Re: need a configuration of ISDN RAS

tirthasarathi · ‎11-13-2008

Sir,

I have a 2811 router; I want to configure this router as a ISDN RAS, I want to put this router on the boarder of the network, I have some client, who will dial this router through ISDN for accessing network and video conferencing purpose when they want. When customer try to access our network, user authentication will be done by Radius.

I am sending the specification of my 2811 Router

â€¢ 2811 Bundle w/AIM-VPN/SSL-2,Adv. IP Serv,10 SSL lic,64F/256D

â€¢ 2-Port Channelized E1/T1/ISDN-PRI Network Module

â€¢ Cisco 2800 ADVANCED IP SERVICES

â€¢ DES/3DES/AES/SSL VPN Encryption/Compression

Please send a sample configuration , I am waiting for your reply.

Thanks

tirtha

Giuseppe Larosa · ‎11-13-2008

Hello Tirtha,

a) configure the controller

controller E1 6/7

pri-group timeslots 1-31

no shut

!

b) configure PRI signalling channel making it member of a dialer pool

interface Serial6/7:15

no ip address

no ip directed-broadcast

encapsulation ppp

dialer pool-member 1 max-link 2

isdn switch-type primary-net5

isdn incoming-voice data

no cdp enable

ppp authentication chap

ppp multilink

!

c) configure the dialer interface

interface Dialer1

ip address 10.22.22.2 255.255.255.0

no ip directed-broadcast

encapsulation ppp

dialer load-threshold 1 either

dialer pool 1

dialer-group 1

pulse-time 0

no cdp enable

ppp authentication chap

ppp multilink

no ppp multilink fragmentation

!

d) enable aaa new-model and configure use of Radius

aaa new-model

aaa authentication ppp default group radius

radius-server host 10.162.16.122 auth-port 1812 acct-port 1813 key test

radius-server retransmit 3

radius-server authorization permit missing Service-Type

Hope to help

Giuseppe

tirthasarathi · ‎11-14-2008

Sir,

Thank for your reply, please advice me configuring the loop back interface is required or not . and also tell me following command is required or not?

Network-clock-participate slot 1

Network-clock-select 1 E1 1/0

Thank

tirtha

tirthasarathi · ‎11-14-2008

Sir,

Thank for your reply, please advice me configuring the loop back interface is required or not . and also tell me following command is required or not?

Network-clock-participate slot 1

Network-clock-select 1 E1 1/0

Thank

tirtha

Giuseppe Larosa · ‎11-14-2008

Hello Tirtha,

the loopback can be used to represent the address pool in the routing protocol.

the other two commands are specific of your hardware and are probably needed

Hope to help

Giuseppe

tirthasarathi · ‎11-14-2008

have there any sample configuration and network degine (white paper) ?

tirthasarathi · ‎11-17-2008

sir, dialer string r require or not?

Giuseppe Larosa · ‎11-17-2008

Hello Tirtha,

good question.

One could think that a dialer string is needed only to call and is not needed in a receiver only RAS.

However, the PPP authentication phase has to be taken in account in the whole picture.

From the RAS point of view it needs to be able to authenticate each possible user/caller.

The useful command in the RAS is the dialer map command because:

it can appear in multiple lines

provides a logical connection between the remote ISDN number and the remote hostname and the last is the search key for authentication among local user DB or in AAA server.

So I would add the appropriate dialer map command for each possible dial-in user

Well, probably for scalability issues when relying on AAA server the command can be downloaded from it (this looks like reasonable).

For a simple setup you can think to have one dialer-map for each dial-in user configured under the dialer interface

Sorry I removed from my example these commands for privacy.

Hope to help

Giuseppe