ISDN Dial-On-Demand and PPP
ISDN
Basic ISDN configuration:
interface bri0/0
isdn switch-type basic-ni
isdn spid1 5272014
ip address 144.1.45.4 255.255.255.0
dialer map ip 144.1.45.5 broadcast 5272015
dialer-group 1
!
dialer-list 1 protocol ip permit
when a physical BRI interface uses PPP encapsulation, it becomes a point-to-point interface and therefore doesn't need dialer map.
interface bri0/0
isdn switch-type basic-ni
isdn spid1 5272014
encapsulation ppp
ip address 144.1.45.4 255.255.255.0
dialer string 5272015
dialer-group 1
PPP
PPP authentication is unidirectional and is done independently by the two parties of the call. Two sides may use different authentication protocol. We are going to demonstrate this in the following examples.
1. A requires B to authenticate itself, but B doesn't require A to authenticate.
Router-A:
username Router-B password CISCO
!
interface bri0/0
encapsulation ppp
ppp authentication chap
Router-B:
username Router-A password CISCO
!
interface bri0/0
encapsulation ppp
alternatively we can configure the CHAP password on Router-B's interface instead of global config
interface bri0/0
encapsulation ppp
ppp chap password CISCO
2. A uses CHAP to authenticate B and B uses PAP to authenticate A:
Router-A:
username Router-B password CISCO-2
!
interface bri0/0
encapsulation ppp
ppp authentication chap
ppp pap sent-username Router-A password CISCO-1 (this is required for pap auth responder)
Router-B:
username Router-A password CISCO-1
!
interface bri0/0
encapsulation ppp
ppp authentication pap
ppp chap password CISCO-2
Note: in the first example, even though only A requires authentication, password has to be configured on both routers. CHAP password has to match, because both parties creates a hash with it, so it's like a shared secret. However PAP password doesn't have to match on the two routers. PAP requires user name and password to be defined explicitly. See example below:
Router-A:
username Router-B password CISCO-2
!
interface bri0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username Router-A password CISCO-1
Router-B:
username Router-A password CISCO-1
!
interface bri0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username Router-B password CISCO-2
ppp authentication chap [callincallout] uses the callin or callout keyword to authenticate only inbound or outbound calls.
Use no peer neighbor-route command to remove the /32 host route automatically added by PPP for the remote end host. This feature was originally designed to support dialup ISP - so that clients from different subnets can dial in the same dialer interface, and the hub router doesn't need the static routes for the remote clients. However this feature may cause OSPF On-demand circuit to keep the ISDN call up.
PPP can also assign IP address to the remote end router using ip address negotiated command.
When using OSPF with ppp multilink, you need to hardcode bandwidth. Otherwise when the second B channel is activated/deactivated, OSPF will recalculate.
ppp reliable-link and ppp quality command will monitor packet loss and line error.
PPP Callback and ISDN Callback
-PPP Callback Server-
interface bri 0
ip address 7.1.1.7 255.255.255.0
encapsulation ppp
dialer callback-secure (optional, it drops inbound calls that don't require callback)
dialer enable-timeout 2
dialer map ip 7.1.1.8 name atlanta class DIAL1 81012345678901
dialer-group 1
ppp callback accept
ppp authentication chap
!
map-class dialer DIAL1
dialer callback-server username
-PPP Callback Client-
interface bri 0
ip address 7.1.1.8 255.255.255.0
encapsulation ppp
dialer map ip 7.1.1.7 name dallas 81012345678902
dialer-group 1
ppp callback request
ppp authentication chap
Callback can also be achieved on the ISDN level using ISDN callback. ISDN callback happens before PPP negotiation, therefore there is no charge for the first call.
int bri 0/0
isdn caller 5272015 callback
Note: we can also use wildcard character x for instance isdn caller 527201x callback. And this command is also used for call screening besides callback.
When a physical BRI interface is associated with multiple dialer interfaces, we can use PPP authentication to decide which dialer interface an incoming call should be bound to.
interface dialer 1
ip address 10.0.0.1 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name Rack1R4
dialer string 5272014
dialer-group 1
ppp authentication chap
!
interface dialer 2
ip address 10.0.1.1 255.255.255.0
encapsulation ppp
dialer pool 1
dialer remote-name Rack1R5
dialer string 5272015
dialer-group 1
ppp authentication chap
or we can use ISDN caller screening feature to bind the incoming calls:
interface dailer 1
isdn caller 5272014
!
interface dialer 2
isdn caller 5272015
Dial-On-Demand Backup
There are three dial backup methods:
1. Backup Interface
2. OSPF On-demand Circuit
3. Dialer Watch
Note: The backup interface will not work if the main interface is manually shutdown.
When using dialer watch, the watched route must be mapped to a layer 2 dialer string.
Useful commands:
show isdn status
show isdn active
isdn test call interface bri0/0 <remote_end_spid>
isdn test disconnect interface bri0/0 all
debug isdn q931debug ppp negotiation
# posted by - H - @ 11:44 AM 
