Chapter 12
Establishing Serial PointtoPoint Connections © 2000, Cisco Systems, Inc.
121
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—122
Objectives Upon completion of this chapter, you will be able to perform the following tasks: • Configure HDLC and PPP protocols on a serial WAN connection • Configure PAP and CHAP authentication on a PPP connection • Verify proper pointtopoint HDLC and PPP configuration
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—123
WAN Overview
Service Provider
• WANs connect sites • Connection requirements vary depending on user requirements and cost © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—124
WAN Connection Types: Layer 1 Leased Line
Synchronous serial
Asynchronous serial, ISDN Layer 1
Circuitswitched
Telephone Company
Synchronous serial
Packetswitched
© 2000, Cisco Systems, Inc.
Service Provider
www.cisco.com
ICNDv 1.0a—125
Interfacing WAN Service Providers WAN service provider toll network
S S
S S
S
S
CO Switch Local Loop
S
Demarcation
Trunks and switches
Customer Premises Equipment
Pointtopoint or circuitswitched connection
Provider assigns connection parameters to subscriber © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—126
Serial PointtoPoint Connections Router connections
End user device
DTE
CSU/ DSU
DCE Service Provider
EIA/TIA232
EIA/TIA449
V.35
X.21
EIA530
Network connections at the CSU/DSU
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—127
Typical WAN Encapsulation Protocols: Layer 2 Leased Line
HDLC, PPP, SLIP
X.25, Frame Relay, ATM Packetswitched
Service Provider
PPP, SLIP, HDLC Circuitswitched
© 2000, Cisco Systems, Inc.
Telephone Company
www.cisco.com
ICNDv 1.0a—128
HDLC Frame Format Cisco HDLC Flag
Address
Control
Proprietary
Data
FCS
Flag
• Cisco’s HDLC has a proprietary data field to support multiprotocol environments HDLC Flag
Address
Control
Data
FCS
Flag
• Supports only single protocol environments
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—129
HDLC Command
Router(configif)#encapsulation hdlc
• Enable hdlc encapsulation • HDLC is the default encapsulation on synchronous serial interfaces
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1210
An Overview of PPP Multiple protocol encapsulations using NCPs in PPP
TCP/IP Novell IPX AppleTalk
PPP Encapsulation
Link setup and control using LCP in PPP
• PPP can carry packets from several protocol suites using Network Control Programs • PPP controls the setup of several link options using LCP © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1211
Layering PPP Elements IP
IPX
IPCP
PPP
Layer 3 Protocols
IPXCP
Many Others
Network Control Protocol Authentication, other options Link Control Protocol Synchronous or Asynchronous Physical Media
Network Layer Data Link Layer Physical Layer
PPP—A data link with networklayer services © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1212
PPP LCP Configuration Options Feature Authentication
How It Operates
Protocol
Require a password
PAP Perform Challenge Handshake CHAP
Compression
Compress data at source; reproduce data at destination
Stacker or Predictor
Error Detection
Monitor data dropped on link Avoid frame looping
Quality Magic Number
Multilink
Load balancing across multiple links
Multilink Protocol (MP)
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1213
PPP Authentication Overview Dialup or CircuitSwitched Network
PPP Session Establishment 1 2 3
Link Establishment Phase Optional Authentication Phase NetworkLayer Protocol Phase
Two PPP authentication protocols: PAP and CHAP © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1214
Selecting a PPP Authentication Protocol Remote Router (SantaCruz)
PAP 2Way Handshake
CentralSite Router (HQ)
“santacruz, boardwalk” Accept/Reject username santacruz password boardwalk
Hostname: santacruz Password: boardwalk
• Passwords sent in clear text • Peer in control of attempts © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1215
Selecting a PPP Authentication Protocol (cont.) Remote Router (SantaCruz)
CHAP 3Way Handshake Challenge
CentralSite Router (HQ)
Response
Hostname: santacruz Password: boardwalk
Accept/Reject
username santacruz password boardwalk
Use “secret” known only to authenticator and peer © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1216
Configuring PPP and Authentication Overview Verify who you are. Service Provider
Authenticating Router
(The router that received the call.)
