Table Of Contents
Advanced Quick Reference
CLI Command Modes
Functional Components
Egress Interface
Requisites
Configuration
Loopback Interface
Requisites
Configuration
Routing Protocol
Requisites
Configuration
Ingress Interface
Requisites
Configuration
Line Signaling
Requisites
Configuration: ISDN
Configuration: CAS
D Channels (ISDN)
Requisites
Configuration
AAA
Plan and Requisites
Configuration
Configuration: Authorization
Configuration: Accounting
Configuration: RADIUS Server
Configuration: TACACS Server
TTY Line
Requisites
Configuration
Async Interface
Requisites
Configuration
Dial Interface
Requisites
Configuration
IP Address Pools
Requisites
Configuration
Virtual Template
Requisites
Configuration
SGBP
Requisites
Configuration
VPDN
Requisites
Configuration
SNMP
Requisites
Configuration
Virtual Profiles
Requisites
Configuration
Multilink Virtual Template
Requisites
Configuration
V.120 Support
Requisites
Configuration
Global Parameters
Requisites
Configuration
Finalizing Operational Configurations
Requisites
Configurations
Other Operational Configuration Considerations
Advanced Quick Reference
This appendix provides quick-reference configurations for the advanced Cisco AS5850 user and system administrator who need to rapidly modify system functionality or enhance system performance. Interface and protocol configurations addressed in this section are listed by category and sequenced logically by operation in the following sections:
•
CLI Command Modes
•Functional Components
CLI Command Modes
You configure your gateway from a command-line interface (CLI) for your console port, which provides hardware connectivity. You access the gateway directly from the console port or by telnetting into the gateway from another host. A command interpreter, called EXEC, translates and runs Cisco IOS commands. This command interpreter provides you with a privileged mode of access that promotes security to the respective command levels, restricting users to a subset of mode-specific commands.
Table A-1 shows the available command modes.
Table A-1 CLI Command Modes
Mode
|
Prompt
|
Purpose
|
User EXEC mode
|
AS5850>
|
Provides restricted access to miscellaneous configuration and troubleshooting functionality such as viewing system information, obtaining basic gateway status, changing terminal settings, and establishing remote device connectivity.
|
Privileged EXEC mode
|
AS5850#
|
Provides unrestricted access. Is used exclusively for gateway configuration, debugging, setting operating system (OS) parameters, and retrieving detailed gateway status information.
|
Global configuration mode
|
AS5850(config)#
|
Provides access to commands affecting the whole gateway. Submodes exist within global configuration mode (examples: AS5850(config-if)#, AS5850(config-line)#, AS5850(config-SPE)).
|
ROM monitor mode
|
> or rommon>
|
Permits gateway configuration if the gateway does not find a valid system image or if the bootup sequence is interrupted during startup.
|
Table A-2 shows the commands with which you can escape and thus move among modes.
Table A-2 Escape Commands
Command
|
Purpose
|
end or Ctrl-Z
|
Escapes from any command mode to privileged EXEC mode, from any configuration command mode to one command-prompt level higher, or from privileged EXEC or user EXEC mode completely out of the CLI.
|
disable
|
Escapes from privileged EXEC mode to user EXEC mode.
|
logout
|
Escapes from the command-line interface, if you are in privileged EXEC or user EXEC mode.
|
Functional Components
The following sections show abridged interface and protocol configurations listed by category and sequenced logically by operation. Each functional component is dependent on previous component configurations and includes the following reference information:
•Basic operational summary
•List of operational requisites that you must consider before configuration
•Configuration summary with command list, sample configuration script, and list of commands for purposes of editing, copying, and pasting into your gateway
•Other configuration considerations, including access lists, route summarization, basic show commands, and useful debug commands
Configurations are provided for the following functional components:
•Egress Interface
•Loopback Interface
•Routing Protocol
•Ingress Interface
•Line Signaling
•D Channels (ISDN)
•AAA
•TTY Line
•Async Interface
•Dial Interface
•IP Address Pools
•Virtual Template
•SGBP
•VPDN
•SNMP
•Virtual Profiles
•Multilink Virtual Template
•Global Parameters
•Finalizing Operational Configurations
Egress Interface
Egress interfaces are network connections, or ports, used for outbound traffic flow.
Requisites
Identify the following before configuring egress interfaces:
•Interface type
•IP configuration
•Interface specific parameters (Duplex, Speed, PVC, Encapsulation, and so on)
Configuration
The following Cisco IOS software CLI script serves as a sample egress-interface configuration or setup.
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface GigabitEthernet6/0
|
Defines the interface type as Fast Ethernet.
|
AS5850(config-if)# ip address 1.1.1.1 255.255.255.0
|
Assigns a primary IP address and subnet mask to the Fast Ethernet interface.
|
AS5850(config-if)# no ip directed broadcast
|
Disables directed broadcasts to this subnet.
|
AS5850(config-if)# no ip mroute-cache
|
Disables IP multicast fast switching.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol.
|
AS5850(config-if)# exit
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface GigabitEthernet6/0
AS5850(config-if)# ip address 1.1.1.1 255.255.255.0
AS5850(config-if)# no ip directed broadcast
AS5850(config-if)# no ip mroute-cache
AS5850(config-if)# no cdp enable
To Modify, Copy, and Paste
interface GigabitEthernet6/0
ip address 1.1.1.1 255.255.255.0
Loopback Interface
A loopback interface is a logical interface on the gateway that can be used for diagnostics and troubleshooting purposes. It is also used to conserve address space so that other physical interfaces can be unnumbered to this interface. The state of the loopback interface is always UP/UP.
Requisites
Identify your IP configuration before configuring a loopback interface.
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface loopback0
|
Defines the interface type.
|
AS5850(config-if)# ip address 2.2.2.2 255.255.255.255
|
Assigns an IP address to the interface.
|
AS5850(config-if)# no ip directed broadcast
|
Disables directed broadcasts.
|
AS5850(config-if)# exit
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface loopback0
AS5850(config-if)# ip address 2.2.2.2 255.255.255.255
AS5850(config-if)# no ip directed broadcast
To Modify, Copy, and Paste
ip address 2.2.2.2 255.255.255.255
Routing Protocol
Routing protocol accomplishes routing through the implementation of a specific routing algorithm. Examples of routing protocols include RIP, IGRP, EIGRP, OSPF, and BGP.
Requisites
Identify the following before configuring routing protocols:
•Routing protocol for egress network
•Networks to advertise
•IP summarization, if supported
•Interfaces to advertise routing
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# router rip
|
Defines the routing protocol used on the gateway to RIP protocol and initiates the routing-protocol processes.
|
AS5850(config-router)# version 2
|
Defines the protocol version used to Version 2.
|
AS5850(config-router)# redistribute static
|
Enables redistribution of static routes in routing updates. Advertises static routes (including per-user static routes downloaded from RADIUS or TACACS+).
|
AS5850(config-router)# passive-interface Group-Async0
|
Defines the group-async interface as passive so that no routing updates are sent out of these interfaces. Disables sending of updates across the interface and places the interface in listen mode.
|
AS5850(config-router)# passive-interface Virtual-Template1
|
Defines the virtual template as a passive interface that so no routing updates are sent out of the virtual-access interfaces that are cloned off the virtual template.
|
AS5850(config-router)# passive-interface Dialer0
|
Defines the dialer interface as passive.
|
AS5850(config-router)# passive-interface Loopback0
|
Defines the loopback interface as passive.
|
AS5850(config-router)# network 10.0.0.0
|
Enables advertisement of interfaces in this network. Here, defines 10.0.0.0 network as part of the RIP routing process so that the gateway exchanges routing updates about the 10.0.0.0 network dynamically.
|
AS5850(config-router)# network 172.16.0.0
|
Enables advertisement of interfaces in this network. Here, defines 172.16.0.0 network as part of the RIP routing process so that updates to this network are exchanged dynamically between this gateway and its neighbors.
|
AS5850(config-router)# no auto-summary
|
Turns off route summarization so that updates are not summarized to class boundaries.
