Cisco AS5300 Universal Access Server Software Configuration Guide Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CONTEN TS Preface xi Document Objectives xi Changes to This Guide xi Document Organization xii Where to Get the Latest Version of This Guide Conventions xiii Related Documentation Cisco Connection Online Chapter 1 xii First-Time Configuration xv xv 1-1 Using the Setup Script 1-1 Getting Started 1-1 Where to Go Next Chapter 2 1-12 Using Cisco IOS Software Getting Help 2-1 2-1 Understanding Command Modes How to Find Command Options 2-2 Undoing a Command or Feature 2-4 Saving Configura
Configuring ISDN PRI Configure 3-12 Verify 3-13 3-11 Configuring E1 R2 Signaling 3-16 Configure 3-16 Country Codes for R2 Signaling 3-18 Verify 3-19 Configuring the Asynchronous Group Interface Configure 3-21 Verify 3-22 3-21 Configuring the D Channels for Modem Signaling Configure 3-24 Verify 3-25 Configuring the Modems 3-28 Configure 3-28 Country Code Tables 3-29 Resetting to Default Values for Country Codes Verify 3-30 Configuring Modem Pooling Verify 3-34 3-24 3-30 3-33 Configuring Resource Pool
Configuring MMP 3-55 Configure 3-55 Verify 3-56 Creating Authentication Accounts 3-57 Configuring VPDN 3-58 Configure 3-58 Verify 3-58 Creating Authentication Accounts 3-60 Using Continuity Test (COT) Configure 3-60 Verify 3-60 Saving Configuration Changes Configure 3-63 3-60 3-63 Comprehensive Configuration Examples Where to Go Next Chapter 4 3-72 Access Service Security Assumptions 3-63 4-1 4-2 Local Versus Remote Server Authentication Local Security Database 4-2 Remote Security Database 4-3
Appendix A Managing Modems A-1 Monitoring Modems A-2 Configuring Microcom Modems for Monitoring A-2 Configuring MICA Modems for Monitoring A-3 Modem Performance Statistics Commands A-4 Managing Modems A-5 Check Modem Type A-5 Set Modem Event Buffer A-5 Remove Inoperable Modems from Service Polling Modems A-6 Set Polling Attempts A-6 Set Time Interval between Polls Poll for Modem Statistics A-6 A-6 A-6 Troubleshooting Modems A-7 Perform a Modem Startup Test A-7 Test Two Modems Back-to-Back A-7 Hold and
Appendix D Upgrade VoIP Software D-1 Upgrading VoIP Feature Card Firmware D-2 Determine the number of VFC cards D-2 Identify the VFC ROM Monitor Version D-2 Identify the VFC/ROM Monitor Mode D-3 Download Software in VCWare Mode D-3 Download Software in ROM Monitor Mode D-5 New Hardware Features D-7 Index Index Contents ix
x Book Title
Preface This chapter discusses the revisions made to this publication, describes how to get the latest version of this publication, the conventions used in this guide, and related documentation. Cisco documentation and additional literature are available on a CD-ROM, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly; therefore, it might be more up to date than printed documentation.
Document Organization New/Changed Feature Description ISDN PRI Provides an updated list of the switches and also two new commands used to monitor Non-Facility Associated Signaling (NFAS) groups and ISDN service and channels. Resource pooling and session counting Describes how to construct unique customer profiles, groups of DNIS numbers, and tabulate the number of active connections, calls accepted, calls rejected for each customer profile, and system resources over specific time.
Conventions The online copy of this guide is always up-to-date and integrates the latest enhancements to the product. You can access the current online copy of this guide on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com. Conventions This publication uses the following conventions: • The symbol ^ represents the key labeled Control. For example, the key combination ^z means hold down the Control key while you press the z key.
Conventions Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen.
Related Documentation de las advertencias que aparecen en esta publicación, consultar el documento titulado Regulatory Compliance and Safety Information (Información sobre seguridad y conformidad con las disposiciones reglamentarias) que se acompaña con este dispositivo. Varning! Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada.
Cisco Connection Online • Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps. For a copy of CCO’s Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
CHAPTER 1 First-Time Configuration This chapter describes how to power ON the Cisco AS5300 universal access server and configure it using the prompt-driven setup script (also called the System Configuration dialog).
Using the Setup Script To use the setup script take the following steps: Step 1 Power Switch Location H10690 Figure 1-1 Power ON the access server. The power switch is on the rear panel, at the upper right corner near the power cord, as shown in Figure 1-1. Universal access server Power switch Messages will begin to appear in your terminal emulation program window. Do not press any keys on the keyboard until the messages stop.
Getting Started San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) 5300 Software (C5300-JS-M), Released Version 12.0(19981001:221340) [ayeh-wk_0_6_0 100] Copyright (c) 1986-1998 by cisco Systems, Inc. Compiled Thu 01-Oct-98 15:13 by ayeh Image text-base: 0x600088E8, data-base: 0x609F6000 cisco AS5300 (R4K) processor (revision A.14) with 32768K/16384K bytes of memory. Processor board ID 05433592 R4700 processor, Implementation 33, Revision 1.
Using the Setup Script Serial0:0 Serial0:1 . . . Serial3:21 Serial3:22 Serial3:23 Step 5 unassigned unassigned YES unset YES unset down down down down unassigned unassigned 171.69.90.18 YES unset YES unset YES unset down down down down down down Enter a host name for the access server: Configuring global parameters: Enter host name [Router]: 5300 The enable secret is a password used to protect access to privileged EXEC and configuration modes.
Getting Started Note If you answer no to IGRP, you will be prompted to configure RIP. Configure Configure Configure Configure Configure Step 11 CLNS? [no]: IPX? [no]: yes Vines? [no]: XNS? [no]: Apollo? [no]: Configure the asynchronous serial lines for the integrated modems on the modules installed in the access server. (If you want to allow users to dial in through the integrated modems, you must configure the async lines.) Async lines accept incoming modems calls.
Using the Setup Script What is the username of the test user? [user]: What is the password of the test user? [passwd]: Will you be using the modems for outbound dialing? [no]: Configure for Async IPX? [yes]: no Configure for Appletalk Remote Access (ARA)? [no]: yes AppleTalk Network for ARAP clients [1]: Zone name for ARAP clients [ARA Dialins]: Allow ARAP "Guest" logins? [yes/no]: yes Step 12 Enter the letter corresponding to the ISDN switch type that matches your telco switch type or press Enter to acc
Getting Started Step 18 Enter the letter corresponding to the signaling type to support modem pooling over the T1 lines or press Enter to accept the default: The following line signaling types are available: [a] e&m-fgb [b] e&m-fgd [c] e&m-immediate-start [d] fxs-ground-start [e] fxs-loop-start [f] sas-ground-start [g] sas-loop-start Enter the line signaling type [a]: Step 19 Enter the tone signaling type: The following tone signaling types are available: dtmf | mf Enter the tone signal type [dtmf]: St
Using the Setup Script Step 24 Configure your serial intefaces by responding to the following prompts: Do you want to configure Serial0 interface? [no]: yes Note If using the serial interfaces to route data from the T1/PRI or E1/PRI ports to a WAN, you need to configure IP on the interface. Enter the IP address of the WAN device to which the data will be routed. Configure IP on this interface? [no]: yes Configure IP unnumbered on this interface? [no]: IP address for this interface: 173.20.30.
Getting Started modem dialin ip local pool setup_pool 172.20.30.40 172.20.30.88 ! username user password passwd ! arap network 1 ARA Dialins line 1 120 arap enable autoselect arap ! ! Turn off IPX to prevent network conflicts.
Using the Setup Script no shutdown framing esf linecode b8zs cas-group 0 timeslots 1-24 type e&m-fgb dtmf dnis ! controller T1 6 no shutdown framing esf linecode b8zs cas-group 0 timeslots 1-24 type e&m-fgb dtmf dnis ! controller T1 7 no shutdown framing esf linecode b8zs cas-group 0 timeslots 1-24 type e&m-fgb dtmf dnis scheduler interval 1000 line console 0 logging synchronous ! interface Ethernet0 no shutdown ip address 172.21.40.10 255.255.0.
Getting Started no ip address no lat enabled no mop enabled no shutdown no ip address no lat enabled no mop enabled ! Interface Group-Async1 group-range 1 120 ip unnumbered FastEthernet0 encapsulation ppp ppp authentication chap pap peer default ip address pool setup_pool ip tcp header-compression passive async mode interactive dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit ! end end Step 28 Enter 0, 1, or 2 when the following prompt is displayed: [0] Go to the IOS command prompt with
Where to Go Next Step 30 The 5300> prompt indicates that you are now at the command-line interface (CLI) and you have just completed the basic access server configuration. However, this is not a complete configuration. At this point you have two options: • Run the setup script in the System Configuration dialog again and create another configuration.
