The sun has since set on the days of Dial up internet access however there are few that hang onto the legacy technology for good reason. Over 2 million Americans alone use AOL Dial up Internet Access because they reside in areas that do not have broadband (DSL/Cable/FIOS).
There are several reasons as to why you may want to use Dial up in a business setting. First and foremost is the cost. You can get a POTS (Plain old telephone service) line for pennies on the dollar now days and dial-up access is just a few bucks. If the application you are using does not need a lot of bandwidth than this may be the most cost effective way.
The very first thing that comes to mind is ATM Machines. Millions of ATM machines around the country still use Dial up to dial into the banking network and process your DEBT transaction to dispense your money.
Another common use for Dial up is remote administration for out of band management access. This type of dial up configuration allows for you to dial into the router from anywhere in the world and establish an Telnet/SSH Session for administrative management. This type of configuration is also fairly common in specific geographic regions. One spot that comes to mind is factories in Mexico that are quite literately in the middle of no where. If the sole purpose for OOBM is just for telnet/ssh management than why do you need a large DSL or Cable line that cost 20-30 dollars when you can pay less than $5 dollars to use legacy technology and still solve the problem? Imagine this on a larger scale, lets say you have 300 sites that need this type of OOBM, your overall cost savings a month could come out to be approximately ~$6,000.00 or more. That is a total savings of $72,000 a year by just using POTS instead of DSL or Cable for OOBM.
There are some situations where you would need the bandwidth and POTS would not be the ideal solution such as RDP and VNC requirements to remote manage a server however if its just command line than 56k can easily handle a few telnet/ssh sessions.
Dial-in Remote Administration via WIC-1AM-V2
First off lets take a look at the topology that we will be using for both the Dial-up and Dial-in sections.
In this topology, R1 is being used to simulate the POTS network via the VIC-4FXS card which is installed into a NM-HD-V2 network module to provide digital signal processing.
Below is all the configuration needed for R1 to simulate the POTS network.
If you are using the Stub Lab you can follow along with this blog as all configuration and demonstration is done using hardware in the Stub Lab.
R4 will serve as the Dial-In router which will accept incoming calls and authenticate them via CHAP. Once successfully authenticated you will be provided an IP Address and be able to access R4 via SSH and Telnet as well as other network resources reachable via the Routing Table of R4. In this case Loopback4222 has be configured with the IP Address of 220.127.116.11/32 to simulate internet access to the dialup device so once successfully connected, the dialup device (R5 or Your laptop) can reach the internet.
First off we’re going to need to configure a username and password on R4 which will be used to authenticate users attempting to dialin.
R4> enable R4# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R4(config)# username jsmith privilege password HeResJoHnNy! R4(config)#
Next up we need to create a loopback interface used for Management. This Interface will be assigned a /31 with the loopback interface taking the first IP Address. Later on we will configure the the second IP Address to be assigned to the dialin user since only a single user can connect via dialup.
R4(config)# interface lopoback0 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up R4(config-if)# description ### Management Loopback Interface ### R4(config-if)# ip address 10.14.121.19 255.255.255.254 % Warning: use /31 mask on non point-to-point interface cautiously R4(config-if)#
Also we’re going to configure Loopback4222 to simulate the Level 3 Internet DNS Server 18.104.22.168 which will be used for verification purposes in the Dial-up portion of this blog.
R4(config)# interface lopoback4222 %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback4222, changed state to up R4(config-if)# description ### Simulated Internet DNS Server IP ### R4(config-if)# ip address 22.214.171.124 255.255.255.255 R4(config-if)#
Now we’re ready to configure the Async interface which is used to define the protocol characteristics of the modem line interface.
We need to set the IP address to unnumbered Loopback0 as this allows us to use the same IP address on Loopback0 on Async0/2/0. Also PPP encapsulation is needed.
We’re also going to use the peer default ip address command to define the IP address that will be assigned to the authenticated dialin user. You can use DHCP if you like however keep in mind only a single IP address will be assigned as only a single user can connect at any given time to the modem.
Other commands that are needed as displayed below are async mode dedicated which is used for configuring the modem interface to function in dedicated PPP and ppp authentication chap which is used to specify the authentication protocol used by dialin users.
R4(config)# interface async0/2/0 R4(config-if)# ip unnumbered loopback0 R4(config-if)# encapsulation ppp R4(config-if)# peer default ip address 10.14.121.20 R4(config-if)# async mode dedicated R4(config-if)# no keepalive R4(config-if)# ppp authentication chap R4(config-if)# no shut
Now we just need to configure the line which is the modem that is on the WIC-1AM-V2 card installed into Slot 2 of the Cisco 2811. This is why the line has the number of 0/2/0
We need to configure the Line0/2/0 so that it accepts Dialin as well as configure the modem to use the default template.
R4(config)# line 0/2/0 R4(config-if)# modem Dialin R4(config-if)# modem autoconfigure type default
So lets take a look at the final configuration shall we?
! username jsmith privilege 15 password 0 HeResJoHnNy! ! interface Loopback0 description ### Management Loopback Interface ### ip address 10.14.121.19 255.255.255.254 ! interface Loopback4222 ip address 126.96.36.199 255.255.255.255 description ### Simulated Internet DNS Server IP ### ! interface Async0/2/0 ip unnumbered Loopback0 encapsulation ppp peer default ip address 10.14.121.20 async mode dedicated no keepalive ! line 0/2/0 modem Dialin modem autoconfigure type default stopbits 1 speed 115200 flowcontrol hardware ! line vty 0 4 login local !
With this configuration you now have the ability to dial the phone number assigned to the telephone line plugged into the “Line” port of the WIC-1AM-V2 and use CHAP authentication to connect. Once successfully authenticated you’ll be assigned the IP address of 10.14.121.20 after which you’ll be able to Telnet/SSH to 10.14.121.19 as well as be able to ping 188.8.131.52
Dial-up Internet Access via WIC-1AM-V2
Now lets take a look at what is needed to configure a Cisco router with the WIC-1AM-V2 to dial into an ISP to have internet access. In this portion of the blog we’re going to use R5 in the Stub Lab to dial into R4 using the credentials configured on R4. The telephone number to reach R4 is 5552102
In order to configure the router to dial into the ISP we’re going to need to configure a Async0/2/0 interface however before we can do that we need to create the chat-script which is used to tell the async interface how to use the modem line when dialing the telephone number.
The chat script is a relatively simple script which defines commands used when dialing the telephone number. Below is the chat script we will be using;
R5> enable R5# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R5(config)# chat-script Dialup ABORT ERROR ABORT BUSY ABORT "NO ANSWER" "" "AT H" OK "ATDT \T" TIMEOUT 30 CONNECT \c R5(config)#
Now that we have the chat script configured we can now configure all the parameters for the async interface. The IP Address will be negotiated via IPCP, encapsulation must be set to PPP and the dialer must be configured to in-band to enable DDR (Dial on Demand Routing).
You can specify the idle-timeout value to 0 so that the modem does not disconnect automatically after inactivity. The dialer string specifies the telephone number to be dialed along with the chat script as previous configured followed by the CHAP authentication parameters.
The dialer-group command is used to specify the dialer-list which identifies interesting traffic used to active the async interface to dial the phone number. Async mode dedicated is needed as this interface will be used for PPP only and the last bit of configuration required on the Async0/2/0 interface is the CHAP authentication parameters.
R5(config)# interface Async0/2/0 R5(config-if)# ip address negotiated R5(config-if)# encapsulation ppp R5(config-if)# dialer in-band R5(config-if)# dialer idle-timeout 0 R5(config-if)# dialer string 5552102 modem-script Dialup R5(config-if)# dialer-group 1 R5(config-if)# async mode dedicated R5(config-if)# no keepalive R5(config-if)# ppp authentication chap callin R5(config-if)# ppp chap hostname jsmith R5(config-if)# ppp chap password 0 HeResJoHnNy! R5(config-if)# exit R5(config)#
Now you’ll need to define the dialer-list which defines the interesting traffic used to active the async interface. This can be also attached to an ACL if needed but for this example we’re just going to use all IP Based traffic.
R5(config)# dialer-list 1 protocol ip permit
You’ll need to configure the modem line to allow for inbound and outbound calls.
R5(config)# line 0/2/0 R5(config-line)# modem InOut R5(config-line)# exit R5(config)#
Because this is a dial on demand interface, meaning it will only dial when you attempt to send “interesting traffic” through the interface as defined by the dialer-list. You’ll need to configure a default route to send traffic via Async0/2/0 interface.
R5(config)# ip route 0.0.0.0 0.0.0.0 async0/2/0
You are also going to need a source IP address to orginate traffic from, In this example we’re just going to define a loopback interface on R5 as shown below;
R5(config)# interface loopback0 R5(config)# ip address 10.153.18.5 255.255.255.255 R5(config)# end R5#
Now everything is finished, lets take a look at the final configuration!
