Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router

131

132

133

134

135

136

137

138

139

140

Routing across Modem Lines 6-9

Configuring the Dialing Access Server

Conﬁguring Security for the Dialing Access Server

Perform the following steps to conﬁgure security on an access server initiating DDR calls

(Woodstock):

Step 1 Specify the name of the access server answering a call (Snoopy) in Woodstock’s

username database. This username is referenced in the dialer map command for

authentication purposes. The username is case sensitive and must match the opposite

access server’s host name exactly. The password (peanuts) is used as the PPP

authentication password for the user Snoopy. It is also case sensitive:

Woodstock(config)# username Snoopy password peanuts

Note If you enter the password peanuts, exit to privileged EXEC mode, and issue the show

running-conﬁg command, the output of this command shows up with an encrypted password,

similar to the following: username Snoopy password 7 0215055500070C294D. When you enter or

make changes to the username command, always enter the password in its unencrypted form. Do

not enter the encryption type (7). It is set automatically.

Step 2 Create a PPP authentication list:

Woodstock(config)# aaa authentication ppp default local

Woodstock(config)# aaa authentication login default local

Step 3 Apply the PPP authentication list to the asynchronous interface initiating DDR calls and

specify CHAP authentication (rather than PAP):

Woodstock(config)# interface async 1

Woodstock(config-if)# ppp authentication chap default

Step 4 Require login authentication on VTY lines 0 through 4. The login authentication default

command uses the aaa authentication default local authentication list. The local

keyword means that the local username database is used for security. On this access

server, only ﬁve VTY lines have been deﬁned.

Snoopy(config-if)# line vty 0 4

Snoopy(config-line)# login authentication default

Step 5 Apply login authentication to TTY lines 1 to 16 on the access server.

Woodstock(config-if)# line 1 16

Woodstock(config-line)# login authentication default

Step 6 Create access list ﬁlters. In this example, the packets that the access list permits are

referenced by the dialer-list command (in Step 7 in this procedure) to determine

interesting packets and activate a call. The access list you create depends on your

particular network design.

Woodstock(config-line)# exit

Woodstock(config)# access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255

0.0.0.0

Woodstock(config)# access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0

255.255.255.255

The line access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255

0.0.0.0 speciﬁes that all broadcast packets are uninteresting.

The line access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0

255.255.255.255 speciﬁes that all other IP packets are interesting.