|
AS5850(config-router)# exit
|
Exits configuration mode.
|
AS5850(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1
|
Defines a default route for this gateway. If the gateway does not have an address in its routing table, it forwards the packets to this IP address. Default routes for destinations are not learned through the routing protocol.
|
Sample Configuration
AS5850(config)# router rip
AS5850(config-router)# version 2
AS5850(config-router)# redistribute static
AS5850(config-router)# passive-interface Group-Async0
AS5850(config-router)# passive-interface Virtual-Template1
AS5850(config-router)# passive-interface Dialer0
AS5850(config-router)# passive-interface Loopback0
AS5850(config-router)# network 10.0.0.0
AS5850(config-router)# network 172.16.0.0
AS5850(config-router)# no auto-summary
AS5850(config-router)# exit
AS5850(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1
To Modify, Copy, and Paste
passive-interface Group-Async0
passive-interface Virtual-Template1
passive-interface Dialer0
passive-interface Loopback0
ip route 0.0.0.0 0.0.0.0 172.16.1.1
Ingress Interface
Interfaces used for inbound traffic flow.
Requisites
Identify the following before configuring ingress interfaces:
•Facilities(T3 / E1)
•Circuit type (ISDN CAS)
•Telco parameters
•ISDN switch type
•CAS signaling
•Dial slots
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# isdn switch-type primary-ni (ISDN)
|
Defines ISDN switch type to be used on the gateway. This global command can also be used under the D channel in later versions of Cisco IOS images.
|
AS5850(config)# controller t3 0/0
|
Identifies controller type as T3 and that controller is in shelf 1, slot 0, port 0.
|
AS5850(config-controller)# framing m23
|
Enables m23 framing. Sets framing type under the T3 controller.
|
AS5850(config-controller)# cablelength 224
|
Sets cable length to 224 feet.
|
AS5850(config-controller)# t1 1 controller
|
Enables the first T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28.
|
AS5850(config-controller)# t1 2 controller
|
Enables the second T1 in the T3. Configures individual T1 controllers under the T3 controller. Range is 1-28.
|
AS5850(config-controller)# . . .
|
Configures additional individual T1 controllers under the T3 controller. Range is 1-28.
|
AS5850(config-controller)# exit
|
Exits controller configuration mode.
|
Sample Configuration
AS5850(config)# isdn switch-type primary-ni (ISDN)
AS5850(config)# controller t3 0/0
AS5850(config-controller)# framing m23
AS5850(config-controller)# cablelength 224
AS5850(config-controller)# t1 1 controller
AS5850(config-controller)# t1 2 controller
AS5850(config-controller)# . . .
AS5850(config-controller)# exit
To Modify, Copy, and Paste
isdn switch-type primary-ni (ISDN)
Line Signaling
When you configure a gateway for signaling, you can use line signaling for both inbound and outbound calls. Line-signaling configuration must match the corresponding telco-switch configuration.
Requisites
Identify the following before configuring line signaling:
•Facilities(T3 / E1)
•Circuit type (ISDN CAS)
•Telco parameters
•ISDN switch type
•CAS signaling
•Dial slots
Configuration: ISDN
Sample Commands
Command
|
Purpose
|
AS5850(config)# isdn switch-type primary-ni1
|
Configures ISDN switch type to which the gateway is connected.
|
AS5850(config)# controller e1 0/0
|
Configures the first E1 on slot 0.
|
AS5850(config-controller)# pri-group timeslots 1-24
|
Enables this E1 to use ISDN PRI signaling on all 24 time slots.
|
AS5850(config-controller)# exit
|
Exits controller configuration mode.
|
Sample Configuration
AS5850(config)# isdn switch-type primary-ni1
AS5850(config)# controller e1 0/0
AS5850(config-controller)# pri-group timeslots 1-24
AS5850(config-controller)# exit
To Modify, Copy, and Paste
isdn switch-type primary-ni1
Configuration: CAS
Sample Commands
Command
|
Purpose
|
AS5850(config)# controller e1 0/11
|
Enters controller configuration mode.
