connecting to the Internet!

[paulk29]

All,
I was wondering is the following possible to configure on Cisco Routers;

Currently I have a dialup networking account with My ISP so that when I dial in with My PC using PSTN I get challenged for a username and password ( PAP ) and then the ISP assigns my Session an IP address.
Is it possible to do the same with a Cisco Router using ISDN and PPP( using the same ISP account ) so that the Router dials in and gets authenticated with PAP and it gets assigned an IP address?
Thanks
Paul

Paul Kilcoyne B eng. CCNA

 

[paulk29]

All,
is there anyone out there that could help me with my above post? I'd like to be able to do this and have users on the LAN NATed to this internet address as this would save on having to buy a public address from the ISP ( and you know how costly thats getting ).
Thanks again
Paul

Paul Kilcoyne B eng. CCNA

 

[wybnormal]

It is not clear what you are asking for... IDSN by design will dial a number, have to answer a authentication request (username/password) and create the layer 3 link. This is all done *behind the scenes* unless you track the q921 and q931 which are your layers 2 and 3. This needs to be built up before any kind of user authentication will take place since you need the connection first.

And no, I dont know how costly the public IP is getting since around here (Los Angeles) it's not that expensive to get a small block of IPs. The ISDN is going to cost you more then the IP address since most times ISDN is a metered connection unless you buy a block of time for the link or work out some other deal.

MikeS


Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

 

[paulk29]

O.K. maybe I didnt make myself clear. I connect at present to the Internet using a modem attached to my P.C. I dial a number and my P.C. uses PPP ( PAP ) to connect over dial up networking. The ISP then gives my session an IP address from a pool. So each time I connect I get a different IP address. My quiery is, is it possible to configure a Cisco Router similarly so that it can connect to the ISP using PPP and PAP and be allocated an IP addess. I'd like to use ISDN so that I can get a bandwidth of 128K. Then I could share this connection to the Internet out onto Users on My LAN using NAT.
I have attached the config of My 1700 below, any help is again much appreciated.
regards
Paul

sh run
Building configuration...

Current configuration : 1223 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CLI_WWW
!
enable secret 5 $1$L5gF$K18j4OvJ4j7/rU7ZMwLUU/
!
username paulk password 0 balally
ip subnet-zero
!
isdn switch-type basic-net3
!
!
!
interface Loopback1
no ip address
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication pap
ppp multilink
!
interface FastEthernet0
ip address 10.20.20.1 255.255.255.0
ip nat inside
speed 10
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 300
dialer string 91891121121
dialer load-threshold 1 either
dialer-group 2
no cdp enable
ppp authentication pap
ppp multilink
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 1 permit 10.20.20.0 0.0.0.255
access-list 101 permit ip any any
dialer-list 2 protocol ip list 101
!
line con 0
password infinity
login
line aux 0
line vty 0 4
password 7 104A0616011B17

end




Paul Kilcoyne B eng. CCNA

 

[paulk29]

Hi,
Anyone got any ideas on this one?
Thanks
Paul

Paul Kilcoyne B eng. CCNA

 

[jimmyzz]

Paul
If you want to dial out on the router via a PSTN line to your ISP, you can do this. You would use the router's AUX port, configure a virtual async interface and chat scripts as required. You'll have to check out the cisco webiste for sample configs to suit your setup. However you would still be allocated a dynamic IP address from your ISP and restricted to 33-56k.

If you are changing your requirements to having a dedicated public IP and sharing the internet connection to your LAN, then you need to revise your solution to best suit the new environment.

You should talk to your ISP (or other ISPs) about a dedicated broadband connection such as ADSL or cable. They should allocate you a dedicated IP address/es as part of their package. Even if you go ISDN, the ISP should be able to assist you with a package which includes a public address.

JimmyZ

 

[experimenter]

Hi Paul,

If your issue is assigning a dedicated IP address you or better to say your ISP should assign that or permit you to pick up a predefined IP address. It depends on the type authentication, authorization and accounting protocol, for instance a PPP Framed-User in Radius protocol can get a static IP using Framed-Address parameter and there are similar rules in tacacs and etc. You see assigning IP address happens in AAA server side. PAP, CHAP, and ... are methods of authentication, but assigning IP address is a part of authorization process.

