Notes

User Tools

Site Tools

Trace: notes
cisco:accessserver:as5300:notes

Table of Contents

Cisco - Access Server - AS5300 - Notes

From the “Cisco AS5300 Universal Access Server Software Configuration Guide”:

  • If you want to allow users to dial in through the integrated modems, you must configure the async lines.
  • If your asynchronous interfaces will be using the same basic configuration parameters, we recommend that you group them so that they can be configured as a group. Otherwise, you will need to configure each interface separately.
  • If using the serial interfaces to route data from the T1/PRI or E1/PRI ports to a WAN, you need to configure IP on the [serial] interface.
  • Configure the synchronous serial interfaces on the E1 or T1 PRI card to connect to a WAN through a CSU/DSU.

Enable password encryption: 

configure terminal
service password-encryption

Set an encrypted enable password: 

configure terminal
enable secret P@$$W0RD

Set a password for telnet login: 

configure terminal
line vty 0 4
password P@$$W0RD

Create a local user: 

configure terminal
username admin password P@SSW0RD

Set hostname: 

configure terminal
hostname 5300

Set the clock: 

clock set 15:20:00 14 july 2024

Show the date and time: 

show clock

Set an IP pool named 'setup_pool' to use later: 

configure terminal
ip local pool setup_pool 172.20.30.40 172.20.30.88

Configure T1/E1 controllers for CAS (analog modems?), repeat for each T1/E1 controller: 

configure terminal
controller T1 0
 no shutdown
 framing esf
 linecode b8zs
 cas-group 0 timeslots 1-24 type e&m-fgb dtmf dnis
!

Configure the Ethernet ports:

  • Disable the 10 Mbps port.
  • Configure the 10/100 Mbps port
configure terminal
interface Ethernet0
 shutdown
!
interface FastEthernet0
 duplex auto
 speed auto
 ip address 172.22.50.10 255.255.0.0
!

Set a default gateway: 

configure terminal
ip default-gateway 10.1.1.254

Configure all Async interfaces (dial-in modems) as one group: 

configure terminal
interface Group-Async1
 group-range 1 120
 ip unnumbered FastEthernet0
 encapsulation ppp
 ppp authentication chap
 peer default ip address pool setup_pool
 ip tcp header-compression passive
 async mode interactive
 dialer-list 1 protocol ip permit
 dialer-list 1 protocol ipx permit
!

Configure modem 1 to 240: 

configure terminal
line 1 240
 no exec
 autoselect ppp
 modem DialIn
 modem autoconfigure discovery
 transport input all

Enable aaa, and use a local user database: 

configure terminal
aaa authentication
aaa authentication ppp chap
aaa authentication login default local
aaa authentication ppp default local
username user1 password user1password
username user2 password user2password
line console 0
 login authentication default
line vty 0 4
 login authentication default
interface Group-Async1
 ppp authentication chap default

From Cisco - Dial Case Study Overview the Call Processing Components:

Call Processing Components

From Cisco - Telco and ISP Dial Scenarios and Configurations (PDF):

Running Configuration for Robbed-Bit Signaling

The following example shows a single Cisco access server configured to support remote client PCs dialing in with analog modems over traditional T1 lines. Digital ISDN calls do not transmit across these older types of channelized lines. The configuration assumes that the client can dial in and connect to the router in either terminal emulation mode (text only) or PPP packet mode.

:!: The following configuration works only for analog modem calls. It includes no serial D-channel configuration (Serial 0:23 and Serial 1:23).

:!: The following configuration uses a TACACS+ server for user acccount authentication. If TACACS+ is not used the aaa authentication lines need to be changed to use either radius, or local with username lines for local. Also with either TACACS+ or RADIUS the TACACS+/RADIUS server to use is not set in the below example. 

version xx.x
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname NAS
!
aaa new-model
aaa authentication login console enable
aaa authentication login vty tacacs+
aaa authentication login dialin tacacs+
aaa authentication ppp default tacacs+
aaa authentication ppp dialin if-needed tacacs+
enable secret cisco
!
async-bootp dns-server 10.1.3.1 10.1.3.2
isdn switch-type primary-5ess
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-fgb
!
controller T1 1
framing esf
clock source line secondary
linecode b8zs
cas-group 0 timeslots 1-24 type e&m-fgb
!
interface Loopback0
ip address 10.1.2.254 255.255.255.0
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
ip summary address eigrp 10 10.1.2.0 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
async mode interactive
peer default ip address pool dialin_pool
no cdp enable
ppp authentication chap pap dialin
group-range 1 48
!
router eigrp 10
network 10.0.0.0
passive-interface Dialer0
no auto-summary
!
ip local pool dialin_pool 10.1.2.1 10.1.2.50
ip default-gateway 10.1.1.1
ip classless
!
dialer-list 1 protocol ip permit
!
line con 0
login authentication console
line 1 48
autoselect ppp
autoselect during-login
login authentication dialin
modem DialIn
!
line aux 0
login authentication console
line vty 0 4
login authentication vty
transport input telnet rlogin
!
end

Connect 2 AS5300 via T1/E1

Source: reddit - Connecting two Cisco routers with VWIC2-1MFT-T1/E1 cards

On AS5300-01: 

conf t
controller e1 0
channel-group 0 timeslots 1-31
clock source internal

On AS5300-02: 

conf t
controller e1 0
channel-group 0 timeslots 1-31
clock source line primary

Then use Free CCNA Workbook - How to make a T1 Crossover Cable to create a T1 crossover cable.