|
AS5850(config-controll)# framing esf
|
Sets framing to extended super frame (ESF).
|
AS5850(config-controll)# linecode b8zs
(e1-cas)
|
Sets line coding to binary 8 zero substitution (B8ZS).
|
AS5850(config-controll)# ds0-group 0
timeslots 1-24 type e&m-fgb
|
Configures this E1 CAS line to use E&M feature-group B signaling on all 24 time slots.
|
AS5850(config-controller)# exit
|
Exits controller configuration mode.
|
Sample Configuration
AS5850(config)# controller e1 1/0/11
AS5850(config-controll)# framing esf
AS5850(config-controll)# linecode b8zs
AS5850(config-controll)# ds0-group 0 timeslots 1-24 type e&m-fgb
AS5850(config-controller)# exit
To Modify, Copy, and Paste
ds0-group 0 timeslots 1-24 type
D Channels (ISDN)
The ISDN D channel is the 16th time slot on E1/PRI and is used for signaling information. Call setup and tear-down information is sent over the D channel.
Requisites
Identify the following before configuring ISDN D channels:
•Interface switch-type
•IP configuration
•Encapsulation
•Analog (voice) access
•Cause code for hunting
•Rotary configuration
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface s 0/0:1:23
|
Defines the D channel to configure. Configure the D channel on controller T1 1 under the T3 controller in shelf 1, slot 0, port 0.
|
AS5850(config-if)# no ip address
|
Prohibits assigning an IP address on the D channel.
|
AS5850(config-if)# no ip directed-broadcast
|
Disables directed broadcasts.
|
AS5850(config-if)# encapsulation ppp
|
Sets encapsulation type to PPP.
|
AS5850(config-if)# dialer rotary-group 0
|
Configures the D channel for rotary-group and makes this interface a member of the dialer 0 rotary interface. Assigns physical interface serial 0/0:1:23 to rotary-group 0. This is legacy DDR configuration.
|
AS5850(config-if)# isdn switch-type
primary-5ess
|
Sets the ISDN switch type to primary-5ess.
|
AS5850(config-if)# isdn incoming-voice
modem
|
Hands off incoming voice calls to the CSM and terminates them on a port. Accepts speech (voice) bearer-type calls and routes them to a voice or port resource.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol (CDP). If an incoming voice call cannot be terminated because all voice/port resources are in use, disconnects the call with a cause code of user-busy.
|
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface s 0/0:1:23
AS5850(config-if)# no ip address
AS5850(config-if)# no ip directed-broadcast
AS5850(config-if)# encapsulation ppp
AS5850(config-if)# dialer rotary-group 0
AS5850(config-if)# isdn switch-type primary-5ess
AS5850(config-if)# isdn incoming-voice modem
AS5850(config-if)# no cdp enable
To Modify, Copy, and Paste
isdn switch-type primary-5ess
isdn incoming-voice modem
AAA
Triple A (AAA) security in billing stands for authentication, authorization, and accounting.
Plan and Requisites
Identify the following before configuring AAA:
•Dial-in authentication method
•Dial-in authorization method
•Dial-in accounting method
•Administrative AAA method
•AAA servers
•Backup plan
For detailed AAA configuration information, see the chapter on AAA in the Security Configuration Guide, available online at http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/
For detailed RADIUS server configuration information, see the chapter on security server protocols (and, under that, RADIUS commands) in Security Command Reference, available online at http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_r/
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# aaa new-model
|
Enables the AAA security paradigm.
|
AS5850(config)# aaa authentication login
CONSOLE none
|
Defines an authentication method list called CONSOLE that requires no authentication.
|
AS5850(config)# aaa authentication login
LOCAL none
|
Defines an authentication method list called LOCAL that consults the local database of user names and passwords.
|
AS5850(config)# aaa authentication login
USE-RADIUS group radius local
|
Defines an authentication method list called USE-RADIUS that points to the database on the RADIUS server. If that server does not respond, falls back to the local user database.
|
AS5850(config)# aaa authentication login
USE-TACACS tacacs+ enable
|
Defines an authentication method list called USE-TACACS that points to the database on the TACACS+ server. If that server does not respond, falls back to the enable password.
|
AS5850(config)# aaa authentication enable
default enable tacacs+
|
Defines an authentication method list called default that points to the enable password defined on the gateway for enable privilege on the gateway. Falls back to the TACACS+ server.
|
AS5850(config)# aaa authentication ppp
USE-RADIUS if-needed radius
|
Defines an authentication method list for PPP users called USE-RADIUS that points to the RADIUS server. The if-needed option signifies that, if users have already been authenticated, they need not be reauthenticated.
|
AS5850(config)# username cisco password
cisco
|
Defines a user name and password on the gateway for local authentication.
|
Sample Configuration
AS5850(config)# aaa new-model
AS5850(config)# aaa authentication login CONSOLE none
AS5850(config)# aaa authentication login LOCAL none
AS5850(config)# aaa authentication login USE-RADIUS group radius local
AS5850(config)# aaa authentication login USE-TACACS tacacs+ enable
AS5850(config)# aaa authentication enable default enable tacacs+
AS5850(config)# aaa authentication ppp USE-RADIUS if-needed radius
AS5850(config)# username cisco password cisco
To Modify, Copy, and Paste
aaa authentication login CONSOLE none
aaa authentication login USE-RADIUS radius
aaa authentication login TAC_PLUS tacacs+ enable
aaa authentication login LOCAL local
aaa authentication enable default enable tacacs+
aaa authentication ppp USE-RADIUS if-needed radius
username cisco password cisco
Configuration: Authorization
Sample Commands
Command
|
Purpose
|
AS5850(config)# aaa authorization exec
USE-RADIUS group radius if-authenticated
|
Defines an authorization method list called USE-RADIUS for EXEC that points to the RADIUS server. EXEC authorization is required to process per-user attributes such as autocommands. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
AS5850(config)# aaa authorization exec
USE-TACACS group tacacs+ if-authenticated
|
Defines an authorization method list called USE-TACACS for EXEC that points to the TACACS+ server. EXEC authorization is required to process per-user attributes such as autocommands. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
AS5850(config)# aaa authorization network
default radius if-authenticated
|
Defines an authorization method list called default for network services (PPP, SLIP, ARAP) that points to the RADIUS server. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
AS5850(config)# aaa authorization network
USE-RADIUS group radius if-authenticated
|
Defines an authorization method called USE-RADIUS for network services (PPP, SLIP, ARAP) that points to the RADIUS server. If that server does not respond and the user is already authenticated, automatically authorizes the user.
|
Sample Configuration
AS5850(config)# aaa authorization exec USE-RADIUS group radius if-authenticated
AS5850(config)# aaa authorization exec USE-TACACS group tacacs+ if-authenticated
AS5850(config)# aaa authorization network default radius if-authenticated
AS5850(config)# aaa authorization network USE-RADIUS group radius if-authenticated
To Modify, Copy, and Paste
aaa authorization exec USE-RADIUS group radius if-authenticated
aaa authorization exec USE-TACACS group tacacs+ if-authenticated
aaa authorization network default radius if-authenticated
aaa authorization network USE-RADIUS group radius if-authenticated
Configuration: Accounting
Sample Commands
Command
|
Purpose
|
AS5850(config)# aaa accounting suppress
null-username
|
Suppresses generation of accounting records for users with a null username.
|
AS5850(config)# aaa accounting exec default
start-stop group radius
|
Generates accounting records for all EXEC sessions and sends them, at the beginning and end of a session, to the RADIUS server.
|
AS5850(config)# aaa accounting network
default start-stop group radius
|
Generates accounting records for network services (PPP, SLIP, ARAP) and sends them, at the beginning and end of a session, to the RADIUS server.
|
AS5850(config)# aaa accounting system
default start-stop group radius
|
Generates accounting records for system events and sends them, when the gateway is booted and at the beginning and end of an event, to the RADIUS server.
