CCNA Certification Tutorial: Introduction To ISDN
By Chris Bryant, CCIE #12933
From the CCNA to the CCIE, ISDN is one of the most important technolgies you'll work with. It's also very common in the field; ISDN is frequently used as a backup connection in case an organization's Frame Relay connections go down. Therefore, it's important to know ISDN basics not only for your particular exam, but for job success.
ISDN is used between two Cisco routers that have BRI or PRI interfaces. Basically, with ISDN, one of the routers places a phone call to the other router. It is vital to understand not only what causes one router to dial another, but what makes the link go down.
Why? Since ISDN is basically a phone call from one router to another, you're getting billed for that phone call -- by the minute. If one of your routers dials another, and never hangs up, the connection can theoretically last for days or weeks. The network manager then receives an astronomical phone bill, which leads to bad things for everyone involved! Cisco routers use the concept of interesting traffic to decide when one router should call another.
By default, there is no interesting traffic, so if you don't define any, the routers will never call each other. Interesting traffic is defined with the dialer-list command.
This command offers many options,so you can define interesting traffic according to what protocols you want to bring the link up, but what the source, destination, or even port number must be for the line to come up.
Dialer-List With No Access List, Defining All IP Traffic As Interesting:
R1#conf t
R1(config)#dialer-list 1 protocol ip permit
< defines all IP traffic as interesting>
R1(config)#int bri0
R1(config-if)#dialer-group 1
< links interface BRI to dialer-list 1 >
Dialer-List Calling An Access-List: Only ICMP Traffic is Interesting
R1(config)#access-list 105 permit icmp any any
<The access-list permits all ICMP traffic, regardless of source of destination.>
R1(config)#dialer-list 1 protocol ip list 105
< The dialer-list option “list 105” means access-list 105 defines interesting traffic. >
R1(config)#interface bri0
R1(config-if)#dialer-group 1
One common misconception occurs once that link is up. Interesting traffic is required to bring the link up, but by default, any traffic can then cross the ISDN link. What makes the link come down? Again, the concept of interesting traffic is used. Cisco routers have an idle-timeout setting for their dialup interfaces. If interesting traffic does not cross the link for the amount of time specified by the idle-timeout, the link comes down.
To summarize: Interesting traffic brings the link up; by default, any traffic can cross the link once it's up; a lack of interesting traffic is what brings the link down.
We’ve also got to know what keeps the link up once it is dialed.
Why? Because ISDN acts as a phone call between two routers, and it’s billed that way to your client. The two routers that are connected by this phone call may be located in different area codes, so now we’re talking about a long distance phone call.
If your ISDN link does not have a reason to disconnect, the connection could theoretically last for days or weeks before someone realizes what’s going on. This is particularly true when the ISDN link is used as a backup for another connection type, as is commonly the case with Frame Relay. When the Frame Relay goes down, the backup ISDN link comes up; when the Frame Relay link comes back up, we must ensure that the ISDN line goes down, so we’re not billed for all that time.
To understand why an ISDN link stays up when it’s not needed, we have to understand why it stays up period. Cisco’s ISDN interfaces use the idle-timeout to determine when an ISDN link should be torn down. By default, this value is two minutes, and it also uses the concept of interesting traffic.
Once interesting traffic brings the link up, by default all traffic can cross the link. However, only interesting traffic resets the idle-timeout. If no interesting traffic crosses the link for two minutes, the idle-timer hits zero and the link comes down.
A common reason for an ISDN link to stay up unnecessarily is that OSPF Hello packets are keeping the line up. The source address "224.0.0.5" would indicate this. Luckily for us, Cisco has a command that allows us to form an OSPF adjacency over the link while actually allowing the line to drop!
With OSPF, Cisco offers the ip ospf demand-circuit interface-level command. The OSPF adjacency will form over the ISDN link, but once formed, the Hello packets will be suppressed. However, the adjacency will not be lost. A check of the adjacency table with show ip ospf adjacency will show the adjacency remains at Full, even though Hellos are no longer being sent across the link. The ISDN link can drop without the adjacency being lost.
When the link is needed, the adjacency is still in place and data can be sent without waiting for OSPF to go through the usual steps of forming an adjacency.
This OSPF command is vital for Cisco certification candidates at every level, but is particularly important for CCNA candidates. Learn this command now, get used to the fact that the adjacency stays up even though Hellos are suppressed, and add this valuable command to your Cisco skill set.
Now we know how the ISDN link comes up (interesting traffic), and some scenarios that might cause the link to stay up, we need to look at ISDN authentication schemes. The two methods Cisco certification candidates must be familiar with are PAP and CHAP.
Password Authentication Protocol (PAP) sends the username and password over the ISDN link in clear-text. Sending any passwords over any WAN link in clear text is generally a bad idea, but it’s important to know you have this option.
Regarding both PAP and CHAP, it’s a common misunderstanding that each side must authenticate the other. PAP and CHAP both support bidirectional and unidirectional authentication; that is, R1 can authenticate R2 without R2 necessarily authenticating R1. It’s more common to use unidirectional authentication in a lab environment than a production network, but keep in mind that bidirectional authentication is an option, not a requirement.
The configurations of PAP and CHAP do have their similarities. For both, you’ll configure a username/password combination in global configuration mode. Newcomers to ISDN sometimes put the local router name in for the username; remember that the remote router name is the username.
The only real advantage of PAP over CHAP comes in the password configuration. Since PAP actually sends the password as a whole over the link, the two routers can send different passwords during authentication. The operation of CHAP requires that both routers use the same password.
Under the BRI interface, you’ll enter encapsulation ppp and ppp authentication pap. On R3, your authentication scheme looks like this:
R1:
username R3 password CCNA
int bri0
encapsulation ppp
ppp authentication pap
R3:
username R1 password CISCO
Int bri0
encapsulation ppp
ppp authentication pap
PAP requires an extra command at this point. The ppp pap sent-username command is required under the interface, indicating the username and password this router will be sending to the remote router. The final configuration would look like this:
R1:
username R3 password CCNA
int bri0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R1 password CISCO
R3:
username R1 password CISCO
Int bri0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R3 password CCNA
I always encourage CCNA and CCNP candidates to use as many debugs as possible when working in their lab, since these commands show us how things work. For any PPP authentication, always run debug ppp negotiation before sending interesting traffic to trigger the call. Watching exactly how PAP and CHAP work give you a much better understanding of what’s going on “behind the command”, and makes you a stronger candidate and a stronger network engineer.
To your success,
Chris Bryant
CCIE #12933
chris@thebryantadvantage.com
|
