Kostis Netzwerkberatung
Konstantinos Kostis
Talstr. 25, D-63322 Rödermark
Tel. +49 6074 881056, FAX 881058
kosta@kostis.net, http://www.kostis.net/

You may use this information free of charge at your own risk. No free support.

mini-HowTo: Cisco ISDN LAN to LAN

Introduction

This document describes Cisco IOS 12.0 sample configurations for an ISDN dialup connection between two Cisco routers using PPP. Most of the configuration is generic and should work for any ISDN dialup PPP connection.

This sample configuration is based on the following design assumptions:

design assumption	remark
LAN A IP Subnet 192.168.1.0/24 LAN B IP Subnet 192.168.2.0/24 (/24 aka 255.255.255.0)	private network addresses (RFC1918)
LAN A router IP address 192.168.1.1 LAN B router IP address 192.168.2.1
no routing to other subnets
no DNS needed on router
European DSS1 ISDN connection	aka Euro-ISDN
clients configured to use router as gateway

In this sample configuration routers are named routera/routerb internally, you can change that, but please follow rules for hostnames (RFC1035). Make sure you change all names in both configuration files.

Changes needed before use

Some changes must be made before you can use this configuration consisting basically of replacing placeholders for usernames by real usernames, placeholders for passwords by real passwords of your choice and last but not least MSN dialer information. Placeholders that need to be changed are:

Placeholder	Function
%epasswda% %epasswdb%	password needed to switch to enable mode
%cpasswda% %cpasswdb%	password for console logins
%tpasswda% %tpasswdb%	password for telnet logins
%ppasswd%	PPP chap authentication password
%msnareaa% %msnnuma% %msnareab% %msnnumb%	ISDN area codes and MSNs

Password Security

After you enter passwords, they will be encrypted in router memory (that's what service password-encryption is for).

A Cisco configuration can only be viewed (eg. using ' write terminal' or ' show running-config') after giving the enable secret on your router so keep this enable secret password a real secret. All other passwords can be decrypted using certain tools (type 7 passwords can easily be decrypted, type 5 are tough to hack), so don't leave printouts of your configuration lying around. Secure all servers storing your configuration files. It's beyond the scope of this document to explain how to do this.

Channel Bundling

In this sample configuration design I assume you want to limit the configuration to use a single B-channel (hence 64000 bps max. bandwidth). If you want to use channel bundling (both B-channels resulting in twice the speed but usually also twice the cost, hence 128000 bps), add the following two lines from the configuration below in the interface Dialer1 section on both routers:

dialer load-threshold 10 outbound
ppp multilink

10 is the threshold at which the second channel kicks in. Possible values are from 1 to 255. The higher the value the heavier/longer traffic needs to be there before the second channel kicks in. 10 is a rather low value and is recommended only if you expect heavy use and want to prevent unnecessary delays.

Cisco Configuration Modes

The configuration sample is in a format compatible with the format your router stores its configuration on a TFTP server or what it would show when you do a 'write terminal'. It's not necessarily the order in which you have to type in things, so if you get any error message that you need to define something before you can do whatever you were just about to do, define that something (most likely listed a few lines below) and try again.

In order not to confuse you even more by giving you two versions of each configuration and since the scope of this document does not include a tutorial on Cisco CLI (Command Line Interface), which is nicely documented by Cisco, I at least want to give you a hint there is something about the bush. You need to be able to navigate around 'enable', 'configure terminal' and such things without the help of this document.

Cisco ISDN Dialup Configuration Sample

The following Cisco ISDN PPP dial on demand configuration sample has been created for IOS 12. It has last been tested on two Cisco 1003 Routers using IOS 12.0(21a) equipped with 2 MB Flash, 8 MB DRAM. Cisco asks for 4 MB Flash but the Cisco 1003 IOS 12.0 "IP Only" image fits into a 2 MB Flash card just fine. This configuration should work with any IOS >= 12.0.

Configuration routera

!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname routera
!
logging buffered 8192 debugging
no logging console
enable secret %epasswda%
!
username routerb password %ppasswd%
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
no ip name-server
isdn switch-type basic-net3
clock timezone MET 1
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
interface Ethernet0
description LAN A
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
no ip route-cache
no keepalive
no cdp enable
!
interface BRI0
description physical ISDN BRI - enable caller-id
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
isdn caller %msnareab%%msnnumb% exact
isdn answer1 %msnnuma%
isdn calling-number %msnnuma%
no cdp enable
ppp authentication chap callin
!
interface Dialer1
description connection to routerb
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
no ip split-horizon
dialer remote-name routerb
dialer string 0%msnareab%%msnnumb%
dialer caller %msnareab%%msnnumb%
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap
ppp chap hostname routera
ppp chap password %ppasswd%
!
ip classless
ip route 192.168.1.0 255.255.255.0 Ethernet0
ip route 192.168.2.0 255.255.255.0 Dialer1
!
access-list 1 permit any
dialer-list 1 protocol ip permit
no cdp run
no ip http server
snmp-server location LAN A
snmp-server contact network admin
!
line con 0
exec-timeout 0 0
password %cpasswda%
login
line vty 0 4
password %tpasswda%
login
!
end

