======Cisco - Access Server - AS5300 - Notes======
From the "Cisco AS5300 Universal Access Server Software Configuration Guide":
* If you want to allow users to dial in through the integrated modems, you must configure the async lines.
* If your asynchronous interfaces will be using the same basic configuration parameters, we recommend that you group them so that they can be configured as a group. Otherwise, you will need to configure each interface separately.
* If using the serial interfaces to route data from the T1/PRI or E1/PRI ports to a WAN, you need to configure IP on the [serial] interface.
* Configure the synchronous serial interfaces on the E1 or T1 PRI card to connect to a WAN through a CSU/DSU.
Enable password encryption:
configure terminal
service password-encryption
Set an encrypted enable password:
configure terminal
enable secret P@$$W0RD
Set a password for telnet login:
configure terminal
line vty 0 4
password P@$$W0RD
Create a local user:
configure terminal
username admin password P@SSW0RD
Set hostname:
configure terminal
hostname 5300
Set the clock:
clock set 15:20:00 14 july 2024
Show the date and time:
show clock
Set an IP pool named 'setup_pool' to use later:
configure terminal
ip local pool setup_pool 172.20.30.40 172.20.30.88
Configure T1/E1 controllers for CAS (analog modems?), repeat for each T1/E1 controller:
configure terminal
controller T1 0
no shutdown
framing esf
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-fgb dtmf dnis
!
Configure the Ethernet ports:
* Disable the 10 Mbps port.
* Configure the 10/100 Mbps port
configure terminal
interface Ethernet0
shutdown
!
interface FastEthernet0
duplex auto
speed auto
ip address 172.22.50.10 255.255.0.0
!
Set a default gateway:
configure terminal
ip default-gateway 10.1.1.254
Configure all Async interfaces (dial-in modems) as one group:
configure terminal
interface Group-Async1
group-range 1 120
ip unnumbered FastEthernet0
encapsulation ppp
ppp authentication chap
peer default ip address pool setup_pool
ip tcp header-compression passive
async mode interactive
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
Configure modem 1 to 240:
configure terminal
line 1 240
no exec
autoselect ppp
modem DialIn
modem autoconfigure discovery
transport input all
Enable aaa, and use a local user database:
configure terminal
aaa authentication
aaa authentication ppp chap
aaa authentication login default local
aaa authentication ppp default local
username user1 password user1password
username user2 password user2password
line console 0
login authentication default
line vty 0 4
login authentication default
interface Group-Async1
ppp authentication chap default
From [[https://www.cisco.com/en/US/docs/ios/12_0/dial/installation/guide/qccase_ps1828_TSD_Products_Getting_Started_Guide_Chapter.html|Cisco - Dial Case Study Overview]] the Call Processing Components:
{{:cisco:accessserver:as5300:dial_case_study_-_call_processing_components_15042_.png|Call Processing Components}}
From [[https://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/15-mt/dia_15_mt_book/dia_telco_isp_configs.pdf|Cisco - Telco and ISP Dial Scenarios and Configurations (PDF)]]:
=====Running Configuration for Robbed-Bit Signaling=====
The following example shows a single Cisco access server configured to support remote client PCs dialing in with analog modems over traditional T1 lines. Digital ISDN calls do not transmit across these older types of channelized lines. The configuration assumes that the client can dial in and connect to the router in either terminal emulation mode (text only) or PPP packet mode.
:!: The following configuration works only for analog modem calls. It includes no serial D-channel
configuration (Serial 0:23 and Serial 1:23).
:!: The following configuration uses a TACACS+ server for user acccount authentication. If TACACS+ is not used the aaa authentication lines need to be changed to use either radius, or local with username lines for local. Also with either TACACS+ or RADIUS the TACACS+/RADIUS server to use is not set in the below example.
version xx.x
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname NAS
!
aaa new-model
aaa authentication login console enable
aaa authentication login vty tacacs+
aaa authentication login dialin tacacs+
aaa authentication ppp default tacacs+
aaa authentication ppp dialin if-needed tacacs+
enable secret cisco
!
async-bootp dns-server 10.1.3.1 10.1.3.2
isdn switch-type primary-5ess
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-fgb
!
controller T1 1
framing esf
clock source line secondary
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-fgb
!
interface Loopback0
ip address 10.1.2.254 255.255.255.0
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip summary address eigrp 10 10.1.2.0 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
async mode interactive
peer default ip address pool dialin_pool
no cdp enable
ppp authentication chap pap dialin
group-range 1 48
!
router eigrp 10
network 10.0.0.0
passive-interface Dialer0
no auto-summary
!
ip local pool dialin_pool 10.1.2.1 10.1.2.50
ip default-gateway 10.1.1.1
ip classless
!
dialer-list 1 protocol ip permit
!
line con 0
login authentication console
line 1 48
autoselect ppp
autoselect during-login
login authentication dialin
modem DialIn
!
line aux 0
login authentication console
line vty 0 4
login authentication vty
transport input telnet rlogin
!
end
=====Connect 2 AS5300 via T1/E1=====
Source: [[https://www.reddit.com/r/homelab/comments/qdtguz/connecting_two_cisco_routers_with_vwic21mftt1e1/|reddit - Connecting two Cisco routers with VWIC2-1MFT-T1/E1 cards]]
On AS5300-01:
conf t
controller e1 0
channel-group 0 timeslots 1-31
clock source internal
On AS5300-02:
conf t
controller e1 0
channel-group 0 timeslots 1-31
clock source line primary
Then use [[https://www.freeccnaworkbook.com/blog/ccna/how-to-make-a-t1-crossover|Free CCNA Workbook - How to make a T1 Crossover Cable]] to create a T1 crossover cable.