Connect AS5300-01 T1/E1 port 0 to AS5300-02 T1/E1 port 0 with the T1 crossover cable.

And if you want to set an IP on each:

On AS5300-01: 

conf t
int serial 0:0
ip add 10.10.16.1 255.255.255.0
no shutdown

On AS5300-02: 

conf t
int serial 0:0
ip add 10.10.16.2 255.255.255.0
no shutdown

After which a 'ping 10.10.16.2' from AS5300-01 should show replies, and a 'ping 10.10.16.1' from AS5300-02 should show replies.

Test a call via ISDN

Test a call via the ISDN D-channel on Serial 0:15: 

isdn call interface serial 0:15 888112

Enabled isdn debug output: 

debug isdn events
debug isdn q921
debug isdn q931

Example debug output of failed call: 

*Jan  1 03:15:34.463 UTC: ISDN Se0:15: Outgoing call id = 0x8003, dsl 0
*Jan  1 03:15:34.463 UTC: ISDN Se0:15: Event: Call to 888112 at 64 Kb/s
*Jan  1 03:15:34.463 UTC: ISDN Se0:15: process_pri_call(): call id 0x8003, number 888112, speed 64, call type DATA, redialed? f, csm call? f, pdata? f
*Jan  1 03:15:34.463 UTC: callED type/plan overridden by call_decode
*Jan  1 03:15:34.467 UTC: did't copy oct3a reason: not CALLER_NUMBER_IE
*Jan  1 03:15:34.467 UTC:  ISDN Se0:15: GetIdleDMSChan: Interface De-Activated
*Jan  1 03:15:34.467 UTC: ISDN Se0:15: CCPRI_ReleaseCall(): bchan 0, call id 0x8003, call type DATA
*Jan  1 03:15:34.467 UTC: ISDN Se0:15: LIF_EVENT: ces/callid 1/0x8003 CALL_REJECTION
*Jan  1 03:15:34.467 UTC: ISDN Se0:15: LIF_EVENT: ces/callid 1/0x8003 CALL_CLEARED
*Jan  1 03:15:34.467 UTC: ISDN Se0:15: received CALL_CLEARED  call_id 0x8003
*Jan  1 03:15:34.467 UTC: no resend setup, no redial
*Jan  1 03:15:34.467 UTC: ISDN Se0:15: Got a disconnect on a non-existent call id = 0x8003.

Test outgoing call via chat script

With chat-script “async” being defined as: 

chat-script async ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT \T" TIMEOUT 30 CONNECT \c

Start chat script “async” on modem 13 to call number 551212: 

start-chat async 14 551212

Enabled debug output: 

debug chat
debug modem csm

Example output of failed call: 

.Jul 21 15:29:18.024 UTC: CHAT14: Matched chat script async to string async
.Jul 21 15:29:18.024 UTC: CHAT14: Asserting DTR
.Jul 21 15:29:18.024 UTC: CHAT14: Chat script async started
.Jul 21 15:29:18.024 UTC: CHAT14: Sending string: ATZ
.Jul 21 15:29:18.024 UTC: CHAT14: Expecting string: OK
.Jul 21 15:29:18.076 UTC: CHAT14: Completed match for expect: OK
.Jul 21 15:29:18.076 UTC: CHAT14: Sending string: ATDT \T<551212>
.Jul 21 15:29:18.076 UTC: CHAT14: Expecting string: CONNECT
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): Rcvd Dial String(T551212)
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): Dropped character T
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): Dial String to be processed (551212)
.Jul 21 15:29:18.180 UTC: Mica Modem(1/13): End of Dial String
.Jul 21 15:29:18.180 UTC: CSM_PROC_IDLE: CSM_EVENT_MODEM_OFFHOOK at slot 1, port 13
.Jul 21 15:29:18.180 UTC: CSM_PROC_IDLE: at slot 1, port 13: no signalling channel is available for outgoing call

.Jul 21 15:29:18.184 UTC: Mica Modem(1/13): Soft Reset
.Jul 21 15:29:18.240 UTC: Mica Modem(1/13): State Transition to Terminating
.Jul 21 15:29:18.252 UTC: Mica Modem(1/13): State Transition to Idle

CHAP: Waiting for peer to authenticate first

Marcos.Zimmerman, ‎11-28-2005 12:36 PM: 

I can see the "As1 CHAP: Waiting for peer to authenticate first" message on both routers...

It seems that both sides treat the back-to-back connection as call in and waiting for 
the other side to authenticate. It is shown in the debug output:

00:14:49: As1 PPP: Using modem call direction

00:14:49: As1 PPP: Treating connection as a callin

Georg Pauwen 11-28-2005 02:04 PM: 

there is a hidden command that you could use:

ppp direction callout (on the local router)

ppp direction callin (on the remote router)

Aparently, in a back-to-back scenario like yours, the routers do not know exactly who called who...

Cisco Community - I need help with pap authentication

cisco/accessserver/as5300/notes.txt · Last modified: 2024/07/25 18:36 by bas
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki