[nsp] AS5350 ISDN configuration
Security
security at cytanet.com.cy
Mon Sep 29 21:14:02 EDT 2003
Here is my working config. This configuration works fine with 12.1-5XM8 .
Upgrading to 12.3(1a), 12-2XB11 ISDN calls can not be established. (On the
configuration I send you i change IP addresses to private.)
Thanks for your Help
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname xxxxx
!
boot system flash:c5350-is-mz.121-5.XM8.bin
boot system flash:
no boot startup-test
logging buffered 10000 debugging
logging rate-limit console 10 except errors
no logging console
aaa new-model
aaa authentication login default local group radius enable
aaa authentication login admin local line
aaa authentication ppp default local group radius
aaa authorization exec default local group radius if-authenticated
aaa authorization network default group radius
aaa accounting update newinfo
aaa accounting network default start-stop group radius
enable secret.
!
resource-pool disable
clock timezone EET 2
clock summer-time eet recurring
!
voice-fastpath enable
ip subnet-zero
no ip source-route
no ip finger
i
ip domain-name test.com.cy
ip name-server x.x.x.x
!
no ip bootp server
!
multilink virtual-template 1
vpdn enable
no vpdn logging
!
isdn switch-type primary-net5
call rsvp-sync
modemcap entry xxx:AA=S0=1:MSC=S7=100S10=200S32=3S35=100S40=5S39=5:TPL=mica
!
fax interface-type modem
mta receive maximum-recipients 0
!
controller E1 3/0
pri-group timeslots 1-31
!
controller E1 3/1
pri-group timeslots 1-31
!
controller E1 3/2
pri-group timeslots 1-31
controller E1 3/3
pri-group timeslots 1-31
!
controller E1 3/4
pri-group timeslots 1-31
!
controller E1 3/5
pri-group timeslots 1-31
controller E1 3/6
pri-group timeslots 1-31
controller E1 3/7
pri-group timeslots 1-31
!
interface Loopback0
ip address 192.168.152.133 255.255.255.255
no ip redirects
no ip proxy-arp
!
interface Loopback1
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip proxy-arp
!
interface FastEthernet0/0
ip address 192.168.134.18 255.255.255.240
no ip redirects
no ip proxy-arp
duplex full
speed 100
no cdp enable
interface Serial3/0:15
no ip address
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
isdn T310 4000
no peer default ip address
no fair-queue
no cdp enable
!
interface Serial3/1:15 - interface Serial3/2:15
SAME CONFIG AS Serial3/0:15
!
interface Group-Async1
ip unnumbered Loopback1
ip access-group dialup in
no ip redirects
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
no logging event link-status
async mode interactive
peer default ip address pool setup_pool
no fair-queue
ppp authentication pap chap
group-range 1/00 2/107
!
interface Dialer1
ip unnumbered Loopback1
encapsulation ppp
no ip mroute-cache
no logging event link-status
dialer in-band
dialer idle-timeout 3600
dialer-group 1
peer default ip address pool setup_pool
no fair-queue
no cdp enable
ppp authentication chap pap callin
ppp multilink
!
router ospf 1
log-adjacency-changes
auto-cost reference-bandwidth 100000
redistribute connected subnets
redistribute static subnets
passive-interface Loopback0
passive-interface Loopback1
passive-interface Serial3/0:15
passive-interface Serial3/1:15
passive-interface Serial3/2:15
passive-interface Serial3/3:15
passive-interface Serial3/4:15
passive-interface Serial3/5:15
passive-interface Serial3/6:15
passive-interface Serial3/7:15
network 192.168.134.18 0.0.0.0 area 22
network 192.168.152.133 0.0.0.0 area 22
distribute-list prefix static_networks out
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
bgp dampening
network 192.168.1.0mask 255.255.255.0 route-map set-local-community-tag
neighbor IBGP-local-pop peer-group
neighbor IBGP-local-pop remote-as 1234
neighbor IBGP-local-pop description PoP Peers with local routes
neighbor IBGP-local-pop update-source Loopback0
neighbor IBGP-local-pop send-community
neighbor 192.168.152.128 peer-group IBGP-local-pop
no auto-summary
!
ip local pool setup_pool 192.168.1.1 192.168.1.240
ip classless
ip route 192.168.1.0 255.255.255.0 Null0
no ip http server
ip bgp-community new-format
ip ospf name-lookup
!
!
ip prefix-list static_networks seq 10 deny 192.168.1.0/24 le 32
ip prefix-list static_networks seq 20 permit 0.0.0.0/0 le 32
!
ip access-list extended dialup
deny tcp any any eq 139
deny udp any any eq netbios-ss
deny tcp any any eq 4444
deny udp any any eq 135
deny udp any any eq 445
deny tcp any any eq 445
deny 53 any any log
deny 55 any any log
deny 77 any any log
deny pim any any log
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip radius source-interface Loopback0
logging trap notifications
logging facility local5
logging source-interface Loopback0
access-list 1 permit 192.168.133.140
access-list 1 deny any log
dialer-list 1 protocol ip permit
no cdp run
route-map set-local-community-tag permit 10
set community 1234:100
!
radius-server host 192.168. 223.133 auth-port 1812 acct-port 1817
radius-server retransmit 3
radius-server optional-passwords
radius-server key 7 xxxxxxxxx
radius-server vsa send accounting
radius-server vsa send authentication
!
voice-port 3/0:D
!
voice-port 3/1:D
!
voice-port 3/2:D
!
voice-port 3/3:D
!
voice-port 3/4:D
!
voice-port 3/5:D
!
voice-port 3/6:D
!
voice-port 3/7:D
!
banner exec ^CCCCCCCCC
Welcome to CY-LYK
------------------------------------------
^C
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0
access-class 10 in
exec-timeout 5 0
password 7 xxxxxxxx
history size 256
transport input telnet
line 1/00 2/107
exec-timeout 0 0
no flush-at-activation
autoselect during-login
autoselect ppp
modem Dialin
modem autoconfigure type xxx
!
scheduler allocate 10000 400
end
>I am running 4 AS5350s on 12.3(1a) without any problems. I am not sure
>what might be different between the code versions. If you want to send
>me your config, I would be willing to take a look and see if I can find
>something that affects your operation.
>
>Rick
>
>"M.Palis" wrote:
>>
>> Hello all
>>
>> We have some serious problem with AS5350 IOS. We currently have IOS
>> 12.1-5XM8 with our AS5350 which has a lot of problems. Upgrading to
various
>> IOS that are recommended by CISCO and from CiscoTAC IOS seems stable but
>> ISDN connections cannot occur. They fail at ppp level . Debugging dialer
i
>> get the following:
>>
>> Sep 29 13:48:00 eet: Se3/2:27 DDR: Remote name for kouzalig
>> Sep 29 13:48:00 eet: Se3/2:27 DDR: Authenticated host kouzalig no
matching
>> dialer map
>> Sep 29 13:48:00 eet: Se3/2:27 DDR: disconnecting call
>>
>> Iam not using dialer maps.,.
>>
>> With the old IOS 12.1-5XM8 ISDN as well as PSTN are OK. I am using
exactly
>> the same config. downgrading to 12.1-5XM8 everything back to normal. I
>> don't know what is happening.
>>
>> Can anyone suggest a working config to see whether i am missing somethin
>> with new IOS? I curently have 12-2XB11 but ISDn calls can not get
establish.
>> I also upgrated to IOS 12-3 with the same results. Again ISDN calls can
not
>> be established
>>
>> You people are my only hope to solve it out..
>>
>> Thanks for your help
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>--
>Rick Burts CCIE 4615 CCSI Email: rburts at netcraftsmen.net
>Chesapeake NetCraftsmen 410.573.9372 (office)
>1070 Foxcroft Run 443.994.0675 (cell)
>Annapolis, MD 21401 WWW: http://www.netcraftsmen.net
>
>With 9 CCIEs on staff Chesapeake NetCraftsmen offers services in
>network consulting and training. Our services include Network Design,
>Implementation, Troubleshooting as well as Network Management.
>
_____________________________
CYTANET WebMail
http://webmail.cytanet.com.cy
More information about the cisco-nsp
mailing list