Equipment Needed
The following equipment is needed to perform this lab exercise:
Two Cisco routers, each of which must have a single ISDN BRI interface
•
Cisco IOS 11.2 or higher
•
Two ISDN BRI circuits
•
A PC running a terminal emulation program for console port connection on the routers
•
Configuration Overview
This lab will demonstrate the PPP callback function. RouterA is the callback client and RouterB is the callback server. PPP callback is used to provide enhanced security in a dial network. The PPP callback client calls the PPP callback server, the call is authenticated, and the PPP callback server then calls back the PPP callback client. We will see in this lab that a call from RouterA to RouterB will be disconnected and then RouterB will dial back RouterA.
RouterA and RouterB are connected as shown in Figure 3−20.
Figure 3−20: PPP callback
A PC running a terminal emulation program should be connected to the console port of one of the routers using a Cisco rolled cable.
ISDN Switch Setup
If you do not have access to actual ISDN circuits, you can use an ISDN desktop switch. Information on configuring an ISDN desktop switch can be found in the ISDN switch configuration section earlier in this chapter.
Router Configuration
The configurations for the two routers in this example are as follows. PPP callback commands are highlighted in bold.
RouterA
Current configuration:
!
version 11.2
service timestamps debug datetime no service password−encryption no service udp−small−servers
no service tcp−small−servers
dialer map ip 135.2.4.2 name RouterB broadcast 8999052 dialer load−threshold 1 outbound access−list 100 deny ospf any any
access−list 100 permit ip any any
dialer callback−secure
dialer map ip 135.2.4.1 name RouterA class dial1 broadcast 8999050 dialer load−threshold 100 either
dialer−group 1 no fair−queue no cdp enable ppp callback accept
ppp authentication chap callin ppp multilink
hold−queue 75 in
!
router ospf 64
network 135.2.0.0 0.0.255.255 area 0
!
no ip classless
!
map−class dialer dial1
dialer callback−server username access−list 100 deny ospf any any access−list 100 permit ip any any access−list 100 permit icmp any any no cdp run
!
dialer−list 1 protocol ip list 100
!
line con 0 line aux 0 line vty 0 4 password cisco login
! end
Monitoring and Testing the Configuration
Let's start by connecting to RouterA and enabling PPP protocol, authentication, and ISDN call control debugging with the debug ppp authentication, debug ppp negotiation, and debug isdn q931 commands.
RouterA#debug ppp authentication RouterA#debug ppp negotiation RouterA#debug isdn q931
Now activate the ISDN link by pinging RouterB at 135.2.4.2. We see below that RouterA places a call to RouterB.
RouterA#ping 135.2.4.2
Type escape sequence to abort.
Sending 5, 100−byte ICMP Echos to 135.2.4.2, timeout is 2 seconds:
*Mar 7 23:43:23: ISDN BR1/0: TX −> SETUP pd = 8 callref = 0x32 ← RouterA calls RouterB
*Mar 7 23:43:23: Bearer Capability i = 0x8890
*Mar 7 23:43:23: Channel ID i = 0x83
*Mar 7 23:43:23: Keypad Facility i = '8999052'
*Mar 7 23:43:24: ISDN BR1/0: RX <− CALL_PROC pd = 8 callref = 0xB2
*Mar 7 23:43:24: Channel ID i = 0x89
*Mar 7 23:43:24: ISDN BR1/0: RX <− CONNECT pd = 8 callref = 0xB2
%LINK−3−UPDOWN: Interface BRI1/0:1, changed state to up
*Mar 7 23:43:24: BR1/0:1 PPP: Treating connection as a callout
*Mar 7 23:43:24: BR1/0:1 PPP: Phase is ESTABLISHING, Active Open
*Mar 7 23:43:24: BR1/0:1 LCP: O CONFREQ [Closed] id 32 len 27
*Mar 7 23:43:24: BR1/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:24: BR1/0:1 LCP: MagicNumber 0xF4B761AD (0x0506F4B761AD)