I hope I did not misunderstand your question paul, because this seems too simple to solve, at list when you are who asks.

have a nice day



Experimenter

 

[idaho1977]

Hi Paul

Here in the UK it works just fine. I have a Cisco 800series which I have just config'd for internet use.

The config is below, I hope it helps. I think it is pretty obvious which bits I have changed to "protect the innocent".

Obviously it can be tweaked further but it works.


!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname XXXXXXX
!
enable secret 5 $1$ekB2$qJqb1nvUgnNsPd4vLBGYd1
!
username XXXXXXX password XXXXXXXXX
!
!
!
!
ip subnet-zero
no ip source-route
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip access-group 121 in
no ip proxy-arp
ip nat inside
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap pap callin
ppp multilink
!
interface Dialer1
description ISP
ip address negotiated
ip access-group 121 in
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip split-horizon
dialer remote-name Cisco1
dialer pool 1
dialer idle-timeout 300
dialer string XXXXXXXXXXXX class DialClass
dialer hold-queue 10
dialer load-threshold 10 either
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXX
ppp chap password XXXXXXXXX
ppp pap sent-username XXXXXXXXX password XXXXXXXXXX
ppp multilink
!
ip nat inside source list 1 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
map-class dialer DialClass
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
!
no rcapi server
!
!
time-range TIME
periodic daily 0:00 to 23:59
!
end

 

[paulk29]

Idaho and others,
thanks very much for your help. I was wondering have you been able to get the 128K bandwidth from your ISP or do you have to get them to allow you this bandwidth? I've got it working but only at 64K.
Thanks again
Paul

Paul Kilcoyne B eng. CCNA

 

[tschouten]

Paul,

As the great and mighty (Slim) JimmyZ stated in a post earlier. You are going to be stuck with dial-up connection speed 33-56k. You might be able to pull off speeds higher than 56k, but not by much. You are using the router to dial into their modem banks. I guarantee you they have a router(s), with a module(s) of nothing but modems connected to it granting your access. Unless you get an actual ISDN, Cable or any other form of highspeed connection, the only way you are going to achieve 128 or higher is through multiplexing different (multiple) connections. And at that case you are going to have to make sure your ISP knows you have multiple connections dialing into them, because 9-10 odds they have you blocked from accessing a connection more than once under your account access. (If they don't they're stupid, and when they figure out what your doing they will be a bit miffed!)

So as Jimmyz said earlier, your best bet is to actually look into a highspeed connection. Most of them even have business class connections at a fair price. A couple that I use supply you with one static IP, 354, and everyonce in a while supply you with a 2620 router. For around $85 a month. And that is at their first tier level.

 

[idaho1977]

Hi Paul

dialer load-threshold 10 either

The line above of the config determines whether the second line is brought up or not, and the number can range from 1-255 I believe. If set to 255 the first channel bandwidth would need to be 100% full before the second line is brought up. Conversely if you set it to 1, the router should dial on both channels at the same time.

dialer load-threshold 10 either

You would need to also check that your ISP supports 128k connections and that no other device is using the ISDN.

Hope this helps.

 

[maxcolmer25]

Hi Paul,

From looking at your config your are in Ireland somewhere as i recognised the number. Can i also add that posting up your config without blanking out username, password and your ISP phone number is not a good idea but i promise i will not use them!!!
The problem with ISDN and using 128k is that you will be charged for 2 phone calls and i think solution below might suit you better.
To be honest i think you would be better going fo one of the packages that Eircom or Esat offer. Eircom have a starter package which is €99 for self install and €54 per month after. You will need to purchase modem(at your choice) for €140 inc VAT. They say bandwidth is between 258-512k but i have installed quite alot of these and bandwidth is usually nearer the 512k mark. There is also a 5gig cap on this package. If you want a public IP the package to go for is the Eircom Enhanced package which is €160 +VAT. This gives you 1024k down and 256k upload. There is no download limit and if your company can afford it i would strongly recommend it.
There are also other ISPs that provide these services but the only other ISP i would recommend would be Esat which are very competetive. Give trhem a call and see what they have to offer you.
If you have any more queries you can contact me at mcolmer@brandon.ie
Best of luck with it

Eircom ADSL sales 1800512128
Esat DSL Sales 1800924924

Max

 

[thunderbug66]

Hey yall,

I'm trying to modify the script above to be used on a 1601 router with an async modem. So far, no luck. Debugging tells me i have no chat script for my dial string. Can anyone help me get this working?

thanks
--james