ASK THE EXPERT-AS5X00 ACCESS SERVERS FOR DIAL/ACCESS/MODEM/PPP CONNECTIVITY

Unanswered Question
Oct 31st, 2008
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on configuring and troubleshooting Dial/Access platforms for remote ISDN/Modem calls with Cisco expert Zulfiqar Ahmed. Zulfiqar, CCIE# 3960, is part of High Touch Technical Support (HTTS) based out of San Jose, California where he currently holds the position of high touch engineer (HTE). Zulfiqar joined Cisco in 1997 as an engineer in the Technical Assistance Center (TAC). His background has been in Remote Access, Dial, AAA, DSL, and Broadband Cable networks. He has worked on a variety of Cisco Platforms. He has authored relevant Cisco.com documents, conducted trainings and war rooms for Cisco partners, and has taught in Cisco bootcamps and courses. Zulfiqar holds a bachelor's degree in computer systems engineering and a master's in electrical engineering from Wichita State University, Kansas.


Remember to use the rating system to let Zulfiqar know if you have received an adequate response.


Zulfiqar might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through November 14, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
b.speltz Fri, 10/31/2008 - 16:38
User Badges:
  • Bronze, 100 points or more

Can you have two end points of a PPP connection in different subnets/networks like 1.1.1.1 and 2.2.2.2, or do they have to be in the same subnet?


zahmed Sun, 11/02/2008 - 10:27
User Badges:
  • Cisco Employee,

Hi Bob,


Yes, absolutely. Unlike some other point to point links, you can definitely have the two end points of a PPP connection in different networks. Upon successful negotiation of IPCP phase, PPP installs a /32 host route for the remote end, and it does not care whether its in the same subnet or network or a different one.


Thanks and Regards,


~Zulfiqar

mgupta Sun, 11/02/2008 - 07:21
User Badges:

I am receiving a PPPoEoQinQ mirrored traffic from another Huawei switch to 3560G switch. I am able to see this traffic on 3560G port. When I mirror this traffic (SPAN Configuration) to destination port, the traffic is zero on destination port. i.e I am not able to mirror this traffic. Where is the limitation. When the traffic is received as normal L3 packets the 3560G mirrors it and same traffic as available on destination port.

zahmed Sun, 11/02/2008 - 17:19
User Badges:
  • Cisco Employee,

Hi Manish,


Due to the relevance of this question to Lan switching world, you might want to post this in the following forum:


LAN, Switching and Routing

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee71a04


Thanks and Regards,


~Zulfiqar

devang_etcom Sun, 11/02/2008 - 18:21
User Badges:
  • Gold, 750 points or more

hi Zulfiqar,


Its really great to see you back in the forum!!!


How can I configure the server to assign particular IP addresses to particular Client from its pool in PPPoE?

for example: client 1 should get 1.1.1.1/24 and client 2 should get 1.1.1.2/24...


regards

Devang Patel

zahmed Mon, 11/03/2008 - 11:44
User Badges:
  • Cisco Employee,

Hi Devang,


Thanks for the warm welcome :-) Hope you are doing great.


As far as your question is concerned, you will have to take care of this specific IP address/mask assignment request via your AAA/Radius profiles for client1 and client2.


In that, you will have to set their Framed-IP-Address and Framed-IP-netmask attributes according to the requirement as you mentioned.


In the router config, just make sure you have "aaa authorization network default group radius" configured or else these attributes will not get applied onto the incoming clients.


Thanks and Regards,


~Zulfiqar


devang_etcom Mon, 11/03/2008 - 12:37
User Badges:
  • Gold, 750 points or more

Zulfiqar,


Thanks for your reply, so there is no way router as a server or client can have the specific ip address assignment to client to configure on router itself!!! right!!! I will have to use the AAA/Radius external servers right!!!


one more thing I want to learn PPPoE from basic to advance, like what are the feature can be offered to the remote access client as a service provider!!! I know MPLS VPN and Multicast are the good services that can be used as value added services!!! other than that? as well as the different configuration optins for PPPoE!!!


regards

Devang Patel

zahmed Tue, 11/04/2008 - 10:02
User Badges:
  • Cisco Employee,

Devang,


Yes, this is correct. The local config on the router will not offer you to configure your requirement, and hence you must take care of that via AAA using an external AAA server like RADIUS.