CHAPTER 2 Using Cisco IOS Software This chapter describes what you need to know about the Cisco IOS software (the software that runs the access server) before you configure the access server using the command-line interface (CLI). This chapter includes: • • • • • • Getting Help Understanding Command Modes How to Find Command Options Undoing a Command or Feature Saving Configuration Changes Where to Go Next Understanding these concepts will save you time later.
Understanding Command Modes Understanding Command Modes You will need to use many different command modes to use to configure the access server. Each command mode restricts you to a subset of commands. If you are having trouble entering a command, check the prompt, and then enter the question mark (?) for a list of available commands. You might be in the wrong command mode or using the wrong syntax.
How to Find Command Options Table 2-1 How to Find Command Options (Continued) Step Command Purpose 4 5300(config-controller)# ? Controller configuration commands: cablelength Specify cable length for a DS1 link cas-group Configure the specified timeslots for CAS(Channel Associate Signals) channel-group Specify timeslots to channel-group mapping for an interface clock Specify the clock source for a DS1 link default Set a command to its defaults description Controller specific description ds0 ds0 comma
Undoing a Command or Feature Table 2-1 How to Find Command Options (Continued) Step Command Purpose 9 5300(config-controller)# cas-group 1 timeslots 1-24 type ? e&m-fgb E & M Type II FGB e&m-fgd E & M Type II FGD e&m-immediate-start E & M Immediate Start fxs-ground-start FXS Ground Start fxs-loop-start FXS Loop Start sas-ground-start SAS Ground Start sas-loop-start SAS Loop Start List supported signaling types.
Where to Go Next • If you want to disable a feature, enter the keyword no before the command; for example, no ip routing. • You need to save your configuration changes to NVRAM so that they will not be lost if there is a system reload or power outage. Proceed to the next chapter “Basic Configuration” to begin configuring the access server.
Where to Go Next 2-6 Cisco AS5300 Universal Access Server Software Configuration Guide
CHAPTER 3 Basic Configuration This chapter describes how to use the Cisco IOS software command-line interface (CLI) to configure basic access server functionality, including: • LAN and WAN configuration (including Integrated Services Digital Network [ISDN], Primary Rate Interface [PRI], and channelized T1 and E1) • • Modem configuration Voice-over IP (VoIP) configuration Follow the procedures in this chapter to configure the access server manually or if you want to change the configuration after you
Configuring the Host Name and Password Configuring the Host Name and Password One of the first configuration tasks you might want to do is configure the host name and set an encrypted password. Configuring a host name allows you to distinguish multiple Cisco access servers from each other. Setting an encrypted password allows you to prevent unauthorized configuration changes.
Configuring Alarms ! version XX.X . . ! hostname 5300 ! enable secret 5 $1$60L4$X2JYOwoDc0.kqa1loO/w8/ . Check the host name and encrypted password displayed near the top of the command output. • Exit global configuration mode and attempt to reenter it using the new enable password: 5300# exit 5300 con0 is now available Press RETURN to get started. 5300> enable Password: guessme 5300# Tips If you are having trouble: • • Make sure Caps Lock is off. Make sure you entered the correct passwords.
Configuring Ethernet 10BaseT Table 3-2 Configuring Ethernet 10BaseT (Continued) Step Command Purpose 2 5300# facility-alarm detect interface ethernet 0 Turn ON alarm when interface goes down (interfaces are "ethernet 0" or "fastethernet 0" or "serial <0-3>"). 3 5300# facility-alarm detect controller t1 0 Turn ON alarm when controller goes down (values are "t1 <0-7>" or "e1 <0-7>" ). 4 5300# facility-alarm detect modem-board 1 Turn ON alarm when modem board present in slot# fails.
Configure Configure Table 3-3 Configuring Ethernet 10BaseT Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode). Enter the password. You have entered enable mode when the prompt changes to 5300#. 2 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode.
Configuring Ethernet 100BaseT Configure Table 3-4 Configuring Ethernet 100BaseT Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode). Enter the password. You have entered enable mode when the prompt changes to 5300#. 2 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode.
Verify Table 3-5 Using Different Duplex and Speed Options Duplex Mode Speed Mode Action full 10 Sets 10 Mbps for speed and full-duplex for duplex. half 100 Sets 100 Mbps for speed and half-duplex for duplex. full 100 Sets 100 Mbps for speed and full-duplex for duplex. Verify To verify the IP address, configured and actual speed, and configured and actual duplex operations: • Enter the show arp command to verify the IP address: 5300# show arp Protocol Address Age (min) Internet 172.16.254.
Configuring Synchronous Serial Interfaces for WAN Support Configuring Synchronous Serial Interfaces for WAN Support Configure the synchronous serial interfaces on the E1 or T1 PRI card to connect to a WAN through a CSU/DSU. This section describes how to enable the serial interface, specify IP routing, and set up external clock timing on a DCE or DTE interface. To use a port as a DTE interface, you need only connect a DTE adapter cable to the port.
Verify Verify To verify you have configured the interfaces correctly: • Specify one of the new serial interfaces with the show interfaces serial port command and verify that the first line of the display specifies the interface with the correct slot number. Also verify that the interface and line protocol are in the correct state: up or down. 5300# show interfaces serial 0 Serial0 is up, line protocol is up Hardware is 4T Internet address is 120.0.0.
Configuring Channelized T1 or E1 Configuring Channelized T1 or E1 Configure the access server for channelized T1 or E1 lines. Configure Note By default, synchronized clocking is set with controller 0 as the primary clock source and controllers 1 to 7 as secondary clocks. (Synchronized clocking is necessary throughout the network for reliable data transmission.) The secondary clock sources serve as backups in case of the primary clock failure.
Configuring ISDN PRI 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Total Data (last 24 hours) 0 Line Code Violations, 0 Path Code Violations, 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins, 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Note the following: — The controller must report being up. — No errors should be reported.
Configuring ISDN PRI Configure Table 3-8 Configuring ISDN PRI Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode). Enter the password. You have entered enable mode when the prompt changes to 5300#. 2 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode.
Verify Table 3-9 ISDN Switch Types for BRI and PRI Interfaces (Continued) Keyword Switch Type ntt Japanese NTT ISDN switches vn3 French VN3 and VN4 ISDN BRI switches ISDN PRI primary-4ess AT&T 4ESS switch type for the U.S. primary-5ess AT&T 5ESS switch type for the U.S. primary-dms100 NT DMS-100 switch type for the U.S.
Configuring ISDN PRI 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs • Enter the show isdn status command to view layer status information.
Verify 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 ISDN Se2:23, Channel (1-31) Activated dsl 2 State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint) 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 0 0 0 0 3 3 3 3 3 3 3 3 Channel (1-31) Service (0=Inservice 1=Maint 2=Outofservice) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 ISDN Se3:23, Channel (1-31) Activated dsl 3 State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint) 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3
Configuring E1 R2 Signaling Configuring E1 R2 Signaling R2 signaling is an international signaling standard that is common to channelized E1 networks. You can configure a channelized E1 interface to support different types of R2 signaling, which is used in older analog telephone networks. Note that this feature is only available for MICA modems. Note Cisco's implementation of R2 signaling has DNIS support turned on by default.
Configure Table 3-10 Configuring R2 Signaling (Continued) Step Command Purpose 6 5300(config-ctrl-cas)# country country use-default Use defaults for the specified country. Note: To view the parameters for the country (if the country defaults are the same as ITU defaults), enter write term. The default setting for all countries is ITU. See “Country Codes for R2 Signaling” later in this section for a list of supported countries.
Configuring E1 R2 Signaling Country Codes for R2 Signaling Table 3-11 lists the country codes supported for R2 signaling. .
Verify Verify To verify your R2 signaling configuration: • Enter the show controller e1 command to view the status for all controllers, or enter the show controller e1 # to view the status for a particular controller. Make sure the status indicates the controller is up (line 2 in the following example) and no alarms (line 4 in the following example) or errors (lines 9 and 10 in the following example) have been reported. 5300# show controller e1 0 E1 0 is up.
Configuring E1 R2 Signaling Tips If the connection does not go up, check the following: • • • • • • Loose wires, splices, connectors, shorts, bridge taps, and grounds Backwards transmit and receive Mismatched framing types (for example, CRC-4 verses no-CRC-4) Transmit and receive pair separation (crosstalk) Faulty line cards or repeaters Noisy lines (for example, power and crosstalk) If you see errors on the line or the line is going up and down, check the following: • • • Mismatched line codes (HDB3
Configuring the Asynchronous Group Interface Configuring the Asynchronous Group Interface You can assign the asynchronous interfaces to a group so that you can configure them as a group, instead of individually. Timesaver Because there are so many asynchronous interfaces on the access server, configuring them as a 12 9 3 group will save you time.
