03-07-2003 03:38 AM - edited 03-02-2019 05:40 AM
I need to configure an AS5300 for dialin access to a corporate network. There will be a PRI circuit associated with a 1-800 hunt group. What is required to connect the AS5300 PRI interface to the service provider network (csu/dsu)?
Does anyone have a known working AS5300 configuration with PRI interface(s) for dialin that they can share with me as a reference?
Thank you in advance,
Dan
03-07-2003 07:23 AM
The as5300 controller card will have a built-in CSU/DSU.
http://www.cisco.com/warp/public/793/access_dial/5300.html
http://www.cisco.com/warp/public/793/access_dial/async_multilink.html
Thanks, Mak.
03-08-2003 04:54 AM
So connecting the AS5300 PRI is similar to connecting a WIC-1T-DSU, a straight-through RJ54 from the access server to the provider's network?
Thanks to both of you, Mak and ndoshi, for your feedback.
Dan
03-08-2003 07:20 AM
WIC-1DSU-T1 ...One T1 CSU/DSU WAN Interface Card provides full or fractional T1 service. It does not do channelized T1 or ISDN PRI.
The connecting cable type is the same..RJ45.
Thanks, Mak.
03-08-2003 08:12 AM
Yes, thank you, Mak. I realize the technical difference between the WIC-1DSU-T1 and the PRI. I was trying to reference the interconnectivity of the PRI with the service provider's network. As with the referenced WIC-1DSU, the PRI does not require an external DSU to connect to the WAN.
Thanks again for your assistance.
Regards,
Dan
03-07-2003 09:19 PM
03-31-2003 08:23 AM
Here is my working copy of an AS5300 used for dialin access. I did however remove some network specific info like ip address and passwords. I also use a Cisco Secure ACS for authentication but I think you can modify it for use with local users. Hopefully this helps
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname AS5300
!
aaa new-model
aaa authentication login default enable
aaa authentication login no_tacacs enable
aaa authentication ppp default group tacacs+
aaa authorization network default group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting network default start-stop group tacacs+
enable secret 5 ***REMOVED***
enable password 7 ***REMOVED***
!
spe 1/0 1/7
firmware location flash:pw2721.ios
!
!
resource-pool disable
!
!
!
!
!
clock timezone EST -4
ip subnet-zero
no ip source-route
no ip finger
ip domain-name ***REMOVED***
ip name-server ***REMOVED***
ip name-server ***REMOVED***
!
no ip bootp server
ip address-pool dhcp-proxy-client
ip dhcp-server ***REMOVED***
async-bootp dns-server ***REMOVED*** ***REMOVED***
async-bootp nbns-server ***REMOVED*** ***REMOVED***
isdn switch-type primary-5ess
isdn voice-call-failure 0
cns event-service server
mta receive maximum-recipients 0
!
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
fdl ansi
!
controller T1 1
clock source line secondary 1
!
controller T1 2
clock source line secondary 2
!
controller T1 3
clock source line secondary 3
!
!
!
!
interface Loopback0
no ip address
no ip directed-broadcast
!
interface Ethernet0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
clockrate 2015232
!
interface Serial1
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
clockrate 2015232
!
interface Serial2
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
clockrate 2015232
!
interface Serial3
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
clockrate 2015232
!
interface Serial0:23
no ip address
no ip directed-broadcast
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-5ess
isdn incoming-voice modem
no fair-queue
no cdp enable
!
interface FastEthernet0
ip address ***REMOVED*** 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
duplex auto
speed auto
no mop enabled
!
interface Group-Async1
ip unnumbered FastEthernet0
no ip directed-broadcast
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer-group 1
async dynamic address
async dynamic routing
async mode interactive
peer default ip address dhcp
no cdp enable
ppp authentication ms-chap chap
group-range 1 48
!
interface Dialer1
ip unnumbered Loopback0
no ip directed-broadcast
encapsulation ppp
no ip mroute-cache
dialer in-band
dialer idle-timeout 600
dialer-group 1
no peer default ip address
no fair-queue
no cdp enable
ppp authentication ms-chap chap
ppp multilink
!
ip default-gateway ***REMOVED***
ip classless
ip route 0.0.0.0 0.0.0.0 ***REMOVED***
ip http server
ip http authentication local
!
dialer-list 1 protocol ip permit
!
tacacs-server host ***REMOVED***
tacacs-server key ***REMOVED***
snmp-server engineID local 00000009020000D0BA8035D8
snmp-server community public RO
!