Router to Be Authenticated
Enabling PPP
(The router that initiated the call.) Enabling PPP
Enabling PPP Authentication
Enabling PPP Authentication
ppp encapsulation hostname username / password ppp authentication
© 2000, Cisco Systems, Inc.
ppp encapsulation hostname username / password ppp authentication
www.cisco.com
ICNDv 1.0a—1217
Configuring PPP
Router(configif)#encapsulation ppp • Enable PPP encapsulation
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1218
Configuring PPP Authentication Router(config)#hostname name
• Assigns a host name to your router Router(config)#username name password password
• Identifies the username and password of authenticating router
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1219
Configuring PPP Authentication (cont.)
Router(configif)#ppp authentication {chap | chap pap | pap chap | pap}
• Enables PAP and/or CHAP authentication
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1220
Configuring CHAP Example Left router
PSTN/ISDN
hostname left username right password sameone ! int serial 0 ip address 10.0.1.1 255.255.255.0 encapsulation ppp ppp authentication CHAP
© 2000, Cisco Systems, Inc.
Right router
hostname right username left password sameone ! int serial 0 ip address 10.0.1.2 255.255.255.0 encapsulation ppp ppp authentication CHAP
www.cisco.com
ICNDv 1.0a—1221
Verifying HDLC and PPP Encapsulation Configuration Router#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 10.140.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDPCP Last input 00:00:05, output 00:00:05, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 38021 packets input, 5656110 bytes, 0 no buffer Received 23488 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 38097 packets output, 2135697 bytes, 0 underruns 0 output errors, 0 collisions, 6045 interface resets 0 output buffer failures, 0 output buffers swapped out 482 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1222
Verifying PPP Authentication with the debug ppp authentication Command Left router
Service Provider
Right router
4d20h: %LINK3UPDOWN: Interface Serial0, changed state to up 4d20h: Se0 PPP: Treating connection as a dedicated line 4d20h: Se0 PPP: Phase is AUTHENTICATING, by both 4d20h: Se0 CHAP: O CHALLENGE id 2 len 28 from ”left" 4d20h: Se0 CHAP: I CHALLENGE id 3 len 28 from ”right" 4d20h: Se0 CHAP: O RESPONSE id 3 len 28 from ”left" 4d20h: Se0 CHAP: I RESPONSE id 2 len 28 from ”right" 4d20h: Se0 CHAP: O SUCCESS id 2 len 4 4d20h: Se0 CHAP: I SUCCESS id 3 len 4 4d20h: %LINEPROTO5UPDOWN: Line protocol on Interface Serial0, changed state to up
debug ppp authentication successful CHAP output © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1223
Visual Objective wg_pc_a 10.2.2.12 e0/1
e0/2
e0
pod A B C D E F G H I J K L
wg_ro_a
10.2.2.3
s0 10.140.1.2
wg_sw_a 10.2.2.11
PPP with CHAP wg_pc_l 10.13.13.12 e0/1
wg_ro_l e0/2
e0 10.13.13.3
wg_sw_l 10.13.13.11
PPP with CHAP s0 10.140.12.2
LL
... fa0/24 core_ server 10.1.1.1 © 2000, Cisco Systems, Inc.
core_sw_a 10.1.1.2
fa0/23
ro’s s0 10.140.1.2 10.140.2.2 10.140.3.2 10.140.4.2 10.140.5.2 10.140.6.2 10.140.7.2 10.140.8.2 10.140.9.2 10.140.10.2 10.140.11.2 10.140.12.2
s1/0 s2/3 10.140.1.1 … 10.140.12.1
fa0/0 core_ro 10.1.1.3 www.cisco.com
ICNDv 1.0a—1224
Summary After completing this chapter, you should be able to perform the following tasks: • Select an appropriate WAN connection based on your requirements • Configure HDLC and PPP encapsulation methods on your pointtopoint WAN connection • Configure CHAP authentication on a PPP connection © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1225
Review Questions 1. What are three types of WAN connections you can enable on a Cisco router? 2. What are two examples of pointtopoint encapsulation protocols and what are the advantages of each? 3. What are some of the PPP LCP options?
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1226
Chapter 12
Establishing Serial PointtoPoint Connections © 2000, Cisco Systems, Inc.
1227
Objectives Upon completion of this chapter, you will be able to perform the following tasks:
Describe the components that make up ISDN connectivity Configure ISDN BRI and legacy dialon demand routing (DDR) Verify DDR operation
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1228
What is ISDN? Small office
Digital PBX
Provider network
Telecommuter
Home office Central site
Voice, data, video, and special services © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1229
ISDN Standards Issue Telephone Network and ISDN ISDN Concepts, Aspects, and Interfaces Switching and Signaling
Protocol
Key Examples
ESeries
E.163—International Telephone Numbering Plan E.164—International ISDN Addressing
ISeries
I.100 Series—Concepts, Structures, Terminology I.400—UserNetwork Interfaces (UNIs)
QSeries
Q.921—LAPD (Link Access Procedure on the D channel) Q.931—ISDN Network Layer between Terminal and Switch
Standards from the ITU (formerly CCITT) © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1230
ISDN Access Options Channel Capacity
Mostly Used for
B
64 kbps
D
16/64 kbps Signaling information (LAPD)
BRI
PRI
Circuitswitched data (HDLC, PPP)
NT1 Service provider network
D 2B CSU/DSU
D 23 or 30B
BRI and PRI are used globally for ISDN © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1231
BRI Call Processing
ISDN service provider
1
4
ISDN Switch
2
SS7
3 ISDN Switch
B channel(s) D channel/SS7 signaling © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1232
ISDN Functions and Reference Points TE1
S
ISDN Terminal
TE2 Existing Terminal
© 2000, Cisco Systems, Inc.
R
NT2 T NT1
TA Terminal Adapter
Local loop
U
Service provider network
Functions are devices or hardware Reference points are demarcations or interfaces www.cisco.com
ICNDv 1.0a—1233
Cisco ISDN BRI Interfaces Native ISDN interface—int bri 0
TE1
bri 0
S/T
NT1
bri 0
TE1 U NT1
Service provider network
TE2
R
S0
TA
S/T
NT1
Nonnative ISDN interface—int serial 0 (EIA/TIA232, V.35, X.21)
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1234
ISDN Switch Types S S
S
CO
S
S
S S
S
S S
S S
S
CO
Many providers and switch types
Services vary by regions and countries © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1235
Configuring ISDN BRI Step 1: Specify the ISDN switch type Router(config)#isdn switchtype switchtype Router(configif)#isdn switchtype switchtype
Specifies the type of ISDN switch with which the router communicates Other configuration requirements vary for specific providers
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1236
Configuring ISDN BRI (cont.) Step 2: (Optional) Setting SPIDs Router(configif)#isdn spid1 spidnumber [ ldn ]
Sets a B channel SPID required by many service providers Router(configif)#isdn spid2 spidnumber [ ldn ]
Sets a SPID for the second B channel
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1237
Written Exercise
BRI 0
S 0
Customer Premises
Local Loop
Service Provider
Label the functional elements and reference points © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1238
Written Exercise: Answers
BRI 0
S 0
R
TA
S/T
S/T
Customer Premises
NT1
NT1
U
U
Local Loop
Service Provider
Label the functional elements and reference points © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1239
What Is DialonDemand Routing? Dallas
Corporate PSTN
I need to send data to Dallas.
ISDN
Chicago
Connect when needed Disconnect when finished ISDN or PSTN © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1240
When to Use DDR
Telecommuter Headquarters
Periodic connections
Vendor
Small amounts of data © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1241
Generic DDR Operation “Interesting” packet arrives
DCE
1. Route to destination is determined
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1242
Generic DDR Operation “Interesting” packet arrives
DCE
1. Route to destination is determined 2. Interesting packets dictate DDR call
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1243
Generic DDR Operation “Interesting” packet arrives
Dial connection DCE
ISDN or Basic Service
1. Route to destination is determined 2. Interesting packets dictate DDR call 3. Dialer information is looked up
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1244
Generic DDR Operation “Interesting” packet arrives
Dial connection DCE
ISDN or Basic Service
1. Route to destination is determined 2. Interesting packets dictate DDR call 3. Dialer information is looked up 4. Traffic is transmitted 5. Call is terminated © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1245
Configuring Legacy DDR “Interesting” packet arrives
DCE
1
Define static routes—What route do I use?
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1246
Configuring Legacy DDR “Interesting” packet arrives
DCE
1 2
Define static routes—What route do I use? Specify interesting traffic—What traffic enables the link?
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1247
Configuring DDR “Interesting” packet arrives
Dial connection DCE
1 2 3
ISDN or Basic Service
Define static routes—What route do I use? Specify interesting traffic—What traffic enables the link? Configure the dialer information—What number do I call?
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1248
Task 1: Defining Static Routes (Route to Destination) Subnet 10.40.0.0
10.1.0.1
Home
bri 0 5551000
ISDN
10.1.0.2
bri 0 5552000
Central
Subnets 10.10.0.0 10.20.0.0
ip route 10.40.0.0 255.255.0.0 10.1.0.1
ip route 10.10.0.0 255.255.0.0 10.1.0.2 ip route 10.20.0.0 255.255.0.0 10.1.0.2
Specify address of next hop router
Network prefix and prefix mask © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1249
Task 2: Specifying Interesting Traffic (What Enables the Connection?) • Without Access Lists dialerlist 1 protocol ip permit
Any IP traffic will initiate the link • With Access Lists (for better control) dialerlist 1 protocol ip list 101 accesslist 101 deny tcp any any eq ftp accesslist 101 deny tcp any any eq telnet accesslist 101 permit ip any any
Deny FTP Deny Telnet
Any IP traffic, except FTP and Telnet, will initiate the link © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1250
Task 3: Configuring the Dialer Information hostname Home ! isdn switch-type basic-5ess ! username central password cisco interface BRI0 ip address 10.1.0.1 255.255.255.0 encapsulation ppp dialer idle-timeout 180 dialer map ip 10.1.0.2 name Central 5552000 dialer-group 1 no fair-queue ppp authentication chap ! router rip network 10.0.0.0 ! no ip classless ip route 10.10.0.0 255.255.0.0 10.1.0.2 ip route 10.20.0.0 255.255.0.0 10.1.0.2 ! dialer-list 1 protocol ip permit © 2000, Cisco Systems, Inc.
www.cisco.com
Applies rules defined by dialerlist to individual interfaces
Both values must match
ICNDv 1.0a—1251
Task 3: Configuring the Dialer Information (cont.) How do I get to subnetwork 10.10.0.0? 10.1.0.1
Home
bri 0 5551000
ISDN
10.1.0.2
bri 0 5552000
Central
interface BRI0 ip address 10.1.0.1 255.255.255.0 encapsulation ppp dialer idle-timeout 180 dialer map ip 10.1.0.2 name Central 5552000 dialer-group 1 no fair-queue ppp authentication chap
© 2000, Cisco Systems, Inc.
www.cisco.com
Subnets 10.10.0.0 10.20.0.0
Number to dial Remote host name Used for PPP CHAP
ICNDv 1.0a—1252
Legacy DDR Configuration Tasks Summarized hostname Home ! isdn switch-type basic-5ess ! username central password cisco
3
1 2 © 2000, Cisco Systems, Inc.
