|
This chapter describes how to use the Cisco IOS software command-line interface (CLI) to configure basic access server functionality, including:
Follow the procedures in this chapter to configure the access server manually or if you want to change the configuration after you have run the setup script (described in the chapter "First-Time Configuration").
This chapter does not describe every configuration possibleonly a small portion of the most commonly used configuration procedures. For advanced configuration topics and procedures, refer to the topic Configuring Cisco IOS Features online at
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/index.htm
You can also view these publications on the Documentation CD-ROM that arrived with your access server, or you can order printed copies separately.
If you are experienced using the Cisco IOS software, you might find the "Comprehensive Configuration Examples" section at the end of this chapter a useful reference for configuration.
Note If you skipped the previous chapter, "Using Cisco IOS Software," and you have never configured a Cisco access server, go back to that chapter and read it now. This chapter provides important information you will need to succeed with the configuration.
One of the first configuration tasks you might want to do is configure the host name and set an encrypted password. Configuring a host name allows you to distinguish multiple Cisco access servers from each other. Setting an encrypted password allows you to prevent unauthorized configuration changes.
Table 3-1 Configuring the Host Name and Passwords
To verify that you configured the right host name and passwords:
Check the host name and encrypted password displayed near the top of the command output.
Facility alarm currently monitors the following failure events:
IOS polls every second to detect the failure events that you have configured and will turn ON the alarm when any one of the failure events is detected. By default, facility alarm in OFF. Users have to configure one of the following commands to enable monitoring of the failure conditions.
Enter [no] before the full command to disable any of the alarm commands.
To see the status of the alarms:
Assign an IP address to the Ethernet 10BaseT interface of your access server so that it can be recognized as a device on the Ethernet LAN.
To verify you have assigned the correct IP address:
Assign an IP address to the Ethernet 100BaseT interface of your access server so that it can be recognized as a device on the Ethernet LAN. The Fast Ethernet interface supports 10- and 100-Mbps speeds with the 100BaseT and 10BaseT routers, hubs, and switches.
Duplex Mode | Speed Mode | Action |
---|---|---|
To verify the IP address, configured and actual speed, and configured and actual duplex operations:
Configure the synchronous serial interfaces on the E1 or T1 PRI card to connect to a WAN through a CSU/DSU.
This section describes how to enable the serial interface, specify IP routing, and set up external clock timing on a DCE or DTE interface. To use a port as a DTE interface, you need only connect a DTE adapter cable to the port. When the system detects the DTE mode cable, it automatically uses the external timing signal. To use a port in DCE mode, you must connect a DCE interface cable and set the clock speed with the clock rate configuration command. You must also set the clock rate to perform a loopback test.
Note The four serial interfaces each support a clock rate of 2 Mbps; you can support a rate of 8 Mbps on serial interface 0 by shutting down the other three interfaces using the e2-clockrate command on serial interface 0.
To verify you have configured the interfaces correctly:
Configure the access server for channelized T1 or E1 lines.
Note By default, synchronized clocking is set with controller 0 as the primary clock source and controllers 1 to 7 as secondary clocks. (Synchronized clocking is necessary throughout the network for reliable data transmission.) The secondary clock sources serve as backups in case of the primary clock failure. You can change the clock source using the clock source line primary and clock source line secondary <1-7>.
To verify your controller is up and running and no alarms have been reported:
Use BERT to test the link from the central office to your local access server, or the remote access server can test the link using pings to the service provider's local interface (connected from the remote site, looped back at your local site, and returned to the interface on the remote site).
The following example shows how to set up and start the BERT tests. The bert profile 1 command in the following example uses these settings: pseudo-random data pattern 211-0.152, error threshold of 10^-6 bit rate, error injection none, and total time for the test 20 minutes.
The TDM subsystem troubleshooting commands are not used during normal system operation. Instead, the Cisco IOS commands show the current status and settings of the TDM backplane, enable debug output for display to the user when TDM programming occurs, and provide a set of test commands to test the functionality of the TDM path. TDM commands are generally used only by a Cisco technical support representative during troubleshooting data continuity problems.
Note For details on these two features (BERT and TDM), refer to the Cisco IOS software configuration guide and command reference publications. These publications are available on the Documentation CD-ROM that came with your access server, on the World Wide Web from Cisco's home page, or you can order printed copies.
Configure the access server interfaces for ISDN PRI lines.
Step | Command | Purpose |
---|---|---|
1 | Enter enable mode (also called privileged EXEC mode). You have entered enable mode when the prompt changes to 5300#. |
|
2 | Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)#. |
|
3 | Enter your telco's switch type. See Table 3-9 for details. |
|
4 | Enter controller configuration mode and port number to configure your controller port. The controller ports are labeled 0 to 3 on the Quad cards and 0 to 7 on the Octal cards. |
|
5 | Configure all the channels for ISDN and the Non-Facility Associated Signaling (NFAS) primary D channel. Enter pri-group timeslots 1-24 for T1. If E1, enter pri-group timeslots 1-31. Note that you also need to configure the NFAS backup D channel to be used if the primary D channel fails on a different channelized T1 controller. |
|
6 | Repeats steps 4 and 5 to configure each additional controller (there are 4 on Quad cards and 8 on Octal cards). |
|
7 |
Return to enable mode. |
Table 3-9 lists the supported ISDN switch types.
To verify you have configured the interfaces correctly:
Note the following information for Serial 0:23 (the first half of the messages):
R2 signaling is an international signaling standard that is common to channelized E1 networks. You can configure a channelized E1 interface to support different types of R2 signaling, which is used in older analog telephone networks. Note that this feature is only available for MICA modems.
Note Cisco's implementation of R2 signaling has DNIS support turned on by default. If you enable the ANI option, the collection of DNIS information is still performed. Specifying the ANI option does not disable DNIS collection. DNIS is the number being called. ANI is the caller's number. For example, if you are configuring router A to call router B, then the DNIS number is assigned to router B, the ANI number is assigned to router A. Also, note that ANI is similar to Caller ID.
Step | Command | Purpose |
---|---|---|
1 | Enter enable mode (also called privileged EXEC mode). You have entered enable mode when the prompt changes to 5300#. |
|
2 | Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)#. |
|
3 | Enter controller configuration mode to configure your E1 controller port. The E1 controller ports are labeled 0 to 3 on the Quad cards and 0 to 7 on the Octal cards. |
|
4 | Configure the timeslots that belong to each E1 circuit for R2 signaling. Sets R2 signaling to R2 ITU Q411, the tone signal to R2 Compelled Register Signaling, and the ANI addr info provisioned option. R2 line signaling options include r2-analog, r2-digital, and r2-pulse. Tone signaling options include dtmf (default), r2-compelled, r2-non-compelled, and r2-semi-compelled. You can also set ani (ANI addr info provisioned) for any of the above options. |
|
5 | ||
6 | Use defaults for the specified country. Note: To view the parameters for the country (if the country defaults are the same as ITU defaults), enter write term. The default setting for all countries is ITU. See "Country Codes for R2 Signaling" later in this section for a list of supported countries. |
|
7 | Sets the cas custom command answer-signal to group-b to 6. Cas custom commands include caller-digits, category, country, unused-abcd, invert-abcd, metering, ka, kd, dnis-digits, answer-signal, and nc-congestion. Sets answer-signal group-b to the default ITU value. Resets answer-signal group-b 6 to the default value.
Note: The parameters you do not set are automatically set to the ITU default by the Cisco AS5300. |
|
8 | ||
9 | (Optional) Enter voice port mode for the port you want to configure. If you have a voice card, you will need to configure the voice ports to match the controller country code. |
|
10 | ||
11 | ||
Return to enable mode. |
Table 3-11 lists the country codes supported for R2 signaling.
Country | Code |
---|---|
To verify your R2 signaling configuration:
If the connection does not go up, check the following:
If you see errors on the line or the line is going up and down, check the following:
If you are still having trouble, enable the modem management Call Switching Module (CSM) debug mode using the debug modem csm command. This is the output of debug modem csm for an incoming call:
When the E1 controller comes up, you will see the following messages:
You can assign the asynchronous interfaces to a group so that you can configure them as a group, instead of individually.
To verify your group interface configuration:
Configure the ISDN D channels, which carry the control and signaling information for ISDN calls, for each ISDN PRI line.
1PPP = Point-to-Point Protocol.
2CHAP = Challenge Handshake Authentication Protocol. 3PAP = Password Authentication Protocol. |
To verify your D-channel configuration:
1ITU-T = International Telecommunication Union Telecommunication Standardization Sector. |
Configure the modems to allow users to dial in to your network.
Step | Command | Purpose |
---|---|---|
1 | Enter enable mode (also called privileged EXEC mode). You have entered enable mode when the prompt changes to 5300#. |
|
2 | Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)#. |
|
3 |
Specify the country to set the modem parameters (including country code and encoding) for MICA modems. The default is usa if the access server is configured with T1 interfaces and e1-default if the access server has E1 interfaces. |
|
4 | Enter the number of modem lines to configure. If you have 48 modems, enter line 1 48. If 60, enter line 1 60. Note: There are 12 modems on each 12-port module, and 6 modems on each MICA 6-port module. |
|
5 | ||
6 | Enable remote IP users running a PPP application to dial in, bypass the EXEC facility, and connect directly to the network. |
|
7 | ||
8 |
Return to enable mode. |
Table 3-17 lists the current Microcom modem codes.