!
line con 0
password 7 ***REMOVED***
login authentication no_tacacs
transport input none
line 1 24
autoselect during-login
autoselect ppp
modem InOut
rotary 1
transport preferred lat pad mop telnet rlogin udptn v120 lapb-ta nasi
transport input all
transport output lat pad mop telnet rlogin udptn v120 lapb-ta nasi
line 25 48
autoselect during-login
autoselect ppp
modem InOut
transport preferred lat pad mop telnet rlogin udptn v120 lapb-ta nasi
transport input all
transport output lat pad mop telnet rlogin udptn v120 lapb-ta nasi
line aux 0
password 7 ***REMOVED***
line vty 0 4
password 7 ***REMOVED***
!
ntp clock-period 17179405
ntp update-calendar
ntp server 129.127.28.4 prefer
scheduler interval 1000
end
04-02-2003 06:37 AM
Thank you for the sample config. Can I provide a dialin account with local authentication to perform maintenance on the AS5300? Do I need to give special privileges to the administrator dialin account? I am familiar with doing this on routers and firewalls, but have not worked much with access servers in this regard.
Thanks Again,
Dan
04-02-2003 09:40 AM
Can do an exec dialin into the as5300 for admin purpose (do not need do PPP)...after enable access the admin can carry out all router commands.
aaa authentication login default local.... will do that.
Thanks, Mak.
04-02-2003 10:04 AM
Thank you for the info, Mak. Using this command will allow me to dialin via the PRI? Once connected, how do I login to the access server and get into enable mode so that I can configure the device?
What is my flexibility in configuring the incoming PRI channels? Can I connect specific channels to certain internal modems? Can I force certain modems to connect at 1200 bps and others at 9600 bps?
If you know of a source for detailed configuration info I would like to review the commands available for this device. Your assistance is greatly appreciated.
Regards,
Dan
04-02-2003 10:24 AM
With commands "asyn mode interactive" (under int group-asy 1) & " autoselect ppp" under the lines.....if we do an exec dialin (say using hyperterm, ATDTxxxx) the NAS will sniff the first packet & will know whether it's a PPP call or exec....the exec call will be terminated on the router itself, where the user will be prompted for username/password (actually depends on what AAA commands we have).
After successful authentication the user will be at a "routername>" prompt.....now if we enter in enable mode we are good to carry out commands on the router.
Yes, we can dialin using the PRI (based on bearercap call will transfered to modem).
No, we cannot map certain DS0s to certain modems.
Yes, we can configure certain modem for 1200 / 9600 pbs speeds.
Thanks, Mak.
04-02-2003 10:45 AM
Thanks again, Mak.
I'm looking for a reference to help with the modem speed config and other more detailed info so that I can bring myself up to speed on this device. The client tells me that they will have three phone numbers. They want the first one to be tied to the 3 1200bps modems, the second to the 10 9600bps. I'm not real sure how to do this, or how to make it work. Does the service provider direct certain phone numbers over certain PRI channels? How do we ensure that, say, the 1200bps users get connected to the modems we have configured for 120bps?
Are there any command references available for OS ver. 12.0 for this device? I have been scouring CCO and have found the following URL's:
Any further references would be appreciated.
Regards,
Dan
04-03-2003 09:11 AM
Since we have 3 different phone number for the incomming calls we can do modem pooling to send the calls based on DNIS to different groups of modems.
http://www.cisco.com/warp/public/793/access_dial/pri_dnis_mpool.html
http://www.cisco.com/warp/public/793/access_dial/modem_pooling.html
Further, we can use a modemcap that will fine tune the characterstics of a modem (we will have 3 different pools with different chacterstics)...this is achived by changing the "S" registers on the modems (using modemcap):
s29, s30,s31 etc
Thanks, Mak.
04-03-2003 09:59 AM
Thanks again, Mak. I will sift through the URLs you gave me.
Regards,
Dan
04-07-2003 07:50 AM
I got most of this stuff ironed out. I can route certain calls - based on "called-number" - to a specific group of modems. My remaining question is where do I go to set the "S" registers for the modems that I want to run at, say, 1200 bps or 9600bps? How do I save these initialization files to ensure that the modems get initialized properly upon reboot?
Thank You,
Dan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: