There are two ways to configure ISDN in a Cisco router. The first one is to setup the ISDN connection to be always on. This method will be very costly because most ISDN service providers charge not only by monthly subscription, but by the amount of data that you transfer. Having the connection opened 24/7, will cause extra expenses because all kinds of traffic will pass through the ISDN link.
The second method is Dial on Demand Routing (DDR). DDR employs a mechanism that filters the traffic into interesting (worth connecting for) and non-interesting (not worth it). Using the DDR the call scenario will be that the router does not setup the connection until “Interesting” traffic needs to be routed to the other side. Once the connection is setup, ALL kinds of traffic (interesting and non-interesting) will pass unless you filter the passing traffic with an access-list. Then, the router sets a down-counter (idle-timer), and if no interesting traffic comes in and the timer goes to zero, the connection is terminated. If interesting traffic comes in before the idle-timer is finished, the traffic is passed and the idle-timer is reset. What made this function possible is the very small call-setup time in ISDN.
If you are connecting two nodes using ISDN, keep reading. However if you are connecting more than two nodes, you will need to refer to this procedure for configuring DDR Dialer Profiles.
Configuring Dial-on-Demand-Routing ISDN:
1. The first thing to do is to setup routing. Static routing is usually preferred with DDR. Setting dynamic routing protocol, will cause the link to be on all (or most) of the time. Thus, static routing is a better solution. You can setup dynamic routing and tune it a bit for the DDR. This tuning might include changing the timers of routing updates.
I will give an example of static routing;
Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1
Router(config)#ip route 192.168.2.1 255.255.255.255 bri0
Or, a default route,
Router(config)#ip route 0.0.0.0 0.0.0.0 bri0
Remember that you need to setup routing on both ends of the WAN link.
2. Specify the type of the ISDN switch. This piece of information should be provided to you by the ISDN service provider. You can issue this command,
Router(config)#isdn switch-type SSSSS
where SSSSS is the ISDN switch type. Issuing this command in the global configuration mode will cause ALL your ISDN interfaces to be set to use this type of switch. You can set different types of switches for different interfaces if you issue the command in the interface configuration mode like the following example:
Router(config)#int bri0
Router(config-if)#isdn switch-type SSSS1
Router(config-if)#int bri1
Router(config-if)#isdn switch-type SSSS2
After defining the switch type, identify the SPIDs in the BRI interface configuration mode,
Router(config-if)#isdn spid1 XXXXXXX YYY
Router(config-if)#isdn spid2 XXXXXXX YYY
The numbers used here should be provided to you by the ISDN service provider. Most providers in Europe do not use SPIDs in their ISDN networks. So, unless you are supplied with SPID numbers from the provider, just neglect all the commands of setting SPIDs in this procedure.
3. Specify interesting traffic to the router. This traffic is defined as the traffic permitted by a command named ‘dialer-list’ as a similar to ‘access-list’.
This can be done in two ways; the first is to use the following command,
Router(config)#dialer-list X protocol YY permit
where X is the dialer-list number and YY is the protocol you want to permit. And you can use ‘deny’ instead of the ‘permit’ part. This is not a very powerful way of defining the interesting traffic. Thus, I recommend the second way. The second way is to do a complete access-list permitting the traffic that we want the router to consider interesting, and then attach it to a dialer-list.
We create the access-list the exact same way we create any other access-list, but we do not apply it to an interface, but instead, we associate it with a dialer-list. All the traffic permitted by this access-list, will be considered interesting. An example is the following:
Router(config)#access-list YYY deny tcp any any telnet
Router(config)#access-list YYY deny icmp any any
Router(config)#access-list YYY permit ip any any
And the step that will associate the access-list to the dialer-list is:
Router(config)#dialer-list X protocol ip list YYY
where X is the dialer-list number and YYY is the access-list number. These two numbers do not need to be the same.
Please remember that this dialer-list and access-list does NOT filter the traffic outgoing through the ISDN interface, it just chooses which traffic is entitled to initiate a call. Once the call is setup, ALL traffic willing to pass through the ISDN link will pass. If you want to filter the traffic that is passing through the ISDN interface, create another access-list for that with the filters that you find appropriate and apply it to the BRI or PRI interface as you do to any other type of interface.
4. Setup the encapsulation protocol, PPP. Using PAP authentication does not provide that much of security, so we will use CHAP for authentication.
The first thing to do to configure PPP to use CHAP is to set a username and a password.
Router(config)#username USER password PASS
where USER is the username and PASS is the password. The username should be the hostname of the other end and the password is the secret password of the other end. If you like to use different usernames and passwords, please refer to the PPP configuration procedure .
Then, move into the interface configuration mode of the ISDN interface,
Router(config)#int bri X/X
Now, set an IP address and a subnet mask for the interface,
Router(config-if)#ip address XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
Set the encapsulation and authentication types;
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
5. Apply the dialer-list to the interface,
Router(config-if)#dialer-group X
where X is the dialer-list that was setup in step 3.
6. Define the idle-timeout that you find appropriate for each call,
Router(config-if)#dialer idle-timeout ZZZ
where ZZZ is the duration of the call in seconds (default is usually 120 seconds). The idle-timeout is the period of time in which the call will remain unterminated waiting for more interesting traffic. If more interesting traffic comes in before the timer is over, the timers will be reset. If no interesting traffic comes in, the call will be terminated even if there was non-interesting traffic being transferred.
7. If you are using this link between to points only and your router will be dialing only one destination using the ISDN network, use the following command to set the dialer string:
Router(config-if)#dialer string XXXXX
where XXXXX is the dialer string that is provided to you by the service provider. This dialer string is similar to the phone number that you dial in the regular PSTN. So, you command the router to dial the string of the other side not your side.
For further security, you can use a different command that associates the dialing to a destination IP address with a username and a dialer string,
Router(config-if)#dialer map ip YYY.YYY.YYY.YYY name USER XXXXX
where YYY.YYY.YYY.YYY is the IP address of the other end of the ISDN link
USER is the same username that you have setup to use with PPP
XXXXX is the dialer string of the other end of the ISDN link.
8. You can optionally use the following command to set up a threshold of load on which the second channel (in a BRI link) becomes active.
Router(config-if)#dialer load-threshold VVV either
where VVV is a number between 1 and 255, 1 being the minimum load and 255 being %100 load on the first channel. This means that this command tells the router to activate the second channel once the first one is VVV/255 loaded.
9. You can check the operation of the ISDN using the following commands;
Router#show isdn active
Router#show isdn status
Router#show dialer
and
Router#debug isdn q921
Router#debug isdn q931
Router#debug dialer