Router - Remote Access Server
This configuration snippet shows how to setup a router with a modem bank to act as a dial-in remote access server. Believe it
or not in this day of broadband everywhere there are still folks who have reasons for keeping a dial-in remote access server.
These days it is more for a backup than anything else.
# This configuration was taken from an 2621 running 112.2(17a) IP Plus with a NM-16AM module. This is a 16 port
# analog modem bank.
# I always like debug and log information to show the actual date and time and it is also good security practice to make sure
# password-encryption is turned on.
service timestamps debug datetime msec
service timestamps log datetime msec
logging buffered 4096 debugging
enable secret cisco
# These are usernames that the dial-in users will need to use to complete the PPP authentication phase.
username cisco password cisco
username ciscoconfigs password ciscoconfigs
# To ensure accurate time reporting set the timezone properly as well set the new daylight savings time settings.
clock timezone EST -5
clock summer-time DST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
# The following command is needed to set the country code for these modems.
modem country microcom_hdms usa
# It is always good to turn off source-routing on older routers where it is not the default.
no ip source-route
no ip domain-lookup
# This command enables the use of a global address-pool for the dial-in clients. The dhcp-proxy-client tag
# tells the router to act as a proxy dhcp client to an external DHCP server. This way you don't have to
# define a local pool on the router and all your DHCP scopes are in one place.
ip address-pool dhcp-proxy-client
# Basic IP addressing on an interface. It is good practice to hard code speed and duplex on all your
# networking gear.
ip address 10.1.1.30 255.255.255.0
# It's a 2621 so it has 2 FastEthernets but in this example we aren't using the second one so its shutdown.
no ip address
# The interface Group-Async1 command is used to lump the characteristics for all of the dial in
# interfaces. This saves you from having to create an async interface for each modem line. So to start
# off we need to assign it as unnumbered to FastEthernet0/0. We do this to enable the async
# interfaces to be able to process IP packets without actually having to use an IP address.
# In some cases it might be advantageous to bind it to a loopback interface instead of a physical
# interface. In this case if this physical interface goes down, nobody is talking so its irrelevant here.
# We set the encapsulation type to ppp for a standard ppp connection. We set to the async mode to
# interacive so it can take a slip or ppp command at the EXEC level. The peer default ip address dhcp
# command tells the router that the remote peer that is dialing in will receive its ip address through dhcp.
# We then set the ppp authentication method to chap pap which is standard when setting up a ppp
# connection from a Microsoft client. The client will need to authenticate with a username defined
# in the local database that was defined above. We then assign the modem lines which are 33-48 to be
# controlled by this group interface.
ip unnumbered FastEthernet0/0
async mode interactive
peer default ip address dhcp
ppp authentication chap pap
group-range 33 48
# This router is running EIGRP so it can receive all of the routes from the rest of the interal network.
# We do not want to attempt to propagate EIGRP routes over the dial lines so we set the group-async1
# interface to passive mode. We set the network value to 10.0.0.0 which basically states that we will run
# EIGRP on any network interface on this router that falls under the class A address of 10.x.x.x.
# Therefore we see that the only interface that will participate in EIGRP is the FA0/0 interface.
router eigrp 1
# IP Classless is always used with EIGRP
no ip http server
# It is good security practice to set up your read and write community strings to something other than
# public and private.
snmp-server community ciscoconfigs-pub RO
snmp-server community ciscoconfigs-priv RW
line con 0
# Line 33 - 48 are the modem lines. First of all we use the flush-at-activation command to get rid of
# any garbage that my be in the modem line buffer before we bring up the connection. We then set
# the modem to allow incoming calls with the modem Dialin command, then we set the transport input
# to all. We then use the autoselect ppp command to tell the router to start PPP once we receive
# PPP packets from the dial-in user.
line 33 48
transport input all
# Standard aux and vty 0 4 definitions
line aux 0
line vty 0 4