Sample NAS Configurations for Cisco DialOut Utility
This appendix contains sample configurations for the NAS you will be using with the Cisco DialOut Utility, Release 2.0. The Cisco DialOut Utility can be used with any NAS that supports Class 2 faxing.
For more information on setting up and configuring your NAS, see the documentation for your NAS and the Telnet Extensions for Dialout supplement to your Cisco IOS documentation.
Note If the Cisco IOS image on your NAS does not support the Cisco DialOut Utility, the
utility will display a message stating that your Cisco IOS image does not support
RFC 2217. See the README.DOC file for information on which Cisco IOS images
contain this support.
Sample Configuration File for Cisco AS2509-2512 Series Access Servers
Following is a sample configuration file for a Cisco AS2509, Cisco AS2510, Cisco AS2511, or Cisco AS2512 access server that you can use with Cisco DialOut Utility. Edit the example to reflect your own configuration.
!
version 11.3
service timestamps debug datetime msec localtime
no service udp-small-servers
service tcp-small-servers
!
hostname 2500-DialOut
!
enable secret 5 $1$WG3K$8ZhlhHUG6hx4U3U2KFPyW0
enable password abc
!
ip domain-name cisco.com
ip name-server 10.0.0.0
ip address-pool local
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0
no ip mroute-cache
no ip route-cache
no lat enabled
no mop enabled
!
interface Serial0
no ip address
no ip mroute-cache
no ip route-cache
shutdown
!
interface Serial1
no ip address
no ip mroute-cache
no ip route-cache
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
no ip mroute-cache
encapsulation ppp
no ip route-cache
async default routing
async dynamic address
async mode interactive
peer default ip address pool local
dialer in-band
no cdp enable
ppp authentication chap
group-range 1 8
!
interface Dialer0
no ip address
no ip mroute-cache
no ip route-cache
no cdp enable
!
router eigrp 109
network 10.2.0.0
no auto-summary
!
ip local pool local 10.1.1.1 10.1.1.5
ip default-gateway 10.1.1.2
no ip classless
ip route 10.2.2.2 255.255.255.224 10.1.1.1
ip route 10.3.3.3 255.255.255.224 10.4.4.4
!
line con 0
exec-timeout 0 0
line 1 8
refuse-message ^C [!NMM!] No Modems Available ^C
modem InOut
rotary 1
transport preferred telnet
transport input all
rxspeed 115200
txspeed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password abc
login
!
end
Sample Configuration File for a Cisco AS2509 Access Server with Local AAA Security
Following is a sample configuration file for a Cisco AS2509 access server using authentication, authorization, and accounting (AAA) that you can use with the Cisco DialOut Utility. Edit the example to reflect your own configuration.
version 11.3
service timestamps debug datetime msec localtime; Helpful for accurate debug based on timestamps
no service udp-small-servers
service tcp-small-servers
!
hostname 2500-DialOut
!
aaa new-model
aaa authentication local-override
aaa authentication login dialout local
aaa authentication enable default enable
aaa authentication ppp dialup local
aaa authorization reverse-access none
enable password cisco
!
username admin password 7 02050D480809
username dialout password 7 110A1016141D4B4C44
ip address-pool localpool
!
interface Ethernet0
ip address 10.1.1.40 255.255.255.0
no ip mroute-cache
no ip route-cache
no lat enabled
no mop enabled
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
shutdown
!
interface Dialer0
no ip address
no ip mroute-cache
no ip route-cache
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0
no ip mroute-cache
encapsulation ppp
no ip route-cache
async default routing
async dynamic address
async mode interactive
peer default ip address pool local
dialer in-band
no cdp enable
ppp authentication chap
group-range 1 8
!
interface Dialer0
no ip address
no ip mroute-cache
no ip route-cache
no cdp enable
!
router rip
network 10.0.0.0
!
ip local pool localpool 10.1.1.50 10.1.1.60
no ip classless
!
line 1 4
login authentication dialout
refuse-message ^C [!NMM!] No Modems Available ^C
modem InOut
rotary 1
transport preferred telnet
transport input all
rxspeed 115200
txspeed 115200
flowcontrol hardware
!
line 5 8
login authentication dialout
no exec
refuse-message ^CCC [!NMM!] No modems available ^C
modem InOut
rotary 1
transport preferred telnet
transport input all
rxspeed 38400
txspeed 38400
flowcontrol hardware
line aux 0
line vty 0 4
password cisco
login authentication dialout
!
end
Sample Configuration File for Cisco AS5xxx Series Access Servers
Following is a sample configuration file for a Cisco AS5xxx series access server that you can use with Cisco DialOut Utility. See the README.DOC file or CCO for specific information on which platforms and Cisco IOS versions are supported. Edit the example to reflect your own configuration.