! chat-script Dialup ABORT ERROR ABORT BUSY ABORT "NO ANSWER" "" "AT H" OK "ATDT \T" TIMEOUT 30 CONNECT \c ! interface Loopback0 ip address 10.153.18.5 255.255.255.255 ! interface Async0/2/0 ip address negotiated encapsulation ppp dialer in-band dialer idle-timeout 0 dialer string 5552102 modem-script Dialup dialer-group 1 async mode dedicated no keepalive ppp authentication chap callin ppp chap hostname jsmith ppp chap password 0 HeResJoHnNy! ! ip route 0.0.0.0 0.0.0.0 Async0/2/0 ! dialer-list 1 protocol ip permit ! line 0/2/0 modem InOut stopbits 1 speed 115200 flowcontrol hardware !
Now we can test the configuration on R5 by attempting to ping 184.108.40.206
R5#ping 220.127.116.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 18.104.22.168, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R5# %LINK-3-UPDOWN: Interface Async0/2/0, changed state to up R5#
Notice how all 5 pings timed out? This is because the connection had not yet been established however if you look below the ping command you’ll see that Async0/2/0 has changed to state up.
Lets check out the IP addresses using the show ip interface brief command;
R5#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down Serial0/0/0 unassigned YES unset administratively down down Serial0/1/0 unassigned YES unset administratively down down Async0/2/0 10.14.121.20 YES IPCP up up Loopback0 10.153.18.5 YES manual up up R5#
Now you can see that Async0/2/0 has an IP address of 10.14.121.20/32 and was negotiated via IPCP as expected.
Lets take a closer look and check out the Async0/2/0 interface;
R5#show interface Async0/2/0 is up, line protocol is up Hardware is GT96K SmartSCM Integrated Modem Internet address is 10.14.121.20/32 MTU 1500 bytes, BW 115 Kbit/sec, DLY 100000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP, loopback not set Keepalive not set DTR is pulsed for 5 seconds on reset Last input 00:00:17, output 00:00:18, output hang never Last clearing of "show interface" counters 00:39:04 Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 86 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 97 packets input, 7741 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 114 packets output, 6770 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up R5#
There is one more command we can check out to verify the connection status as well as the negotiated speed which is show modem 0/2/0
R5#show modem 0/2/0 Mdm Typ Status Tx/Rx G Duration TX RX RTS CTS DSR DCD DTR 0/2/0 V34 Ready 28800/28800 0 00:04:26 - - x x x x x Modem 0/2/0 [line 34], Async0/2/0, TTY34 WIC-AM firmware ACF3_V1.922F-V90_4M_FSH Modem config: Incoming and Outgoing Protocol: LAPM, Compression: V44 Last clearing of "show modem" counters: never 0 incoming complete 0 incoming failures 1 outgoing complete 0 outgoing failure Modulation type V34 # of connections 1 Protocol type LAPM # of connections 1 Transmit Speed Counters: Connection Speeds 28800 # of connections 1 Receive Speed Counters: Connection Speeds 28800 # of connections 1 R5#
As you can see from the show modem, we’ve negotiated a 28.8k baud rate.
Lets try that ping again shall we?
R5#ping 22.214.171.124 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 126.96.36.199, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 116/120/124 ms R5#
Well that’s cool eh? You now have a Cisco router configured to dial up to the internet using a 56k modem!
Remote Telnet/SSH via WIC-1AM-V2 Dial-up
So when it comes to remote administrative access, often times you’re not going to use the dial in access for internet access but only to manage the device you’re dialing into.
In this case we’ll just use R5 as a simulated desktop where we can telnet and SSH into R5 using the destination IP address of 10.14.121.19 which is assigned to R4’s Loopback0 interface.
R5#telnet 10.14.121.19 Trying 10.14.121.19 ... Open User Access Verification Username: jsmith Password: ****** !Password will not be displayed when typed. R# R4#exit [Connection to 10.14.121.19 closed by foreign host] R5#
As you can see we can Telnet directly to R4 from R5 via the Async0/2/0 connection.
But of course Telnet is insecure so you’re going to want to use SSH even though this is a dial up line. You want to give the NSA as much trouble as possible to decipher your communications 😉 lol
R5#ssh -l jsmith 10.14.121.19 Password: ****** !Password will not be displayed when typed. R4# R4#exit [Connection to 10.14.121.19 closed by foreign host] R5#
And you have it… Remote SSH access via dialup 56k modem! Please comment and share! Let me know what you think about this blast from the past!