interface BRI0 ip address 10.1.0.1 255.255.255.0 encapsulation ppp dialer idle-timeout 180 dialer map ip 10.1.0.2 name Central 5552000 dialer-group 1 no fair-queue ppp authentication chap ! router rip network 10.0.0.0 ! no ip classless ip route 10.10.0.0 255.255.0.0 10.1.0.2 ip route 10.20.0.0 255.255.0.0 10.1.0.2 dialer-list 1 protocol ip permit ! www.cisco.com
ICNDv 1.0a—1253
Optional Legacy DDR Commands
uter(configif)#dialer loadthreshold load outbound | inbound | either ]
Establishes the amount of traffic on link before a second link is enabled
uter(configif)#dialer idletimeout seconds
Establishes the idle time before disconnect
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1254
Legacy DDR Using ACLs Configuration Example access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq telnet dialer-list 1 list 101 ! ip route 192.168.12.0 255.255.255.0 10.108.126.2 ip route 192.168.14.0 255.255.255.0 10.108.126.2 ! interface bri 0 ip address 10.108.126.1 255.255.255.0 dialer-group 1 dialer map ip 10.108.126.2 name B 5551234 ! dialer idle-timeout 300 10.108.126.1
A © 2000, Cisco Systems, Inc.
10.108.126.2
ISDN www.cisco.com
B
Access list defining interesting packets on Cisco A Static routes to reach destination Interface configuration for DDR Time to wait before dropping call Subnets 192.168.12.0 192.168.14.0
ICNDv 1.0a—1255
Verifying Legacy DDR and ISDN Operation Router#ping or telnet
Router#show dialer
• Triggers a link (assuming it is part of interesting traffic) • Displays current status of link, including amount of time link is connected
Router#show isdn active
• When using ISDN, displays call status while call is in progress
Router#show isdn status
• Displays the status of an ISDN connection
Router#show ip route
© 2000, Cisco Systems, Inc.
• Displays all routes, including static routes www.cisco.com
ICNDv 1.0a—1256
Verifying Legacy DDR and ISDN Operation (cont.) Router#debug isdn q921
• Shows ISDN layer 2 messages
Router#debug isdn q931
• Shows ISDN call setup and teardown activity
Router#debug dialer
• Shows call setup and teardown activity
Router(configif)#shutdown
• Clears currently established connections from the interface
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1257
Visual Objective wg_pc_a 10.2.2.12 e0/1
e0/2
e0
wg_ro_a
10.2.2.3
bri0 10.130.0.2/24
wg_sw_a 10.2.2.11
PPP with CHAP wg_pc_l 10.13.13.12 e0/1
wg_ro_l e0/2
e0 10.13.13.3
wg_sw_l 10.13.13.11
PPP with CHAP bri0 10.185.0.2/24
ISDN
... fa0/24 core_ server 10.1.1.1 © 2000, Cisco Systems, Inc.
core_sw_a 10.1.1.2
fa0/23
fa0/0
pod A B C D E F G H I J K L
ro’s bri0 10.130.0.2 10.135.0.2 10.140.0.2 10.145.0.2 10.150.0.2 10.155.0.2 10.160.0.2 10.165.0.2 10.170.0.2 10.175.0.2 10.180.0.2 10.185.0.2
s3/0 (pri) 10.130.1/24 … 10.185.0.1/24
core_ro 10.1.1.3 www.cisco.com
ICNDv 1.0a—1258
Summary After completing this chapter, you should be able to perform the following tasks: Identify the components in an ISDN network Configure ISDN BRI and legacy dialon demand routing (DDR) Verify DDR operation using show and debug commands
© 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1259
Review Questions 1. Differentiate between a native and a nonnative ISDN BRI interface. 2. How do you configure a Cisco router to interface to an ISDN switch? Why do you need to be specific about the switch type? 3. List and describe the three tasks associated with configuring DDR. 4. Why might you choose to use an access list to define interesting traffic for DDR? © 2000, Cisco Systems, Inc.
www.cisco.com
ICNDv 1.0a—1260