|
Sample Configuration
AS5850(config)# aaa accounting suppress null-username
AS5850(config)# aaa accounting exec default start-stop group radius
AS5850(config)# aaa accounting network default start-stop group radius
AS5850(config)# aaa accounting system default start-stop group radius
To Modify, Copy, and Paste
aaa accounting suppress null-username
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
Configuration: RADIUS Server
Sample Commands
Command
|
Purpose
|
AS5850(config)# radius-server host x.x.x.x
auth-port x acct-port x non-standard
|
Defines a RADIUS server at IP address x.x.x.x. Authentication is to be done at UDP port x; accounting is to be done at UDP port y. The option nonstandard enables parsing of attributes that violate the RADIUS standard.
|
AS5850(config)# radius-server host a.b.c.d
auth-port x acct-port y key mysharedsecret
|
Defines a RADIUS server at IP address a.b.c.d. Authentication is to be done on UDP port x; accounting is to be done on UDP port y. The key mysharedsecret is to be used for encryption.
|
AS5850(config)# radius-server deadtime 5
|
Defines when, in minutes, to stop using a RADIUS server that does not respond.
|
AS5850(config)# radius-server timeout 3
|
Defines how long, in seconds, to wait for a RADIUS server to reply.
|
AS5850(config)# radius-server retransmit 2
|
Specifies the number of retries to an active RADIUS server.
|
AS5850(config)# radius-server attribute
nas-port format c
|
Sets the format of the network gateway (NAS) port attribute to c, which is shelf (2 bits), slot (4 bits), port (5 bits), channel (5 bits).
|
Sample Configuration
AS5850(config)# radius-server host x.x.x.x auth-port x acct-port x non-standard
AS5850(config)# radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret
AS5850(config)# radius-server deadtime 5
AS5850(config)# radius-server timeout 3
AS5850(config)# radius-server retransmit 2
AS5850(config)# radius-server attribute nas-port format c
To Modify, Copy, and Paste
radius-server host x.x.x.x auth-port x acct-port x non-standard
radius-server host a.b.c.d auth-port x acct-port y key mysharedsecret
radius-server retransmit 2
radius-server attribute nas-port format c
Configuration: TACACS Server
Sample Commands
Command
|
Purpose
|
AS5850(config)# tacacs-server host x.x.x.x
key mysharedsecret
|
Defines a TACACS+ server at IP address x.x.x.x. The key mysharedsecret is to be used for encryption.
|
Sample Configuration
AS5850(config)# tacacs-server host x.x.x.x key mysharedsecret
To Modify, Copy, and Paste
tacacs-server host x.x.x.x key mysharedsecret
TTY Line
TTY lines are asynchronous lines on the gateway. TTY is a line configuration, not an interface configuration. These lines correspond to async interfaces that are configured separately.
Requisites
Identify the following before configuring a TTY line:
•Timeouts
•Autoselected protocols
•Authorization and authentication
•Port service
•Transport
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# line 2/00 11/143
|
Defines the range for lines to be configured.
|
AS5850(config-line)# location "Async call"
|
Defines the location of the async line.
|
AS5850(config-line)# exec-timeout 0 0
|
Sets the EXEC timeout under the line to indefinite.
|
AS5850(config-line)# autoselect ppp
|
Enables automatic detection of PPP packets.
|
AS5850(config-line)# autoselect
during-login
|
Presents the login prompt before beginning autoselect process.
|
AS5850(config-line)# login authentication
USE-RADIUS
|
Defines an authentication method list for login called USE-RADIUS.
|
AS5850(config-line)# authorization exec
USE-RADIUS
|
Defines an authorization method list for EXEC login called USE-RADIUS.
|
AS5850(config-line)# modem Dialin
|
Configures a line to allow a modem to dial in but not out.
|
AS5850(config-line)# no modem log rs232
|
Turns off logging of RS232 events.
|
AS5850(config-line)# transport preferred
none
|
Sets preferred protocol to none, so that a user is not autoconnected to a host by way of a particular protocol.
|
AS5850(config-line)# exit
|
Exits line configuration mode.
|
Sample Configuration
AS5850(config)# line 2/00 11/143
AS5850(config-line)# location "Async call"
AS5850(config-line)# exec-timeout 0 0
AS5850(config-line)# autoselect PPP
AS5850(config-line)# autoselect during-login
AS5850(config-line)# login authentication USE-RADIUS
AS5850(config-line)# authorization exec USE-RADIUS
AS5850(config-line)# modem Dialin
AS5850(config-line)# no modem log rs232
AS5850(config-line)# transport preferred none
AS5850(config-line)# exit
To Modify, Copy, and Paste
login authentication USE-RADIUS
authorization exec USE-RADIUS
Async Interface
Asychronous interface is used to terminate analog (async) dial-in calls.