*Mar 7 23:43:24: BR1/0:1 LCP: Callback 0 (0x0D0300)
*Mar 7 23:43:24: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:24: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015231)
*Mar 7 23:43:24: ISDN BR1./0: TX −> CONNECT_ACK pd = 8 callref = 0x32
*Mar 7 23:43:24: BR1/0:1 LCP: I CONFREQ [REQsent] id 57 len 24
*Mar 7 23:43:24: BR1/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:24: BR1/0:1 LCP: MagicNumber 0x052DFD6C (0x0506052DFD6C)
*Mar 7 23:43:24: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:24: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015232)
*Mar 7 23:43:24: BR1/0:1 LCP: O CONFACK [REQsent] id 57 len 24
*Mar 7 23:43:24: BR1/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:24: BR1/0:1 LCP: MagicNumber 0x052DFD6C (0x0506052DFD6C)
*Mar 7 23:43:24: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:24: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015232)
*Mar 7 23:43:24: BR1/0:1 LCP: I CONFACK [ACKsent] id 32 len 27
*Mar 7 23:43:24: BR1/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:24: BR1/0:1 LCP: MagicNumber 0xF4B761AD (0x0506F4B761AD)
*Mar 7 23:43:24: BR1/0:1 LCP: Callback 0 (0x0D0300)
*Mar 7 23:43:24: BR1/0:1 LCP: MRRU 1524 .(0x110405F4)
*Mar 7 23:43:24: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015231)
*Mar 7 23:43:24: BR1/0:1 LCP: State is Open
*Mar 7 23:43:24: BR1/0:1 PPP: Phase is AUTHENTICATING, by both
*Mar 7 23:43:24: BR1/0:1 CHAP: O CHALLENGE id 5 len 23 from "RouterA"
*Mar 7 23:43:24: BR1/0:1 CHAP: I CHALLENGE id 29 len 23 from "RouterB"
*Mar 7 23:43:24: BR1/0:1 CHAP: O RESPONSE id 29 len 23 from "RouterA"
*Mar 7 23:43:24: BR1/0:1 CHAP: I SUCCESS id 29 len 4
*Mar 7 23:43:24: BR1/0:1 CHAP: I RESPONSE id 5 len 23 from "RouterB"
*Mar 7 23:43:24: BR1/0:1 CHAP: O SUCCESS id 5 len 4
*Mar 7 23:43:24: BR1/0:1 PPP: Phase is VIRTUALIZED
*Mar 7 23:43:24: Vi1 PPP: Phase is DOWN, Setup
%LINEPROTO−5−UPDOWN: Line protocol on Interface BRI1/0:1, changed state to up
%LINK−3−UPDOWN: Interface Virtual−Access1, changed state to up
*Mar 7 23:43:24: Vi1 PPP: Treating connection as a callout
*Mar 7 23:43:24: Vi1 PPP: Phase is ESTABLISHING, Active Open
*Mar 7 23:43:24: Vi1 LCP: O CONFREQ [Closed] id 1 len 27
*Mar 7 23:43:24: Vi1. LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:24: Vi1 LCP: MagicNumber 0xF4B7621A (0x0506F4B7621A)
*Mar 7 23:43:24: Vi1 LCP: Callback 0 (0x0D0300)
*Mar 7 23:43:24: Vi1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:24: Vi1 LCP: EndpointDisc 1 Local (0x1305015231)
*Mar 7 23:43:24: Vi1 PPP: Phase is UP
*Mar 7 23:43:24: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar 7 23:43:24: Vi1 IPCP: Address 135.2.4.1 (0x030687020401)
*Mar 7 23:43:24: ISDN BR1/0: RX <− DISCONNECT pd = 8 callref = 0xB2
← RouterB hangs up on RouterA
*Mar 7 23:43:24: Cause i = 0x8090 − Normal call clearing
%LINK−3−UPDOWN: Interface BRI1/0:1, changed state to down
*Mar 7 23:43:24: BR1/0:1 PPP: Phase is TERMINATING
*Mar 7 23:43:24: BR1/0:1 LCP: State is Closed
*Mar 7 23:43:24: BR1/0:1 PPP: Phase is DOWN
*Mar 7 23:43:24: ISDN BR1/0: TX −> RELEASE pd = 8 callref = 0x32
%LINK−3−UPDOWN: Interface Virtual−Access1, changed state to down
*Mar 7 23:43:24: Vi1 IPCP: State is Closed
*Mar 7 23:43:24: Vi1 PPP: Phase is TERMINA.TING
*Mar 7 23:43:24: Vi1 LCP: State is Closed
*Mar 7 23:43:24: Vi1 PPP: Phase is DOWN
*Mar 7 23:43:24: ISDN BR1/0: RX <− RELEASE_COMP pd = 8 callref = 0xB2
%LINEPROTO−5−UPDOWN: Line protocol on Interface BRI1/0:1, changed state to down.
Success rate is 0 percent (0/5)
Notice how the call from RouterA to RouterB has been disconnected by RouterB.
The following trace shows how RouterB places the callback call to RouterA.
RouterA#
*Mar 7 23:43:41: ISDN BR1/0: RX <− SETUP pd = 8 callref = 0x4F ← RouterB calls
RouterA
%LINK−3−UPDOWN: Interface BRI1/0:1, changed state to up
*Mar 7 23:43:41: BR1/0:1 PPP: Treating connection as a callin
*Mar 7 23:43:41: BR1/0:1 PPP: Phase is ESTABLISHING, Passive Open
*Mar 7 23:43:41: BR1/0:1 LCP: State is Listen
*Mar 7 23:43:41: ISDN BR1/0: TX −> CONNECT pd = 8 callref = 0xCF
*Mar 7 23:43:41: Channel ID i = 0x89
*Mar 7 23:43:41: ISDN BR1/0: RX <− CONNECT_ACK pd = 8 callref = 0x4F
*Mar 7 23:43:41: Channel ID i = 0x89
*Mar 7 23:43:41: Signal i = 0x4F − Alerting off
*Mar 7 23:43:41: BR1/0:1 LCP: I CONFREQ [Listen] id 58 len 19
*Mar 7 23:43:41: BR1/0:1 LCP: MagicNumber 0x052E3F25 (0x0506052E3F25)
*Mar 7 23:43:41: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:41: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015232)
*Mar 7 23:43:41: BR1/0:1 LCP: O CONFREQ [Listen] id 33 len 24
*Mar 7 23:43:41: BR1/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:41: BR1/0:1 LCP: MagicNumber 0xF4B7A380 (0x0506F4B7A380)
*Mar 7 23:43:41: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:41: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015231)
*Mar 7 23:43:41: BR1/0:1 LCP: O CONFACK [Listen] id 58 len 19
*Mar 7 23:43:41: BR1/0:1 LCP: MagicNumber 0x052E3F25 (0x0506052E3F25)
*Mar 7 23:43:41: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:41: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015232)
*Mar 7 23:43:41: BR1/0:1 LCP: I CONFACK [ACKsent] id 33 len 24
*Mar 7 23:43:41: BR1/0:1 LCP: AuthProto CHAP (0x0305C22305)
*Mar 7 23:43:41: BR1/0:1 LCP: MagicNumber 0xF4B7A380 (0x0506F4B7A380)
*Mar 7 23:43:41: BR1/0:1 LCP: MRRU 1524 (0x110405F4)
*Mar 7 23:43:41: BR1/0:1 LCP: EndpointDisc 1 Local (0x1305015231)
*Mar 7 23:43:41: BR1/0:1 LCP: State is Open
*Mar 7 23:43:41: BR1/0:1 PPP: Phase is AUTHENTICATING, by this end
*Mar 7 23:43:41: BR1/0:1 CHAP: O CHALLENGE id 6 len 23 from "RouterA"
*Mar 7 23:43:41: BR1/0:1 CHAP: I RESPONSE id 6 len 23 from "RouterB"
*Mar 7 23:43:41: BR1/0:1 CHAP: O SUCCESS id 6 len 4
*Mar 7 23:43:41: BR1/0:1 PPP: Phase is VIRTUALIZED
*Mar 7 23:43:41: Vi1 PPP: Phase is DOWN, Setup
%LINK−3−UPDOWN: Interface Virtual−Access1, changed state to up
*Mar 7 23:43:41: Vi1 PPP: Treating connection as a callin
*Mar 7 23:43:41: Vi1 PPP: Phase is ESTABLISHING, Passive Open
*Mar 7 23:43:41: Vi1 LCP: State is Listen
*Mar 7 23:43:41: Vi1 PPP: Phase is UP
*Mar 7 23:43:41: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar 7 23:43:41: Vi1 IPCP: Address 135.2.4.1 (0x030687020401)
*Mar 7 23:43:41: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar 7 23:43:41: Vi1 IPCP: Address 135.2.4.2 (0x030687020402)
*Mar 7 23:43:41: Vi1 IPCP: O CONFACK [REQsent] id 1 len 10
*Mar 7 23:43:41: Vi1 IPCP: Address 135.2.4.2 (0x030687020402)
*Mar 7 23:43:41: Vi1 IPCP: I CONFACK [ACKsent] id 1 len 10
*Mar 7 23:43:41: Vi1 IPCP: Address 135.2.4.1 (0x030687020401)
*Mar 7 23:43:41: Vi1 IPCP: State is Open
*Mar 7 23:43:41: BR1/0 IPCP: Install route to 135.2.4.2
%LINEPROTO−5−UPDOWN: Line protocol on Interface BRI1/0:1, changed state to up
%LINEPROTO−5−UPDOWN: Line protocol on Interface Virtual−Access1, changed state to up
Verify that the call has been connected by pinging RouterB from RouterA.
RouterA#ping 135.2.4.2
Type escape sequence to abort.
Sending 5, 100−byte ICMP Echos to 135.2.4.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round−trip min/avg/max = 28/30/32 ms
Now connect to RouterB. The show dialer command will reveal that the ISDN circuit is active and that the dial reason was a callback return call. Notice that we are using both B channels of the BRI circuit; the above debug output only showed a single channel so that the debug output would be easier to read.
RouterB#show dialer
BRI1/0 − dialer type = ISDN
Dial String Successes Failures Last called Last status 8999050 6 0 00:00:42 successful 0 incoming call(s) have been screened.
BRI1/0:1 − dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re−enable (15 secs) Dialer state is physical layer up
Dial reason: Callback return call Time until disconnect 58 secs Connected to 8999050 (RouterA)
BRI1/0:2 − dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re−enable (15 secs) Dialer state is physical layer up
Dial reason: Callback return call Time until disconnect 77 secs Connected to 8999050 (RouterA)