Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router

131

132

133

134

135

136

137

138

139

140

Routing across Modem Lines 6-5

Configuring the Dialing Access Server

Step 4 Require login authentication on VTY lines 0 through 4. The login authentication default

command uses the aaa authentication default local authentication list. The local

keyword means that the local username database will be used for security. On this access

server, only ﬁve VTY lines have been deﬁned.

Snoopy(config-if)# line vty 0 4

Snoopy(config-line)# login authentication default

Step 5 Create access list ﬁlters. In this example, the packets that the access list permits are

referenced by the dialer-list command (in Step 6 of this procedure) to determine

interesting packets.

Snoopy(config-line)# exit

Snoopy(config)# access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255

0.0.0.0

Snoopy(config)# access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0

255.255.255.255

In the preceding access-list command, the number 100 is the list identiﬁer. All access-list

commands with the same identiﬁer deﬁne a single ﬁlter. Ordering of the access-list

commands is very important. Statements in an access list are parsed one by one until a

match is found. After a match is found, any access list deﬁnitions that follow are ignored.

Although it is not displayed, an implicit “deny all” statement is always appended to the

end of an access list. Therefore, if a packet reaches the end of an access list without

matching a permit statement, the packet is denied automatically.

The line access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255

0.0.0.0 speciﬁes that all broadcast packets are uninteresting. Speciﬁcally, RIP updates

cannot initiate a call, nor can they reset the dialer idle-timeout counter in this example.

The line access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0

255.255.255.255 speciﬁes that all other IP packets are interesting.

Step 6 Reference the ﬁlter deﬁned by access list 100. Packets permitted by access list 100 are

considered interesting packets for a DDR interface belonging to dialer group 1.

Snoopy(config)# dialer-list 1 list 100

You have conﬁgured the answering access server (Snoopy). At this point, you can conﬁgure the

dialing access server (Woodstock).

Conﬁguring the Dialing Access Server

In this conﬁguration, the dialing access server has the name Woodstock. This name is passed by this

access server during the PPP authentication process, in the same way that the answering access

server’s name is authenticated. (Refer to the section “Conﬁguring Security for the Dialing Access

Server.”)

Note Names are case sensitive, so be sure that both the dialing and answering access servers use

the same capitalization and spelling.

Perform the steps in the following procedures to conﬁgure the access server that initiates the call

(Woodstock). The conﬁguration is broken into components (routing in global conﬁguration mode,

the Ethernet interface, asynchronous interfaces, security, and so on).