分类: 系统运维
2008-05-20 15:39:20
最近我在调试一个网络,该网络使用一对二方式. 其中一个远端A与Internet互连,中心点与另外一个远端B通过该远端A连入Internet. 并且三点之间内部互通.
现三地之间用三台Cisco互连,能正常工作. 但是现需要备份中心点与两个远端之间的通信线路.
计划采用ISDN拨号备份.
ISDN Configuration Example - IP
-------------------------------------------------------
Sample Configuration for C2503
C2503#wr t
######
Current configuration:
!
version 10.2
!
hostname C2503
!
enable password test
!
username C4000 password cisco (See username explanation in the followi
ng
section.)
isdn switch-type basic-dms100
!
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.1 255.255.255.0
encapsulation ppp
bandwidth 56
dialer idle-timeout 300
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789
dialer hold-queue 5
dialer load-threshold 100
dialer-group 1
isdn spid1 408555432101 5554321
isdn spid2 408555987601 5559876
ppp authentication chap
!
router igrp 1
network 172.16.0.0
!
ip route 192.168.24.0 255.255.255.0 172.16.20.2
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
!
!
dialer-list 1 list 100
!
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Explanation of C2503 Configuration
C2503#wr t
######
Current configuration:
!
version 10.2
!
hostname C2503
!
enable password test
!
username C4000 password cisco
The username "C4000" is the hostname of the remote router and is used by the dialer map command below. The username is case sensitive and must match the remote router's hostname exactly. The password, which is used by the CHAP authentication process, is case sensitive and must match the remote router's password exactly.
Note: To avoid confusion, the unencrypted form of the password cisco is shown in this sample configuration. In the actual configuration, thepassword would appear in its encrypted form: 7 13061E010803, where 7denotes the encryption type and 3061E010803 is the encrypted form of the password cisco. When entering or making changes to the username command, always type the password in its unencrypted form and do not enter the encryption type (7). It is set automatically.
isdn switch-type basic-dms100
The ISDN switch type must match your carrier's equipment. If you change the switch-type, you must reload the router for the new switch type to take effect.
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.1 255.255.255.0
encapsulation ppp
PPP encapsulation is recommended over HDLC in order to allow the use of CHAP authentication.
bandwidth 56
The default bandwidth setting for a BRI interface is 64k. If you configured your dialer map statements with the speed 56 option, you should include the bandwidth statement.
Note: This command does not control the speed of your ISDN line. It sets the correct reference point for the BRI port's show interface statistics, for the dialer load-threshold command, and for IGRP/EIGRP routing metrics.
dialer idle-timeout 300
This command sets the number of seconds the ISDN connection will remain open if no interesting traffic is being routed. The timer is reset each time an interesting packet is forwarded.
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155551234
dialer map ip 172.16.20.2 name C4000 speed 56 broadcast 14155556789
The dialer map command is used with CHAP authentication to place the initial call to the remote router when interesting traffic is forwardedto the BRI interface. Once the connection is active, the dialer idle-timeout command determines how long it will remain active. A dialer map statement is required for each ISDN phone number that will be called . Be aware though, that two dialer map statements pointing to the same location might activate both B channels when you may only want to useone channel.
Note: The command parameters for this example are:
172.16.20.2 = the IP address of the remote router's BRI interface. Todetermine this address, type show interface bri 0 at the remote router's console prompt.
name C4000 = the hostname of the remote router. The name is case sensitive and should match the name configured for the username command above.
speed 56 = sets the dialer speed to 56k for ISDN circuits that are not 64k end-to-end, and should be included in both routers' dialer map statements. Most installations in North America must be configured for 56K.
broadcast = allows the forwarding of broadcast packets. Unless broadcast packets are specified as interesting packets by the dialer-list command, they will only be forwarded when the ISDN link is active.
14155551234
14155556789 = the remote router's ISDN telephone numbers.
dialer hold-queue 5
This command allows interesting packets to be queued until the ISDN connection is established. In this example, five interesting packets will be queued.
dialer load-threshold 100
This command is used to configure bandwidth on demand by setting the maximum load before the dialer places another call through the second B channel. The load is the calculated weighted average load value for the interface, where 1 is unloaded and 255 is fully loaded. The actual load value you should configure depends on the characteristics of your particular network. In this example, the second B channel will be activated when the load reaches 39% of maximum utilization, which is 100 divided by 255.
dialer-group 1
The dialer-group 1 command enables the dialer-list 1 on the BRI interface, which determines which packets will be interesting and activate the ISDN connection.
isdn spid1 408555432101 5554321
isdn spid2 408555987601 5559876
The isdn spid commands are used if your carrier assigns spids to your
ISDN lines.
ppp authentication chap
This command enables CHAP authentication.
router igrp 1
network 172.16.0.0
ip route 192.168.24.0 255.255.255.0 172.16.20.2
This IP route command creates a static route to the reote router's network via the remote router's BRI interface. This is required because dynamic routes are lost when the ISDN link is down.
Note: The command parameters for this example are:
192.168.24.0 = the target network.
255.255.255.0 = the target network mask. A 255 in an octet's position specifies an exact match for that octet is required, and a 0 in an octet's position specifies any value will match.
172.16.20.2 = the address of the next hop that can be used to reach the target network.
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0. 0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255. 255
This access list determines which IP packets will be interesting and activate the ISDN link. The access-list you should create depends on your particular network design. Note: The command parameters for this example are:
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0. 0
defines all broadcast packets as uninteresting.
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0255.255.255.255
defines all other IP packets as interesting.
dialer-list 1 list 100
This command points to access-list 100, which determines which IP packets will be interesting.
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Sample Configuration for C4000
C4000#wr t
######
Current configuration:
!
version 10.2
!
hostname C4000
!
enable password test
!
username C2503 password cisco (See username explanation in the followi
ng
section.)
isdn switch-type basic-dms100
!
interface Ethernet0
ip address 192.168.24.65 255.255.255.0
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.2 255.255.255.0
encapsulation ppp
bandwidth 56
dialer idle-timeout 300
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876
d
dialer load-threshold 100
dialer-group 1
isdn spid1 415555123401 5551234
isdn spid2 415555678901 5556789
ppp authentication chap
!
router igrp 1
network 172.16.0.0
network 192.168.24.0
!
ip route 172.16.10.0 255.255.255.0 172.16.20.1
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.
255
!
!
dialer-list 1 list 100
!
line con 0
line aux 0
line vty 0 4
password test
login
!
end
Explanation of C4000 Configuration
C4000#wr t
######
Current configuration:
!
version 10.2
!
hostname C4000
!
enable password test
!
username C2503 password cisco
The username "C2503" is the hostname of the remote router and is used
by the dialer map command below. The username is case sensitive and mu
st match the remote router's hostname exactly.
The password, which is used by the CHAP authentication process, is cas
e sensitive and must match the remote router's password exactly.
Note: To avoid confusion, the unencrypted form of the password cisco i
s shown in this sample configuration. In the actual configuration, the
password would appear in its encrypted form: 7 13061E010803, where 7
denotes the encryption type and 13061E010803 is the encrypted form of
the password cisco. When entering or making changes to the username co
mmand, always type the password in its unencrypted form and do not ent
er the encryption type (7). It is set automatically.
isdn switch-type basic-dms100
The ISDN switch type must match your carrier's equipment. If you chang
e the switch-type you must reload the router for the new switch type t
o take effect.
interface Ethernet0
ip address 192.168.24.65 255.255.255.0
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 172.16.20.2 255.255.255.0
encapsulation ppp
PPP encapsulation is recommended over HDLC in order to allow the use o
f CHAP authentication.
bandwidth 56
The default bandwidth setting for a BRI interface is 64k. If you confi
gured your dialer map statements with the speed 56 option, you should
include the bandwidth statement.
Note: This command does not control the speed of your ISDN line. It sets the correct reference point for the BRI port's show interface statistics, for the dialer load-threshold command, and for IGRP/EIGRP routing metrics.
dialer idle-timeout 300
This command sets the number of seconds the ISDN connection will remain open if no interesting traffic is being routed. The timer is reset each time an interesting packet is forwarded.
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085554321
dialer map ip 172.16.20.1 name C2503 speed 56 broadcast 14085559876
The dialer map command is used with CHAP authentication to place the initial call to the remote router when interesting traffic is forwardedto the BRI interface. After the connection is active, the dialer idle-timeout command determines how long it will remain active. A dialer map statement is required for each ISDN phone number that will be called. Be aware though, that two dialer map statements pointing to the same location might activate both B channels when you may only want to use one channel.
Note: The command parameters for this example are:
172.16.20.1 = the IP address of the remote router's BRI interface. To determine this address, type show interface bri 0 at the remote router's console prompt.
name C2503 = the hostname of the remote router. The name is case sensitive and should match the name configured for the username command above.
speed 56 = sets the dialer speed to 56k for ISDN circuits that are not64k end-to-end, and should be included in both routers' dialer map statements. Most stallations in North America must be configured for 56K.
broadcast = allows the forwarding of broadcast packets. Unless broadcast packets are specified as interesting packets by the dialer-list command, they will only be forwarded when the ISDN link is active.
14085554321
14085559876 = the remote router's ISDN telephone numbers.
dialer hold-queue 5
This command allows interesting packets to be queued until the ISDN connection is established. In this example, five interesting packets will be queued.
dialer load-threshold 100
This command is used to configure bandwidth on demand by setting the maximum load before the dialer places another call through the second B channel. The load is the calculated weighted average load value for the interface, where 1 is unloaded and 255 is fully loaded. The actualload value you should configure depends on the characteristics of your particular network. In this example, the second B channel will be activated when the load reaches 39% of maximum utilization, which is 100
divided by 255.
dialer-group 1
The dialer-group 1 command enables the dialer-list 1 on the BRI interface, which determines which packets will be interesting and activate the ISDN connection.
isdn spid1 415555123401 5551234
isdn spid2 415555678901 5556789
The isdn spid commands are used if your carrier assigns spids to your
ISDN lines.
ppp authentication chap
This command enables CHAP authentication.
router igrp 1
network 172.16.0.0
network 192.168.24.0
ip route 172.16.10.0 255.255.255.0 172.16.20.1
This ip route command creates a static route to the remote router's network via the remote router's BRI interface. This is required becausedynamic routes are lost when the ISDN link is down. Note: The command parameters for this example are:
172.16.0.0 = the target network.
255.255.0.0 = the target network mask. A 255 in an octet's position specifies an exact match for that octet is required, and a 0 in an octet's position specifies any value will match.
172.16.20.1 = the address of the next hop that can be used to reach the target network.
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0. 0
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255. 255
This access list determines which IP packets will be interesting and activate the ISDN link. The access-list you should create depends on your particular network design. Note: The command parameters for this example are:
access-list 100 deny ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.
defines all broadcast packets as uninteresting.
access-list 100 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255. 255
defines all other IP packets as interesting.
dialer-list 1 list 100
This command points to access-list 100, which determines which IP pack ets will be interesting.
line con 0
line aux 0
line vty 0 4
password test
login
!
end
备份的话,用静态路由足矣!下面是我公司在北京的工程配置:Current config
uration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname feihua
!
enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.
enable password 7 011F0F110A5A565B
!
username feihua password 7 141B1B1E5D557A7F
username jianhua1 password 7 00081A13550A5B52
no ip source-route
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 10.10.0.1 255.255.255.0
!
!
interface Serial0
backup delay 5 30
backup interface BRI0
ip address 10.10.10.1 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 10.10.20.1 255.255.255.0
encapsulation ppp
dialer idle-timeout 300
dialer map ip 10.10.20.2 name jianhua1 broadcast 86521075
dialer load-threshold 128 outbound
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
ppp multilink
hold-queue 75 in
!
ip classless
ip route 10.10.1.0 255.255.255.0 10.10.10.2
ip route 10.10.1.0 255.255.255.0 10.10.20.2
ip route 10.10.2.0 255.255.255.0 10.10.10.2
ip route 10.10.2.0 255.255.255.0 10.10.20.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0
password 7 045702135E701C1A
login
line vty 1 4
login
!
end
被叫端的配置:(建国门广发证券)
urrent configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname jianhua1
!
enable secret 5 $1$011Y$UBLyBOlDTa6ZKRnMnoyU0.
enable password 7 011F0F110A5A565B
!
username feihua password 7 141B1B1E5D557A7F
username jianhua1 password 7 00081A13550A5B52
no ip source-route
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 10.10.1.1 255.255.255.0
!
!
interface Serial0
ip address 10.10.10.2 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
interface BRI0
ip address 10.10.20.2 255.255.255.0
encapsulation ppp
dialer idle-timeout 300
dialer map ip 10.10.20.1 name feihua broadcast
dialer load-threshold 128 outbound
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
ppp multilink
hold-queue 75 in
!
ip classless
ip route 10.10.0.0 255.255.255.0 10.10.10.1
ip route 10.10.0.0 255.255.255.0 10.10.20.1
ip route 10.10.2.0 255.255.255.0 10.10.1.2
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0
password 7 045702135E701C1A
login
line vty 1 4
login
!
end
