Configuring USB Modems for Dial Backup
The topics below discuss the USB modem interfaces, its configuration details, examples of configuring dialer interface, configuring PAP on dialer interface and CHAP on dialer interface.
USB Modem Interface Overview
Juniper Networks SRX Series Firewalls support the use of USB modems for remote management. You can use Telnet or SSH to connect to the device from a remote location through two modems over a telephone network. The USB modem is connected to the USB port on the device, and a second modem is connected to a remote management device such as a PC or laptop computer.
USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices.
You can configure your device to fail over to a USB modem connection when the primary Internet connection experiences interruption.
A USB modem connects to a device through modem interfaces that you configure. The device applies its own modem AT commands to initialize the attached modem. Modem setup requires that you connect and configure the USB modem at the device and the modem at the user end of the network.
You use either the J-Web configuration editor or CLI configuration editor to configure the USB modem and its supporting dialer interfaces.
Low-latency traffic such as VoIP traffic is not supported over USB modem connections.
We recommend using a US Robotics USB 56k V.92 Modem, model number USR Model 5637.
USB Modem Interfaces
You configure two types of interfaces for USB modem connectivity:
A physical interface which uses the naming convention
umd0. The device creates this interface when a USB modem is connected to the USB port.A logical interface called the dialer interface. You use the dialer interface,
dln, to configure dialing properties for USB modem connections. The dialer interface can be configured using Point-to-Point Protocol (PPP) encapsulation. You can also configure the dialer interface to support authentication protocols—PPP Challenge Handshake (CHAP) or Password Authentication Protocol (PAP). You can configure multiple dialer interfaces for different functions on the device. After configuring the dialer interface, you must configure a backup method such as a dialer backup, a dialer filter, or a dialer watch.
The USB modem provides a dial-in remote management interface, and supports dialer interface features by sharing the same dial pool as a dialer interface. The dial pool allows the logical dialer interface and the physical interface to be bound together dynamically on a per-call basis. You can configure the USB modem to operate either as a dial-in console for management or as a dial-in WAN backup interface. Dialer pool priority has a range from 1 to 255, with 1 designating the lowest priority interfaces and 255 designating the highest priority interfaces.
Dialer Interface Rules
The following rules apply when you configure dialer interfaces for USB modem connections:
The dialer interface must be configured to use PPP encapsulation. You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation on dialer interfaces.
The dialer interface cannot be configured as a constituent link in a multilink bundle.
The dialer interface can perform backup, dialer filter, and dialer watch functions, but these operations are mutually exclusive. You can configure a single dialer interface to operate in only one of the following ways:
As a backup interface—for one primary interface
As a dialer filter
As a dialer watch interface
The backup dialer interfaces are activated only when the primary interface fails. USB modem backup connectivity is supported on all interfaces except lsq-0/0/0.
The dial-on-demand routing backup method allows a USB modem connection to be activated only when network traffic configured as an “interesting packet” arrives on the network. Once the network traffic is sent, an inactivity timer is triggered and the connection is closed. You define an interesting packet using the dialer filter feature of the device. To configure dial-on-demand routing backup using a dialer filter, you first configure the dialer filter and then apply the filter to the dialer interface.
Dialer watch is a backup method that integrates backup dialing with routing capabilities and provides reliable connectivity without relying on a dialer filter to trigger outgoing USB modem connections. With dialer watch, the device monitors the existence of a specified route. If the route disappears, the dialer interface initiates the USB modem connection as a backup connection.
How the Device Initializes USB Modems
When you connect the USB modem to the USB port on the device,
the device applies the modem AT commands configured in the init-command-string command to the initialization commands on the modem.
If you do not configure modem AT commands for the init-command-string command, the device applies the following default sequence of initialization
commands to the modem: AT S7=45 S0=0 V1 X4 &C1 E0 Q0 &Q8
%C0. Table 1 describes the commands. For more information about these
commands, see the documentation for your modem.
Modem Command |
Description |
|---|---|
|
Attention. Informs the modem that a command follows. |
|
Instructs the modem to wait 45 seconds for a telecommunications service provider (carrier) signal before terminating the call. |
|
Disables the auto answer feature, whereby the modem automatically answers calls. |
|
Displays result codes as words. |
|
Disables reset of the modem when it loses the carrier signal. |
|
Disables the display on the local terminal of commands issued to the modem from the local terminal. |
|
Enables the display of result codes. |
|
Enables Microcom Networking Protocol (MNP) error control mode. |
|
Disables data compression. |
When the device applies the modem AT commands in the init-command-string command or the default sequence of initialization commands to the
modem, it compares them to the initialization commands already configured
on the modem and makes the following changes:
If the commands are the same, the device overrides existing modem values that do not match. For example, if the initialization commands on the modem include
S0=0and the device’sinit-command-stringcommand includesS0=2, the device appliesS0=2.If the initialization commands on the modem do not include a command in the device’s
init-command-stringcommand, the device adds it. For example, if theinit-command-stringcommand includes the commandL2, but the modem commands do not include it, the device addsL2to the initialization commands configured on the modem.
On SRX210 devices, the USB modem interface can handle bidirectional traffic of up to 19 Kbps. On oversubscription of this amount (that is, bidirectional traffic of 20 Kbps or above), keepalives do not get exchanged, and the interface goes down. (Platform support depends on the Junos OS release in your installation.)
USB Modem Configuration Overview
USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, and SRX345 devices.
Before you begin:
Suppose you have a branch office router and a head office router each with a USB modem interface and a dialer interface. This example shows you how to establish a backup connection between the branch office and head office routers. See Table 2 for a summarized description of the procedure.
Router Location |
Configuration Requirement |
Procedure |
|---|---|---|
Branch Office |
Configure the logical dialer interface on the branch office router for USB modem dial backup. |
To configure the logical dialer interface, see Example: Configuring a USB Modem Interface. |
Configure the dialer interface
|
Configure the dialer interface using one of the following backup methods:
|
|
Head Office |
Configure dial-in on the dialer interface |
To configure dial-in on the head office router, see Example: Configuring a Dialer Interface for USB Modem Dial-In. |
If the dialer interface is configured to accept only calls from a specific caller ID, the device matches the incoming call's caller ID against the caller IDs configured on its dialer interfaces. If an exact match is not found and the incoming call's caller ID has more digits than the configured caller IDs, the device performs a right-to-left match of the incoming call's caller ID with the configured caller IDs and accepts the incoming call if a match is found. For example, if the incoming call's caller ID is 4085321091 and the caller ID configured on a dialer interface is 5321091, the incoming call is accepted. Each dialer interface accepts calls from only callers whose caller IDs are configured on it.
See Table 3 for a list of available incoming map options.
Option |
Description |
|---|---|
accept-all |
Dialer interface accepts all incoming calls. You can configure the |
caller |
Dialer interface accepts calls from a specific caller ID. You can configure a maximum of 15 caller IDs per dialer interface. The same caller ID must not be configured on different dialer interfaces. However, you can configure caller IDs with more or fewer digits on different dialer interfaces. For example, you can configure the caller IDs 14085551515, 4085551515, and 5551515 on different dialer interfaces. |
You configure dialer interfaces to support PAP. PAP allows a simple method for a peer to establish its identity using a two-way handshake during initial link establishment. After the link is established, an ID and password pair are repeatedly sent by the peer to the authenticator until authentication is acknowledged or the connection is terminated.
Example: Configuring a USB Modem Interface
This example shows how to configure a USB modem interface for dial backup.
USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, and SRX345 devices.
Requirements
No special configuration beyond device initialization is required before configuring this feature.
Overview
In this example, you create an interface called as umd0 for
USB modem connectivity and set the dialer pool priority to 25. You
also configure a modem initialization string to autoanswer after a
specified number of rings. The default modem initialization string
is AT S7=45 S0=0 V1 X4 &C1 E0 Q0 &Q8 %C0. The modem
command S0=0 disables the modem from autoanswering the
calls. Finally, you set the modem to act as a dial-in WAN backup interface.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the
following command, paste it into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the command into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces umd0 dialer-options pool usb-modem-dialer-pool priority 25 set modem-options init-command-string "ATS0=2 \n" dialin routable
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure a USB modem interface for dial backup:
Create an interface.
[edit] user@host# edit interfaces umd0
Set the dialer options and priority.
[edit interfaces umd0] user@host# set dialer-options pool usb-modem-dialer-pool priority 25
Specify the modem options.
[edit interfaces umd0] user@host# set modem-options init-command-string "ATS0=2 \n"
Set the modem to act as a dial-in WAN backup interface.
[edit interfaces umd0] user@host# set modem-options dialin routable
Results
From configuration mode, confirm your configuration
by entering the show interface umd0 command. If the output
does not display the intended configuration, repeat the configuration
instructions in this example to correct it.
[edit]
user@host# show interface umd0
modem-options {
init-command-string "ATS0=2 \n";
dialin routable;
}
dialer-options {
pool usb-modem-dialer-pool priority 25;
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying the Configuration
Purpose
Verify a USB modem interface for dial backup.
Action
From configuration mode, enter the show interfaces
umd0 extensive command. The output shows a summary of interface
information and displays the modem status.
Physical interface: umd0, Enabled, Physical link is Up
Interface index: 64, SNMP ifIndex: 33, Generation: 1
Type: Async-Serial, Link-level type: PPP-Subordinate, MTU: 1504,
Clocking: Unspecified, Speed: MODEM
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps Internal: 0x4000
Link flags : None
Hold-times : Up 0 ms, Down 0 ms
Last flapped : Never
Statistics last cleared: Never
Traffic statistics:
Input bytes : 21672
Output bytes : 22558
Input packets: 1782
Output packets: 1832
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0,
Resource errors: 0
Output errors:
Carrier transitions: 63, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0
MODEM status:
Modem type : LT V.92 1.0 MT5634ZBA-USB-V92 Data/Fax Modem
(Dual Config) Version 2.27m
Initialization command string : ATS0=2
Initialization status : Ok
Call status : Connected to 4085551515
Call duration : 13429 seconds
Call direction : Dialin
Baud rate : 33600 bps
Most recent error code : NO CARRIER
Logical interface umd0.0 (Index 2) (SNMP ifIndex 34) (Generation 1)
Flags: Point-To-Point SNMP-Traps Encapsulation: PPP-SubordinateExample: Configuring Dialer Interfaces and Backup Methods for USB Modem Dial Backup
This example shows how to configure a dialer interfaces and backup methods for USB modem dial backup.
USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices.
Requirements
Before you begin, configure a USB modem for the device. See Example: Configuring a USB Modem Interface.
Overview
In this example, you configure a logical dialer interface on the branch office router for the USB modem dial backup. You then configure dial backup to allow one or more dialer interfaces to be configured as the backup link for the primary serial interface. To configure dialer watch, you first add a dialer watch interface and then configure the USB modem interface to participate as a dialer watch interface. The USB modem interface must have the same pool identifier to participate in dialer watch. Dialer pool name dw-pool is used when configuring the USB modem interface.
Topology
Configuration
- Configuring a Dialer Interface for USB Modem Dial Backup
- Configuring a Dial Backup for a USB Modem Connection
- Configuring a Dialer Filter for USB Modem Dial Backup
- Configuring a Dialer Watch for USB Modem Dial Backup
Configuring a Dialer Interface for USB Modem Dial Backup
CLI Quick Configuration
To quickly configure this example, copy the
following command, paste it into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the command into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces dl0 description USB-modem-backup encapsulation ppp set interfaces dl0 unit 0 dialer-options activation-delay 60 deactivation-delay 30 idle-timeout 30 initial-route-check 30 pool usb-modem-dialer-pool set interfaces dl0 unit 0 dialer-options dial-string 5551212 set interfaces dl0 unit 0 family inet address 172.20.10.2 destination 172.20.10.1
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.
To configure a logical dialer interface on the branch office router for the USB modem dial backup:
Create an interface.
[edit] user@host# edit interfaces dl0
Specify a description.
[edit interfaces dl0] user@host# set description USB-modem-backup
Configure PPP encapsulation.
[edit interfaces dl0] user@host# set encapsulation ppp
Note:You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation on dialer interfaces used in USB modem connections.
Create the logical unit.
[edit interfaces dl0] user@host# set unit 0
Note:You can set the logical unit to 0 only.
Configure the dialer options.
[edit interfaces dl0] user@host# edit unit 0 dialer-options user@host# set activation-delay 60 user@host# set deactivation-delay 30 user@host# set idle-timeout 30 initial-route-check 30 pool usb-modem-dialer-pool
Configure the telephone number of the remote destination.
[edit interfaces dl0 unit 0 dialer-options] user@host# set dial-string 5551212
Configure source and destination IP addresses.
[edit] user@host# edit interfaces dl0 unit 0 user@host# set family inet address 172.20.10.2 destination 172.20.10.1
Results
From configuration mode, confirm your configuration
by entering the show interfaces dl0 command. If the output
does not display the intended configuration, repeat the configuration
instructions in this example to correct it.
[edit]
user@host# show interfaces dl0
description USB-modem-backup;
encapsulation ppp;
unit 0 {
family inet {
address 172.20.10.2/32 {
destination 172.20.10.1;
}
}
dialer-options {
pool usb-modem-dialer-pool;
dial-string 5551212;
idle-timeout 30;
activation-delay 60;
deactivation-delay 30;
initial-route-check 30;
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring a Dial Backup for a USB Modem Connection
CLI Quick Configuration
To quickly configure this example, copy the
following command, paste it into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the command into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces t1-1/0/0 unit 0 backup-options interface dl0.0
Step-by-Step Procedure
To configure a dial backup for a USB modem connection:
Select the physical interface.
[edit] user@host# edit interfaces t1-1/0/0 unit 0
Configure the backup dialer interface.
[edit] user@host# set backup-options interface dl0.0
Results
From configuration mode, confirm your configuration
by entering the show interfaces t1-1/0/0 command. If the
output does not display the intended configuration, repeat the configuration
instructions in this example to correct it.
[edit]
user@host# show interfaces t1-1/0/0
encapsulation ppp;
unit 0 {
backup-options {
interface dl0.0;
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring a Dialer Filter for USB Modem Dial Backup
CLI Quick Configuration
To quickly configure this example, copy the
following command, paste it into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the command into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set firewall family inet dialer-filter interesting-traffic term term1 from source-address 20.20.90.4/32 set firewall family inet dialer-filter interesting-traffic term term1 from destination-address 200.200.201.1/32 set firewall family inet dialer-filter interesting-traffic term term1 then note set interfaces dl0 unit 0 family inet filter dialer interesting-traffic
Step-by-Step Procedure
To configure a dialer filter for USB modem dial backup:
Create an interface.
[edit] user@host# edit firewall
Configure the dialer filter name.
[edit] user@host# edit family inet user@host# edit dialer-filter interesting-traffic
Configure the dialer filter rule name and term behavior.
[edit] user@host# edit term term1 user@host# set from source-address 20.20.90.4/32 user@host# set from destination-address 200.200.201.1/32
Configure the then part of the dialer filter.
[edit] user@host# set then note
Select the dialer interface to apply the filter.
[edit] user@host# edit interfaces dl0 unit 0
Apply the dialer filter to the dialer interface.
[edit] user@host# edit family inet filter user@host# set dialer interesting-traffic
Results
From configuration mode, confirm your configuration
by entering the show firewall family inet dialer-filter interesting-traffic and show interfaces dl0commands. If the output does not
display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@host# show firewall family inet dialer-filter interesting-traffic
term term1 {
from {
source-address {
20.20.90.4/32;
}
destination-address {
200.200.201.1/32;
}
}
then note;
}
[edit]
user@host# show interfaces dl0
unit 0 {
family inet {
filter {
dialer interesting-traffic;
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Configuring a Dialer Watch for USB Modem Dial Backup
CLI Quick Configuration
To quickly configure this example, copy the
following command, paste it into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the command into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces dl0 description dialer-watch unit 0 dialer-options watch-list 200.200.201.1/32 set interfaces dl0 unit 0 dialer-options pool dw-pool set interfaces umd0 dialer-options pool dw-pool
Step-by-Step Procedure
To configure a dialer watch for USB modem dial backup:
Create an interface.
[edit] user@host# edit interfaces
Specify a description.
[edit] user@host# edit dl0 user@host# set description dialer-watch
Configure the route to the head office router for dialer watch.
[edit] user@host# edit unit 0 dialer-options user@host# set watch-list 200.200.201.1/32
Configure the name of the dialer pool.
[edit] user@host# set pool dw-pool
Select the USB modem physical interface.
[edit] user@host# edit interfaces umd0 dialer-options pool dw-pool
Results
From configuration mode, confirm your configuration
by entering the show interfaces dl0 and show interfaces
umd0 commands. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
[edit] user@host#show interfaces dl0dialer-options { pool dw-pool; } [edit] user@host#show interfaces umd0description dialer-watch; unit 0 { dialer-options { pool dw-pool; watch-list { 200.200.201.1/32; } } }
If you are done configuring the device, enter commit from configuration mode.
Example: Configuring a Dialer Interface for USB Modem Dial-In
This example shows how to configure a dialer interface for USB modem dial-in.
USB modems are no longer supported for dial-in to a dialer interface on SRX300, SRX320, SRX340, and SRX345 devices.
Requirements
No special configuration beyond device initialization is required before configuring this feature.
Overview
To enable connections to the USB modem from a remote location, you must configure the dialer interfaces set up for USB modem use to accept incoming calls. You can configure a dialer interface to accept all incoming calls or accept only calls from one or more caller IDs.
If the dialer interface is configured to accept only calls from a specific caller ID, the system matches the incoming call's caller ID against the caller IDs configured on its dialer interfaces. If an exact match is not found and the incoming call's caller ID has more digits than the configured caller IDs, the system performs a right-to-left match of the incoming call's caller ID with the configured caller IDs and accepts the incoming call if a match is found. For example, if the incoming call's caller ID is 4085550115 and the caller ID configured on a dialer interface is 5550115, the incoming call is accepted. Each dialer interface accepts calls from only callers whose caller IDs are configured on it.
You can configure the following incoming map options for the dialer interface:
accept-all—Dialer interface accepts all incoming calls.You can configure the
accept-alloption for only one of the dialer interfaces associated with a USB modem physical interface. The device uses the dialer interface with theaccept-alloption configured only if the incoming call's caller ID does not match the caller IDs configured on other dialer interfaces.caller—Dialer interface accepts calls from a specific caller ID— for example,4085550115. You can configure a maximum of 15 caller IDs per dialer interface.The same caller ID must not be configured on different dialer interfaces. However, you can configure caller IDs with more or fewer digits on different dialer interfaces. For example, you can configure the caller IDs 14085550115, 4085550115, and 5550115 on different dialer interfaces.
In this example, you configure the incoming map option as caller 4085550115 for dialer interface dl0.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following command, paste it into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration
mode.
set interfaces dl0 unit 0 dialer-options incoming-map caller 4085550115
Procedure
Step-by-Step Procedure
To configure a dialer interface for USB modem dial-in:
Select a dialer interface.
[edit] user@host# edit interfaces dl0
Configure the incoming map options.
[edit] user@host# edit unit 0 dialer-options incoming-map caller 4085551515
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interface dl0 command.
Example: Configuring PAP on Dialer Interfaces
This example shows how to configure PAP on dialer interfaces.
Configuring PAP on dialer interfaces is no longer supported on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices.
Requirements
No special configuration beyond device initialization is required before configuring this feature.
Overview
In this example, you specify a PAP access profile with a client username and a PAP password and select a dialer interface. Finally, you configure PAP on the dialer interface and specify the local name and password.
Configuration
Procedure
Step-by-Step Procedure
To configure PAP on the dialer interface:
Specify a PAP access profile.
[edit] user@host# set access profile pap-access-profile client pap-access-user pap-password my-pap
Select a dialer interface.
[edit] user@host# edit interfaces dl0 unit 0
Configure PAP on the dialer interface.
[edit] user@host# set ppp-options pap local-name pap-access-user local-password my-pap
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interface dl0 command.
Example: Configuring CHAP on Dialer Interfaces
This example shows how to configure CHAP on dialer interfaces for authentication.
Requirements
No special configuration beyond device initialization is required before configuring this feature.
Overview
In this example, you configure dialer interfaces to support CHAP for authentication. CHAP is a server-driven, three-step authentication method that depends on a shared secret password residing on both the server and the client. You specify a CHAP access profile with a client username and a password. You then specify a dialer interface as dl0. Finally, you enable CHAP on a dialer interface and specify a unique profile name containing a client list and access parameters.
Configuration
Procedure
Step-by-Step Procedure
To configure CHAP on a dialer interface:
Specify a CHAP access profile.
[edit] user@host# set access profile usb-modem-access-profile client usb-modem-user chap-secret my-secret
Select a dialer interface.
[edit] user@host# edit interfaces dl0 unit 0
Enable CHAP on the dialer interface.
[edit] user@host# set ppp-options chap access-profile usb-modem-access-profile
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interface dl0 command.