Cisco router ISDN configuration

Learn how to configure your Cisco router to work with Integrated Services Digital Network (ISDN). This tip teaches you Cisco routers' basic ISDN configuration, demand dial routing and demonstrates real-case scenarios for your routing connection.

Integrated Services Digital Network (ISDN) provides for digital transmission over ordinary telephone copper wire

as well as over other media uses. Chris Partsenidis teaches you how to configure your Cisco router to work with ISDN, in this continuation of his tip series on ISDN implementation.

Cisco routers' basic ISDN configuration

Here we will go through the basic steps of configuring a Cisco router to work with ISDN. Below is a table of ISDN switch types.  Before you attempt to configure ISDN, you need to ensure that you know which type of ISDN switch you are connecting to at the telco.

ISDN SWITCH TYPES

 

Telco switch type Cisco keyword
AT&T basic rate switch basic-5ess
Nortel DMS-100 basic rate switch basic-dms100
National ISDN-1 switch basic-ni1
PINX (PBS) switches with QSIG signalling per Q.931 basic-qsig
NET3 switch type for U.K., Europe, Asia & Australia basic-net3
AT&T 4ESS (ISDN PRI only) primary-4ess
AT&T 5ESS (ISDN PRI only) primary-5ess
Nortel DMS-100 (ISDN PRI only) primary-dms100
National ISDN switch type primary-ni
NTT ISDN PRI switches (Japan) primary-ntt
European and Australian ISDN PRI switches primary-net5
QSIG signalling per Q.931 primary-qsig
No switch type none

For a very basic BRI ISDN configuration on a Cisco router, you need to perform the following steps, providing you are not using Demand Dial Routing (DDR):

  1. Configure the Switch Type (using switch-type).
  2. Configure the ISDN Dialer Map; this basically maps the IP address of the end router's IP address with its telephone number (using dialer-map).
  3. Configure your ISDN interface IP address (using interface and IP address).
  4. Configure a routing rule (using IP route).

For example:

Router(config)#isdn switch-type basic-5ess
Router(config)#isdn dialer map ip 10.10.10.2 name main_office 66552
Router(config)#ip route 192.168.0.0 255.255.255.0 10.10.10.2
Router(config)#interface BRI 0
Router(config-if)#ip address 10.10.10.1 255.255.255.0

N.B. If using the DMS-100 and National-1 switch types (as well as AT&T 5ESS), you will need to obtain from your telco the Service Profile Identifiers (SPIDs), of which you require one per each Bearer Channel. For these switch types, these need to be configured using the isdn spid1 & isdn spid2 commands. The SPIDs are used to authenticate call requests at the telco's switch. The format for using the SPIDs is isdn spid1 spid-number ldn and isdn spid2 spid-number ldn.

Demand dial routing

Since ISDN is a circuit-switched technology, you usually pay for the amount of time that the line is active. For this reason, you generally do not want to raise the ISDN line for just any type of traffic. In order to accommodate this, you can configure what's called Demand Dial Routing (DDR). The idea behind DDR is that you specify the "interesting" traffic that will be able to raise the ISDN line. For example, you can set as "interesting" traffic all packets destined toward a specific remote network you connect to. If none of the routed traffic that is heading for that network (on the other side of the ISDN line), the line doesn't get raised. This saves on unnecessary costs caused by nonessential traffic raising the line.

More tips on ISDN implementation
Understanding the ISDN standard

ISDN protocols, components and router options

Cisco router ISDN configuration

 

You specify "interesting" traffic with the use of Access Control Lists (ACLs). If the traffic destined for the remote network doesn't match this interesting traffic, then the line stays down. Otherwise, the line is raised and traffic is allowed to travel to the remote network. It's worth mentioning here that although you have defined this "Interesting" traffic, it doesn't mean that other traffic will not be allowed to travel along the ISDN link. If the link is active, any traffic (unless blocked by Access Lists) is allowed to travel the link, so keep in mind that the "Interesting" traffic is used only to bring the line up. You can then create a second set of ACLs which define the traffic that can traverse the ISDN line. Also, the DDR works using a counter, like a time-out counter. Once the counter reaches a preset configurable threshold, the line will drop again. This threshold is reduced each time "Interesting" traffic is sent over the ISDN Link, so it's also only the "Interesting" traffic that is used to maintain the link.

Steps in configuring DDR (assumes some of the basic steps above have already been configured)

  1. Define Interesting Traffic (using dialer-list and access-list).
  2. Assign Interesting Traffic to an Interface (using dialer-group).
  3. Define the destination IP address, hostname and telephone number to dial (using dialer map).
  4. Define any additional options (using dialer idle-timeout, dialer fast-idle, dialer load-threshold).

THE ADDITIONAL OPTIONS:

 

Command Description
dialer idle-timeout seconds Specifies the amount of idle time in seconds before the link is dropped.
dialer fast-idle seconds Specifies the time that a line showing contention can remain idle before it is dropped in order to allow the other call to be placed.
dialer load-threshold load [outbound | inbound |either] Specifies the amount of load on the ISDN before the dialer initiates another call to the same destination (i.e., brings up the second channel, making the link 128 Kbps). The load is a number from 1 to 255, with 255 equalling 100% load. The final parameters specify which direction of traffic to calculate the load from.

For example:

Router(config)#isdn dialer map ip 10.10.10.2 name main_office 66552
Router(config)#access-list 101 permit tcp any any eq http
Router(config)#dialer-list 1 protocol ip list 101
Router(config)#interface BRI 0
Router(config-if)#dialer-group 1

What this example does is allow all Web traffic (http) from anywhere to anywhere. As you can see, the dialer-list is specifying the 101 access list to dialer-list 1. The dialer-group is then specifying the 1, which links to the dialer-list 1. Dialer profiles

Cisco's website states: "Dialer Profiles implementation of DDR is based on a separation between the logical and physical interface configurations. Dialer profiles also allow the logical and physical configurations to be bound together dynamically on a per-call basis."

There are several advantages of Dialer Profiles over Legacy DDR; it is much more scalable than Legacy DDR because Legacy DDR is based on a static binding between the per-destination call and the physical interface configuration. Dialer profiles are point-to-point interfaces, which means we no longer need the Layer 3 to Layer 2 mapping (Layer 2 meaning the telephone number) since the profile can only dial a single location (hence point-to-point). Because the logical and physical configurations are dynamic, physical interfaces can take on different characteristics based on the logical call requirements that are utilizing the physical interface. The final advantage that we will include here is that it enables you to have a backup interface that isn't tying up one of the physical interfaces. Providing a spare interface is available, the backup can be used when it's required.

Dialer profiles are made up of a dialer interface, dialer pool and physical interface. Optionally, you can also have a map class. These are highlighted in the table below:

DIALER PROFILES:

 

Dialer Interface This is the logical call requirements to the Point-to-Point connection. The following parameters can be configured; the IP address of the destination network (IP address address mask); Layer 2 encapsulation type -- for example, ppp (encapsulation ppp); PPP authentication (ppp authentication chap & pap); the remote router's authentication name (dialer remote-name username); the remote destination to call (dialer string dial-string); dialer pool mapping to use for calls to this destination (dialer pool number); assign dialer interface to a dialer group (dialer group number). There are other optional parameters such as PPP Multilink, idle timeout and more.
Dialer Pool Used for a dialer interface to reference and be associated to a physical interface
Physical Interface Here we assign a physical interface into a dialer pool (dialer pool-member number) and assign any additional physical features, such as Layer 2 encapsulation (encapsulation ppp), ppp authentication (authentication chap), etc.
Map Class (Optional) Used to create a mapping between the remote IP address and phone number to dial in order to reach it.

Steps in creating a Dialer Profile (assumes some of the basic steps above have already been configured, such as ISDN type):

  1. Define a Dialer Interface.
  2. Configure a Dialer String.
  3. Assign Physical Interface to a Dialer Pool, plus any additional Physical attributes.
  4. Other steps from the previous sections may need to be performed; for example, if you wanted to active the link using interesting traffic, DDR needs to be configured.

For example:

Define Dialer Interface

Router(config)#interface dialer1
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
Router(config-if)#dialer remote-name remote-office
Router(config-if)#dialer string 999666
Router(config-if)#dialer pool 1
Router(config-if)#dialer-group 1
Router(config-if)#exit

Configure Physical Interface

Router(config)#interface bri0
Router(config-if)#encapsulation ppp
Router(config-if)#dialer pool-member 1
Router(config-if)#ppp authentication chap
Router(config-if)#exit

Configure DDR to specify "Interesting" traffic (http) used to bring the line up

Router(config)#access-list 101 permit tcp any any eq http
Router(config)#dialer-list 1 protocol ip list 101

A simple example

The following example includes a variety of different items discussed in this document to help you see how they are applied in a real-case scenario. As always, depending on the security policies and network complexity, the configuration can change quite a bit. For simplicity, we've kept the complexity to a minimum.

Our scenario is based upon two routers that occasionally need to connect their networks via an ISDN dial line, in order to transfer data between them.

 

Router 1 – Remote Office

Router1(config)#isdn switch-type basic-5ess
Assign the switch type that we are connecting through to on the physical layer, AT&T Basic Rate Switch telco switch
Router1(config)#interface dialer
Create a dialer interface called dialer1 ready for configuring it
Router1(config)#description Outgoing To HQ
Set a description for this interface.
Router1(config-if)#ip address 10.10.10.1 255.255.255.252
Assign an IP address to the virtual dialer interface
Router1(config-if)#encapsulation ppp
Configure the encapsulation used when we are connecting through this virtual interface
Router1(config-if)#ppp authentication chap pap callin
Set our ppp authentication to use chap, pap. The 'Callin' parameter ensures our router authenticates the remote router (HQ) on an incoming call. Since we are always the calling party, it does not expect the remote (HQ) router to authenticate, making this authentication process a one-way direction. Remote Office authenticates to the HQ router.
Router1(config-if)#ppp chap hostname remote-office
Set the username for chap authentication protocol
Router1(config-if)#ppp chap password cisco
Set the password for the chap authentication protocol
Router1(config-if)#ppp pap sent-username remote-office password cisco
Set the username and password for the pap authentication protocol.
Router1(config-if)#dialer string 999666
Configure the telephone number to call when connecting through this virtual interface
Router1(config-if)#dialer pool 1
Assign this virtual interface to use any physical interface that's assigned to pool number 1
Router1(config-if)#dialer-group 1
This is to define the interesting traffic that can be used to raise this virtual interface
Router1(config-if)#dialer idle-timeout 300
Disconnect this call after 300 seconds of inactivity
Router1(config-if)#ppp multilink
Make this link 'ppp multilink' capable, allowing the aggregation of the two available 64K ISDN lines to a total of 128 Kbps.
Router1(config-if)#dialer load-threshold 125 either
When either the incoming or outgoing traffic reaches half of the available bandwidth (125), then bring up the 2nd ISDN channel.
Router1(config-if)#exit
Exits out of the interface sub command
Router1(config)#interface bri0
Enters into the interface sub command on the physical interface bri0/0, ready for configuring the physical characteristics
Router1(config-if)#encapsulation ppp
Configure the encapsulation for this physical interface (optional command since we've already included it in the Dialer Interface)
Router1(config-if)#dialer pool-member 1
Assign this physical interface to a pool. This allows this physical interface to be used by any virtual interface in this same pool. In this case, Dialer 1
Router1(config-if)#ppp authentication chap
Set our ppp authentication to use chap (optional command since we've already included it in the Dialer Interface)
Router1(config-if)#exit
Exits out of the interface sub command
Router1(config)#access-list 101 permit tcp any any eq http
Access list used in defining interesting traffic. This line specifies that tcp port 80 traffic from anywhere to anywhere is interesting
Router1(config)#dialer-list 1 protocol ip list 101
Maps the access-list with the dialer-group. As you can see, number 1 is used in the dialer-list and dialer-group statements
Router1(config)#ip route 192.168.0.0 255.255.255.0 10.10.10.2
Creates a route to the 192.168.0.0/24 subnet to go through 10.10.10.2 (will use Dialer1 to get there since it's on the 10.10.10.0 subnet)

 

Router 2 – Headquarters

HQ(config)#username remote-office password cisco
Assign the username and password the remote office router will use while authenticating to this router
HQ(config)#isdn switch-type basic-5ess
Assign the switch type that we are connecting through to on the physical layer, AT&T Basic Rate Switch telco switch
HQ(config)#interface dialer1
Create a dialer interface called dialer1 ready for configuring it
HQ(config)#description Incoming From Remote-Office
Set a description for this interface.
HQ(config-if)#ip address 10.10.10.2 255.255.255.252
Assign an IP address to the virtual dialer interface
HQ(config-if)#encapsulation ppp
Configure the encapsulation used when we are connecting through this virtual interface
HQ(config-if)#ppp authentication chap pap callin
Set our ppp authentication to use chap, pap. The 'Callin' parameter ensures our router authenticates the remote router (Remote Office) on an incoming call. Since we are always the called party, it will expect the remote router to authenticate. Remote Office authenticates to the HQ router. Username and password will be checked against the credentials we provided in the first line of this router's configuration.
HQ(config-if)#dialer pool 1
Assign this virtual interface to use any physical interface that's assigned to pool number 1
HQ(config-if)#ppp multilink
Make this link 'ppp multilink' capable, allowing the aggregation of the two available 64K ISDN lines to a total of 128 Kbps.
HQ(config-if)#exit
Exits out of the interface sub command
HQ(config)#interface bri0
Enters into the interface sub command on the physical interface bri0/0, ready for configuring the physical characteristics
HQ(config-if)#encapsulation ppp
Configure the encapsulation for this physical interface (optional command since we've already included it in the Dialer Interface)
HQ(config-if)#dialer pool-member 1
Assign this physical interface to a pool. This allows this physical interface to be used by any virtual interface in this same pool. In this case, Dialer 1
HQ(config-if)#exit
Exits out of the interface sub command
HQ(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.1
Creates a route to the 192.168.5.0/24 subnet to go through 10.10.10.1.

 

About the author:

Chris Partsenidis has more than eight years of experience as a senior network engineer, network administrator and network security consultant for companies in Australia, New Zealand and Greece. Chris has a bachelor's degree in electrical technology and holds the following certifications: CNA for Netware 3, 4, 5, CCNA, MCP, DCE (D-link Certified Engineer), LCP (Linux Certified Professional), Network+ and A+. In addition, Chris is the founder and senior editor of Firewall.cx -- a Web site recommended by Cisco Systems in their CCNA Academy program. His site now offers free access to Cisco lab equipment, allowing users to put in practice the theory covered in the ISDN article.

For more information on networking, VPN security and firewalls, visit Firewall.cx, one of the few websites recommended by Cisco Systems in its world class Cisco Academy program.


Firewall.cx logo

This was first published in September 2007

Dig deeper on Selecting telecommunications services and providers

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchNetworking

SearchUnifiedCommunications

SearchTelecom

SearchSDN

Close