version 11.3
service timestamps debug datetime msec localtime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 5XXX-1
!
enable password cisco
!
username root password 7 123456789012
username cisco password 7 223456789012
modem startup-test
no ip domain-lookup
isdn switch-type primary-5ess
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
!
controller T1 1
shutdown
framing esf
clock source line secondary
linecode b8zs
pri-group timeslots 1-24
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
no ip route-cache
no ip mroute-cache
no lat enabled
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial0:23
ip address 10.15.2.80 255.255.255.0
encapsulation ppp
no ip route-cache
no ip mroute-cache
no keepalive
dialer idle-timeout 400
dialer map ip 10.15.2.60 6661210
dialer-group 1
isdn incoming-voice modem
peer default ip address pool setup_pool
no fair-queue
no cdp enable
ppp authentication chap
ppp multilink
!
interface Serial1:23
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
encapsulation ppp
no ip route-cache
no ip mroute-cache
async dynamic address
async dynamic routing
async mode interactive
peer default ip address pool setup_pool
ppp authentication chap pap
group-range 1 48
!
interface Dialer0
no ip address
no ip route-cache
no ip mroute-cache
dialer-group 1
!
ip local pool setup_pool 10.1.1.2 10.1.1.4
ip classless
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
line 1 48
refuse-message ^C [!NMM!] No Modems Available ^C
exec-timeout 0 0
autoselect during-login
autoselect ppp
modem InOut
transport preferred telnet
transport input all
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
line vty 5 6
password cisco
!
scheduler interval 1000
end
Sample Configuration File for a Cisco AS5xxx Series Access Server with AAA Security
Following is a sample configuration file for Cisco AS5xxx series access servers that you can use with the Cisco DialOut Utility. See the README.DOC file or CCO for specific information on which platforms and Cisco IOS versions are supported. Edit the example to reflect your own configuration.
version 11.3
service timestamps debug datetime msec localtime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname 5XXX-1
!
aaa new-model
aaa authentication login default tacacs+
aaa authentication login noaaa local
aaa authentication login logintac tacacs+
aaa authentication ppp ppptac tacacs+
aaa authentication ppp paplocal local
aaa authorization exec tacacs+
aaa authorization network tacacs+
aaa authorization reverse-access tacacs+
aaa accounting exec start-stop tacacs+
aaa accounting network start-stop tacacs+
aaa accounting update newinfo
enable password cisco
!
username root password 7 123456789012
username cisco password 7 223456789012
modem startup-test
no ip domain-lookup
isdn switch-type primary-5ess
!
controller T1 0
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
!
controller T1 1
shutdown
framing esf
clock source line secondary
linecode b8zs
pri-group timeslots 1-24
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
no ip route-cache
no ip mroute-cache
no lat enabled
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial0:23
ip address 10.15.2.80 255.255.255.0
encapsulation ppp
no ip route-cache
no ip mroute-cache
no keepalive
dialer idle-timeout 400
dialer map ip 10.15.2.60 6661210
dialer-group 1
isdn incoming-voice modem
peer default ip address pool setup_pool
no fair-queue
no cdp enable
ppp authentication chap ppptac
ppp multilink
!
interface Serial1:23
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
encapsulation ppp
no ip route-cache
no ip mroute-cache
async dynamic address
async dynamic routing
async mode interactive
peer default ip address pool setup_pool
ppp authentication chap pap paplocal
group-range 1 48
!
interface Dialer0
no ip address
no ip route-cache
no ip mroute-cache
dialer-group 1
!
ip local pool setup_pool 10.1.1.2 10.1.1.4
ip classless
dialer-list 1 protocol ip permit
!
tacacs-server host 10.4.1.10
tacacs-server timeout 20
tacacs-server key nas1
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login authentication noaaa
line 1 48
refuse-message ^C [!NMM!] No Modems Available ^C
exec-timeout 0 0
autoselect during-login
autoselect ppp
modem InOut
transport preferred telnet
transport input all
line aux 0
line vty 0 4
exec-timeout 0 0
password cisco
login authentication logintac
line vty 5 6
password cisco
!
scheduler interval 1000
end
CiscoSecure ACS User Profile Example
In order to use the aaa authorization reverse access command with CiscoSecure ACS for UNIX, the profile for the Cisco DialOut Utility user must contain the following lines. The lines must be entered exactly as shown.
Note This example is for TACACS+ only.
{
{
profile_cycle=10
profile_id=19
member=Telnet_Users
password=chap "*****"
password=clear "cisco"
service = raccess {
set port#3 = 5XXX-1/tty1
}
}
For additional information, including information for CiscoSecure ACS for Windows NT users, see the README.DOC file and your CiscoSecure documentation.