Connect AS5300-01 T1/E1 port 0 to AS5300-02 T1/E1 port 0 with the T1 crossover cable.
And if you want to set an IP on each:
On AS5300-01:
conf t
int serial 0:0
ip add 10.10.16.1 255.255.255.0
no shutdown
On AS5300-02:
conf t
int serial 0:0
ip add 10.10.16.2 255.255.255.0
no shutdown
After which a 'ping 10.10.16.2' from AS5300-01 should show replies, and a 'ping 10.10.16.1' from AS5300-02 should show replies.
=====Test a call via ISDN=====
Test a call via the ISDN D-channel on Serial 0:15:
isdn call interface serial 0:15 888112
Enabled isdn debug output:
debug isdn events
debug isdn q921
debug isdn q931
Example debug output of failed call:
*Jan 1 03:15:34.463 UTC: ISDN Se0:15: Outgoing call id = 0x8003, dsl 0
*Jan 1 03:15:34.463 UTC: ISDN Se0:15: Event: Call to 888112 at 64 Kb/s
*Jan 1 03:15:34.463 UTC: ISDN Se0:15: process_pri_call(): call id 0x8003, number 888112, speed 64, call type DATA, redialed? f, csm call? f, pdata? f
*Jan 1 03:15:34.463 UTC: callED type/plan overridden by call_decode
*Jan 1 03:15:34.467 UTC: did't copy oct3a reason: not CALLER_NUMBER_IE
*Jan 1 03:15:34.467 UTC: ISDN Se0:15: GetIdleDMSChan: Interface De-Activated
*Jan 1 03:15:34.467 UTC: ISDN Se0:15: CCPRI_ReleaseCall(): bchan 0, call id 0x8003, call type DATA
*Jan 1 03:15:34.467 UTC: ISDN Se0:15: LIF_EVENT: ces/callid 1/0x8003 CALL_REJECTION
*Jan 1 03:15:34.467 UTC: ISDN Se0:15: LIF_EVENT: ces/callid 1/0x8003 CALL_CLEARED
*Jan 1 03:15:34.467 UTC: ISDN Se0:15: received CALL_CLEARED call_id 0x8003
*Jan 1 03:15:34.467 UTC: no resend setup, no redial
*Jan 1 03:15:34.467 UTC: ISDN Se0:15: Got a disconnect on a non-existent call id = 0x8003.
=====Test outgoing call via chat script=====
With chat-script "async" being defined as:
chat-script async ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30 CONNECT \c
Start chat script "async" on modem 13 to call number 551212:
start-chat async 14 551212
Enabled debug output:
debug chat
debug modem csm
Example output of failed call:
.Jul 21 15:29:18.024 UTC: CHAT14: Matched chat script async to string async
.Jul 21 15:29:18.024 UTC: CHAT14: Asserting DTR
.Jul 21 15:29:18.024 UTC: CHAT14: Chat script async started
.Jul 21 15:29:18.024 UTC: CHAT14: Sending string: ATZ
.Jul 21 15:29:18.024 UTC: CHAT14: Expecting string: OK
.Jul 21 15:29:18.076 UTC: CHAT14: Completed match for expect: OK
.Jul 21 15:29:18.076 UTC: CHAT14: Sending string: ATDT \T<551212>
.Jul 21 15:29:18.076 UTC: CHAT14: Expecting string: CONNECT
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): Rcvd Dial String(T551212)
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): Dropped character T
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): Dial String to be processed (551212)
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): End of Dial String
.Jul 21 15:29:18.180 UTC: CSM_PROC_IDLE: CSM_EVENT_MODEM_OFFHOOK at slot 1, port 13
.Jul 21 15:29:18.180 UTC: CSM_PROC_IDLE: at slot 1, port 13: no signalling channel is available for outgoing call
.Jul 21 15:29:18.184 UTC: Mica Modem(1/13): Soft Reset
.Jul 21 15:29:18.240 UTC: Mica Modem(1/13): State Transition to Terminating
.Jul 21 15:29:18.252 UTC: Mica Modem(1/13): State Transition to Idle
=====CHAP: Waiting for peer to authenticate first=====
Marcos.Zimmerman, 11-28-2005 12:36 PM:
I can see the "As1 CHAP: Waiting for peer to authenticate first" message on both routers...
It seems that both sides treat the back-to-back connection as call in and waiting for
the other side to authenticate. It is shown in the debug output:
00:14:49: As1 PPP: Using modem call direction
00:14:49: As1 PPP: Treating connection as a callin
Georg Pauwen 11-28-2005 02:04 PM:
there is a hidden command that you could use:
ppp direction callout (on the local router)
ppp direction callin (on the remote router)
Aparently, in a back-to-back scenario like yours, the routers do not know exactly who called who...
[[https://community.cisco.com/t5/vpn/i-need-help-with-pap-authentication/td-p/474923|Cisco Community - I need help with pap authentication]]