Configuration routerb

!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname routerb
!
logging buffered 8192 debugging
no logging console
enable secret %epasswdb%
!
username routera password %ppasswd%
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
no ip name-server
isdn switch-type basic-net3
clock timezone MET 1
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
interface Ethernet0
description LAN B
ip address 192.168.2.1 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
no ip route-cache
no keepalive
no cdp enable
!
interface BRI0
description physical ISDN BRI - enable caller-id
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
isdn caller %msnareaa%%msnnuma% exact
isdn answer1 %msnnumb%
isdn calling-number %msnnumb%
no cdp enable
ppp authentication chap callin
!
interface Dialer1
description connection to routera
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
no ip split-horizon
dialer remote-name routera
dialer string 0%msnareaa%%msnnuma%
dialer caller %msnareaa%%msnnuma%
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap
ppp chap hostname routerb
ppp chap password %ppasswd%
!
ip classless
ip route 192.168.1.0 255.255.255.0 Dialer1
ip route 192.168.2.0 255.255.255.0 Ethernet0
!
access-list 1 permit any
dialer-list 1 protocol ip permit
no cdp run
no ip http server
snmp-server location LAN B
snmp-server contact network admin
!
line con 0
exec-timeout 0 0
password %cpasswdb%
login
line vty 0 4
password %tpasswdb%
login
!
end

Saving Configuration Changes

Make sure to store your configuration in NVRAM every time you make changes:

copy running-config startup-config

If you fail to do this, your changes will be lost the next time your router reboots (eg. due to power failure).

Remarks

A Word on Passwords

As you can see above there are four passwords on each router. Only the PPP chap password must be the same on both routers, the other passwords may and should be different on each router, even if that may mean you have to make a list of passwords. Most people will be tempted to make local router passwords all the same but it's not a good idea to make enable secret and "normal" passwords the same. Cisco recommends not doing this. It is however acceptable if your console password (line con) and your telnet password (line vty 0 4) are the same if you're concerned about the number of different passwords used.

Optional Configuration

The following two lines are to prepare the routers for GMT+1 timezone and automatic switch for summer time, but this really makes only sense if you also have a time source (eg. an NTP server) from which the router gets it's time. I left those lines in this sample to make you aware of the fact there is such a thing as a clock in your router which you may want to set and configure. You can discard those lines without any impact on the connection.

clock timezone MET 1
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00

Search and Replace

Before you can actually use this configuration you will have to replace the placeholders mentioned above. In order to that I suggest you do this:

save the configuration samples to two textfiles using a simple editor such as "notepad"
search and replace those place holders for each file, save changes

Make sure you have your MSN data right. Also make a note of the passwords used and store them in a secure place.

Copy and Paste

There are two issues when trying to "cut & paste" the configuration files from a text editor to a router terminal such as "HyperTerm":

HyperTerm may feed the router too fast and hence overwhelm the router's CLI which means some lines get lost
After each "interface" and "line" block there should be an "exit " line - you have to add them before "cut & paste"

In order to circumvent overwhelming the router I suggest you don't feed the router the whole configuration all at once but in two chunks. First chunk is from the top to "dialer pool 1", the second chunk covers the rest.

Editing MSN data

Even though this document is not a tutorial on Cisco IOS CLI, I want to give you a hint how to change your MSN data since this is the most likely change you may make. When people move their MSN data often changes as well, so here goes. I assume you're logged in to your router and switched to "enable mode".

configure terminal	configure router from terminal
interface bri0	configure interface bri0
isdn answer1 %newmsnnuma%	change own MSN data
idsn calling-number %newmsnnuma%	change own MSN data
isdn caller %newmsnareab%%newmsnnumb% exact	add remote MSN data
no isdn caller %oldmsnareab%%oldmsnnumb% exact	remove old remote MSN data
exit	done with interface bri0
interface dialer1	configure interface dialer1
dialer caller %newmsnareab%%newmsnnumb%	this number maps this dialer
dialer string 0%newmsnareab%%newmsnnumb%	note the leading 0
no dialer caller %oldmsnareab%%oldmsnnumb%	remove old remote MSN data
dialer string 0%oldmsnareab%%oldmsnnumb%	remove old remote MSN data
exit	done interface dialer1
exit	done configure
copy run s	save configuration changes

The changes mentioned above must be done on both routers, of course. It should not be done over your WAN since you may cut the connection you're using to make the changes...