Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring USB Modems for Dial Backup

The topics below discuss the USB modem interfaces, its configuration details, examples of configuring dialer interface, configuring PAP on dialer interface and CHAP on dialer interface.

USB Modem Interface Overview

Juniper Networks SRX Series Firewalls support the use of USB modems for remote management. You can use Telnet or SSH to connect to the device from a remote location through two modems over a telephone network. The USB modem is connected to the USB port on the device, and a second modem is connected to a remote management device such as a PC or laptop computer.

Note:

USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices.

You can configure your device to fail over to a USB modem connection when the primary Internet connection experiences interruption.

A USB modem connects to a device through modem interfaces that you configure. The device applies its own modem AT commands to initialize the attached modem. Modem setup requires that you connect and configure the USB modem at the device and the modem at the user end of the network.

You use either the J-Web configuration editor or CLI configuration editor to configure the USB modem and its supporting dialer interfaces.

Note:

Low-latency traffic such as VoIP traffic is not supported over USB modem connections.

Note:

We recommend using a US Robotics USB 56k V.92 Modem, model number USR Model 5637.

USB Modem Interfaces

You configure two types of interfaces for USB modem connectivity:

  • A physical interface which uses the naming convention umd0. The device creates this interface when a USB modem is connected to the USB port.

  • A logical interface called the dialer interface. You use the dialer interface, dln, to configure dialing properties for USB modem connections. The dialer interface can be configured using Point-to-Point Protocol (PPP) encapsulation. You can also configure the dialer interface to support authentication protocols—PPP Challenge Handshake (CHAP) or Password Authentication Protocol (PAP). You can configure multiple dialer interfaces for different functions on the device. After configuring the dialer interface, you must configure a backup method such as a dialer backup, a dialer filter, or a dialer watch.

The USB modem provides a dial-in remote management interface, and supports dialer interface features by sharing the same dial pool as a dialer interface. The dial pool allows the logical dialer interface and the physical interface to be bound together dynamically on a per-call basis. You can configure the USB modem to operate either as a dial-in console for management or as a dial-in WAN backup interface. Dialer pool priority has a range from 1 to 255, with 1 designating the lowest priority interfaces and 255 designating the highest priority interfaces.

Dialer Interface Rules

The following rules apply when you configure dialer interfaces for USB modem connections:

  • The dialer interface must be configured to use PPP encapsulation. You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation on dialer interfaces.

  • The dialer interface cannot be configured as a constituent link in a multilink bundle.

  • The dialer interface can perform backup, dialer filter, and dialer watch functions, but these operations are mutually exclusive. You can configure a single dialer interface to operate in only one of the following ways:

    • As a backup interface—for one primary interface

    • As a dialer filter

    • As a dialer watch interface

The backup dialer interfaces are activated only when the primary interface fails. USB modem backup connectivity is supported on all interfaces except lsq-0/0/0.

The dial-on-demand routing backup method allows a USB modem connection to be activated only when network traffic configured as an “interesting packet” arrives on the network. Once the network traffic is sent, an inactivity timer is triggered and the connection is closed. You define an interesting packet using the dialer filter feature of the device. To configure dial-on-demand routing backup using a dialer filter, you first configure the dialer filter and then apply the filter to the dialer interface.

Dialer watch is a backup method that integrates backup dialing with routing capabilities and provides reliable connectivity without relying on a dialer filter to trigger outgoing USB modem connections. With dialer watch, the device monitors the existence of a specified route. If the route disappears, the dialer interface initiates the USB modem connection as a backup connection.

How the Device Initializes USB Modems

When you connect the USB modem to the USB port on the device, the device applies the modem AT commands configured in the init-command-string command to the initialization commands on the modem.

If you do not configure modem AT commands for the init-command-string command, the device applies the following default sequence of initialization commands to the modem: AT S7=45 S0=0 V1 X4 &C1 E0 Q0 &Q8 %C0. Table 1 describes the commands. For more information about these commands, see the documentation for your modem.

Table 1: Default Modem Initialization Commands

Modem Command

Description

AT

Attention. Informs the modem that a command follows.

S7=45

Instructs the modem to wait 45 seconds for a telecommunications service provider (carrier) signal before terminating the call.

S0=0

Disables the auto answer feature, whereby the modem automatically answers calls.

V1

Displays result codes as words.

&C1

Disables reset of the modem when it loses the carrier signal.

E0

Disables the display on the local terminal of commands issued to the modem from the local terminal.

Q0

Enables the display of result codes.

&Q8

Enables Microcom Networking Protocol (MNP) error control mode.

%C0

Disables data compression.

When the device applies the modem AT commands in the init-command-string command or the default sequence of initialization commands to the modem, it compares them to the initialization commands already configured on the modem and makes the following changes:

  • If the commands are the same, the device overrides existing modem values that do not match. For example, if the initialization commands on the modem include S0=0 and the device’s init-command-string command includes S0=2, the device applies S0=2.

  • If the initialization commands on the modem do not include a command in the device’s init-command-string command, the device adds it. For example, if the init-command-string command includes the command L2, but the modem commands do not include it, the device adds L2 to the initialization commands configured on the modem.

Note:

On SRX210 devices, the USB modem interface can handle bidirectional traffic of up to 19 Kbps. On oversubscription of this amount (that is, bidirectional traffic of 20 Kbps or above), keepalives do not get exchanged, and the interface goes down. (Platform support depends on the Junos OS release in your installation.)

USB Modem Configuration Overview

Note:

USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, and SRX345 devices.

Before you begin:

  1. Install device hardware. For more information, see the Getting Started Guide for your device.
  2. