|
|
This chapter will familiarize you with critical components of Cisco access servers while you configure the product for the first time. Spending a few minutes in this chapter when you first sit down to configure your access server will save you more than a few minutes later.
Complete the tasks in this chapter if you are not familiar with any of the following components and configuration tasks on a Cisco access server:
This chapter assumes you have already referred to your product's hardware installation configuration guide, software configuration guide, or other documents for your product to perform the following tasks:
Router>) on your terminal screen (or being able to display it)
Complete these tasks before you perform the tasks in this chapter. (Refer to the documentation that accompanied your access server for more information about these tasks.)
Specifically, this chapter describes the following:
Access servers are used in a variety of dial networking topologies.
Figure 1-1 shows the Cisco 2511 access server providing access for remote clients using modems. The clients place analog calls into the enterprise via a fixed number of asynchronous dial-in access ports on the Cisco 2511. In this chapter, lessons 1 through 5 provide concise step-by-step instructions for configuring low-end access servers, such as the Cisco 2511.
Figure 1-2 shows the Cisco AS5200 accepting incoming calls from a Cisco 766, Cisco 1604, and an individual remote client such as a standalone laptop in a hotel room. The chapter "Enabling ISDN and Analog Calls through Access Servers" provides step-by-step configuration information for this scenario.
This section describes the following information:
The prompt that appears when you first log in to an access server (Router>) is called the EXEC prompt. When you access the EXEC prompt, you are accessing the EXEC facility and you start an EXEC session. You can log in through the following ports on an access server:
The focus of this guide is on how you configure (via the console port) the access server to permit remote clients to dial in through asynchronous interfaces to access network resources (such as printers and file servers).
You have two options when you enable remote clients to dial in and access network resources:
In general, you should give system administrators access to the EXEC facility, but give dial-in clients access only to the network. The next section "Permitting Users to Connect Directly to the Network" describes how to enable users to log in to the network without ever seeing the access server.
When a user dials in to the access server, the Cisco IOS software running on the access server can detect the incoming protocol automatically if you configure it to autoselect the protocol. You autoselect a protocol by issuing the autoselect ppp or autoselect arap line configuration commands. If the Cisco IOS software detects that the remote device is using one of these protocols, it can launch Point-to-Point Protocol (PPP) or AppleTalk Remote Access (ARA) sessions automatically.
Figure 1-3 shows the authentication process when autoselect is used.
 | Time Saver If you issue the autoselect ppp line configuration command, you must first issue the async mode interactive asynchronous interface configuration command. The async mode interactive command enables the interface to select a protocol type dynamically. If you do not enter the async mode interactive command before you issue the autoselect ppp command, the following warning message appears: "%Autoselect w/o the interface command 'Async mode interactive' is useless." Refer to the chapter "Enabling Remote Clients to Dial In to IP, IPX, and AppleTalk Networks" chapter for more information. |
Figure 1-4 and Figure 1-5 show examples of what clients (dial in PC or Macintosh users) see on their monitors when they connect to the network using PPP and ARA.
After clients using PPP connect to the network, they have access to all IP network resources, such as UNIX hosts for Telnet or FTP sessions, other PCs on the network, or Windows NT servers.
After users connect to the network via ARA, they have access to all AppleTalk network resources, including AppleShare servers, the public folders of colleagues, and printers. They can also use ARA as the transport protocol to run IP applications. For more information, refer to the chapter "Enabling Remote Clients to Dial In to IP, IPX, and AppleTalk Networks."
If you permit users to dial in to the EXEC facility, they can use terminal services (such as Telnet), run an asynchronous protocol over the line, or use one of many other access services. For example, you can enter the ppp command to initiate a PPP session to a device on the network.
To enable users to log in to the EXEC facility, you issue the autoselect during-login line configuration command. When the Cisco IOS software detects a carriage return, the user is connected to the EXEC facility. You also access the EXEC facility any time you log in to the access server through the access server to configure it.
There are two primary levels to the EXEC facility:
Router>
Router> enable
Password:
Router#
As the network administrator for an access server, you protect privileged level EXEC mode with a password that only network administrators know. You give dialin users access only to user-level EXEC mode so that they can issue commands to connect with other network devices (such as the ppp command).
For an overview of configuration mode, refer to the next section, "Accessing Different Command Modes." For information about configuring security, refer to the "Security Configuration" chapter in this guide.
In addition to the EXEC facility, you can access several different command modes on the access server. Each different command mode permits you to configure different components on the access server. Table 1-1 lists the most common components and configuration modes. You configure global parameters in global configuration mode, interface parameters in interface configuration mode, and line parameters in line configuration mode. For information about what you typically configure in line mode versus interface mode, refer to the section "Configuring Asynchronous Ports."
| Command Mode | Access Method | Router Prompt Displayed | Exit Method |
|---|---|---|---|
| User EXEC | Log in. | Router>
| Use the logout command. |
| Privileged EXEC | From user EXEC mode, enter the enable EXEC command. | Router#
| To exit back to user EXEC mode, use the disable, exit, or logout command. |
| Global configuration | From privileged EXEC mode, enter the configure terminal command. | Router(config)#
| To exit to privileged EXEC mode, use the exit or end command or press Ctrl-Z. |
| Interface configuration | Enter the interface type number command, such as interface ethernet 0. | Router(config-if)#
| To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, press Ctrl-Z. |
| Line configuration | Enter the line start-number end-number command, such as line 1 16. | Router(config-line)#
| To exit to global configuration mode, use the exit command.
To exit directly to privileged EXEC mode, press Ctrl-Z. |
You can get help in any of the command modes listed in Table 1-1. The help available in the Cisco IOS software describes the syntax for each command or displays the complete name of the command.
To get context sensitive help, type ? (a question mark) at the prompt. There are two types of help available: full help and partial help.
Router(config)# arap ?
callback Enable callback of ARAP connections
logging Turn on logging of ARAP connections
network Internal Appletalk Network For Arap Clients
Router(config)# arap
Router(config)# ar?
arap arp
Router(config)#
You can also type ? at the command prompt and the Cisco IOS software displays all available commands for that command mode. The following example shows sample output for the commands available in privileged EXEC mode:
Router# ?
Exec commands:
access-enable Create a temporary Access-List entry
access-template Create a temporary Access-List entry
bfe For manual emergency modes setting
clear Reset functions
...
write Write running configuration to memory, network, or terminal
x3 Set X.3 parameters on PAD
xremote Enter XRemote mode
Refer to the chapter "Configuring the User Interface" in the Configuration Fundamentals Configuration Guide for more information about any aspect of working with the user interface in the Cisco IOS software. The Configuration Fundamentals Configuration Guide is part of the Cisco IOS documentation in Cisco IOS Releases 11.1 and later.
On the back of your access server are asynchronous ports to which you connect modems. Remote clients dial in to the network through these asynchronous ports.
To enable clients to dial in, you configure two components of each asynchronous port: lines and interfaces. Asynchronous interfaces correspond to physical terminal (TTY) lines. For example, asynchronous interface 1 corresponds to TTY line 1.
Generally, commands entered in asynchronous interface mode enable you to configure protocol-specific parameters for asynchronous interfaces, whereas commands entered in line configuration mode permit you to configure the physical aspects for the same port. In Figure 1-6, which shows the show line output on a Cisco 2511, TTY line 1 corresponds with asynchronous interface 1, TTY line 16 corresponds with asynchronous interface 16, and so on.
Asynchronous line configuration commands configure ports for the following options:
To enter line configuration mode, first connect to the console port of the access server and enter privileged EXEC mode. Then enter global configuration mode and finally enter line configuration mode for the asynchronous lines that you want to configure. The following example shows the process of entering line configuration mode for lines 1 through 16:
2511>enable2511#configure terminal2511(config)#line 1 162511(config-line)#
Router>). You can change the host name to any name you wish by using the hostname global configuration command. For example, to change the name of a host from Router to 2511, you would issue hostname 2511 at the global configuration prompt.
Generally, interfaces enable the Cisco IOS software to use routing functions. Specifically, you configure asynchronous interfaces to support PPP connections. You configure interfaces on an access server for the following functions:
On the Cisco AS5200 access server, each TTY line maps directly to an integrated AS5200 modem as shown in Table 1-2. The TTY lines 1 through 24 directly connect to modems 1/0 through 1/23, which are installed in the first chassis slot. The TTY lines 25 through 48 directly connect to modems 2/0 through 2/23, which are installed in the second chassis slot. For more information, refer to the Cisco AS5200 Universal Access Server Software Configuration Guide.
| TTY Line | Slot/port | TTY Line | Slot/port |
|---|---|---|---|
| 1 | 1/0 | 25 | 2/0 |
| 2 | 1/1 | 26 | 2/1 |
| 3 | 1/2 | 27 | 2/2 |
| 4 | 1/3 | 28 | 2/3 |
| 5 | 1/4 | 29 | 2/4 |
| 6 | 1/5 | 30 | 2/5 |
| 7 | 1/6 | 31 | 2/6 |
| 8 | 1/7 | 32 | 2/7 |
| 9 | 1/8 | 33 | 2/8 |
| 10 | 1/9 | 34 | 2/9 |
| 11 | 1/10 | 35 | 2/10 |
| 12 | 1/11 | 36 | 2/11 |
| 13 | 1/12 | 37 | 2/12 |
| 14 | 1/13 | 38 | 2/13 |
| 15 | 1/14 | 39 | 2/14 |
| 16 | 1/15 | 40 | 2/15 |
| 17 | 1/16 | 41 | 2/16 |
| 18 | 1/17 | 42 | 2/17 |
| 19 | 1/18 | 43 | 2/18 |
| 20 | 1/19 | 44 | 2/19 |
| 21 | 1/20 | 45 | 2/20 |
| 22 | 1/21 | 46 | 2/21 |
| 23 | 1/22 | 47 | 2/22 |
| 24 | 1/23 | 48 | 2/23 |
To configure multiple asynchronous interfaces at the same time (with the same parameters), you can assign each asynchronous interface to a group and then configure the group. Configurations throughout this guide configure group asynchronous interfaces, rather than configuring each interface separately.
To configure a group asynchronous interfaces, specify the group async number (an arbitrary number) and the group range (beginning and ending asynchronous interface number). The following example shows the process of creating a group asynchronous interface for asynchronous interfaces 1 through 16 on a Cisco 2511 access server:
2511(config)#interface group-async 12511(config-if)#group-range 1 16Building configuration... 2511(config-if)#
At this point, you have configured asynchronous interfaces 1 through 16 as part of the same group and you are in interface configuration mode for the group asynchronous interface.
If you have never configured a Cisco router (or have, but want more information about configuring one), perform the tasks in this section. This section will familiarize you with the Cisco IOS software while you configure some fundamental parameters to enable PC and Macintosh clients to dial into your network to access resources, such as file servers and printers.
This section assumes you have referred to the user guide or installation and configuration guide that accompanied your router and that you have access to user level EXEC mode (Router>).
Press RETURN to get started" appears. This is not an error. If this message appears, press Return and the Router> prompt appears again. Lesson 1 shows you how to change this timeout interval.
Each step in the subsequent sections show information that appears on the screen before and after you type each command. On-screen text and system responses appear in screen font. Commands that you are instructed to type appear in examples as boldface screen font.
The five lessons, and their content, are shown in the following list:
After you complete the tasks in all five lessons, you will have enabled remote PC and Macintosh users to dial in and access IP or AppleTalk resources on your network.
Total time to complete all five lessons can range from 30 minutes to more than an hour. Each lesson takes approximately 10 minutes.
Before you begin, make sure you perform the following tasks:
In this lesson, you will configure some basic parameters and learn how to work with the command line interface of the Cisco IOS software. This section requires 10 to 15 minutes to complete.
 | Time Saver Always make sure you are in the correct command mode before you enter a command. If you are not in the correct command mode when you enter a command, one of two problems occurs: either the command has no effect, or it has an unexpected (and possibly detrimental) effect. |
Enter the commands in Table 1-3 through Table 1-5 to practice configuring basic parameters.
| Command | Purpose |
|---|---|
Router> enable
| Either or return to privileged EXEC mode (represented by Router#). If you are in user EXEC mode (represented by the Router> prompt), enter privileged EXEC mode by entering the enable command. If an enable password has been set, you are prompted for a password. If none has been set, you are not prompted for a password. If you are in any other mode, type exit and press Return until the Router# prompt appears.
|
Router# config term
| Enter global configuration mode. The abbreviated command config term represents the command configure terminal. You can abbreviate commands by entering the minimum number of characters that uniquely identify the command. |
Router(config)# hostname 2511
| Change the name of the access server to a meaningful name. Substitute your own name for 2511. |
2511(config)# enable secret guessme
| Enter a secret enable password. This password provides access to privileged EXEC mode. When a user types enable at the EXEC prompt (Router> or 2511>), they must enter the enable secret password to gain access to configuration mode.
|
2511(config)# line con 0
| Enter line configuration mode to configure the console port, which you are connected to. You can see when you enter line configuration mode, because the prompt changes to 2511(config-line)#. Prevent the access server's EXEC facility from timing out if you do not type any information on the console screen for an extended period, then exit back to global configuration mode.
|
2511(config)# exit
| Exit back to privileged EXEC mode. If you have altered any parameters while in global configuration mode (or any other command mode), the message "%SYS-5-CONFIG_I: Configured from console by console" appears. This is normal and does not indicate an error condition.
|
2511# show version
| Display statistics about the Cisco IOS software image loaded on your access server, as well as available memory (NVRAM and Flash), and available interfaces. |
The following output shows statistics for a Cisco IOS Release 11.3 image running on a Cisco 2511 access server:
2511# show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-J-L), Version 11.3(1.0) RELEASED SOFTWARE
Copyright (c) 1986-1997 by cisco Systems, Inc.
Compiled Mon 13-Oct-97 15:26
Image text-base: 0x0000144C, data-base: 0x007E8DDC
ROM: System Bootstrap, Version (3.3), SOFTWARE
enkidu uptime is 5 hours, 19 minutes
System restarted by reload
System image file is "eschaffe/c2500-j-l.113", booted via tftp from 161.69.1.129
cisco 2511 (68030) processor (revision A) with 16384K/2048K bytes of memory.
Processor board ID 01244583, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
16 terminal line(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
| Command | Purpose |
2511# configure terminal
| Get help about all commands available in global configuration mode. The output that follows is based on the igs-j-l software image shown in the output of the show version command. Your output can differ and depends on your image type. |
The following output shows the commands and their definitions available in privileged EXEC mode:
2511(config)#?Configure commands: aaa Authentication, Authorization and Accounting. access-list Add an access list entry alias Create command alias appletalk Appletalk global configuration commands arap Appletalk Remote Access Protocol ... (some output deleted for brevity) username Establish User Name Authentication vines VINES global configuration commands vpdn Virtual Private Dialup Network vty-async Enable virtual async line configuration x25 X.25 Level 3 x29 X29 commands xremote Configure XRemote 2511(config)#
| Command | Purpose |
2511(config)# arap ?
| Get help about all keywords and arguments associated with the arap global configuration command. The help system lists each argument and describes it. To find out if there are additional arguments with this command, you can type any portion of the command followed by a space and a question mark, as shown in the next step. |
2511(config)# arap network ?
| Get help about the arap network command. The system displays the range of network numbers you can select for an ARA network. For more information about any command in the Cisco IOS software, you can refer to the Cisco IOS software command references. |
2511(config)# exit
| Exit back to privileged EXEC mode. |
2511# copy running startup
| Copy the contents of your running configuration (what you have just entered) to the startup configuration for the access server. The Cisco IOS software displays [OK], indicating that the copy process was successful. The full name of the command is copy running-config startup-config.
|
2511# show startup-config
| Display your startup configuration. If you want to view your current configuration (if it differed from your running configuration), issue the show running-config command. |
The following output shows the configuration that you saved when you issued the copy running startup command:
2511# show startup-config
Using 419 out of 32762 bytes
!
version 11.3
service udp-small-servers
service tcp-small-servers
!
hostname 2511
!
enable secret 5 $1$oiqW$zIoVcK4tkGdpoBarDXcFz0
username jim password 7 04091E020A
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
no fair-queue
!
no ip classless
!
!
line con 0
line 1 8
line aux 0
line vty 0 4
login
!
end
In this lesson, you will configure some line parameters to enable the access server to work with a modem. This section requires 5 to 7 minutes to complete. For more information about any of the parameters in this lesson, refer to the "Configuring Modems" chapter later in this guide.
At the end of Lesson 1, the 2511# prompt appeared, and this is where you start Lesson 2. Enter the commands in Table 1-6 to configure the line and modems.
| Command | Purpose |
2511# configure terminal
| Enter global configuration mode. The prompt changes to 2511(config)#, indicating that you are in global configuration mode. |
2511(config)# line 1 8
| Enter line configuration mode to configure all lines on the access server for modem support. On a Cisco 2509, which has 8 lines, you type line 1 8. On a Cisco 2511, which has 16 lines, you type line 1 16. The prompt changes to 2511(config-line)#, indicating you are in line configuration mode.
|
2511(config-line)# speed 115200
| Enter the highest speed in common between the access server and your modems. Refer to your modem manual for information about its highest line speed. In general, if your modems support a speed of 28,800 bps, specify 115200. If your modem supports a speed of 14,400 bps, specify 57600. If your modem supports a speed of 9,600 bps, specify 38400. |
2511(config-line)# flowcontrol hardware
| Specify hardware flow control (except on the console port. |
2511(config-line)# modem autoconfigure discovery
| Automatically initialize the modems attached to the asynchronous port of your access server. For more information, refer to the "Configuring Modems" chapter in this guide. |
2511(config-line)# modem inout
| Configure the line to accept incoming and make outgoing calls through the modems. |
The resulting configuration configures most modems to function with Cisco access servers. Proceed to Lesson 3.
In this lesson, you will configure basic PPP and ARA dialin parameters. This section requires 10 to 15 minutes to complete. For more information about any of the parameters in this lesson, refer to the "Enabling Remote Clients to Dial In to IP, IPX, and AppleTalk Networks" chapter later in this guide.
At the end of Lesson 2, the 2511(config-line)# prompt appeared, and this is where you start Lesson 3. Enter the commands in Table 1-7 to enable clients to dial in using PPP or ARA.
| Command | Purpose |
2511(config-line)# interface group-async 1
| Place all asynchronous interfaces in a single group, so that you configure the same parameters quickly on all interfaces at one time. This example assigns asynchronous interfaces 1 to 16 to group asynchronous interface 1. You can see that you have entered interface configuration mode because the prompt changed to 2511(config-if)#.
The number you use with the group-range command depends on the number of asynchronous interfaces you have on your access server. That is, if your access server has 16 asynchronous interfaces, you can specify group-range 16. |
2511(config-if)# ip unnumbered ethernet 0
| To conserve IP addresses, configure the asynchronous interfaces as unnumbered and assign the IP address of the Ethernet interface to them. You will configure the IP address of the Ethernet interface in Lesson 4. |
2511(config-if)# encapsulation ppp
| Enable the point-to-point protocol (PPP) to run on the set of interfaces in the group. |
2511(config-if)# async mode interactive
| Configure interactive mode on the asynchronous interfaces. |
2511(config-if)# ip tcp header-compression passive
| Configure the asynchronous interfaces to perform compression of TCP headers, but only if requested by the dial-in client. |
2511(config-if)# line 1 16
| Enter line configuration mode again. Specify the range of asynchronous lines on your access server (8, 16, or 48). |
2511(config-line)# autoselect ppp
| Enable remote IP or IPX users running a PPP application to dial in, bypass the EXEC facility, and connect directly to the network. |
2511(config-line)# arap enable
| Enable ARA dial-in on your network. |
2511(config-line)# autoselect arap
| Enable remote Macintosh users running ARA to dial in, bypass the EXEC facility, and connect directly to the network. If you do not intend to permit remote Macintosh users to connect to AppleTalk resources on your network, do not enter this command. |
This lesson configured basic PPP and ARA support. Before you can allow users to dial in to the network, you must configure IP and AppleTalk network support, which are described in Lesson 4.
In this lesson, you will configure IP and AppleTalk protocol support, which will allow users to dial in to your network. This section requires 10 to 15 minutes to complete.
For more information about any of the parameters in this lesson, refer to the "Enabling Remote Clients to Dial In to IP, IPX, and AppleTalk Networks" chapter in this guide.
At the end of Lesson 3, the 2511(config-line)# prompt appeared, and this is where you start Lesson 4. Enter the commands in Table 1-8 to configure IP and AppleTalk support.
| Command | Purpose |
2511(config-line)# exit
| Exit from interface configuration mode and return to global configuration mode. |
2511(config)# appletalk routing
| Enable AppleTalk routing on the access server. IP routing is already enabled by default. |
2511(config)# arap network 2500 Mac-dialup
| Create a new internal AppleTalk network in the access server. In this example, the network number is 2500 and the zone name is Mac-dialup. Substitute your own zone number and name. |
2511(config)# interface ethernet 0
| Enter interface configuration mode to configure the Ethernet interface 0. You can see that you have entered interface configuration mode because the prompt changed to 2511(config-if)#.
|
2511(config-if)# appletalk cable-range 1-2 | Enter a cable range for an AppleTalk network. Substitute your own cable range. |
2511(config-if)# appletalk zone Corporate
| Create an AppleTalk zone on the Ethernet interface 0. In this example, the zone is Corporate. Substitute your own zone name. |
2511(config-if)# ip-address 172.16.42.24 255.255.255.0
| Enter an IP address and subnet mask for the Ethernet (LAN) interface on your access server. Substitute your own IP address. |
2511(config-if)# exit
| Exit back to global configuration mode. |
2511(config)# ip domain-name eapp.com
| Specify an IP domain name and IP name server on the LAN segment to which the access server is attached. Substitute your own domain name and name server IP address. |
2511(config)# router rip
| Specify RIP routing. You can also specify IGRP, EIGRP, OSPF, or other routing protocols. For more information about configuring routing protocols, refer to the "Enabling Remote Clients to Dial In to IP, IPX, and AppleTalk Networks" chapter in this guide or the Network Protocols Configuration Guide, Part 1 in the Cisco IOS configuration guides and command references documentation. |
2511(config)# network 172.16.42.0
| Associate a network with the RIP routing process. |
2511(config)# ip address-pool local
| Assign IP addresses to dial-in IP clients as they dial in, rather than providing static IP addresses to every client. The ip address-pool command create a local IP address pooling mechanism in the access server. |
2511(config)# ip local pool default 172.16.42.1 172.16.42.16
| Define a set of IP addresses inside the access server. This example uses a pool of addresses from 172.16.42.1 through 172.16.42.16. The name of the IP address pool is default. Substitute your own pool of IP addresses. |
2511(config)# interface group-async 1
| Enter asynchronous interface configuration mode, so that you can apply the IP address pool to a set of interfaces. |
2511(config-if)# peer default ip-address pool default
| Apply the IP address pool default with the address range of 172.16.42.1 through 172.16.42.16 to the group asynchronous interface. |
The resulting configuration enables clients to dial in to the network to access IP and AppleTalk resources. At this point, you must configure security, or your network will be open to significant security breaches.
This lesson uses the authentication, authorization, and accounting (AAA) facility to configure basic local authentication. Local authentication means that an internal username database authenticates users, rather than a remote user authentication (security) server. This section requires 10 to 15 minutes to complete.
For more information about any of the parameters in this lesson, refer to the "Security Configuration" chapter in this guide.
At the end of Lesson 4, the 2511(config-if)# prompt appeared, and this is where you start Lesson 5. Enter the commands in Table 1-9 to configure basic system security.
| Command | Purpose |
2511(config-if)# exit
| Exit from interface configuration mode back to global configuration mode. |
2511(config)# aaa new-model
| Enable the AAA facility globally on the access server. |
2511(config)# aaa authentication login default local
| Define an authentication method list for users logging in to the access server. |
2511(config)# aaa authentication ppp default local
| Define an authentication method list for clients using a PPP application to dial in to the network. |
2511(config)# aaa authentication arap default local
| Define an authentication method list for clients using ARA to dial in to the network. |
2511(config)# line 1 22
| Enter line configuration mode, so that you can apply a login authentication method list to lines that allow login. This example assumes that you are applying the authentication list on a Cisco 2511 access server with 16 asynchronous lines (lines 1 to 16), 1 auxiliary port (line 17), and 5 VTY ports accessed via the LAN and WAN ports (lines 18 to 22). This example applies the default authentication list.1 |
2511(config-line)# line 1 16
| Secure physical asynchronous lines against unauthorized ARA access. This example assumes that you are applying the default authentication list on a Cisco 2511 access server with 16 asynchronous lines. |
2511(config-line)# interface group-async 1
| Secure physical asynchronous interfaces against unauthorized PPP access. This example assumes that you are applying the default authentication list on a Cisco 2511 access server with 16 asynchronous lines and that you want to use CHAP authentication. |
2511(config-if)# exit
| Exit back to global configuration mode. |
2511(config)# username jim password 2ude
| Populate the local username database by specifying a username-and- password pair for every user who needs access to the network. |
You have configured PPP dialin to an IP network, ARA dialin to an AppleTalk network, and security. Each task in these lessons is described in much greater detail in the subsequent chapters in this guide.
Refer to the next section "Sample Access Server Configuration" to view the configuration resulting from the 5 lessons.
The following Cisco 2511 configuration shows the results of Lessons 1 through 5. This configuration is typically sufficient to enable remote users to dial in as a node on a local IP or AppleTalk network. For additional information, refer to the subsequent chapters in this guide.
2511# show running-config
Building configuration...
Current configuration:
!
version 11.3
service udp-small-servers
service tcp-small-servers
!
hostname 2511
!
aaa new-model
aaa authentication login default local
aaa authentication arap default local
aaa authentication ppp default local
enable secret 5 $1$ltBE$Slq0BUs/5mwqw6B4DOapg/
!
username jim password 7 02150C5A110702
!
appletalk routing
arap network 2500 Mac-dialup
!
ip address-pool local
!
interface Ethernet0
ip address 172.16.42.24 255.255.255.0
appletalk cable-range 1-2
appletalk zone Corporate
no mop enabled
!
interface Serial0
no ip address
shutdown
!
interface group-async1
ip unnumbered Ethernet0
encapsulation ppp
async mode interactive
ip tcp header-compression passive
peer default ip-address pool default
no cdp enable
ppp authentication chap
group-range 1 16
!
router rip
network 172.16.42.0
!
ip local pool default 172.16.42.1 172.16.42.16
no ip classless
!
line con 0
login
transport input all
login authentication default
!
line 1 16
arap enable
login
modem InOut
modem autoconfigure discovery
autoselect arap
autoselect ppp
transport input all
speed 115200
flowcontrol hardware
arap authentication default
login authentication default
line aux 0
line vty 0 4
login authentication default
!
ip domain-name eapp.com
ip name-server 172.16.42.128
!
end
|
|