Requisites
Identify the following before configuring an async interface:
•IP configuration
•Encapsulation
•Dialer parameters
•Default IP allocation
•PPP authentication
•Multilink
•Async mode
•Default timeouts
•Port range
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface group-async0
|
Creates a group-async interface from which you can configure all async interfaces at one time.
|
AS5850(config-if)# ip unnumbered loopback0
|
Unnumbers the interface to the IP address of loopback 0 interface.
|
AS5850(config-if)# encapsulation ppp
|
Sets the default encapsulation type to PPP.
|
AS5850(config-if)# dialer in-band
|
Enables dial-on-demand routing on this interface.
|
AS5850(config-if)# dialer idle-timeout 2700
|
Defines the idle timeout under the interface. If a call is idle for 45 minutes (2700 seconds), the system disconnects the user. Default is 120 seconds.
|
AS5850(config-if)# dialer-group 1
|
Assigns dialer-list 1 an interface to determine what kind of traffic to monitor.
|
AS5850(config-if)# async mode interactive
|
Allows the user to run PPP or SLIP on this interface. The line can be switched between interactive use and async interface.
|
AS5850(config-if)# ntp disable
|
Disables Network Time Protocol (NTP) on this interface.
|
AS5850(config-if)# no snmp trap link-status
|
Disables SNMP LINKUP and LINKDOWN traps when this interface goes up or down.
|
AS5850(config-if)# peer default ip address
pool default
|
Specifies that, when a client requests an address, the address is to be fetched from a local address pool called default.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol (CDP) on this interface.
|
AS5850(config-if)# ppp authentication pap
callin USE-RADIUS
|
Specifies that Password Authentication Protocol (PAP) is to be used to authenticate incoming calls, and that authentication is to be done using the USE-RADIUS method list.
|
AS5850(config-if)# ppp multilink
|
Configures the interface for multilink.
|
AS5850(config-if) group-range 2/00 11/143
|
Defines the group range to be covered under this group-async interface—in this case, interfaces 2/00-11/143.
|
|
Exits interface configuration mode.
|
Sample Configuration
AS5850(config)# interface group-async0
AS5850(config-if)# ip unnumbered loopback0
AS5850(config-if)# encapsulation ppp
AS5850(config-if)# dialer in-band
AS5850(config-if)# dialer idle-timeout 2700
AS5850(config-if)# dialer-group 1
AS5850(config-if)# async mode interactive
AS5850(config-if)# ntp disable
AS5850(config-if)# no snmp trap link-status
AS5850(config-if)# peer default ip address pool default
AS5850(config-if)# no cdp enable
AS5850(config-if)# ppp authentication pap callin USE-RADIUS
AS5850(config-if)# ppp multilink
AS5850(config-if)# group-range 2/00 11/143
To Modify, Copy, and Paste
peer default ip address pool default
ppp authentication pap callin USE-RADIUS
Dial Interface
Dial interfaces are used for terminating digital calls and async calls.
