Enabling ISDN on BRI0 intraface as backup

[ash786]

I have just configured a CISCO 1600 router to connect to our site via a WAN interface using a dedicated kilostream line. I would like to configure the BRI0 interface on the same router to dial via ISDN in the event that the WAN connection was to go down.

Does anyone know how to confirgure the BRI0 interface to dial via ISDN, as I am new to ISDN.

Thank you

 

[wybnormal]

Try these links.. it's pretty easy to do..

You need need to define the BRI port, add the standby commands to the serial interface, add a dialer and possibly an access list to keep traffic to only what you need to pass over the slower link.

MikeS

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/dial_c/dcdbaks.htm

http://www.cisco.com/warp/public/123/backup-main.html

This one has some nice sample code

http://www.cisco.com/warp/public/793/access_dial/ddr_dialer_profile.html

MikeS Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[ChrisAC]

Try this for size!!


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Leased line with ISDN backup example !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname my-router
!
aaa new-model
aaa authentication login word local
aaa authentication login CONSOLE none
aaa authentication ppp default if-needed local
enable secret 5 level5password
!
username admin password 7 abcdefxxxxx (log in names for telnet access)
username support password 7 abcdefxxxx
ip subnet-zero
no ip source-route
ip name-server aaa.bbb.ccc.ddd (put your DNS servers here)
ip name-server eee.fff.ggg.hhh
isdn switch-type basic-net3
!
!
interface Ethernet0
ip address 212.100.xxx.xxx 255.255.255.252
no ip directed-broadcast
no ip proxy-arp
!
interface Serial0
backup interface Dialer1 (select the backup interface)
backup delay 10 10 (set the delay eg. 10 seconds .. whatever!!)
ip address 212.100.xxx.xxx 255.255.255.252
no ip directed-broadcast
encapsulation ppp
bandwidth 256
down-when-looped
no cdp enable
!
interface BRI0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
!
interface Dialer1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
dialer remote-name name
dialer idle-timeout 5
dialer enable-timeout 5
dialer string 0845123456
dialer caller x callback
dialer pool 1
dialer-group 1
no fair-queue
ppp authentication chap pap
ppp chap password 7 chappassword
!
no ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 0.0.0.0 0.0.0.0 Dialer1 200
!
dialer-list 1 protocol ip permit
snmp-server community public RO
!
line con 0
transport input none
line vty 0 4
!
end

Chris.

 

[wybnormal]

You are not filtering any route updates and you are not filtering any chatty traffic like NBT port 137/138. This might prove to be an expensive phone call via ISDN if the link is down for any length of time.

The AAA authentication will bite you unless you have TACACS, TACACS+ or Radius running somewhere. Someone learning this for the first time might not know this and think it's required when it's not.

The SNMP string is a huge security hole.. at least change it to something other then PUBLIC

Dialer pool and dialback is not needed for the average backup link. I have over 300 routers runnign ISDN backup without this part. It has it's place.. but not when you are learning.. the KIS principle applies here nicely

MikeS

Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[ChrisAC]

Fair points!! However, this is a basic configuration for a customer to ISP link showing how ISDN can be used as a backup to a primary line.

1. No filtering on ISDN .... in this particular example, we simply provide a backup for primary line failure. We don't filter on the routers as all filtering is usually done on the firewalls. Having said that, in this case, yes .. I would filter on the router to prevent the ISDN line being brought up unnecessarily. Good point!

2. The aaa authentication is used only in this case to provide a more secure telnet logon! Better than just setting a line vty 0 4 password, which many people do and indeed that's what you are taught at CCNA level. In a private network, yes, I would install authentication servers.

3. SNMP string isn't PUBLIC normally. We do use our SNMP community string and I should have made a note .. put your SNMP string here ...!!! Well spotted!!

4. I wouldn't consider the dialer-pool too much for Cisco beginners!! It's not that hard. However, you're right, not really needed in this case but I was just using a standard configuration.

Anyway, keep up the good work!

Chris.

 

[wybnormal]

Chris-

Thanks for the explantions of each piece. I have seen a few CCNA's with the "deer in the headlights" look when trying to config ISDN for the first time. I think ISDN has this urban myth of being difficult( which it can be) where the truth of the matter is that 90% of the time, it's pretty simple. Unless you want to start talking dialout on PRIs with incoing voice and so on. Then life gets a bit interesting.

Anyways.. thanks again for posting the config.

MikeS Find me at

http://www.packetattack.com

"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin

 

[ChrisAC]

Ha ha!! "Deer in the headlights"!!! Nice!! That's exactly how I felt when I first looked at ISDN configuration!! I can remember covering it in the ICND course. We went over it so quickly my head was spinning!! I had to really sit down with all my CCNA materials and fathom it out!! Now it looks so simple. Strange!!

Oh well .. of to install another router!!

Cheers!

Chris.

 

[jeter]

we have the serial interface setup like this

!
username jeter password 0 cisco
!
isdn switch-type basic-dms100

interface serial0.1 point-to-point
ip adderess 192.168.67.38 255.255.255.252
no ip directed-broadcast
backup delay 10 10
backup interface BRI0

interface BRI0
bandwidth 128
ip address 192.168.67.38 255.255.255.252
no ip directed-broadcast
encapsulation ppp
dialer string 7775551
dialer string 7335552
dialer load-threshhold 1 either
dialer-group 1
isdn switch-type basic-dms100
isdn spid 7023845551100 3845551
isdn spid 7023845552100 3845552
no fair-queue
ppp authentifcation chap pap
ppp multilink
Jeter@LasVegas.com
J.Fisher CCNA

 

[ChrisAC]

Looks good to me!!

ash768 , I hope that you've learned something over the last two days and that these posts have pointed you in the right direction!!

Good luck.

Chris.

 

[ash786]

Thanks guys for all your help it seems to have done the trick

Regards


Abdus