lines are asynchronous lines on the gateway. TTY is a line configuration, not an interface configuration. These lines correspond to async interfaces that are configured separately.
Requisites
Identify the following before configuring a TTY line:
•Timeouts
•Autoselected protocols
•Authorization and authentication
•Port service
•Transport
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# line 2/00 11/143
|
Defines the range for lines to be configured.
|
AS5850(config-line)# location "Async call"
|
Defines the location of the async line.
|
AS5850(config-line)# exec-timeout 0 0
|
Sets the EXEC timeout under the line to indefinite.
|
AS5850(config-line)# autoselect ppp
|
Enables automatic detection of PPP packets.
|
AS5850(config-line)# autoselect
during-login
|
Presents the login prompt before beginning autoselect process.
|
AS5850(config-line)# login authentication
USE-RADIUS
|
Defines an authentication method list for login called USE-RADIUS.
|
AS5850(config-line)# authorization exec
USE-RADIUS
|
Defines an authorization method list for EXEC login called USE-RADIUS.
|
AS5850(config-line)# modem Dialin
|
Configures a line to allow a modem to dial in but not out.
|
AS5850(config-line)# no modem log rs232
|
Turns off logging of RS232 events.
|
AS5850(config-line)# transport preferred
none
|
Sets preferred protocol to none, so that a user is not autoconnected to a host by way of a particular protocol.
|
AS5850(config-line)# exit
|
Exits line configuration mode.
|
Sample Configuration
AS5850(config)# line 2/00 11/143
AS5850(config-line)# location "Async call"
AS5850(config-line)# exec-timeout 0 0
AS5850(config-line)# autoselect PPP
AS5850(config-line)# autoselect during-login
AS5850(config-line)# login authentication USE-RADIUS
AS5850(config-line)# authorization exec USE-RADIUS
AS5850(config-line)# modem Dialin
AS5850(config-line)# no modem log rs232
AS5850(config-line)# transport preferred none
AS5850(config-line)# exit
To Modify, Copy, and Paste
login authentication USE-RADIUS
authorization exec USE-RADIUS
Async Interface
Asychronous interface is used to terminate analog (async) dial-in calls.
Requisites
Identify the following before configuring an async interface:
•IP configuration
•Encapsulation
•Dialer parameters
•Default IP allocation
•PPP authentication
•Multilink
•Async mode
•Default timeouts
•Port range
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface group-async0
|
Creates a group-async interface from which you can configure all async interfaces at one time.
|
AS5850(config-if)# ip unnumbered loopback0
|
Unnumbers the interface to the IP address of loopback 0 interface.
|
AS5850(config-if)# encapsulation ppp
|
Sets the default encapsulation type to PPP.
|
AS5850(config-if)# dialer in-band
|
Enables dial-on-demand routing on this interface.
|
AS5850(config-if)# dialer idle-timeout 2700
|
Defines the idle timeout under the interface. If a call is idle for 45 minutes (2700 seconds), the system disconnects the user. Default is 120 seconds.
|
AS5850(config-if)# dialer-group 1
|
Assigns dialer-list 1 an interface to determine what kind of traffic to monitor.
|
AS5850(config-if)# async mode interactive
|
Allows the user to run PPP or SLIP on this interface. The line can be switched between interactive use and async interface.
|
AS5850(config-if)# ntp disable
|
Disables Network Time Protocol (NTP) on this interface.
|
AS5850(config-if)# no snmp trap link-status
|
Disables SNMP LINKUP and LINKDOWN traps when this interface goes up or down.
|
AS5850(config-if)# peer default ip address
pool default
|
Specifies that, when a client requests an address, the address is to be fetched from a local address pool called default.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol (CDP) on this interface.
|
AS5850(config-if)# ppp authentication pap
callin USE-RADIUS
|
Specifies that Password Authentication Protocol (PAP) is to be used to authenticate incoming calls, and that authentication is to be done using the USE-RADIUS method list.
|
AS5850(config-if)# ppp multilink
|
Configures the interface for multilink.
|
AS5850(config-if) group-range 2/00 11/143
|
Defines the group range to be covered under this group-async interface—in this case, interfaces 2/00-11/143.
|
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface group-async0
AS5850(config-if)# ip unnumbered loopback0
AS5850(config-if)# encapsulation ppp
AS5850(config-if)# dialer in-band
AS5850(config-if)# dialer idle-timeout 2700
AS5850(config-if)# dialer-group 1
AS5850(config-if)# async mode interactive
AS5850(config-if)# ntp disable
AS5850(config-if)# no snmp trap link-status
AS5850(config-if)# peer default ip address pool default
AS5850(config-if)# no cdp enable
AS5850(config-if)# ppp authentication pap callin USE-RADIUS
AS5850(config-if)# ppp multilink
AS5850(config-if)# group-range 2/00 11/143
To Modify, Copy, and Paste
peer default ip address pool default
ppp authentication pap callin USE-RADIUS
Dial Interface
Dial interfaces are used for terminating digital calls and async calls.
Requisites
Identify the following before configuring a dial interface:
•IP configuration
•Encapsulation
•Dialer parameters
•PPP authentication
•Multilink
•Default timeouts
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface dialer0
|
Creates a dialer interface from which you can configure all dialer interfaces at one time.
|
AS5850(config-if)# ip unnumbered loopback0
|
Unnumbers the interface to the IP address of loopback 0 interface.
|
AS5850(config-if)# encapsulation ppp
|
Sets the default encapsulation type to PPP.
|
AS5850(config-if)# no ip mroute-cache
|
Turns off fast switching for multicast traffic.
|
AS5850(config-if)# dialer in-band
|
Enables dial-on-demand routing on this interface.
|
AS5850(config-if)# dialer idle-timeout 2700
|
Defines the idle timeout under the interface. If a call is idle for 45 minutes (2700 seconds), the system disconnects the user. Default is 120 seconds.
|
AS5850(config-if)# dialer-group 1
|
Assigns interface to dialer-list 1. Use dialer-list 1 to determine what kind of traffic is worth monitoring.
|
AS5850(config-if)# ntp disable
|
Disables Network Time Protocol (NTP) on this interface.
|
AS5850(config-if)# no snmp trap link-status
|
Disables SNMP LINKUP and LINKDOWN traps when this interface goes up or down.
|
AS5850(config-if)# peer default ip address
pool default
|
Specifies that, when a client requests an address, the address is to be fetched from a local address pool called default.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol (CDP) on this interface.
|
AS5850(config-if)# ppp authentication pap
callin USE-RADIUS
|
Specifies that Password Authentication Protocol (PAP) is to be used to authenticate incoming calls, and that authentication is to be done using the USE-RADIUS method list.
|
AS5850(config-if)# ppp multilink
|
Configures the interface for multilink.
|
|
Exits interface configuration mode.
|
AS5850(config)# dialer-list 1 protocol ip
permit
|
Configures dialer-list 1 to consider all IP traffic as worth monitoring.
|
Sample Configuration
AS5850(config)# interface dialer0
AS5850(config-if)# ip unnumbered loopback0
AS5850(config-if)# encapsulation ppp
AS5850(config-if)# no ip mroute-cache
AS5850(config-if)# dialer in-band
AS5850(config-if)# dialer idle-timeout 2700
AS5850(config-if)# dialer-group 1
AS5850(config-if)# ntp disable
AS5850(config-if)# no snmp trap link-status
AS5850(config-if)# peer default ip address pool default
AS5850(config-if)# no cdp enable
AS5850(config-if)# ppp authentication pap callin USE-RADIUS
AS5850(config-if)# ppp multilink
AS5850(config)# dialer-list 1 protocol ip permit
To Modify, Copy, and Paste
peer default ip address pool default
ppp authentication pap callin USE-RADIUS
dialer-list 1 protocol ip permit
IP Address Pools
An IP address pool is a range of IP addresses set aside for a specific purpose such as DHCP. As clients connect to the network gateway, they request and are assigned an IP address from the pool.
Requisites
Identify the following before configuring an IP address pool:
•Local IP pools
•DHCP pools
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# ip dhcp-server x.x.x.x (if
using dhcp)
|
Defines the IP address for the DHCP server. Cisco IOS software queries this server (instead of broadcasting on all interfaces) when it needs to get an address for a client from DHCP.
|
AS5850(config)# ip local pool default
1.1.1.1 1.1.1.254
|
Defines a local address pool called default with addresses spanning 1.1.1.1 to 1.1.1.254 (255 is a reserved broadcast address).
|
AS5850(config)# ip local pool 1 10.100.1.1
10.100.1.64
|
Defines a local address pool called 1 with addresses spanning 10.100.1.1 to 10.100.1.64.
|
Sample Configuration
AS5850(config)# ip dhcp-server x.x.x.x (if using dhcp)
AS5850(config)# ip local pool default 1.1.1.1 1.1.1.254
AS5850(config)# ip local pool 1 10.100.1.1 10.100.1.64
To Modify, Copy, and Paste
ip local pool default 1.1.1.1 1.1.2.254
ip local pool 1 10.100.1.1 10.100.1.64
Virtual Template
Virtual templates are used for cloning virtual-access interfaces for inbound calls.
Requisites
Identify the following before configuring a virtual template:
•IP configuration
•Encapsulation
•Default IP allocation
•PPP authentication
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface virtual-template
1
|
Defines the virtual template to be used for cloning virtual-access interfaces.
|
AS5850(config-if)# ip unnumbered loopback0
|
Unnumbers the interface to the IP address of loopback 0 interface.
|
AS5850(config-if)# no ip directed broadcast
|
Disables directed broadcasts to this subnet.
|
AS5850(config-if)# no ip mroute-cache
|
Turns off fast switching for multicast traffic.
|
AS5850(config-if)# ntp disable
|
Disables Network Time Protocol (NTP) on this interface.
|
AS5850(config-if)# no snmp trap link-status
|
Disables SNMP LINKUP and LINKDOWN traps when this interface goes up or down.
|
AS5850(config-if)# ppp authentication pap
callin USE-RADIUS
|
Specifies that Password Authentication Protocol (PAP) is to be used to authenticate incoming calls, and that authentication is to be done using the USE-RADIUS method list.
|
AS5850(config-if)# ppp multilink
|
Configures the interface for multilink.
|
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface virtual-template 1
AS5850(config-if)# ip unnumbered loopback0
AS5850(config-if)# no ip directed broadcast
AS5850(config-if)# no ip mroute-cache
AS5850(config-if)# ntp disable
AS5850(config-if)# no snmp trap link-status
AS5850(config-if)# ppp authentication pap callin USE-RADIUS
AS5850(config-if)# ppp multilink
To Modify, Copy, and Paste
interface virtual-template 1
ppp authentication pap callin USE-RADIUS
SGBP
Stack Group Bidding Protocol (SGBP) is a protocol used for configuring multichassis multilink PPP:
Requisites
Identify the following before configuring SGBP:
•Global SGBP password
•Member list hostnames
•Member list IP addresses
•Bidding priority
For more about SGBP, see Multichassis Multilink PPP (MMP), available online at http://www.cisco.com/warp/public/131/3.html
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# username sg-group password
anything
|
Defines the user name and password for the SGBP stack group.
|
AS5850(config)# sgbp group sg-group
|
Defines the SGBP stack-group name as sg-group.
|
AS5850(config)# sgbp source-ip [loopback0
ip-address]
|
Defines the source IP address for the SGBP stack. Forces the gateway to source the SGBP packets from the loopback0 interface.
|
AS5850(config)# sgbp member nas01 [nas01
loop0 ip-address]
|
Defines the SGBP member nas01 and its IP address. Statically configures the peer, name, and IP addresses of other peers in the stack group.
|
AS5850(config)# sgbp member nas02 [nas02
loop0 ip-address]
|
Defines the SGBP member nas02 and its IP address. Statically configures the peer, name, and IP addresses of other peers in the stack group.
|
Sample Configuration
AS5850(config)# username sg-group password anything
AS5850(config)# sgbp group sg-group
AS5850(config)# sgbp source-ip [loopback0 ip-address]
AS5850(config)# sgbp member nas01 [nas01 loop0 ip-address]
AS5850(config)# sgbp member nas02 [nas02 loop0 ip-address]
To Modify, Copy, and Paste
username sg-group password anything
VPDN
Virtual Private Dialup Network (VPDN) enables forwarding of PPP links from an Internet service provider ISP to a home gateway. L2TP and L2F are common options for tunneling protocol.
Requisites
Identify the following before configuring VPDN:
•L2TP
•L2F
•DNIS/Domain based VPDN
•LNS Load-balancing/Backup
For more about VPDN, see Layer 2 Tunnel Protocol, available online at http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/l2tpt.htm
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# vpdn enable
|
Enables the processing of VPDN calls. VPDN calls are determined by a special DNIS number or a special user-name format.
|
AS5850(config)# vpdn search-order dnis
domain
|
Configures the order for searching different VPDN tunnel types. Looks first for DNIS-based tunnels and then for DOMAIN-based tunnels.
|
Sample Configuration
AS5850(config)# vpdn enable
AS5850(config)# vpdn search-order dnis domain
To Modify, Copy, and Paste
vpdn search-order dnis domain
SNMP
Simple Network Management Protocol (SNMP) is used for monitoring and managing network devices.
Requisites
Identify the following before configuring SNMP:
•RO community
•RW community
•Trap hosts
•Traps list
For more on SNMP, see the Cisco MIBs website at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# snmp-server community
public RO
|
Enables SNMP and sets community string and access privileges for public to read-only.
|
AS5850(config)# snmp-server community
private RW
|
Enables SNMP and sets community string and access privileges for private to read-write.
|
AS5850(config)# snmp-server enable traps
snmp
|
Enables SNMP traps.
|
AS5850(config)# snmp-server enable traps
envmon
|
Enables SNMP traps when the gateway detects an anomaly in environmental conditions.
|
AS5850(config)# snmp-server enable traps
syslog
|
Enables SNMP syslog traps. Sends traps to the syslog server.
|
AS5850(config)# snmp-server host 9.9.9.9
public
|
Specifies that host 9.9.9.9 is to receive SNMP notifications for public.
|
Sample Configuration
AS5850(config)# snmp-server community public RO
AS5850(config)# snmp-server community private RW
AS5850(config)# snmp-server enable traps snmp
AS5850(config)# snmp-server enable traps envmon
AS5850(config)# snmp-server enable traps syslog
AS5850(config)# snmp-server host 9.9.9.9 public
To Modify, Copy, and Paste
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps snmp
snmp-server enable traps envmon
snmp-server enable traps syslog
snmp-server host 9.9.9.9 public
Virtual Profiles
Virtual profiles is a unique point-to-point application that creates and configures a virtual-access interface dynamically when a dial-in call is received, and tears down the interface dynamically when the call ends.
Requisites
Identify the following before configuring a virtual profile:
•User profile in AAA server
•Interface virtual template
•Virtual-profile AAA
•Virtual-profile virtual template
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# virtual-profile
virtual-template 1
|
Creates a virtual-access interface for every user that is connected to the gateway. This is necessary when applying certain per-user attributes (such as timeouts).
|
AS5850(config)# virtual-profile aaa
|
Allows installation of per-user configurations specified by the interface-config attributes in a user TACACS+/RADIUS profile.
|
Sample Configuration
AS5850(config)# virtual-profile virtual-template 1
AS5850(config)# virtual-profile aaa
To Modify, Copy, and Paste
virtual-profile virtual-template 1
Multilink Virtual Template
A multilink virtual template is a virtual template from which the specified multilink PPP bundle can clone its interface parameters.
Requisites
Identify the following before configuring a multilink virtual template:
•IP configuration
•Encapsulation
•Default IP allocation
•PPP authentication
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# multilink virtual-template
1
|
Allows the virtual-access interface for a user to clone form the virtual-template interface in case there is no physical/dialer interface to clone from. This is necessary on all stack group members.
|
AS5850(config)# multilink bundle-name both
|
Sets the gateway to uniquely identify this multilink session through a combination of the authentication username and the endpoint discriminator. This is necessary when multiple users are dialing in with the same username.
|
Sample Configuration
AS5850(config)# multilink virtual-template 1
AS5850(config)# multilink bundle-name both
To Modify, Copy, and Paste
multilink virtual-template 1
multilink bundle-name both
V.120 Support
The Cisco AS5850 supports V.120 dedicated PPP dial-in. A maximum of 120 concurrent sessions is supported. For more information, see Access Server Dial-In IP/PPP Configuration with Dedicated V.120 PPP, available online at http://www.cisco.com/warp/public/129/28.shtml
Requisites
None.
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface s 0/0:1:23
|
Defines the serial interface to be configured.
|
AS5850(config-if)# autodetect encapsulation
v120 ppp
|
Configures the gateway to automatically switch between ISDN PPP users and ISDN V.120 users.
|
AS5850(config-if)# line vty 5 20
|
Creates new VTYs for V.120 users to start on.
|
AS5850(config-line)# transport input v120
|
Only allows V.120 users to connect to this VTTY.
|
AS5850(config-line)# login authentication
USE-RADIUS
|
Configures authentication on this line to use the USE-RADIUS method list.
|
AS5850(config-line)# authorization exec
USE-RADIUS
|
Configures EXEC authorization on the line to use the USE-RADIUS method list.
|
AS5850(config-line)# exit
|
Exits line configuration mode.
|
Sample Configuration
AS5850(config)# interface s 0/0:1:23
AS5850(config-if)# autodetect encapsulation v120 ppp
AS5850(config-if)# line vty 5 20
AS5850(config-line)# transport input v120
AS5850(config-line)# login authentication USE-RADIUS
AS5850(config-line)# authorization exec USE-RADIUS
AS5850(config-line)# exit
To Modify, Copy, and Paste
autodetect encapsulation v120 ppp
login authentication USE-RADIUS
authorization exec USE-RADIUS
Global Parameters
These following parameters are defined in global configuration mode on the gateway:
•Hostname
•Service timestamps
•Service password
•Network time protocol
•Timezone
•Enable secret
Requisites
None.
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# service timestamps debug
datetime msec localtime
|
Enables debugs to be timestamped with millisecond resolution. This is critical to have when sending in debug traces to the Cisco TAC.
|
AS5850(config)# service timestamps log
datetime msec localtime
|
Enables log messages to be timestamped with millisecond resolution. This is critical to have when sending in debug traces to the Cisco TAC.
|
AS5850(config)# service password-encryption
|
Enables service-password encryption so that passwords are encrypted when displayed in the running and startup config.
|
AS5850(config)# hostname name
|
Defines the host name of the gateway.
|
AS5850(config)# enable secret thisissecret
|
Configures a cryptographically strong version of the password used to gain enable access to the gateway.
|
AS5850(config)# clock timezone EST - 5
|
Sets the timezone and clock offset from GMT time.
|
AS5850(config)# clock summer-time EDT
recurring
|
Sets the clock to adjust for daylight savings time.
|
AS5850(config)# ip subnet-zero
|
Allows the gateway to use subnet-zero subnets.
|
AS5850(config)# no ip source-route
|
Disables processing of packets with source-routing header options.
|
AS5850(config)# async-bootp dns-server
x.x.x.x
|
Configures the DNS server with which the gateway responds when dealing with PPP clients that implement RFC1877.
|
AS5850(config)# ntp server x.x.x.x prefer
|
Configures the gateway to sync to the NTP server at x.x.x.x and prefers this peer when possible.
|
AS5850(config)# ntp server y.y.y.y
|
Configures the gateway to sync to the NTP server at y.y.y.y.
|
Sample Configuration
AS5850(config)# service timestamps debug datetime msec localtime
AS5850(config)# service timestamps log datetime msec localtime
AS5850(config)# service password-encryption
AS5850(config)# hostname [name of your nas]
AS5850(config)# enable secret thisissecret
AS5850(config)# clock timezone EST - 5
AS5850(config)# clock summer-time EDT recurring
AS5850(config)# ip subnet-zero
AS5850(config)# no ip source-route
AS5850(config)# async-bootp dns-server x.x.x.x
AS5850(config)# ntp server x.x.x.x prefer
AS5850(config)# ntp server y.y.y.y
To Modify, Copy, and Paste
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname [name of your nas]
clock summer-time EDT recurring
async-bootp dns-server x.x.x.x
ntp server x.x.x.x prefer
Finalizing Operational Configurations
This section covers finishing up the gateway configurations and getting the gateway ready for operation.
Requisites
None.
Configurations
Sample Commands
Command
|
Purpose
|
AS5850(config)# no logging console
|
Turns off console logging so that messages do not appear on and possibly flood the gateway console.
|
AS5850(config)# line con 0
|
Enters console configuration mode.
|
AS5850(config)# login authentication
CONSOLE
|
Defines an authentication method list called CONSOLE (defined in the global AAA process).
|
AS5850(config)# exec-timeout 0 0
|
Sets the EXEC timeout for the console to indefinite, thus disabling the idle timeout for EXEC sessions on this line.
|
AS5850(config)# line vty 0 4
|
Enters virtual terminal line configuration mode. These lines are used for telnetting to the gateway.
|
AS5850(config)# exec-timeout 0 0
|
Sets the EXEC timeout to indefinite. Disables the idle timeout for EXEC sessions on this line.
|
AS5850(config)# login authentication LOCAL
|
Defines an authentication method list called LOCAL (defined in the global AAA process).
|
|
Exits global configuration mode to privileged EXEC mode.
|
Sample Configuration
AS5850(config)# no logging console
AS5850(config)# line con 0
AS5850(config)# login authentication CONSOLE
AS5850(config)# exec-timeout 0 0
AS5850(config)# line vty 0 4
AS5850(config)# exec-timeout 0 0
AS5850(config)# login authentication LOCAL
To Modify, Copy, and Paste
login authentication CONSOLE
login authentication LOCAL
Other Operational Configuration Considerations
Access Lists
Access lists control the flow of incoming and outgoing traffic by defining the kind of traffic permitted and denied.
Route Summarization
Route summarization summarizes the routes advertised to other gateways in the network, normally to class boundaries.
Show Commands
show commands are used to look at various information and statistics on the gateway.
•show version
•show controller { e1 }
•show isdn { status | service }
•show spe { summary }
•show ip local pool
•show line summary
•show caller
•show caller user username
•show dial-shelf
Debug Commands
debug commands are used to isolate and troubleshoot problems on the gateway.
•debug isdn q931
•debug isdn q921
•debug csm spe
•debug aaa authentication
•debug aaa authorization
•debug aaa accounting
•debug aaa per-user
•debug ppp authentication
•debug ppp negotiation
•debug radius
•debug vpdn l2x-events
•debug vpdn l2x-errors
Feedback