CertificationZone Page 1 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
Date of Issue: 03-01-2001
Lab Scenario 2 - Dialer Profiles with
Authentication
by David Wolsefer
Introduction
Network Specifications
The Starting Configurations
Configure Global Commands
1. Configure the ISDN switch type on each router
2. No shut the BRI interfaces
3. Configure the Username Password Database
4. Define Interesting Traffic Using Dialer Lists
5. Configure the Rip version 2 routing protocol
Configure Physical Interface Commands
1. Enable encapsulation PPP
2. Specify ppp authentication chap
3. Configure SPIDs (If Necessary)
4. Assign the physical BRI interface to a dialer pool
Configure Logical Dialer Interface Commands
1. Create the logical dialer interface
2. Assign an IP address to the dialer interface
3. Enable PPP Encapsulation
4. Configure the Dialer Interface for PPP Authentication CHAP
5. Apply the dialer-list to define interesting traffic
6. Specify which dialer-pool to use
7. Configure the dialer remote name and string
8. Check our work
SOLUTION REVEALED
Router1's Final Configuration

Router2's Final Configuration
Introduction
This lab is designed to walk you through a basic dialer profile configuration and the special requirements this places
on PPP CHAP authentication. This lab will show you what commands to type in and how to check that you have
configured things correctly step by step. Some of the steps that were covered in great detail in the first lab scenario
will not be covered as thoroughly in this scenario, so refer to the first lab as needed.
Network Specifications
When you are finished building this network, it should meet the following specifications:
1. Each router should be able to dial the other using dialer profiles.
2. Each dialer interface should use PPP CHAP authentication. You should use the names CCNA1 and CCNA2
rather than the router host names router1 and router2 respectively. Use the password cisco.
3. You should only be able to see the neighboring router with Cisco Discovery Protocol if the ISDN link is already
up.
4. Configure routing using RIP version 2 so that each router can see the other router's Ethernet subnets. Note
that this will cause your ISDN connections to come up every 30 seconds to transmit the RIP routing tables.
This illustrates one of the problems with dynamic routing protocols such as RIP and IGRP when used with
DDR. Fixing this problem using techniques other than static routes is possible, but beyond the scope of the
CCNA exam.
The Starting Configurations
CertificationZone Page 2 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
The equipment that I used in developing this lab included a Cisco 1604 router, and a Cisco 2610 router. The ISDN
simulator was a Teltone ISDN Demonstrator with two U interfaces. You will need to adjust the lab contents to fit your
ISDN simulator and/or routers as necessary. You MUST use an ISDN simulator or actual ISDN lines. There is no way
to configure ISDN using crossover cables or something similar. You can use any router with suitable ISDN interfaces,
but be aware of whether you have U interfaces or S/T interfaces. If you have S/T interfaces, then you will need an
NT1. Here is the basic starting point for cabling your equipment:
(The following information will vary depending upon your ISDN simulator or actual ISDN lines)
ISDN Information for Router1:
isdn switch-type basic-ni

isdn spid1 0835866101 8358661
isdn spid2 0835866301 8358663
ISDN Information for router2:
isdn switch-type basic-ni
isdn spid1 0835866201 8358662
isdn spid2 0835866401 8358664
Figure 1.
Configure Global Commands
1. Configure the ISDN switch type on each router
Before we begin, perform a write erase on each router to make sure that we are starting from scratch. After you enter
the write erase command, reload the router. When you receive a prompt to configure the router, enter ctrl-c and the
router will continue to boot up.
Once this is complete, check that no configuration exists by entering the write command followed by show
configuration. (Note: you can use show configuration instead of show run because you just saved the
configuration. This displays the current configuration faster than show run would.) You should not see any configured
IP addresses, routing statements, or ISDN configurations of any kind. Enter the IP addresses for the Ethernet
interfaces, no shut them, and use the no keep-alive command, if necessary, in case you don't have the Ethernet
interfaces plugged into a hub or switch.
Since we have no ISDN switch type configured, our first step should be to configure the ISDN switch type. We can
use the ? to help us find the correct syntax for our switch type, basic-ni1. We will need to use the isdn switch-type
global command on each router as follows:
Router1#
Router1#configure terminal (you can use conf t for short)
Router1(config)#
router1(config)#isdn switch-type ?
basic-1tr6 1TR6 switch type for Germany
basic-5ess AT&T 5ESS switch type for the U.S.
basic-dms100 Northern DMS-100 switch type
basic-net3 NET3 switch type for UK and Europe
basic-ni1 National ISDN-1 switch type

basic-nwnet3 NET3 switch type for Norway
basic-nznet3 NET3 switch type for New Zealand
CertificationZone Page 3 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
basic-ts013 TS013 switch type for Australia
ntt NTT switch type for Japan
vn2 VN2 switch type for France
vn3 VN3 and VN4 switch types for France
router1(config)#isdn switch-type basic-ni1
router1(config)#^Z
router1#
00:23:38: %SYS-5-CONFIG_I: Configured from console by console
Now that we have configured the ISDN switch type, let's check it using the show isdn status command. If you
configured your routers correctly, you should see the following:
Router1#sh isdn stat
The current ISDN Switchtype = basic-ni1
ISDN BRI0 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 0
2. No shut the BRI interfaces
No shut the BRI interfaces to make sure that each router is talking to the ISDN switch:
Router1(config)#int bri 0
Router1(config-if)#no shut

Router1(config-if)#^z
00:23:54: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:23:54: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:23:54: %LINK-3-UPDOWN: Interface BRI0, changed state to up
Although we are no shutting the physical interface, we are doing it only to check that the global command for the
ISDN switch type is correct. Once we no shut the BRI interface, we should see it come up. Check that the router is
communicating with the ISDN switch by examining the layer 1 status to make sure it is ACTIVE and checking the
layer 2 status to make sure it reads MULTIPLE FRAME ESTABLISHED. Here is what you will look see:
router#sh isdn stat
The current ISDN Switchtype = basic-ni1
ISDN BRI0 interface
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 70, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
No Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
Total Allocated ISDN CCBs = 0
We now know that we have correctly defined the ISDN switch type and that our router is talking to the ISDN switch on
the D channel. The next step is to configure the user password database so we can use this information for
authentication.
3. Configure the Username Password Database
The first step in configuring CHAP authentication is to set up local user databases on each router. What we need to
do is to enter the username for the opposite router and a common password using a global configuration command.
Since the instructions specified that we should use the usernames CCNA1 and CCNA2 instead of the router
hostnames we used in Lab 1, we need to configure the correct usernames. Don't forget that the passwords are case
sensitive. For example, on router1, we would enter the following:
Router1(config)#username CCNA2 password cisco
CertificationZone Page 4 of 9

/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
On router2, we would similarly enter:
Router2(config)#username CCNA1 password cisco
The next step in our configuration is to define interesting traffic.
4. Define Interesting Traffic Using Dialer Lists
A dialer-list is used to define "interesting traffic" (traffic for which you wish to bring up the ISDN connection). We
define a dialer-list in global configuration mode then apply the dialer-list using an interface configuration command
dialer-group. When I am configuring ISDN DDR, I like to first define my dialer lists very broadly using IP until I have
all features working, such as call setup and teardown, authentication, callback, etc. Once I have basic features
working correctly, then I will make the dialer list more selective, if necessary, using an access-list. Here is an example
that shows how traffic can be defined as interesting using a broad dialer list:
Router1(config)#dialer-list 1 protocol ?
Appletalk Appletalk
Bridge Bridging
Clns OSI Connectionless Area Services
Clns_es CLNS End System
Clns_is CLNS Intermediate System
Decnet DECnet
Decnet DECnet node
Decnet_router-L1 DECnet router L1
Decnet_router-L2 DECnet router L2
Ip IP
Ipx Novell IPX
Llc2 LLC2
Vines Banyan Vines
Xns XNS
Using the above syntax, the first dialer list I like to configure is
Router1(config)#dialer-list 1 protocol ip permit
We will cover applying the dialer-list later when we cover the dialer interface commands. For now, our next task is to
configure our routing protocol, RIP Version 2.

5. Configure the Rip version 2 routing protocol
Configuring RIP is very simple, but we need to be aware of the differences between Version 1 and Version 2. Can you
remember them off the top of your head? The two major differences are 1) RIP version 1 is classful whereas RIP
version 2 is not, and 2) RIP version 2 supports VLSM. Another difference is that RIP version 2 supports route
authentication. We will not cover route authentication here, just be aware that it exists and should not be confused
with PPP authentication.
To configure RIP Version 2, all we have to do is enable the RIP routing process, define the participating networks,
and specify version 2. This will be done on each router as follows:
Router2(config)#router rip
Router2(config)#network 10.0.0.0
Router2(config)#network 172.19.0.0
Router2(config)#version 2
We can check that RIP version 2 is enabled using the show ip protocols command on each router. Now that we
have completed the global configuration commands, our next step is to configure the physical BRI interface. For our
final step, we will create and configure logical dialer interfaces.
Configure Physical Interface Commands
1. Enable encapsulation PPP
With dialer profiles, we must specify encapsulation PPP on both the physical BRI interface and the logical dialer
CertificationZone Page 5 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
interface. Here is an example:
Router2(config)#interface bri 0
Router2(config-if)#encapsulation ppp
Since we are going to use PPP CHAP authentication, we must configure it, also, on both the physical and the logical
interfaces.
2. Specify ppp authentication chap
Router2(config)#interface bri 0
Router2(config-if)#ppp authentication chap
Although we are going to use dialer profiles, we still need to configure SPIDs under the physical BRI interface.
3. Configure SPIDs (If Necessary)

The example below shows how SPIDs are entered as well as how we can check that they are configured correctly.
Router2(config-if)#isdn spid1 ?
WORD spid1 string
Router2(config-if)#isdn spid1 0835866201 ?
WORD local directory number
<cr>
router2(config-if)#isdn spid1 0835866201 8358662
router2(config-if)#isdn spid2 0835866401 8358664
Now, let's look at an example where the SPIDs have been configured correctly, sent, and are valid. This will not occur
unless the router's configuration matches the configuration of the ISDN switch exactly.
Router2#sh isdn stat
The current ISDN Switchtype = basic-ni1
ISDN BRI0 interface
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 76, State = MULTIPLE_FRAME_ESTABLISHED
TEI = 77, State = MULTIPLE_FRAME_ESTABLISHED
Spid Status:
spid1 configured, spid1 sent, spid1 valid
spid2 configured, spid2 sent, spid2 valid
Layer 3 Status:
0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
4. Assign the physical BRI interface to a dialer pool
Since we are going to configure dialer profiles, our configuration differs at this point from legacy DDR. Because we
can create many logical dialer interfaces, but have a fixed number of physical BRI interfaces, we need a method to
assign the physical interface to the desired logical dialer interface. The reasons for this become clearer when you
think of a situation where you have only two physical BRI interfaces, but need to use four logical dialer interfaces to
connect other routers. The first BRI interface may be in use by one of the logical dialer interfaces when we need to

place an additional call. By defining both physical BRI interfaces as members of the same dialer pool, the next
available physical BRI interface will be dynamically bound to the logical dialer interface at the time of the call.
Before we configure the physical BRI interface for dialer profiles, we first need to remove all legacy DDR commands,
including dialer map statements, dialer group statements, and network layer addresses. This step should not be
necessary for this lab because we write erased the routers at the beginning of the lab. Here is an example of how we
assign the physical interface to a dialer pool. A physical interface can be assigned to multiple dialer pools, but a
logical dialer interface can only be assigned to a single dialer pool.
Router1(config)#interface bri 0
Router1(config-if)#dialer pool-member 1
Now that we have assigned the physical BRI interface to a dialer pool, we have completed the interface commands
CertificationZone Page 6 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
for the physical BRI interface. The next step is to create a logical dialer interface.
Configure Logical Dialer Interface Commands
So far, the global and physical BRI interface commands have been relatively simple. The most complicated portion of
the overall configuration consists of the creation of the logical dialer interface and the more extensive commands
applied to it. Here is an overview of the remaining steps.
First, we need to create the logical dialer interface. Next, we need to associate a dialer pool with the dialer interface
using the dialer pool number command, where number is the same number previously used with the dialer pool-
member command. Next, we add a dialer-group statement to define interesting traffic and a dialer string to call.
Since we want to use alternate CHAP hostnames, we need to configure them using the ppp chap hostname
command. Finally, we add a dialer remote-name command to enable creation of a dynamic dialer map to the remote
router. We also need to repeat the encapsulation ppp and ppp authentication chap commands we used on the
physical BRI interface.
1. Create the logical dialer interface
To configure the logical dialer interface, we first need to create a logical dialer interface in the same way we create
other logical interfaces such as loopback interfaces.
Router1(config)#interface dialer 0
2. Assign an IP address to the dialer interface
Router1(config-if)#ip address 172.19.1.6 255.255.255.252

3. Enable PPP Encapsulation
Router1(config-if)#encapsulation ppp
4. Configure the Dialer Interface for PPP Authentication CHAP
To configure PPP CHAP authentication, we first need to use the same command we used under the physical BRI
interface. We then need to use a new command, ppp chap hostname, to specify the hostname we want to use for
authentication. This can be totally different from the router's own hostname and is, in our case, CCNA1 or CCNA2.
Here is an example:
Router1(config-if)#ppp authentication chap
Router1(config-if)#ppp chap hostname CCNA1
Next, we need to tell the logical dialer interface what dialer-list to use to define interesting traffic.
5. Apply the dialer-list to define interesting traffic
Since we are using dialer profiles, we need to apply the dialer list we created previously to the dialer interface, rather
then the physical BRI interface, using the dialer-group command:
Router1(config)#interface dialer0
Router1(config-if)#dialer-group 1
6. Specify which dialer-pool to use
Next, we need to tell the logical dialer interface which dialer pool to use. Although we can only specify a single dialer
pool to use under the logical dialer interface, the dialer pool can contain multiple physical BRI interfaces.
Router1(config)#interface dialer 0
Router1(config-if)#dialer pool 1
CertificationZone Page 7 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
7. Configure the dialer remote name and string
Dialer profiles use dynamic dialer maps, which are created automatically at the time a call is placed, to dial the
remote router. We use a combination of a dialer string and dialer remote name to enable the creation of the dynamic
dialer maps.
Router1(config)#interface dialer0
Router1(config-if)#dialer remote-name router2
Router1(config-if)#dialer string 8358662
8. Check our work

At this point, our configuration is complete. We can now check our work by pinging from router1 to router2 and vice
versa.
router1#ping 172.19.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
SOLUTION REVEALED
Router1's Final Configuration
version 12.0
!
hostname router1
!
username CCNA2 password 0 cisco
!
ip subnet-zero
!
isdn switch-type basic-ni
!
interface Ethernet0/0
ip address 10.10.11.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0/0
no ip address
shutdown
!
interface BRI0/0
encapsulation ppp
isdn switch-type basic-ni

isdn spid1 0835866101 8358661
isdn spid2 0835866301 8358663
ppp authentication chap
dialer pool-member 1
!
interface dialer 0
ip address 172.19.1.6 255.255.255.252
encapsulation ppp
dialer remote-name router2
dialer string 8358662
dialer pool 1
dialer-group 1
ppp authentication chap
ppp chap hostname CCNA1
!
ip classless
!
router rip
version 2
network 10.0.0.0
CertificationZone Page 8 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
network 172.19.0.0
!
dialer-list 1 protocol ip permit
!
line con 0
transport input none
line aux 0
line vty 0 4

login
!
no scheduler allocate
end
router1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
Gateway of last resort is not set
10.0.0.0/8 is subnetted, 1 subnets
C 10.10.11.1 is directly connected, Ethernet0
R 10.10.12.0/24 [120/2] via 172.19.1.5, 00:02:46, BRI0/0
172.19.0.0/16 is subnetted, 1 subnets
C 172.19.1.4 is directly connected, BRI0/0
Router2's Final Configuration
version 12.0
!
hostname router2
!
username router1 password 0 cisco
!
ip subnet-zero
!
isdn switch-type basic-ni
!
interface Ethernet0/0
ip address 10.10.12.1 255.255.255.0
no ip directed-broadcast

!
interface Serial0/0
no ip address
shutdown
!
interface BRI0/0
encapsulation ppp
isdn switch-type basic-ni
isdn spid1 0835866001 8358660
isdn spid2 0835866201 8358662
ppp authentication chap
dialer pool-member 1
!
interface dialer 0
ip address 172.19.1.5 255.255.255.252
encapsulation ppp
dialer remote-name router1
dialer string 8358660
dialer pool 1
dialer-group 1
ppp authentication chap
ppp chap hostname CCNA2
!
ip classless
!
router rip
version 2
network 10.0.0.0
network 172.19.0.0
!

dialer-list 1 protocol ip permit
CertificationZone Page 9 of 9
/?Issue=32&IssueDate=03-01-2001&CP= 11/06/01
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
no scheduler allocate
end
Router2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
Gateway of last resort is not set
10.0.0.0/8 is subnetted, 1 subnets
C 10.10.12.1 is directly connected, Ethernet0
R 10.10.11.0/24 [120/2] via 172.19.1.6, 00:02:46, BRI0
172.19.0.0/16 is subnetted, 1 subnets
C 172.19.1.4 is directly connected, BRI0
[NA-DDR-LS2-F03]
[2001-02-23-01]
Copyright © 2001 Genium Publishing Corporation