Table 3-18 lists the current MICA modem codes.
Country | Code | Country | Code |
---|---|---|---|
To reset to default settings for country codes, enter the following commands in global configuration mode:
To verify your modem configuration:
The following is the sample output for a MICA modem for an outgoing ISDN voice call:
This is the sample output for an incoming ISDN voice call on a MICA modem:
Use modem pooling to define, select, and use separate pools of modems within a single access server to enable different dial-in services for different customers. The primary application is to allocate specific modems based on called party numbers and a predetermined number of modem ports based on Dialed Number Information Service (DNIS).
If you do not configure any modem pools, all the modems are placed into a single pool. There is no restriction on the number of modem pools that you can configure. A pool can contain a minimum of one modem and a maximum equal to all the modems in the system.
This section briefly shows how to set up a minimum configuration. For detailed information on using this feature, refer to the command reference documents shipped with your access server.
Note To support modem pooling over channelized T1 lines, make sure you have configured the lines as described in the section "Configuring Channelized T1 or E1." If you are using R2 signaling over channelized E1, you do not need any special configuration options because DNIS information is always collected.
To verify your modem pooling configuration:
The Cisco resource pooling and session counting feature allows you to do the following:
To configure resource pooling and session counting, you must first set up DNIS and resource groups. After this, you can create customer profiles.
A DNIS group is a pool of individual DNIS numbers that are grouped together and then assigned a name. A resource group is pool of resources, such as HDLC framers or modems, that are used to provide services to one or more customer profiles.
Step | Command | Purpose |
---|---|---|
1 | Enter global configuration mode. You have entered global configuration mode when the prompt changes to 5300(config)#. |
|
2 |
Create a DNIS resource group, which enables a set of specific DNIS numbers to be recognized by a specific customer profile.1 Replace the name variable with a name for the DNIS group. |
|
3 |
Add DNIS numbers to the DNIS group created in Step 2. This collection of DNIS numbers are assigned to a specific customer. Replace the number variable with an actual DNIS number. |
|
4 | ||
5 |
Create one or more resource groups, which identify the resources to be shared between one or more customer profiles. For example, create a resource group that includes only modems. Or, create a resource group that passes incoming circuit switched data calls off to the HDLC framers. Replace the name variable with an actual name for the resource. |
|
6 |
For a resource group comprised of modems and V.110 terminal adapters, specify a range of modems to include as members in the resource group. To do this, enter the range port slot/port-slot/port command.2 |
|
5 |
1The configuration procedure for setting up customer profiles is described in the next table in this section.
2The number of sessions you want to allow for particular customers is defined in the individual customer profiles using the limit size command. More than one customer profile can consume resources from a single physical resource group. For example, you can have one large 56K modem resource pool that provides services to two customer profiles. To view the slot/port modem numbering scheme on the access server, enter the show modem EXEC command. |
After setting up DNIS groups and physical resources groups, you can now set up the customer profiles and maximum connection limits, as shown in Table 3-21. A customer profile is a customized set of access services and physical resources given to a customer. A customer profile can contain a selection of physical resources (such as a range of HDLC framers and modems), a group of DNIS numbers, and a defined limit of simultaneous connections.
1The digital call type specifies synchronous data calls that terminate on a HDLC framers, such as a ISDN circuit switched data call initiated by a terminal adapter connected to a PC (unlike an asynchronous analog modem call using start and stop bits). The speech call type specifies normal voice calls, such as calls initiated by analog modems. The v110 and v120 call types specify V.110 and V.120 calls.
2Use the dnis-group default command to allow a customer profile to accept any DNIS number and use only the call-type to discriminate (for example, digital, speech, V.110, and V.120). |
To verify that you correctly configured the system resources and customer profiles, use the following commands:
Use the procedures in this section only if you have a VoIP feature card installed in your access server. Configure the voice network data by creating a number expansion table to map (or associate) individual extensions with their full E.164 telephone numbers.
To verify your voice network data configuration:
The following example shows how to test this configuration.
Note In the above example, the num-exp rule maps 31001 to 14085231001 and 14085231001 matches the destination pattern for dial-peer 103.
In this case, there is no number expansion for 7870, and there is no dial-peer with a 7870 destination pattern. The user would have to verify that the number they entered (7870) is correct, that they (optionally) have number expansion for 7870 or some wildcard match for 7870 that expands to the full number they want, and finally a dial peer that matches 7870, or if using num-exp, matches the expansion of 7870.
This section describes how to configure T1 Channel Associated Signaling (CAS) and E1 R2 signaling with the Voice over IP (VoIP).
This configuration is an example of how to configure the voice ports as a cas-group for the channelized T1 lines.
Use the procedures in this section only if you have a VoIP feature card installed in your access server. You need to configure the RSVP for voice, multilink PPP interleaving, and RTP header compression to improve the voice network performance for your IP network. Some of the options you will use in the steps listed in Table 3-24 depend on the demands of your IP network.
For a detailed discussion of voice over technology, configuration examples, and commands, see the Voice Over IP Software Configuration Guide, which includes the following chapters:
To verify you enabled RSVP and RTP on the interface:
The goal of Redundant Link Manager (RLM) is to primarily provide a virtual link management over multiple IP networks so that the Q.931 signaling protocol and other proprietary protocols can be transported on top of multiple redundant links between the Cisco signaling controller and the access server.
We recommend that all access servers should use at least two IP interfaces to connect to the primary and alternative IP interfaces of the signaling controller. Otherwise, the control traffic will be impacted by the data traffic by sharing the same interface for both types of traffic.
To verify you have configured the interfaces correctly:
Note the following information for Serial 0:23 (the first half of the messages):
The second half of the messages display information for Serial 1:23.
Use the Inter-Switch Link (ISL) to connect multiple Virtual LANs (VLANs) using the Ethernet Media Access Control (MAC) and Ethernet media.
1IPX = Internetwork Packet Exchange. |
To verify the VLAN setup (VLAN ID, network address, protocol, and packets received and transmitted):
If packets are not being routed:
Configure the IPX networks for dial-in remote IPX users.
To verify the IPX routing is enabled:
Configure AppleTalk to enable Macintosh clients to access network resources by dialing through the access server over ISDN.
1ATCP = AppleTalk Control Protocol.
2ARAP = AppleTalk Remote Access Protocol. |
To verify the AppleTalk interface is up and running:
If you are having trouble, you can troubleshoot the AppleTalk protocol by using its debug commands to view information for the errors, events, and packets and check the Gateway name, NAS name, and if the virtual access interface is up.
If you have multiple access servers stacked together to provide a frontend for receiving access calls, you can configure Multichassis Multilink Point-to-Point Protocol (MMP) so that Multilink PPP (MP) call processing can be offloaded to other access servers.
MMP support on a group of access servers requires that each access server be configured to support:
1A virtual template is a serial interface configuration with no hardware association.
2DHCP = Dynamic Host Configuration Protocol. |
To verify the MMP configuration on each server:
Error messages are displayed if one server 5300-6 shows an sgbp group configured but the group is not configured for another server in the group. Error messages are also displayed if the password is not configured for the sgbp group.
The above event message indicates that the sgbp connection went down and 5300-3 is no longer part of the 5300-7 sgbp group. You can check 5300-3 for the reasons why the sgbp connection went down. Possibly, the sgbp member entry for 5300-7 was removed or there is no communication between 5300-7 and 5300-3.
You can create authentication accounts for other routers in an MMP stack. If your stack name is STACK1, you need to create a user account called STACK1 on each router with the same password.
Virtual private dial-up networking (VPDN) enables users to configure secure networks that take advantage of Internet service providers (ISPs) that tunnel a company's remote access traffic through the ISP cloud.
Remote offices or mobile users can connect to their home network using local third-party dial-up services. The dial-up service provider agrees to forward the company's traffic from the ISP point of presence (POP) to a company-run home gateway. Network configuration and security remains in the control of the client. The dial-up service provider provides a virtual connection between the company's sites.
Note The MMP feature uses VPDN to connect multiple PPP sessions for which individual dial-in calls have arrived on different stack group members. VPDN provides speed and reliability for the setup and shutdown of Multilink PPP.
To verify your VPDN configuration:
This is sample output for the debug vpdn event command:
This is sample output for the debug vpdn l2f-events command:
This is sample output for the debug vpdn l2f-errors command:
You can create authentication accounts for other routers between the NAS and the HGW for VPDN.
The COT subsystem supports the Continuity Test (COT), which is required by the SS7 network to conduct loopback and tone check testing on the path before a circuit is established. Continuity testing (COT) will detect any failure of DS0 channels. It is required for North American SS7 compliance.
There are no configuration tasks.
Use the following commands to verify COT:
To prevent the loss of the access server configuration, save it to NVRAM.
This section includes three sample outputs of the show config command. If you are experienced with the Cisco IOS software, you might find this a useful reference for configuration.
At this point you can proceed to:
Posted: Sun Jan 19 07:41:28 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.