Configuring the Asynchronous Group Interface Verify To verify your group interface configuration: • Enter the show interface async command to check if the protocol is up: 5300# show interface async 1 Async1 is up, line protocol is up modem(slot/port)=1/0, csm_state(0x00000204)=CSM_IC4_CONNECTED, bchan_num=18 modem_status(0x0002): VDEV_STATUS_ACTIVE_CALL. Hardware is Async Serial Interface is unnumbered. Using address of FastEthernet0 (15.0.0.
Verify • You can also view debug messages for PPP negotiation and authentication using the debug ppp negotiation and debug ppp authentication commands. When you finish viewing the messages, turn off the messages by entering no debug ppp negotiation and no debug ppp authentication commands. 5300# debug ppp negot 5300# debug ppp authen Aug 28 15:40:40.963: ppp: sending CONFREQ, type = 2 (CI_ASYNCMAP), value = 0xA0000 Aug 28 15:40:40.
Configuring the D Channels for Modem Signaling Configuring the D Channels for Modem Signaling Configure the ISDN D channels, which carry the control and signaling information for ISDN calls, for each ISDN PRI line. Configure Table 3-13 Configuring the D Channels for Modem Signaling Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode). Enter the password. You have entered enable mode when the prompt changes to 5300#.
Verify Verify To verify your D-channel configuration: • Enter the show interface command and make sure the line protocol is up and you are using the correct IP interface. Also, make sure that excessive errors are not being reported. 5300# show interface 1:23 Serial1:23 is up, line protocol is up Hardware is DSX1 Interface is unnumbered. Using address of FastEthernet0 (15.0.0.
Configuring the D Channels for Modem Signaling Table 3-14 Debug Dialer Messages Message Description PRI0: No dialer string defined. Dialing cannot occur Displayed when a packet is received that should cause a call to be placed. However, there is no dialer string configured, so dialing cannot occur. This message usually indicates a configuration problem. Re-enter the dialer-group command in step 6 in the “Configure” section.
Verify Table 3-15 Debug ISDN Messages (Continued) Message Description callref Indicates the call reference number in hexadecimal. The field value indicates the number of calls made from the router (outgoing calls) or the network (incoming calls). Note that the originator of the SETUP message sets the high-order bit of the call reference number to 0. The destination of the connection sets the high-order bit to 1 in subsequent call control messages, such as the CONNECT message.
Configuring the Modems Configuring the Modems Configure the modems to allow users to dial in to your network. Configure Table 3-16 Configuring the Modems Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode). Enter the password. You have entered enable mode when the prompt changes to 5300#. 2 3 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode.
Country Code Tables Country Code Tables Table 3-17 lists the current Microcom modem codes. .
Configuring the Modems Table 3-18 MICA Modem Codes (Continued) Country Code Country Code France france Sweden sweden Germany germany Switzerland switzerland Hong Kong hong-kong Default T1 t1-default India india Taiwan taiwan Ireland ireland Thailand thailand Israel israel Turkey turkey Italy italy United Kingdom united-kingdom Japan japan USA usa Malaysia malaysia Resetting to Default Values for Country Codes To reset to default settings for country codes, enter the
Verify Modem Callout, Modem RI is CD, Line usable as async interface Modem state: Idle Special Chars: Escape Hold Stop Start Disconnect Activation ^^x none none Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch 00:10:00 never none not set Idle Session Disconnect Warning never Modem type is unknown. Session limit is not set. Time since activation: never Editing is enabled. History is enabled, history size is 10.
Configuring the Modems EVENT_FROM_ISDN:(A001): DEV_CALL_PROC at slot 2 and port 3 CSM_PROC_OC4_DIALING: CSM_EVENT_ISDN_BCHAN_ASSIGNED at slot 2, port 3 Mica Modem(2/3): Configure(0x1) Mica Modem(2/3): Configure(0x0) Mica Modem(2/3): Configure(0x6) Mica Modem(2/3): Call Setup ISDN Se0:23: RX <- ALERTING pd = 8 callref = 0x8001 Mica Modem(2/3): State Transition to Call Setup ISDN Se0:23: RX <- CONNECT pd = 8 callref = 0x8001 EVENT_FROM_ISDN::dchan_idb=0x60DD2D74, call_id=0xA001, ces=0x1 bchan=0x16, event=0x4
Configuring Modem Pooling • Enter the debug modem ? command for list of additional modem debugging commands: 5300# debug modem ? b2b Modem Special B2B csm CSM activity maintenance Modem maintenance activity mica MICA Async driver debugging oob Modem out of band activity tdm B2B Modem/PRI TDM trace Call Trace Upload Configuring Modem Pooling Use modem pooling to define, select, and use separate pools of modems within a single access server to enable different dial-in services for different customers.
Configuring Modem Pooling Table 3-19 Configuring Modem Pooling (Continued) Step Command Purpose 4 5300(config-modem-pool)# called number phone # max-conn number Specifies the DNIS to be used for this modem pool. The DNIS string can have an integer x to indicate a do not care digit for that position. The max-conn option specifies the maximum number of connections allowed for this DNIS. If you do not specify a max-conn value, the default (total number of modems in the pool) is used.
Configuring Resource Pooling and Session Counting Configuring Resource Pooling and Session Counting The Cisco resource pooling and session counting feature allows you to do the following: • Construct unique customer profiles that specify the types and amounts of system resources to be used by a customer’s dial service plan. • Create groups of DNIS numbers to be used in specific customer profiles. Customer profiles use DNIS to recognize their own callers.
Configuring Resource Pooling and Session Counting Table 3-20 Setting up DNIS and Resource Groups (Continued) Step Command Purpose 4 5300(config-dnis-group)# exit Return to global configuration mode. 5 5300(config)# resource-manager group resource name Create one or more resource groups, which identify the resources to be shared between one or more customer profiles. For example, create a resource group that includes only modems.
Configure . Table 3-21 Creating Customer Profiles Step Command Purpose 1 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)# resource-manager profile customer name Create a profile for a specific customer. 2 5300(config)#.
Configuring Resource Pooling and Session Counting Verify To verify that you correctly configured the system resources and customer profiles, use the following commands: • View the physical and logical group resources that you created by entering the show rminfo resource name command: 5300# show rminfo resource List of Resources: System-def-Phy-Pool acmeisdn acmemodem • View the customer profile you created by entering the show rminfo customer name command: 5300# 0 0 0 0 show rminfo customer acme activ
Configuring Voice Network Data Configuring Voice Network Data Use the procedures in this section only if you have a VoIP feature card installed in your access server. Configure the voice network data by creating a number expansion table to map (or associate) individual extensions with their full E.164 telephone numbers. Configure Table 3-22 Configuring Voice Network Data Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode).
Configuring Voice Network Data incoming called-number = `', connections/maximum = 0/unlimited application associated: type = voip, session-target = `ipv4:1.13.23.
Configuring T1 CAS for VoIP Configuring T1 CAS for VoIP This section describes how to configure T1 Channel Associated Signaling (CAS) and E1 R2 signaling with the Voice over IP (VoIP). Note Cisco IOS Release 12.0(3)T and later releases require VCWare level 2.5 code. Configure This configuration is an example of how to configure the voice ports as a cas-group for the channelized T1 lines.
Configuring T1 CAS for VoIP Table 3-23 Configuring Service Provider T1 CAS (Continued) Step Command Purpose 7 5300(config-controller)# dial-peer voice 3070 pots destination-pattern +30... port 0:1 prefix 30 Enter the dial peer configuration mode to configure a POTS peer. Specify destination pattern for this POTS peer. 8 5300(config-controller)# dial-peer voice 4080 pots destination-pattern +40...
Verify type = pots, prefix = `4', session-target = `', voice-port = 3:D, direct-inward-dial = disabled Connect Time = 38992627, Charged Units = 0 Successful Calls = 0, Failed Calls = 35818 Accepted Calls = 35818, Refused Calls = 0 Last Disconnect Cause is "1C" Last Disconnect Text is "invalid number." Last Setup Time = 3787365 Tips • • Make sure the show controller t1 output is not reporting alarms or violations.
Configuring IP Networks for Real-Time Voice Traffic Configuring IP Networks for Real-Time Voice Traffic Use the procedures in this section only if you have a VoIP feature card installed in your access server. You need to configure the RSVP for voice, multilink PPP interleaving, and RTP header compression to improve the voice network performance for your IP network. Some of the options you will use in the steps listed in Table 3-24 depend on the demands of your IP network.
Verify Table 3-24 Configuring IP Networks for Real-Time Voice Traffic (Continued) Step Command Purpose 7 5300(config-if)# ip rtp header-compression passive Enable RTP header compression. Enter passive to compress outgoing RTP packets only if incoming RTP packets on the same interface are compressed. If you do not enter passive, all RTP traffic is compressed.
Configuring RLM Configuring RLM The goal of Redundant Link Manager (RLM) is to primarily provide a virtual link management over multiple IP networks so that the Q.931 signaling protocol and other proprietary protocols can be transported on top of multiple redundant links between the Cisco signaling controller and the access server. We recommend that all access servers should use at least two IP interfaces to connect to the primary and alternative IP interfaces of the signaling controller.