Requisites
Identify the following before configuring a dial interface:
•IP configuration
•Encapsulation
•Dialer parameters
•PPP authentication
•Multilink
•Default timeouts
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# interface dialer0
|
Creates a dialer interface from which you can configure all dialer interfaces at one time.
|
AS5850(config-if)# ip unnumbered loopback0
|
Unnumbers the interface to the IP address of loopback 0 interface.
|
AS5850(config-if)# encapsulation ppp
|
Sets the default encapsulation type to PPP.
|
AS5850(config-if)# no ip mroute-cache
|
Turns off fast switching for multicast traffic.
|
AS5850(config-if)# dialer in-band
|
Enables dial-on-demand routing on this interface.
|
AS5850(config-if)# dialer idle-timeout 2700
|
Defines the idle timeout under the interface. If a call is idle for 45 minutes (2700 seconds), the system disconnects the user. Default is 120 seconds.
|
AS5850(config-if)# dialer-group 1
|
Assigns interface to dialer-list 1. Use dialer-list 1 to determine what kind of traffic is worth monitoring.
|
AS5850(config-if)# ntp disable
|
Disables Network Time Protocol (NTP) on this interface.
|
AS5850(config-if)# no snmp trap link-status
|
Disables SNMP LINKUP and LINKDOWN traps when this interface goes up or down.
|
AS5850(config-if)# peer default ip address
pool default
|
Specifies that, when a client requests an address, the address is to be fetched from a local address pool called default.
|
AS5850(config-if)# no cdp enable
|
Disables Cisco Discovery Protocol (CDP) on this interface.
|
AS5850(config-if)# ppp authentication pap
callin USE-RADIUS
|
Specifies that Password Authentication Protocol (PAP) is to be used to authenticate incoming calls, and that authentication is to be done using the USE-RADIUS method list.
|
AS5850(config-if)# ppp multilink
|
Configures the interface for multilink.
|
|
Exits interface configuration mode.
|
AS5850(config)# dialer-list 1 protocol ip
permit
|
Configures dialer-list 1 to consider all IP traffic as worth monitoring.
|
Sample Configuration
AS5850(config)# interface dialer0
AS5850(config-if)# ip unnumbered loopback0
AS5850(config-if)# encapsulation ppp
AS5850(config-if)# no ip mroute-cache
AS5850(config-if)# dialer in-band
AS5850(config-if)# dialer idle-timeout 2700
AS5850(config-if)# dialer-group 1
AS5850(config-if)# ntp disable
AS5850(config-if)# no snmp trap link-status
AS5850(config-if)# peer default ip address pool default
AS5850(config-if)# no cdp enable
AS5850(config-if)# ppp authentication pap callin USE-RADIUS
AS5850(config-if)# ppp multilink
AS5850(config)# dialer-list 1 protocol ip permit
To Modify, Copy, and Paste
peer default ip address pool default
ppp authentication pap callin USE-RADIUS
dialer-list 1 protocol ip permit
IP Address Pools
An IP address pool is a range of IP addresses set aside for a specific purpose such as DHCP. As clients connect to the network gateway, they request and are assigned an IP address from the pool.
Requisites
Identify the following before configuring an IP address pool:
•Local IP pools
•DHCP pools
Configuration
Sample Commands
Command
|
Purpose
|
AS5850(config)# ip dhcp-server x.x.x.x (if
using dhcp)
|
Defines the IP address for the DHCP server. Cisco IOS software queries this server (instead of broadcasting on all interfaces) when it needs to get an address for a client from DHCP.
|
AS5850(config)# ip local pool default
1.1.1.1 1.1.1.254
|
Defines a local address pool called default with addresses spanning 1.1.1.1 to 1.1.1.254 (255 is a reserved broadcast address).
|
AS5850(config)# ip local pool 1 10.100.1.1
10.100.1.64
|
Defines a local address pool called 1 with addresses spanning 10.100.1.1 to 10.100.1.64.
|
Sample Configuration
AS5850(config)# ip dhcp-server x.x.x.x (if using dhcp)
AS5850(config)# ip local pool default 1.1.1.1 1.1.1.254
AS5850(config)# ip local pool 1 10.100.1.1 10.100.1.64
To Modify, Copy, and Paste
ip local pool default 1.1.1.1 1.1.2.254
ip local pool 1 10.100.1.1 10.100.1.64
Virtual Template
Virtual templates are used for cloning virtual-access interfaces for inbound calls.
Requisites
Identify the following before configuring a virtual template:
•IP configuration
•Encapsulation
•Default IP allocation
•PPP authentication
Configuration
Sample Commands
