Router - Remote Access Server

This configuration snippet shows how to setup a router with a modem bank to act as a dial-in remote access server.  Believe it
or not in this day of broadband everywhere there are still folks who have reasons for keeping a dial-in remote access server.
These days it is more for a backup than anything else. 

#  This configuration was taken from an 2621 running 112.2(17a) IP Plus with a NM-16AM module.  This is a 16 port
#  analog modem bank.  

#  I always like debug and log information to show the actual date and time and it is also good security practice to make sure
#  password-encryption is turned on.

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption

hostname RAS-Router

logging buffered 4096 debugging
enable secret cisco

#  These are usernames that the dial-in users will need to use to complete the PPP authentication phase.

username cisco password cisco
username ciscoconfigs password ciscoconfigs

#  To ensure accurate time reporting set the timezone properly as well set the new daylight savings time settings.

clock timezone EST -5
clock summer-time DST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

#  The following command is needed to set the country code for these modems.

modem country microcom_hdms usa

#  It is always good to turn off source-routing on older routers where it is not the default.

ip subnet-zero
no ip source-route

no ip domain-lookup

#  This command enables the use of a global address-pool for the dial-in clients.  The dhcp-proxy-client tag
#  tells the router to act as a proxy dhcp client to an external DHCP server.  This way you don't have to 
#  define a local pool on the router and all your DHCP scopes are in one place.

ip address-pool dhcp-proxy-client

#  Basic IP addressing on an interface.  It is good practice to hard code speed and duplex on all your 
#  networking gear.

interface FastEthernet0/0
 ip address
 speed 100

#  It's a 2621 so it has 2 FastEthernets but in this example we aren't using the second one so its shutdown.

interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto

#  The interface Group-Async1 command is used to lump the characteristics for all of the dial in 
#  interfaces.  This saves you from having to create an async interface for each modem line.  So to start
#  off we need to assign it as unnumbered to FastEthernet0/0.  We do this to enable the async 
#  interfaces to be able to process IP packets without actually having to use an IP address. 
#  In some cases it might be advantageous to bind it to a loopback interface instead of a physical 
#  interface.  In this case if this physical interface goes down, nobody is talking so its irrelevant here.  
#  We set the encapsulation type to ppp for a standard ppp connection.  We set to the async mode to 
#  interacive so it can take a slip or ppp command at the EXEC level.   The peer default ip address dhcp 
#  command tells the router that the remote peer that is dialing in will receive its ip address through dhcp.  
#  We then set the ppp authentication method to chap pap which is standard when setting up a ppp 
#  connection from a Microsoft client.  The client will need to authenticate with a username  defined
#  in the local database that was defined above.  We then assign the modem lines which are 33-48 to be
#  controlled by this group interface.

interface Group-Async1
 ip unnumbered FastEthernet0/0
 encapsulation ppp
 async mode interactive
 peer default ip address dhcp
 ppp authentication chap pap
 group-range 33 48

#  This router is running EIGRP so it can receive all of the routes from the rest of the interal network.
#  We do not want to attempt to propagate EIGRP routes over the dial lines so we set the group-async1 
#  interface to passive mode.  We set the network value to which basically states that we will run 
#  EIGRP on any network interface on this router that falls under the class A address of 10.x.x.x.
#  Therefore we see that the only interface that will participate in EIGRP is the FA0/0 interface.

router eigrp 1
 passive-interface Group-Async1

#  IP Classless is always used with EIGRP

ip classless
no ip http server

#  It is good security practice to set up your read and write community strings to something other than
#  public and private.  

snmp-server community ciscoconfigs-pub RO
snmp-server community ciscoconfigs-priv RW

line con 0

#  Line 33 - 48 are the modem lines.  First of all we use the flush-at-activation command to get rid of
#  any garbage that my be in the modem line buffer before we bring up the connection.  We then set 
#  the modem to allow incoming calls with the modem Dialin command, then we set the transport input 
#  to all.  We then use the autoselect ppp command to tell the router to start PPP once we receive
#  PPP packets from the dial-in user.  

line 33 48
 modem Dialin
 transport input all
 autoselect ppp

#  Standard aux and vty 0 4 definitions

line aux 0
line vty 0 4
 password cisco




01/02/2015 11:13am

Now and then I’ll stumble across a post like this and I’ll recall that there truly are still exciting pages on the internet.


Education tells human being the basic purpose of their existence, which is to serve other, help other s in their difficulties, and make their own life as well as the life of other which were related to them easy and more comfortable.

12/07/2015 12:19am

Our Service Centers also got expanded through Xplus Communication & vinayaka communication (our sister concern ) as a ASP with ACCEL FRONTLINE SERVICES LIMITED & REDINGTON INDIA LIMITED have service centers at Salem, Madurai and Coimbatore.

03/26/2016 8:12am

It all comes down to quality when you discuss I² systems, and the question of quality is not just about the image intensifier tubes, it's also about the optics and the features.

05/27/2016 5:18pm

You should also use a flush trim bit in addition to the templates. As the bit's bearing moves adjacent to the template's perimeter, the wood becomes trimmed to the precise shape you want.

06/04/2016 7:00am

I found a desirable knowledge on your blog site. I also suggest this blog site with my friends

02/01/2017 5:20am

Share great information about your blog , Blog really helpful for us . We read your blog , share most useful information in blog . Thanks for share your blog here .

02/25/2017 3:25am

Many people end up frustrated and confused when trying to set up a wireless router themselves. They usually attempt to follow the setup CD or instructions that came with the router and end up giving up or paying someone else to do it for them.

02/25/2017 4:36am

The article intends to explain the procedure for finding a Belkin router's IP address. The instructions compiled here are reliable and correct to date. However, we recommend you to follow them carefully to avoid running into troubles.

03/14/2017 3:18pm

Now I understand how my router works. It's pretty useful article for me.

05/09/2017 6:35am



Leave a Reply