Verify Verify To verify you have configured the interfaces correctly: • Enter the show rlm group status command and specify the group number: 5300# show rlm group 1 status RLM Group 1 Status User/Port: RLM_MGR/3000 Link State: Up Last Link Status Next tx TID: 1 Last rx TID: 0 Server Link Group[r1-server]: link [10.1.1.1(Loopback1), 10.1.4.1] = link [10.1.1.2(Loopback2), 10.1.4.2] = Server Link Group[r2-server]: link [10.1.1.1(Loopback1), 10.1.5.1] = link [10.1.1.2(Loopback2), 10.1.5.
Configuring ISL for VLAN Routing Note the following information for Serial 0:23 (the first half of the messages): — Layer 1 Status should be “DEACTIVATED.” — Layer 2 Status should be “TEI_ASSIGNED.” (It might take several seconds for Layer 2 status to appear.) — Layer 3 Status should be “0 Active Layer 3 Call(s).” The second half of the messages display information for Serial 1:23.
Verify Table 3-26 Configuring VLAN Routing (Continued) Step Command Purpose 8 5300(config-subif)# Ctrl-Z 5300# %SYS-5-CONFIG_I: Configured from console by console Return to enable mode. This message is normal and does not indicate an error. 1. IPX = Internetwork Packet Exchange.
Configuring IPX Networks Configuring IPX Networks Configure the IPX networks for dial-in remote IPX users. Configure Table 3-27 Configuring IPX Networks Step Command Purpose 1 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)#.
Verify Verify To verify the IPX routing is enabled: • Enter the show ipx interface serial command: 5300# configure terminal 5300(config)# show ipx interface serial 1:23 Serial1:23 is up, line protocol is up IPX address is 2A.00e0.1e6b.2f6e [up] Delay of this IPX network, in ticks is 6 throughput 0 link delay 0 IPXWAN processing not enabled on this interface.
Configuring AppleTalk Configuring AppleTalk Configure AppleTalk to enable Macintosh clients to access network resources by dialing through the access server over ISDN. Configure Table 3-28 Accessing AppleTalk Networks Step Command Purpose 1 5300# configure terminal Enter configuration commands, one per line. End with CNTL/Z. 5300(config)# Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)#.
Verify Tips If you are having trouble, you can troubleshoot the AppleTalk protocol by using its debug commands to view information for the errors, events, and packets and check the Gateway name, NAS name, and if the virtual access interface is up.
Configuring AppleTalk • Enter the show apple interface async 1 command: 5300# show apple int async 1 Async1 is up, line protocol is up AppleTalk port is in client-mode AppleTalk discarded 3 packets due to input errors AppleTalk address gleaning is not supported by hardware AppleTalk route cache is disabled, port down • You can also set the access server to display events messages for the AppleTalk interface by using the debug appletalk events command.
Configuring MMP Configuring MMP If you have multiple access servers stacked together to provide a frontend for receiving access calls, you can configure Multichassis Multilink Point-to-Point Protocol (MMP) so that Multilink PPP (MP) call processing can be offloaded to other access servers.
Configuring MMP Table 3-29 Configuring MMP (Continued) Step Command Purpose 11 5300(config-if)# ppp multilink Enable Multilink PPP on the virtual template interface. 12 5300(config-if)# ppp authentication chap Enable PPP authentication on the virtual template interface. 13 5300(config-if)# Ctrl-Z 5300# %SYS-5-CONFIG_I: Configured from console by console Return to enable mode. This message is normal and does not indicate an error. 1.
Creating Authentication Accounts • Enter the debug sgbp errors command to view error messages. When you finish viewing the messages, enter the no debug sgbp errors to turn off the messages. 5300# debug sgbp errors *Mar 4 11:55:24.105 EST: %SGBP-1-MISSCONF: Possible misconfigured member 5300-6 using 172.22.21.11 *Mar 4 11:55:41.
Configuring VPDN Configuring VPDN Virtual private dial-up networking (VPDN) enables users to configure secure networks that take advantage of Internet service providers (ISPs) that tunnel a company’s remote access traffic through the ISP cloud. Remote offices or mobile users can connect to their home network using local third-party dial-up services. The dial-up service provider agrees to forward the company’s traffic from the ISP point of presence (POP) to a company-run home gateway.
Verify NAS Name test-mmp 192.168.1.99 Gateway Name test-gateway 192.168.1.
Using Continuity Test (COT) Creating Authentication Accounts You can create authentication accounts for other routers between the NAS and the HGW for VPDN. On the NAS, an example is: username NAS password cisco username HGW password cisco vpdn enable vpdn outgoing cisco.com NAS ip X.X.X.
Verify • Display information about the COT activity by entering the show cot summary command: 5300# show cot summary router# 08:23:24: • COT Subsystem - Request Statistics 08:23:24: 08:23:24: 08:23:24: 08:23:24: 08:23:24: COT Request Type = COT_DS0_LOOPBACK_ON # of request(s) : 4 # of restart requests(s) # of successful request(s): 4 # of invalid request(s) # of cot timeout(s) : 0 # of dsp error(s) # of no dsp(s) : 0 : 0 : 0 : 0 08:23:24: 08:23:24: 08:23:24: 08:23:24: 08:23:24: COT Request Type = C
Using Continuity Test (COT) Progress Q 00:04:57:COT(0x60EBB48C):Adding COT(0x61123DBC) to the Q head 00:04:57:COT:Start Duration Timer for Check Tone Request 00:04:58:COT:Received Timer Event 00:04:58:COT:T24 Timer Expired 00:04:58:COT Request@ 0x61123DBC, CDB@ 0x60EBB48C, Params@0x61123E08 00:04:58: request type = COT_CHECK_TONE_ON 00:04:58: shelf 0 slot 0 appl_no 1 ds0 1 00:04:58: duration 1000 key FFF1 freqTx 1780 freqRx 2010 00:04:58: state COT_WAIT_TD_ON_CT 00:04:58: event_proc(0x6093B55C) 00:04:58:In
Saving Configuration Changes Saving Configuration Changes To prevent the loss of the access server configuration, save it to NVRAM. Configure Table 3-31 Saving Configuration Changes Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode (also called privileged EXEC mode). Enter the password. You have entered enable mode when the prompt changes to 5300#.
Comprehensive Configuration Examples modemcap entry mymica:MSC=0s21=0s24=0 clock timezone PDT8 -8 clock summer-time PDT8 recurring partition flash 2 8 8 ! ! ! controller E1 0 clock source line primary pri-group timeslots 1-31 ! controller E1 1 clock source line secondary 2 pri-group timeslots 1-31 ! controller E1 2 clock source line secondary 2 pri-group timeslots 1-31 ! controller E1 3 clock source line secondary 2 pri-group timeslots 1-31 ! controller E1 4 clock source line secondary 2 pri-group timeslot
Comprehensive Configuration Examples ! interface Serial3 ip address 13.1.1.1 255.255.255.0 no ip directed-broadcast no ip mroute-cache no keepalive no fair-queue no cdp enable ! interface Serial0:15 ip address 20.0.0.1 255.0.0.0 no ip directed-broadcast encapsulation ppp no keepalive dialer idle-timeout 4000 dialer load-threshold 5 either dialer-group 1 isdn switch-type primary-net5 isdn incoming-voice modem no fair-queue no cdp enable ppp authentication chap ! interface Serial1:15 ip address 21.0.0.1 255.
Comprehensive Configuration Examples interface Serial4:15 ip address 24.0.0.1 255.0.0.0 no ip directed-broadcast encapsulation ppp no keepalive dialer idle-timeout 4000 dialer load-threshold 5 either dialer-group 1 isdn switch-type primary-net5 isdn incoming-voice modem no fair-queue no cdp enable ppp authentication chap hold-queue 75 in ! interface Serial5:15 ip address 25.0.0.1 255.0.0.
Comprehensive Configuration Examples no keepalive duplex full no cdp enable ! interface Group-Async1 ip unnumbered FastEthernet0 no ip directed-broadcast encapsulation ppp no ip mroute-cache async default routing async mode interactive no peer default ip address no fair-queue no cdp enable ppp authentication chap group-range 1 30 hold-queue 10 in ! interface Group-Async2 ip unnumbered FastEthernet0 no ip directed-broadcast encapsulation ppp no ip mroute-cache async default routing async mode interactive no
Comprehensive Configuration Examples async default routing async mode interactive no peer default ip address no fair-queue no cdp enable ppp authentication chap group-range 121 150 hold-queue 10 in ! interface Group-Async6 ip unnumbered FastEthernet0 no ip directed-broadcast encapsulation ppp no ip mroute-cache async default routing async mode interactive no peer default ip address no fair-queue no cdp enable ppp authentication chap group-range 151 180 hold-queue 10 in ! interface Group-Async7 ip unnumbere
Comprehensive Configuration Examples exec-timeout 0 0 logging synchronous transport input none line 1 240 no exec autoselect ppp modem InOut modem autoconfigure discovery transport input all line aux 0 exec-timeout 0 0 logging synchronous line vty 0 4 no exec login ! scheduler interval 1000 end Octal T1/PRI Card With Four Serial Interfaces 5300# show config Building configuration... Current configuration: ! version 12.
