Remote Dial In Router Configuration  DESCRIPTION: In the two following examples of dial in router configurations, the remote device is a router.  In this example an Office Router that has an Ethernet interface of its own with a separate IP subnet. Some administrators refer to this configuration as assigning a set of static IP addresses to the dial in user. The remote router is dialing in to another access router, or to a high density access server or access concentrator, at some core network Point Of Presence (POP).  Case 1---ONLY ONE Lucent PortMaster (TM) can service dial in users on the Ethernet backbone segment at the POP.  Case 2---MORE THAN ONE PortMaster can service dial in users on the Ethernet backbone segment at the POP.  In both cases, single workstation dial in clients are already being assigned IP addresses from the "assigned" address pool; the configuration for this type of user is not covered in this technote.  CONFIGURATION EXAMPLE---Case 1  The backbone Ethernet segment has only ONE PortMaster to service dial in users. The remote Office Router is going to dial in to PortMaster_A (a PortMaster 2 or PortMaster 3 or another type of  router).  Configuration Summary:  Each router has the ether0 IP address of the other router  stored in its user table (Steps 1 and 3).  The user netmask feature is turned on for the upstream PortMaster (Step 2).  A route to the remote Local Area Network (LAN) must be learned or created on the router ( in this case a Lucent  IRX (TM) router) with access to the Internet (Step 4).   ====BACKBONE ETHERNET============================= 207.10.89.0/27 ===           |                                  |           | E0 IP: 207.10.89.2               | E0 IP: 207.10.89.1   +-------+--------+                 +-------+--------+    |      E0        |                 |                |   |  PortMaster_A  |                 |     IRX        |   |      S1        |                 |                |   +-------+--------+                 +----------------+           |                                  |           --------------                     |         PPP async line |                     --------- feed to Internet                        |                 +-------+--------+                |      S1        |                | Office Router  |                |      E0        |                +-------+--------+                        | 207.10.89.33                        |                ====ETHERNET=========== 207.10.89.32/28 === 1. Create the user table entry for the remote router "dialin-router" with the     following commands on PortMaster_A: PortMaster_A> add netuser dialin-router PortMaster_A> set user dialin-router password ok2 PortMaster_A> set user dialin-router address 207.10.89.33 PortMaster_A> set user dialin-router netmask 255.255.255.240 PortMaster_A> set user dialin-router routing off PortMaster_A> save all PortMaster_A> show user dialin-router Username: dialin-router  Type: Dial-in Network User Address: 207.10.89.33          Netmask: 255.255.255.240 Protocol: PPP                  Options: Quiet, Compression MTU: 1500                      Async Map: 00000000 If you use Lucent RADIUS (TM), the user entry for the Office Router dialing in looks  like the following: dialin-router  Password = "ok2"      Service-Type = Framed-User,      Framed-Protocol = PPP,      Framed-IP-Address = 207.10.89.33,      Framed-IP-Netmask = 255.255.255.240,      Framed-Routing = None,      Framed-MTU = 1500 Framed-IP-Address = the ether0 IP address of the remote router. Framed-IP-Netmask = the ether0 netmask of the remote router. If Lucent ComOS(TM)3.5 or later is installed on the PortMaster, it is not necessary to use  the RADIUS Framed Route reply item as long as you perform Step 2. 2. Turn on the user-netmask setting on PortMaster_A: PortMaster_A> set user-netmask on PortMaster_A> save all WARNING! With the user-netmask command set on, be sure that for each single-user dial-in client user profile is configured to have a 32-bit netmask on the PortMaster or within the RADIUS user  table. A 32 bit netmask (255.255.255.255) (which is the default if it is not specified in ComOS or in RADIUS), assures that the  dail in Point To Point (PTP) interfaces do not aquire the route for ether0. 3. Create a dial out location table entry on the remote router that specifies     the ether0 IP address and netmask of PortMaster_A: Office_Router> add loc     # Creates the location profile. Office_Router> set loc  destination 207.10.89.2 Office_Router> set loc  netmask 255.255.255.224 4. Provide routing information in one of the following ways to the      Internet gateway router (in this case a Lucent IRX (TM) router):      --  Disable routing on ether0 of PortMaster_A and create a           static route on the IRX:         Command>  add route 207.10.89.32/28  207.10.89.2  1     --  Implement OSPF on the Ethernet segment.       --  Use Routing Information Protocol (RIP) and the table netmask feature (an older feature not          frequently implemented).   CONFIGURATION EXAMPLE---Case 2: You have MORE THAN ONE PortMaster to service dial-in users  on the Ethernet backbone segment at the POP. The Office Router can  dial into PortMaster_A or PortMaster_B or another router. Configuration Summary: --  Each router has the other router's ether0 IP address stored in its user       table (Steps 1, 3, and 4). --  The user-netmask feature is turned on the dialed-in PortMaster (Step 2). --  A route to the remote LAN must be learned on the router with access to      the Internet (Step 5). ====BACKBONE ETHERNET============================= 207.10.89.0/27 ===         |                      |                        |         | 207.10.89.2          | 207.10.89.3            | 207.10.89.1 +-------+--------+     +-------+--------+       +-------+--------+  |      E0        |     |       E0       |       |                | |  PortMaster_A  |     |  PortMaster_B  |       |      IRX       | |      S1        |     |       S1       |       |                | +-------+--------+     +----------------+       +----------------+         |                                               |         ----------------                                |                        |                                ------- feed                         |                                    to Internet                        |                 +-------+--------+                |      S1        |                | Office Router  |                |      E0        |                +-------+--------+                        | 207.10.89.33                        |                ====ETHERNET=========== 207.10.89.32/28 === 1. Create the user table entry for the remote router on PortMaster_A     and PortMaster_B. (Only PortMaster_A commands are shown.) PortMaster_A>  add netuser dialin-router PortMaster_A>  set user dialin-router password ok2 PortMaster_A>  set user dialin-router address 207.10.89.33 PortMaster_A>  set user dialin-router netmask 255.255.255.240 PortMaster_A>  set user dialin-router routing off PortMaster_A>  show user dialin-router Username: dialin-router  Type: Dial-in Network User Address: 207.10.89.33          Netmask: 255.255.255.240 Protocol: PPP                  Options: Quiet, Compression MTU: 1500                      Async Map: 00000000 If you use RADIUS, the user entry for the Office Router dialing in to PortMaster_A looks like the following: dialin-router  Password = "ok2"      Service-Type = Framed-User,      Framed-Protocol = PPP,      Framed-IP-Address = 207.10.89.33,      Framed-IP-Netmask = 255.255.255.240,      Framed-Routing = None,      Framed-MTU = 1500 Framed-IP-Address = the ether0 IP address of the remote router. Framed-IP-Netmask = the ether0 netmask of the remote router. If you are running ComOS 3 or later, you do not need to use the  RADIUS Framed-Route reply item as long as you perform Step 2. 2. Turn on the user-netmask setting on PortMaster_A and PortMaster_B: PortMaster_A> set user-netmask on  PortMaster_A> save all PortMaster_B> set user-netmask on PortMaster_B> save all WARNING! With the user-netmask command set on, be sure that for each single-user dial-in client user profile is configured to have a 32-bit netmask on the PortMaster or within the RADIUS user  table. A 32 bit netmask (255.255.255.255) (which is the default if it is not specified in ComOS or in RADIUS), assures that the  dail-in ptp interfaces do not aquire the route for ether0. 3. Enable the reported IP feature on each PortMaster at the POP:  PortMaster_A> set reported_ip 207.10.89.1 PortMaster_B> set reported_ip 207.10.89.1 This feature is useful for sites that require a number of PortMaster  devices to appear as a single IP address. If the remote router can  dial in to either PortMaster_A or PortMaster_B, this feature  allows the remote router to specify one address. See Step 4. For more information, refer to the technote "Reported IP Address Alternatives" at http://www.ra.lucent.com/tech/technotes/200/250009.html. 4. Specify the destination IP address and netmask in the dial-out  configuration profile of the remote router---in the location table if the remote router is a Lucent PortMaster(TM) product.  The remote router exchanges Ethernet addresses during Point to Point Protolcol (PPP) negotiations (an "IP unnumbered ppp link").  The destination points to the IP address and netmask of ether0 on  the reported IP address set in Step 3: Office_Router> set loc loc_name destination 207.10.89.1 Office_Router> set loc loc_name netmask 255.255.255.224 5. Provide routing information in one of the following ways to the      Internet gateway router (in this case an IRX):  --  Enable and configure Open Shortest Path First (OSPF) on all PortMaster products and other       routers on the POP's Ethernet segment.  --  Use static routing table entries. RIP will not work because the networks are from the same Class C network, but have different size subnet netmasks of different lengths.