As for learning PPPoE, if you search on cisco.com on PPPoE, you will get a number of hits that will be very useful for your reading. This will also allow you to understand what features you could offer to your subscribers.


Thanks and Regards,


~Zulfiqar

cisco steps Mon, 11/03/2008 - 13:59
User Badges:

Hi,


I was wondering if you have any experience with hybrid voip, we are using AS5350XM.. also we are using the old DMS switches and in the design we have VXT's covert the X25 DMS signaling between the user & the DMS into IP packets and Voice Gateways convert the Voice path between the user & the DMS into VoIP



is there any way you explain that to me in detail, and one more thing , can this network be a true voip instand of hybrid voip


Thanks

zahmed Wed, 11/05/2008 - 15:54
User Badges:
  • Cisco Employee,

Hi ocporbust,


I am certainly not an expert in hybrid VoIP but if you have any specific questions you can definitely post here, or in the IPT forum for the other experts to explain to you:


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee6c829


Thanks and Regards,


~Zulfiqar


dianewalker Tue, 11/04/2008 - 20:42
User Badges:

We setup AS5300 for dialup. Because of budget problem, we have removed the T1 line and replace the dial-up with modem cards instead. Therefore, we can no longer have a dial-up through the AS5300. What we want to know is besides the dial-up function, can we use the AS5300 for something else?


Thanks.


Diane

zahmed Wed, 11/05/2008 - 17:50
User Badges:
  • Cisco Employee,

Hi Diane,


For using one of those good old AS5300s for something other than modem/isdn dialup, I will bring in mind what other interfaces it is left with, without a T1/E1 connected.


So the first thing I can think of is that I could probably make use of it as a 2-port ethernet router (since it has an ethernet and a fastethernet interface), like, for instance, a Cisco 806 when you have a broadband (DSL or cable) connection at home. So you could put your DHCP configuration for your local LAN devices on it, and also put your NAT on it, and just use it as described in this article :


How to Configure a Cisco Router Behind a Non-Cisco Cable Modem

http://www.cisco.com/en/US/tech/tk86/tk89/technologies_configuration_example09186a0080094be1.shtml


This is just to give an idea what I am talking about exactly.



Now, if you have a quad or octal T1/E1 card in it, you'll probably have two or four built-in serial interfaces (Serial0, Serial1, Serial2, Serial3). These serial interfaces are capable of doing HDLC, X.25 etc. So these could be used as WAN connection as well. Infact, these serial interfaces support V.35 also. So if you are practicing for CCIE and have a router acting as your frame-relay switch, these serial interfaces could connect to this frame-relay switch using V.35 DTE/DCE cable. So that could be another application I could think of right now.


Here is some documentation on these serial interfaces:


Connect the Serial Port for WAN Access

http://www.cisco.com/en/US/docs/routers/access/as5300/hardware/quick/guide/5300bklt.html#wp28791


Configuring Synchronous Serial Interfaces for WAN Support

http://www.cisco.com/en/US/docs/routers/access/as5300/software/configuration/guide/5300bas2.html#wp14430




Other than that, I am sure somebody might have some other ideas too.


Let me know if you have any follow up questions.


Thanks and Regards,


~Zulfiqar




dianewalker Thu, 11/06/2008 - 13:30
User Badges:

Zulfiqar,


Thanks very much for your prompt response and information. We have a quad T1/E1 and 4 built-in serial interfaces (S0 - S3). Do you think I can use this AS5300 instead of the Cisco 1600 as a WAN connection?


Thanks.


Diane

zahmed Thu, 11/06/2008 - 13:42
User Badges:
  • Cisco Employee,

Hi Diane,


You are very welcome. If you could let me know what type of WAN connection it is, I would be better able to answer it for you.


Thanks and Regards,


~Zulfiqar

dianewalker Thu, 11/06/2008 - 20:05
User Badges:

Thanks for your prompt response again. Sorry for not making it clear. We want to connect through a frame relay with a T1 line. We want to put this AS5300 at the Remote site. So, instead of using Cisco 1600 (which is the end of life), we want to put the AS5300.


Can we connect this AS5300 to the DSL line?


If I still have not answered your question, please let me know. If I ask dumb questions, please forgive me. I just want to utilize this AS5300 due to budget cut.


Thanks.


Diane

mveith Wed, 11/05/2008 - 05:56
User Badges:

I have one E1 interface and want to realize different dialin scenarios:

1)ISDN- and Modem-Dialin for internal users (any calling number accepted)

2) ISDN router to router connections (only specific calling numbers accepted!)

Is there a possibility to realize this on only one physical interface?

I think caller screening is only possible on the d-channel ("isdn caller xxx"). The internal users need to be open for every calling number, so I can not screen for special numbers dependend on special ppp users.

Thanks

Manfred

zahmed Thu, 11/06/2008 - 12:18
User Badges:
  • Cisco Employee,

Hi Manfred,


I think this should be do-able on one single E1 interface, however it will make your config go very cumbersome depending upon the number of analog modem users, ISDN modem users, and ISDN client routers you have.


First of all, you do have "dialer caller xxx" equivalent of "isdn caller" command that goes on a dialer interface. It lets you do callerID screening on dialer level, in addition to help 'bind' an incoming call to a particular dialer profile.


So your config to cover both requirements will look something like this (I am only focusing on the relevant part, and hence only showing the relevant config) :


interface Serialx:15

no ip address

encap ppp

isdn incoming voice-modem

ppp authen chap/pap

dialer pool 200

!

interface group-async 0

ip unnum loopback0

etc

etc

ppp authen chap/pap

!

interface dialer 1

ip address 1.1.1.1 255.255.255.252

dialer pool-member 200

dialer remote-name Bob

etc

ppp authen chap/pap

!

interface dialer 2

ip address 2.2.2.2 255.255.255.252

dialer pool-member 200

dialer remote-name Tom

etc

ppp authen chap/pap

!

interface dialer 3

ip address 3.3.3.3 255.255.255.252

dialer pool-member 200

dialer remote-name ISDN_Router_1

dialer caller 111222333

etc

ppp authen chap/pap

!

interface dialer 4

ip address 4.4.4.4 255.255.255.252

dialer pool-member 200

dialer remote-name ISDN_Router_2

dialer caller 444555666

etc

ppp authen chap/pap



So with the above config, "isdn incoming voice-modem" on the D channel (Serialx:15) will make sure all incoming analog modem calls go to internal modems through 'interface group-async 0' (identified via analog bearercap in the incoming Q931 SETUP packet).


However, when the bearercap is digital it will look for a match via "dialer remote-name" commands under the dialer profiles. Once a match is found the call will be tied to the corresponding dialer interface. So this will cover your ISDN modem users (for example, Bob and Tom in the above config). In addition to that, when an incoming digital call is from an ISDN router, it will match the remote name, for instance, ISDN_Router_1, however due to "dialer caller 111222333" it will also make sure that this ISDN_Router_1 is coming in with the specified caller ID. If not, the call will not bind to that dialer interface, or to any dialer interface for that matter, and will get dropped.


Please note that whatever number you specify in the "dialer caller" command, it should be exactly the same as seen in the "calling party number" field in the incoming SETUP packet while doing "debug isdn q931" for that call.


With so many dialer interfaces that you would need in this tight requirement, ip addressing for your multiple dialer interfaces will be an issue as well. So just thought to bring this to your attention also. So while I believe it should work, you might have to play a lot in your configuration to make that happen.


Please let me know if you have any questions.


Thanks and Regards,


~Zulfiqar



mveith Fri, 11/07/2008 - 04:33
User Badges:

Hi Zulfiqar,

thanks for your answer.


At the moment I think the dialer caller command is only for binding and there is no problem to get a connect with the wrong dialer calling number.

This note from the command reference confirms this too:


"Incoming calls also can be bound to a dialer profile based on PPP name authentication, so in this instance

the incoming call can be bound to the dialer profile even if the presented caller ID does not match (!) the dialer caller value. To configure caller ID screening with dialer profiles, use the legacy isdn caller

command."


So we need a possibility to configure the "isdn caller" commands, which means two different d-channels or physical interfaces?!


Do you have an idea for this?


Thanks and Regards

Manfred

zahmed Sun, 11/09/2008 - 22:05
User Badges:
  • Cisco Employee,

Hi Manfred,


Thanks for catching that. You are right. As the document states, the "dialer caller" would only do the callerID screening job if you were doing dialer rotary, instead of dialer profiles. This means what you are trying to do is not possible through 'local configuration' on one single E1, and you need atleast two E1s to accomodate your requirements. However, you should be able to use RADIUS to make sure router clients could only connect when they provide a certain username/password and as well as a specific CLID. Again, thanks for pointing me to the mistake.


Thanks and Regards,


~Zulfiqar



mehsulsss Sat, 11/08/2008 - 11:35
User Badges:

I am wondering how to accomplish the ssl wepvpn connectivity to other branch offices.

My primary office is setup for the ssl webvpn. The users need to reach other branch offices after vpn in. The router behind the ASA has the dedicated links to branch offices and if the conection goes down, the ASA has the L2L tunnel on it and interesting traffic will initiate the L2L because of the default route outbound to the internet.


In order to setup ssl webvpn, I have to add routes for the branch offices on the ASA pointing inside because then we can reach the branches via the dediacted connections.If I add the route for the branch office pointing inside on the ASA, then we have issue with L2L. How can I accomplish this for the ssl vpn aswel as the L2L at the same time?

Anonymous (not verified) Mon, 11/10/2008 - 02:54
User Badges:

How do I check the b-channel usage on my as5350?

zahmed Mon, 11/10/2008 - 14:31
User Badges:
  • Cisco Employee,

Hi John,


You mean the number of B channels currently active with calls ? See if 'show controllers t1/e1 call-counters' is what you're looking for.


Thanks and Regards,


~Zulfiqar

nevilles45 Mon, 11/10/2008 - 17:02
User Badges:

Hi Zulfiqar,


I'm having alot of trouble with what should be a straight forward setup. Basically, I'm trying to set up a home lab using a 2511 access server running IOS 10.2, connected via async octal rolled cables to each devices console port. I've included the configs for the access server and a target device "BB1". I've also included "debug ip packet" output. Why is the reverse telnet behaving in this way, do I need an IOS upgrade, config change or is there maybe a cabling issue ??


Your help would be appreciated.


Thanks


Neville



Attachment: 
zahmed Mon, 11/10/2008 - 21:33
User Badges:
  • Cisco Employee,

Hi Neville,


Please change 'transport input none' under "line 1 16" to 'transport input all' and see how it goes.


Thanks and Regards,


~Zulfiqar

nevilles45 Tue, 11/11/2008 - 02:56
User Badges:

Thanks Zulfiqar,


I'll try that this evening, and let you know how it goes.


Rgds


Neville

nevilles45 Tue, 11/11/2008 - 12:20
User Badges:

Hi Zulfiqar


No luck I'm afraid.. I've tried your suggestion however, "transport input all" is not supported under IOS 10.2. I have tried "transport input telnet","transport output telnet", "transport preferred telnet". All of thiese did not help. Ho hum. Myabe there is a cabling problem or the 2511 is in need of an IOS upgrade.


Any other ideas would be welcome.


Thanks Neville

zahmed Tue, 11/11/2008 - 20:42
User Badges:
  • Cisco Employee,

Hi Neville,


You definitely need "transport input telnet" if "all" is not available. So please keep that in there, and then look into cabling problems and such.


By the way, on the BB1 router did you try removing "logging synchronous" from its console port and see if you could connect to it ?


Is BB1 the only device you tried? If thats the case, try connecting to some other device's console port.


Also, could you connect to BB1 directly via a laptop/computer using hyperterm or some equivalent program?


Thanks and Regards,


~Zulfiqar

nevilles45 Wed, 11/12/2008 - 06:11
User Badges:

Hi Zulfiqar,


Finally I've sorted this out. It seems that starting from scratch in terms of configs, and paying close attention to using the correct rolled cable in relation to the async port done the trick. Just a few lines to thank you assistance.


Rgds


Neville

Actions

This Discussion