Comprehensive Configuration Examples linecode b8zs pri-group timeslots 1-24 ! controller T1 5 framing esf clock source line secondary 1 linecode b8zs pri-group timeslots 1-24 ! controller T1 6 framing esf clock source line secondary 1 linecode b8zs pri-group timeslots 1-24 ! controller T1 7 framing esf clock source line secondary 1 linecode b8zs pri-group timeslots 1-24 ! ! ! interface Ethernet0 ip address 24.1.3.1 255.255.255.
Comprehensive Configuration Examples ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 5300_copan ! no logging console enable secret 5 $1$baqI$5qjqlk1fd/gP9SR5jBTZ50 enable password lab ! bert profile default pattern 220-O.151QRSS threshold 10^-6 error-injection none duration 10 ip subnet-zero no ip domain-lookup ip host Elnino_copan 45.0.0.
Where to Go Next framing esf clock source line secondary 1 linecode b8zs cas-group 8 timeslots 1-24 type e&m-fgb ! ! interface Serial0 ip address 120.0.0.1 255.0.0.0 no ip directed-broadcast no ip mroute-cache no fair-queue ! interface Serial1 ip address 26.0.0.2 255.0.0.0 no ip directed-broadcast no ip mroute-cache no fair-queue ! interface Serial2 ip address 130.4.3.2 255.255.0.0 no ip directed-broadcast no ip mroute-cache no fair-queue ! ! interface Serial3 ip address 192.5.3.1 255.255.255.
CHAPTER 4 Access Service Security The access service security paradigm presented in this guide uses the authentication, authorization, and accounting (AAA) facility: • Authentication—Requires dial-in users to identify themselves and prove their identity. Requiring authentication before users can access the network prevents users from either accessing lines on the access server or connecting through the lines directly to network resources. You need to secure every access point.
Assumptions Assumptions This chapter assumes the following: • You know which network protocols will be allowed access to your network. For example, you know if you will be allowing customers to dial in using modems to access IP, IPX, or AppleTalk networks. • You are not an advanced user of the Cisco AAA security facility. Local Versus Remote Server Authentication This section describes the differences between local and remote security databases and the basic authentication process for each.
Remote Security Database Remote Security Database As your network expands, you need a centralized security database that provides username and password information to each of the access servers on the network. This centralized security database resides in a security server. (See Figure 4-2.) An example of a security server is the CiscoSecure Access Control Server, a UNIX security daemon that enables administrators to create databases that define network users and their privileges.
Configuring Authentication Configuring Authentication You can use the AAA facility to authenticate users with either a local or a remote security database. Whether you maintain a local or remote security database, or use TACACS+ or RADIUS authentication and authorization, the process of configuring the access server for these different databases and protocols is similar.
Securing Access to Privileged EXEC and Configuration Mode Caution If you use the enable secret command and specify an encryption type, you must enter the encrypted version of a specific password. Do not enter the cleartext version of the password after specifying an encryption type. You must comply with the following procedure when you specify an encryption type or you will be locked irretrievably out of privileged EXEC (enable) mode.
Configuring Authentication Table 4-2 Entering an Encryption Type (Continued) Step Command Description 8 5300(config)# Ctrl-Z 5300# %SYS-5-CONFIG_I: Configured from console by console 5300# Return to enable mode. 5300# copy running-config startup-config Save the configuration changes to NVRAM so that they are not lost during resets, power cycles, or power outages. 9 This message is normal and does not indicate an error.
Communicating Between the Access Server and the Security Server Communicating with a TACACS+ Server To enable communication between the TACACS+ security (database) server and the access server, enter the commands listed in Table 4-3. Table 4-3 Step 1 Enabling Communication with a TACACS+ Server Command 5300> enable Password: 5300# Description Enter enable mode. Enter the password. You have entered enable mode when the prompt changes to 5300#.
Configuring Authentication Communicating with a RADIUS Server To enable communication between the RADIUS security (database) server and the access server, enter the commands listed in Table 4-4. Table 4-4 Establishing Communication with a RADIUS Security Server Step Command Description 1 5300> enable Password: 5300# Enter enable mode. Enter the password. You have entered enable mode when the prompt changes to 5300#. 2 5300# configure terminal Enter configuration commands, one per line.
Configuring Authentication on a TACACS+ Server Configuring Authentication on a TACACS+ Server On most TACACS+ security servers, there are three ways to authenticate a user for login: • Include a cleartext (DES) password for a user or for a group the user is a member of (each user can belong to only one group). Note that ARAP, CHAP, and global user authentication must be specified in cleartext.
Configuring Authentication If you intend to authenticate users via a security server, make sure you do not inadvertently lock yourself out of the access server ports after you enter the aaa new-model command. Enter line configuration mode and enter the aaa authentication login default tacacs+ enable global configuration command. This command specifies that if your TACACS+ (or RADIUS) server is not functioning properly, you can enter your enable password to log in to the access server.
Defining Authentication Method Lists Enter the aaa authentication Command To define an authentication method list, start by entering the aaa authentication global configuration command, as shown in the following example: 5300# configure terminal 5300(config)# aaa authentication Specify Protocol or Login Authentication After you enter aaa authentication, you must specify one of the following dial-in protocols as applicable for your network: • • • If you are enabling dial-in PPP access, specify ppp If you
Configuring Authentication In the following example, the ARA authentication method list name is callback (because asynchronous callback is used on the access server): 5300# configure terminal 5300(config)# aaa authentication arap callback In the following example, the login authentication method list name is deveng: 5300# configure terminal 5300(config)# aaa authentication login deveng Specify the Authentication Method After you identify a list name, you must specify an authentication method.
Defining Authentication Method Lists Note RADIUS does not support ARA. To authenticate Macintosh users with RADIUS, you must configure AppleTalk to run over PPP, which is referred to as ATCP. You can specify multiple authentication methods for each authentication list. The following example authentication method list for PPP first queries a TACACS+ server, then a RADIUS server, then the local security database.
Configuring Authentication Authentication Method List Examples This section shows some examples of authentication lists.
Applying Authentication Method Lists Applying Authentication Method Lists As described in the “Defining Authentication Method Lists” section earlier in this chapter, the aaa authentication global configuration command creates authentication method lists or profiles. You apply these authentication method lists to lines or interfaces by issuing the login authentication, arap authentication, or ppp authentication command, as described in Table 4-7.
Configuring Authentication The following sample output shows lines and their status on the access server: 5300# sho Tty Typ * 0 CTY I 1 TTY I 2 TTY ...
Configuring Authorization Configuring Authorization You typically have three methods for configuring default authorization on the security server: 1 To override the default denial or authorization from a non-existent user, specify authorization at the top level of the configuration file: default authorization = permit 2 At the user level, inside the braces of the user declaration, the default for a user who does not have a service or command explicitly authorized is to deny that service or command.
Configuring Authorization Specifying the Authorization Method Authorization methods are defined as optional keywords in the aaa authorization command. You can specify any of the authorization methods listed in Table 4-8 for both network and EXEC authorization. Table 4-8 AAA Authorization Method Method Description if-authenticated User is authorized if already authenticated. none Authorization always succeeds. local Uses the local database for authorization.
Security Examples Security Examples This series of examples shows complete security configuration components of a configuration file on an access server. Each of these examples shows authentication and authorization. Simple Local Security Example This sample configuration uses AAA to configure default authentication using a local security database on an access server. All lines and interfaces have the default authentication lists applied.
Security Examples • A PPP authentication list named marketing is created, then applied to group async interface 0, which includes asynchronous interfaces 1 to 48. • An ARA list named kona-coast-office is created and applied to lines 1 to 48. Note The authentication method lists used in this example use names other than default. However, you generally specify default as the list name for most lines and interfaces, and apply different named lists on an exception basis.
A P P E N D I X A Managing Modems The Cisco AS5300 universal access servers support MICA or Microcom modem carrier cards. For details on the carrier cards, refer to the Cisco AS5300 Universal Access Server Chassis Installation Guide and Cisco AS5300 Universal Access Server Module Installation Guide, available online at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/hw_inst/index.htm You can manage your modems using monitoring, polling, and troubleshooting commands.
Monitoring Modems Monitoring Modems This section describes how to send AT commands to MICA and Microcom modems. For a list and description of AT commands, refer to the following: • AT Command Set and Register Summary for MICA Six-Port Modules or AT Command Set, available online at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/sw_conf/sw_ports/at_s et/index.htm • Register Summary for V.34 and 56K 12-Port Modules publications, available online at http://www.cisco.
Configuring MICA Modems for Monitoring Table A-1 Entering AT Command Mode for Microcom Modems (Continued) Step Command Purpose 6 5300# modem at-mode 1/1 Enter a direct-connect session with a TA1. In this example, a direct connect session is established with the TA in slot 1, port 1. Enter the TA slot number first, followed by the TA port number. You are now entering AT command mode on modem (slot 1 / port 1). Please type CTRL-C to exit AT command mode.
Monitoring Modems Table A-2 Entering AT Command Mode for MICA Modems (Continued) Step Command Purpose 3 Ctrl-Shift-6 X To exit AT command mode and return to enable mode, enter Ctrl-Sh-6 X (hold down the Control and Shift keys and press 6, then release everything and press X). 5300# disconnect Enter disconnect to end the Telnet connection. Modem Performance Statistics Commands You can view modem statistics and configure modem events using the Cisco IOS software with the Cisco AS5300 access server.
Managing Modems • show modem mica all—Show information for all installed modems including the pseudo channels. Note The first three channels displayed for each board are the DC session (#60), status polling (#61), and the control (#62) channel. Managing Modems This section describes how to manage modems by checking the type of modem connected to the access server, removing inoperable modems from service, and disabling a modem from dial-up service.
Polling Modems Remove Inoperable Modems from Service To remove modems from service and indicate them as suspected or proven to be inoperable, enter the following command in line configuration mode [the prompt is displayed as 5300(config-line)#]: • modem bad—Specify a modem as inoperable. If you mark a single modem as inoperable using this command, it appears as Bad—without the asterisk (*)—in the Status column of the show modem command’s output for that particular modem.
Troubleshooting Modems Troubleshooting Modems This section describes how to perform diagnostic testing on installed modems, test two modems back-to-back, disable modems from service, reset a modem, and debug a modem.
Troubleshooting Modems Hold and Reset a Modem This section applies to Microcom modems only. To reset and isolate the modem hardware for extensive troubleshooting, enter the following command in line configuration mode [the prompt is displayed as 5300(config-line)#]: • modem hold-reset—Reset and isolate the modem hardware. Use this command if you are experiencing extreme modem behavior (for example, if the modem is uncontrollably dialing into the network).
Upgrading Modem Code Upgrading Modem Code Modem code is a generic term applied to a modem code file, which is also called modem code for MICA modems and firmware for Microcom modems. With new systems, Cisco loads a Cisco IOS software-compatible version of modem code and copies the version to the installed modem modules. A map of the version(s) of modem code copied to the modem RAM for each modem module is stored in nonvolatile random-access memory (NVRAM) so that it is retained over power cycles.
Upgrading Modem Code Note You must be a registered Cisco user to log into Cisco Connection Online (CCO). Important Modem Upgrade Commands There are several commands you use to upgrade modem code. For examples on using the commands, see “Upgrading Modem Code from the Cisco CCO TFTP Server,” “Upgrading Modem Code from Diskettes,” and “Using the Modem Code Bundled with Cisco IOS Software,” later in this appendix for details.
Modem Code Scenarios Release Timeline for Cisco IOS Software and Modem Code Cisco IOS Release D SPE Firmware Version 3 bun d ware bun d Fir m SPE Fir m SPE SPE Firmware Version 3 SPE Firmware Version 4 H11298 SPE Firmware Version 2 ware bun d ware Fir m SPE SPE Firmware Versions Cisco IOS Release C SPE Firmware Version 3 led Cisco IOS Release B SPE Firmware Version 2 led Cisco IOS Software Releases Cisco IOS Release A SPE Firmware Version 1 led Figure A-1 Modem Code Scenarios Table A-3 p
Upgrading Modem Code Figure A-2 shows a location on the release timeline where updates might take place, and Table A-4 explains the resulting versions of Cisco IOS software and modem code.
Displaying Modem Code Versions Table A-5 Modem Code Terminology Terms Description Modem code Modem code on the MICA modems resides in and runs out of modem RAM. Cisco IOS software transfers a version of modem code to modem RAM on each reboot and reload. System Flash memory can contain several versions of modem code: a version bundled with Cisco IOS software and multiple versions that resulted from previous copy tftp flash commands.
Upgrading Modem Code 1 2 3 4 1/6 1/12 1/18 1/24 - 1/11 1/17 1/23 1/29 2.2.3.0 2.2.3.0 2.2.3.0 2.2.3.0 mica-modem-portware.2.2.3.0.bin mica-modem-portware.2.2.3.0.bin mica-modem-portware.2.2.3.0.bin mica-modem-portware.2.2.3.0.bin Slot 2 has Mica Carrier card. Modem Module Numbers 0 2/0 - 2/5 1 2/6 - 2/11 2 2/12 - 2/17 4 2/24 - 2/29 Firmware Rev 2.2.3.0 2.2.3.0 2.2.3.0 2.2.3.0 Firmware Filename flash:1:mica-modem-portware.2.2.3.0.bin mica-modem-portware.2.2.3.0.bin mica-modem-portware.2.2.3.0.
Upgrading Modem Code from the Cisco CCO TFTP Server Note To download modem code from CCO to a PC and then upgrade the modem code to an access server connected to your PC via an Ethernet hub, you need to set up a TFTP application on your PC, establish a HyperTerminal session, and make sure your PC and access server are correctly connected and talking before downloading the modem code from CCO. All these procedures are described in “Upgrading Modem Code from Diskettes,” later in this appendix.
Upgrading Modem Code 220- You may login with: 220- + Your CCO username and password, or 220- + A special access code followed by your e-mail address, or 220- + "anonymous" followed by your e-mail address for guest access. 220220 cio-sys FTP server (CIOESD #103 Sun Dec 15 14:43:43 PST 1996) ready. Step 2 Enter your CCO registered username and password (for example, harry and letmein): Name (cco.cisco.com:harry): harry 331 Password required for harry.
Upgrading Modem Code from the Cisco CCO TFTP Server Step 3 Specify the directory path that holds the modem firmware you want to download. For example, the directory path for the Cisco AS5300 modem code is /cisco/access/5300: ftp> cd /cisco/access/5300 250-Please read the file README 250- it was last modified on Tue May 27 10:07:38 1997 - 48 days ago 250-Please read the file README.txt 250- it was last modified on Tue May 27 10:07:38 1997 - 48 days ago 250 CWD command successful.
Upgrading Modem Code Copy the Modem Code File from Local TFTP Server to Modems The procedure for copying the modem code file from your local TFTP server to the modems is a two-step process. First, transfer the modem code to the access server’s Flash memory. Then, transfer the modem code to the modems. These two steps are performed only once. After you copy the modem code file into Flash memory for the first time, you should not have to perform these steps again.
Upgrading Modem Code from the Cisco CCO TFTP Server Step 5 Verify the file has been copied into the access server system Flash memory: 5300# show flash System flash directory: File Length Name/status 1 4530624 c5300-js-mz 2 210104 mica-modem-portware.x.x.x.x.
Upgrading Modem Code Upgrading Microcom Modem Code Downloading modem code to 56K Microcom modems is a five-step process: Step 1 Enter the access server enable mode (the prompt is displayed as 5300#): 5300> enable Password: 5300# Step 2 Check the image in the access server system Flash memory: 5300# show flash System flash directory: File Length Name/status 1 5826036 c5300-js-mz [5826100 bytes used, 10951116 available, 16777216 total] 16384K bytes of processor board System flash (Read/Write) 5
Upgrading Modem Code from Diskettes Step 5 Copy the modem code file from the access server system Flash memory to the modems by entering the copy flash modem command. 5300# copy flash modem Modem Numbers (/ | group | all)? all System flash directory: File Length Name/status 1 5826036 c5300-js-mz 2 377112 mcom-modem-code-3.1.30.bin [6203276 bytes used, 10573940 available, 16777216 total] Name of file to copy? mcom-modem-code-3.1.30.bin Copy 'mcom-modem-code-3.1.30.
Upgrading Modem Code Note The steps are similar if you are using a Macintosh or a UNIX workstation. Set Up a TFTP Application on the PC Step 1 Install the TFTP application on the PC. Note You can use any TFTP or rcp application available from independent software vendors. A number of TFTP programs are also available as shareware from public sources on the World Wide Web.
Upgrading Modem Code from Diskettes Step 3 Make sure your PC and access server are powered ON. Establish a HyperTerminal Session Use the steps in this section to establish a HyperTerminal session from your local PC to the Cisco AS5300. You will use the HyperTerminal session to talk to the access server. Step 1 In Microsoft Windows 95 on your PC, choose Start/Programs/Accessories/HyperTerminal. Step 2 Double-click Hypertrm.exe to display the Connection Description dialog box.
Upgrading Modem Code Step 2 In the HyperTerminal dialog box (see the previous section “Establish a HyperTerminal Session,” for details), enter the access server enable mode (the prompt is displayed as 5300#): 5300> enable Password: 5300# Step 3 Enter the ping command with your PC’s IP address. 5300# ping 172.16.1.1 The access server displays five exclamation points (!) if everything is working and it displays five dots (.) if there is a problem.
