|
Remote Dial In Router Configuration
DESCRIPTION: In the two following examples of dial in router configurations, the remote
device is a router. In this example an Office Router that has an Ethernet interface
of its own with a separate IP subnet. Some administrators refer to this configuration as
assigning a set of static IP addresses to the dial in user. The remote router is dialing
in to another access router, or to a high density access server or access concentrator, at
some core network Point Of Presence (POP).
Case 1---ONLY ONE Lucent PortMaster (TM) can service dial in users on the Ethernet
backbone segment at the POP.
Case 2---MORE THAN ONE PortMaster can service dial in users on the Ethernet backbone
segment at the POP.
In both cases, single workstation dial in clients are already being assigned IP
addresses from the "assigned" address pool; the configuration for this type of
user is not covered in this technote.
CONFIGURATION EXAMPLE---Case 1
The backbone Ethernet segment has only ONE PortMaster to service dial in users. The
remote Office Router is going to dial in to PortMaster_A (a PortMaster 2 or PortMaster 3
or another type of router).
Configuration Summary: Each router has the ether0 IP address of the other
router stored in its user table (Steps 1 and 3). The user netmask feature is
turned on for the upstream PortMaster (Step 2). A route to the remote Local Area
Network (LAN) must be learned or created on the router ( in this case a Lucent IRX
(TM) router) with access to the Internet (Step 4).
====BACKBONE ETHERNET============================= 207.10.89.0/27 ===
| |
| E0 IP: 207.10.89.2 | E0 IP: 207.10.89.1
+-------+--------+ +-------+--------+
| E0 | | |
| PortMaster_A | | IRX |
| S1 | | |
+-------+--------+ +----------------+
| |
-------------- |
PPP async line | --------- feed to Internet
|
+-------+--------+
| S1 |
| Office Router |
| E0 |
+-------+--------+
| 207.10.89.33
|
====ETHERNET=========== 207.10.89.32/28 ===
1. Create the user table entry for the remote router "dialin-router" with the
following commands on PortMaster_A:
PortMaster_A> add netuser dialin-router
PortMaster_A> set user dialin-router password ok2
PortMaster_A> set user dialin-router address 207.10.89.33
PortMaster_A> set user dialin-router netmask 255.255.255.240
PortMaster_A> set user dialin-router routing off
PortMaster_A> save all
PortMaster_A> show user dialin-router
Username: dialin-router Type: Dial-in Network User
Address: 207.10.89.33 Netmask: 255.255.255.240
Protocol: PPP Options: Quiet, Compression
MTU: 1500 Async Map: 00000000
If you use Lucent RADIUS (TM), the user entry for the Office Router dialing in looks
like the following:
dialin-router Password = "ok2"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 207.10.89.33,
Framed-IP-Netmask = 255.255.255.240,
Framed-Routing = None,
Framed-MTU = 1500
Framed-IP-Address = the ether0 IP address of the remote router.
Framed-IP-Netmask = the ether0 netmask of the remote router.
If Lucent ComOS(TM)3.5 or later is installed on the PortMaster, it is not necessary to use
the RADIUS Framed Route reply item as long as you perform Step 2.
2. Turn on the user-netmask setting on PortMaster_A:
PortMaster_A> set user-netmask on
PortMaster_A> save all
WARNING! With the user-netmask command set on, be sure that for
each single-user dial-in client user profile is configured to
have a 32-bit netmask on the PortMaster or within the RADIUS user
table. A 32 bit netmask (255.255.255.255) (which is the default
if it is not specified in ComOS or in RADIUS), assures that the
dail in Point To Point (PTP) interfaces do not aquire the route for ether0.
3. Create a dial out location table entry on the remote router that specifies
the ether0 IP address and netmask of PortMaster_A:
Office_Router> add loc # Creates the location profile.
Office_Router> set loc destination 207.10.89.2
Office_Router> set loc netmask 255.255.255.224
4. Provide routing information in one of the following ways to the
Internet gateway router (in this case a Lucent IRX (TM) router):
-- Disable routing on ether0 of PortMaster_A and create a
static route on the IRX:
Command> add route 207.10.89.32/28 207.10.89.2 1
-- Implement OSPF on the Ethernet segment.
-- Use Routing Information Protocol (RIP) and the table netmask feature (an older feature not
frequently implemented).
CONFIGURATION EXAMPLE---Case 2:
You have MORE THAN ONE PortMaster to service dial-in users
on the Ethernet backbone segment at the POP. The Office Router can
dial into PortMaster_A or PortMaster_B or another router.
Configuration Summary:
-- Each router has the other router's ether0 IP address stored in its user
table (Steps 1, 3, and 4).
-- The user-netmask feature is turned on the dialed-in PortMaster (Step 2).
-- A route to the remote LAN must be learned on the router with access to
the Internet (Step 5).
====BACKBONE ETHERNET============================= 207.10.89.0/27 ===
| | |
| 207.10.89.2 | 207.10.89.3 | 207.10.89.1
+-------+--------+ +-------+--------+ +-------+--------+
| E0 | | E0 | | |
| PortMaster_A | | PortMaster_B | | IRX |
| S1 | | S1 | | |
+-------+--------+ +----------------+ +----------------+
| |
---------------- |
| ------- feed
| to Internet
|
+-------+--------+
| S1 |
| Office Router |
| E0 |
+-------+--------+
| 207.10.89.33
|
====ETHERNET=========== 207.10.89.32/28 ===
1. Create the user table entry for the remote router on PortMaster_A
and PortMaster_B. (Only PortMaster_A commands are shown.)
PortMaster_A> add netuser dialin-router
PortMaster_A> set user dialin-router password ok2
PortMaster_A> set user dialin-router address 207.10.89.33
PortMaster_A> set user dialin-router netmask 255.255.255.240
PortMaster_A> set user dialin-router routing off
PortMaster_A> show user dialin-router
Username: dialin-router Type: Dial-in Network User
Address: 207.10.89.33 Netmask: 255.255.255.240
Protocol: PPP Options: Quiet, Compression
MTU: 1500 Async Map: 00000000
If you use RADIUS, the user entry for the Office Router dialing in to
PortMaster_A looks like the following:
dialin-router Password = "ok2"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 207.10.89.33,
Framed-IP-Netmask = 255.255.255.240,
Framed-Routing = None,
Framed-MTU = 1500
Framed-IP-Address = the ether0 IP address of the remote router.
Framed-IP-Netmask = the ether0 netmask of the remote router.
If you are running ComOS 3 or later, you do not need to use the
RADIUS Framed-Route reply item as long as you perform Step 2.
2. Turn on the user-netmask setting on PortMaster_A and PortMaster_B:
PortMaster_A> set user-netmask on
PortMaster_A> save all
PortMaster_B> set user-netmask on
PortMaster_B> save all
WARNING! With the user-netmask command set on, be sure that for
each single-user dial-in client user profile is configured to
have a 32-bit netmask on the PortMaster or within the RADIUS user
table. A 32 bit netmask (255.255.255.255) (which is the default
if it is not specified in ComOS or in RADIUS), assures that the
dail-in ptp interfaces do not aquire the route for ether0.
3. Enable the reported IP feature on each PortMaster at the POP:
PortMaster_A> set reported_ip 207.10.89.1
PortMaster_B> set reported_ip 207.10.89.1
This feature is useful for sites that require a number of PortMaster
devices to appear as a single IP address. If the remote router can
dial in to either PortMaster_A or PortMaster_B, this feature
allows the remote router to specify one address. See Step 4.
For more information, refer to the technote "Reported IP Address
Alternatives" at http://www.ra.lucent.com/tech/technotes/200/250009.html.
4. Specify the destination IP address and netmask in the dial-out
configuration profile of the remote router---in the location table if the
remote router is a Lucent PortMaster(TM) product.
The remote router exchanges Ethernet addresses during Point to Point Protolcol (PPP) negotiations (an
"IP unnumbered ppp link").
The destination points to the IP address and netmask of ether0 on
the reported IP address set in Step 3:
Office_Router> set loc loc_name destination 207.10.89.1
Office_Router> set loc loc_name netmask 255.255.255.224
5. Provide routing information in one of the following ways to the
Internet gateway router (in this case an IRX):
-- Enable and configure Open Shortest Path First (OSPF) on all PortMaster products and other
routers on the POP's Ethernet segment.
-- Use static routing table entries.
RIP will not work because the networks are from the same Class C network,
but have different size subnet netmasks of different lengths.
|