Using the Modem Code Bundled with Cisco IOS Software Step 3 Verify the file has been copied into the access server Flash memory: 5300# show flash System flash directory: File Length Name/status 1 4530624 c5300-js-mz 2 210104 mica-modem-portware.x.x.x.x.
Upgrading Modem Code To set the modem code mapping to the modem code version bundled with Cisco IOS software, enter the following command: Step 1 Enter the access server enable mode (the prompt is displayed as 5300#): 5300> enable Password: 5300# Step 2 Enter the copy system:/ucode/filename modem command (or, for Cisco IOS releases earlier than 11.3AA or 12.
A P P E N D I X B ROM Monitor This appendix describes the Cisco AS5300 ROM monitor, the first software to run when the access server is powered-up or reset. The ROM Monitor can help you isolate or rule out hardware problems encountered when installing your access server.
Command Aliasing • • A word in italics means that you must fill in the appropriate information. • The options [-bwl] for the memory-related commands provide for byte, word, and longword operations. The default is word. • You can invoke the memory-related commands by entering the command with no arguments. This causes the utility to prompt you for parameters. This option is available for the commands marked as prompting.
ROM Monitor Commands sysret unalias unset xmodem print out info from last system return unset an alias unset a monitor variable x/y modem download Note You can display additional details for a command by entering the command name with a -? option, which prints the command usage message. The commands are listed and described in alphabetical order. Note that the ROM monitor commands are case sensitive. • alias [name=value]—Aliases a name to a value.
ROM Monitor Commands The configuration register resides in NVRAM. The configuration register is identical in operation to other Cisco access servers. Enter confreg for the menu-driven system, or enter the new value of the register in hexadecimal. Note The value is always interpreted as hex. The confreg utility will print a before and after view of the configuration register when used in menu-driven mode.
ROM Monitor Commands For example: rommon 6 > context CPU Context: d0 - 0x00000028 d1 - 0x00000007 d2 - 0x00000007 d3 - 0x00000000 d4 - 0x00000000 d5 - 0x02003e8a d6 - 0x00000000 d7 - 0x00000001 pc - 0x02004adc • a0 a1 a2 a3 a4 a5 a6 a7 vbr - 0x0ff00420 0x0ff00000 0x02004088 0x020039e6 0x02002a70 0x02003f17 0x02003938 0x0200392c 0x02000000 cookie—Displays the contents of the cookie PROM in hexadecimal format.
ROM Monitor Commands For example: rommon 6 > frame 2 Frame 02: FP = 0x02003960 at 0x02003968 (fp + 0x08) at 0x0200396c (fp + 0x0c) at 0x02003970 (fp + 0x10) at 0x02003974 (fp + 0x14) at 0x02003978 (fp + 0x18) at 0x0200397c (fp + 0x1c) at 0x02003980 (fp + 0x20) at 0x02003984 (fp + 0x24) at 0x02003988 (fp + 0x28) at 0x0200398c (fp + 0x2c) • = = = = = = = = = = RA = 0x020050ee 0x02004f8d 0x0200f390 0x02006afc 0xc0a82983 0x02003a7e 0x02002630 0x00000000 0x02000000 0x0200c4a4 0x0200f448 help—The help comman
ROM Monitor Commands • • • reset or i—Resets and initializes the system, similar to power-on. set—Displays all the monitor variables and their values. stack [num]—Produces a stack trace of the num frames. The default is 5. The command dumps from the kernel stack and the process stack (if one is available) of a booted image.
ROM Monitor Commands B-8 Cisco AS5300 Universal Access Server Software Configuration Guide
A P P E N D I X C Using Setup on Cisco IOS Releases 11.2 or 11.3(2)T This appendix contains instructions for running the setup script for systems containing Cisco IOS Release 11.2 or 11.3 software.
Running Setup for Cisco IOS Release 11.2 Step 2 Continue with one of the following sections: • • “Running Setup for Cisco IOS Release 11.2” “Running Setup for Cisco IOS Release 11.3(2)T” Running Setup for Cisco IOS Release 11.2 The messages look similar to the following: Note The messages vary, depending on the Cisco IOS software release and feature set you selected. The screen displays in this section are for reference only and might not exactly reflect the messages on your console.
Running Setup for Cisco IOS Release 11.2 TN3270 Emulation software. Primary Rate ISDN software, Version 1.0. Backplane revision 1 Manufacture Cookie is not programmed. 1 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 48 terminal line(s) 4 Channelized T1/PRI port(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) 4096K bytes of processor board Boot flash (Read/Write) Notice: NVRAM invalid, possibly due to write erase.
Running Setup for Cisco IOS Release 11.2 Configure LAT? [no]: Configure AppleTalk? [no]: yes Multizone networks? [no]: yes Configure DECnet? [no]: Configure IP? [yes]: Configure IGRP routing? [yes]: Your IGRP autonomous system number [1]: 15 Note If you answer no to IGRP, you will be prompted to configure RIP.
Running Setup for Cisco IOS Release 11.2 Note Make sure the starting and ending addresses of the IP pool are in the same subnet. Enter the ending address of IP local pool? [X.X.X.X]: 172.20.30.
Running Setup for Cisco IOS Release 11.2 [c] primary-dms100 [d] primary-net5 [e] primary-ntt [f] primary-ts014 Enter the switch type [b]: Step 14 If you want users to be able to dial in via ISDN or analog modems, configure the controllers: Note All incoming calls to the access server are handled by the controllers, which route calls to the appropriate place inside the access server for processing. These controllers enable users to dial in via ISDN or analog modems.
Running Setup for Cisco IOS Release 11.2 ! appletalk routing no decnet routing ip routing no clns routing ipx routing no vines routing no xns routing no apollo routing no bridge 1 ! line 1 48 speed 115200 flowcontrol hardware login local autoselect during-login autoselect ppp modem dialin ip local pool setup_pool 172.20.30.40 172.20.30.88 ! username user password passwd ! arap network 1 ARA Dialins line 1 48 arap enable autoselect arap ! ! Turn off IPX to prevent network conflicts.
Running Setup for Cisco IOS Release 11.
Running Setup for Cisco IOS Release 11.2 dialer-list 1 list 101 ! router igrp 15 redistribute connected network 172.21.0.0 network 172.22.0.0 ! end Step 15 The next prompt asks if you want to save this configuration. If you answer no, nothing you entered is saved, and you are taken out of the System Configuration dialog to the enable prompt (5300#). (Type setup to return to the System Configuration dialog.) If you answer yes, the configuration is saved and you are returned to the EXEC prompt (5300>).
Running Setup for Cisco IOS Release 11.3(2)T Running Setup for Cisco IOS Release 11.3(2)T Note Cisco IOS Release 11.3(2)T includes CAS options and includes the capability of configuring controllers by group for the Integrated Services (ISDN) Primary Rate Interface (PRI). The messages look similar to the following: Note The displayed messages depend on the Cisco IOS software release and feature set you selected.
Running Setup for Cisco IOS Release 11.3(2)T Manufacture Cookie is not programmed. 1 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 48 terminal line(s) 4 Channelized T1/PRI port(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) 4096K bytes of processor board Boot flash (Read/Write) --- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Running Setup for Cisco IOS Release 11.3(2)T Configure IGRP routing? [yes]: Your IGRP autonomous system number [1]: 15 Note If you answer no to IGRP, you will be prompted to configure RIP. Configure Configure Configure Configure Configure Configure Step 25 CLNS? [no]: IPX? [no]: yes Vines? [no]: XNS? [no]: Apollo? [no]: bridging? [no]: Configure the asynchronous serial lines for the integrated modems on the modules installed in the access server.
Running Setup for Cisco IOS Release 11.3(2)T Note Make sure the starting and ending addresses of the IP pool are in the same subnet. Enter the starting address of IP local pool? [X.X.X.X]: 172.20.30.40 Enter the ending address of IP local pool? [X.X.X.X]: 172.20.30.
Running Setup for Cisco IOS Release 11.3(2)T Note If your access server is using a T1/PRI card, continue with the section “Continuing the Setup Script for T1/PRI Cards” and if your access server is using a E1/PRI card, continue with the section “Continuing the Setup Script for E1/PRI Cards.” Continuing the Setup Script for T1/PRI Cards This section continues the setup script for T1/PRI cards.
Continuing the Setup Script for T1/PRI Cards Step 6 Enter your telco line code type: The following linecode types are available: ami | b8zs Enter the line code type [b8zs]: Step 7 Enter the letter corresponding to the signaling type to support modem pooling over the T1 lines: The following line signaling types are available: [a] e&m-fgb [b] e&m-fgd [c] e&m-immediate-start [d] fxs-ground-start [e] fxs-loop-start [f] sas-ground-start [g] sas-loop-start Enter the line signaling type [a]: Step 8 Enter the
Running Setup for Cisco IOS Release 11.
Continuing the Setup Script for E1/PRI Cards Step 11 Enter yes to save the configuration, or enter no to erase it: Use this configuration? [yes/no]: yes Building configuration... Use the enabled mode 'configure' command to modify this configuration. Press RETURN to get started! %LINK-3-UPDOWN: Interface Ethernet0, changed state to up %LINK-3-UPDOWN: Interface Serial0, changed state to down %LINK-3-UPDOWN: Interface Serial1, changed state to down
Running Setup for Cisco IOS Release 11.3(2)T Next, you will be prompted to configure controllers. These controllers enable users to dial in via ISDN or analog modems. Do you intend to allow users to dial in? [yes]: There are 4 controllers on this access server. If you want to use the full capacity of the access server configure all controllers. Controller E1 0,1,..etc in software corresponds to Port 0,1,..etc on the back of the access server.
Continuing the Setup Script for E1/PRI Cards Step 8 Enter the letter corresponding to the tone signaling type: The following tone signaling types are available: [a] dtmf [b] r2-compelled [c] r2-non-compelled [d] r2-semi-compelled Enter the tone signaling type [b]: Step 9 Press Enter to provision ANI address information over E1 lines: Do you want to provision ANI address information? [yes]: Step 10 Enter the number corresponding to the country for which you are configuring R2 signaling: R2 signaling is
Running Setup for Cisco IOS Release 11.
Continuing the Setup Script for E1/PRI Cards [c] e&m-immediate-start [d] fxs-ground-start [e] fxs-loop-start [f] sas-ground-start [g] sas-loop-start [h] r2-analog [i] r2-digital [j] r2-pulse [k] p7 Enter the line signaling type [i]: j The following tone signaling types are available: [a] dtmf [b] r2-compelled [c] r2-non-compelled [d] r2-semi-compelled Enter the tone signaling type [b]: d Do you want to provision ANI address information? [yes]: R2 signaling is available for the following countries: [0] itu
Running Setup for Cisco IOS Release 11.3(2)T enable secret 5 $1$R20d$Yh/u1cqh63haVfbmHI0r.
Where to Go Next Step 12 Enter yes to save the configuration, or enter no to erase it: Use this configuration? [yes/no]: yes Building configuration... Use the enabled mode 'configure' command to modify this configuration. Press RETURN to get started! %LINK-3-UPDOWN: Interface Ethernet0, changed state to up %LINK-3-UPDOWN: Interface Serial0, changed state to down %LINK-3-UPDOWN: Interface Serial1, changed state to down
Where to Go Next C-24 Cisco AS5300 Universal Access Server Software Configuration Guide
A P P E N D I X D Upgrade VoIP Software As Cisco revises its Voice feature card software, you can download these upgrades from Cisco. Use the steps in this section to upgrade your Voice feature card software. Before downloading a new version of VCware, be sure to verify that the version of VCware is compatible with the specific release of Cisco IOS software already running on the access server. A compatibility matrix is posted on CCO’s Software Center.
Upgrading VoIP Feature Card Firmware Upgrading VoIP Feature Card Firmware To download software to your VFC, you need to: • • Determine the number of VFC cards in the system. • Determine whether the VFC is in VCWare mode or ROM Monitor mode. This determines how you download software to the VFC. • Download the software using the appropriate procedure. Check to see that the version of VFC ROM Monitor software is compatible with your installed Cisco IOS image. VFC ROM version 1.
Identify the VFC/ROM Monitor Mode Identify the VFC/ROM Monitor Mode To identify the VFC/ROM Monitor software version, perform the following task in privileged EXEC (enable) mode: Step Command Purpose 1 5300> enable Password: 5300# Enter enable mode. Enter the password. You have entered enable mode when the prompt changes to 5300#. 3 5300# show vfc slot_number [VCWARE running | ROMMON] board 5300# Shows whether your selected voice card is running in VCWare mode or in ROM Monitor mode.
Upgrading VoIP Feature Card Firmware Step Command Purpose 5 5300> enable Password: 5300# Re-enter enable mode. Enter the password. You have entered enable mode when the prompt changes to 5300#. 6 5300# show vfc slot_number board 5300# Check to see if the VFC is back up in VCWare mode. 7 5300# show vfc slot_number directory 5300# Verify that VCWare is in the VFC Flash.
Download Software in ROM Monitor Mode Tips If you are having trouble downloading the voice feature card software in VCWare mode, try the following: • Run the show vfc slot_number board command to verify that the voice feature card is back up in VCWare mode. 5300# show vfc 1 board VFC board state is UP, vfc status VCWARE running(0x4) VFC board in slot 1 with 18 dsps 5300# • Determine if the VFC ROM version you are running is 1.1 or version1.2.
Upgrading VoIP Feature Card Firmware Step Command Purpose 7 5300# unbundle vfc slot_number Unbundle the DSPWare from the VCWare and configure the default file list and the capability list. 8 5300# show vfc slot_number directory 5300# Verify that the DSPWare has been unbundled. 9 5300# show vfc slot_number default-list 5300# Verify that the default file list has been populated. 10 5300# show vfc slot_number cap-list 5300# Verify that the capability list has been populated.
New Hardware Features Tips If you are having trouble downloading the voice feature card software in ROM Monitor mode, try the following: • Run the show vfc slot_number board command to verify that the voice feature card is back up in VCWare mode. 5300# show vfc 1 board VFC board state is UP, vfc status VCWARE running(0x4) VFC board in slot 1 with 18 dsps 5300# • Determine if the VFC ROM version you are running is 1.1 or version1.2.
New Hardware Features D-8 Cisco AS5300 Universal Access Server Software Configuration Guide
IN DEX A aaa authentication command 4-11 AAA facility aaa new-model command 4-9 configuring 4-9 description 4-1 aaa new-model command 4-9 alarm status 3-4 alias command B-3 ani, R2 signaling 3-16 AppleTalk ATCP zone 3-52 cable range 3-52 configuring 3-52 debug commands 3-54 show appletalk interface serial command 3-52 verifying 3-52 ARA authentication examples 4-16 arap authentication command 4-15 asynchronous group interface CHAP authentication 3-21 configuring 3-21 debug commands 3-23 dial-in PC clients
command alarm status 3-4 exec-timeout 3-2 command line interface 1-1 command modes Cisco IOS software 2-2 configuration example 3-63 saving 3-63 timeout 3-2 configuration mode 4-4 securing access 4-4 configuration register B-4 configuration script, example C-6 configuration, saving 2-4 confreg command B-3 cont command B-4 context command B-4 cookie command B-5 copy tftp flash command A-20 country codes, setting 3-28 cptone 3-41 D debug appletalk ? command 3-54 debug cch323 h225 command 3-43 debug cch323 h2
H help command B-6 help, Cisco IOS software 2-1 help, technical support xv history command B-6 host name configuring 3-2 show config command 3-2 verifying 3-2 ISDN PRI channel service states, displaying 3-14 configuring 3-11 NFAS groups, monitoring 3-14 show controller e1 command 3-13 show controller t1 command 3-13 show isdn status command 3-14 verifying 3-13 K I idler timer, reset 3-50 interfaces authentication lists for 4-15 Inter-Switch Link 3-48 ip rsvp bandwidth command 3-44 ip rtp compression-conne
modem management back-to-back testing A-7 check modem type A-5 disable modems A-8 event buffer size A-5 frequency of polls A-6 modem statistics A-6 no modem country mica 3-30 no modem country microcom-hdms A-8 polling attempts A-6 remove inoperable modems A-6 resetting and holding A-8 start up test A-7 statistics commands A-4 uploading modem firmware A-14 modem parameters, setting 3-28 modem poll retry command A-6 modem poll time command A-6 modem pooling configuring 3-33 max-conn option 3-34 range of modem
remote authentication 4-2 remote authentication database 4-3 remote security database 4-3 repeat command B-6 reset command B-7 ROM monitor command conventions B-1 command summary B-6 commands B-2 diagnostics B-1, B-4 entering B-1 prompt B-1 RSVP for IP, VoIP 3-44 S saving configuration changes 2-4, 3-63 script, configuration C-6 security access service 4-1 accounting 4-1 authentication 4-1 authorization 4-1 examples 4-19 RADIUS server 4-8 remote security servers 4-3 securing access 4-4 TACACS+ daemon proce
unset command B-7 upgrad firmware D-2 URL locations, Cisco web sites xiii username command 4-13 username database, local 4-13 VPDN authentication accounts 3-60 configuring 3-58 debug commands 3-59 show vpdn command 3-58 verifying 3-58 V W virtual private dial-up networking 3-58 VLAN routing configuring ISL 3-48 debug vlan packets command 3-49 no debug vlan packets command 3-49 show vlan command 3-49 verifying VLAN setup 3-49 voice network data See also VoIP configuring 3-39 number extension table 3-39 n
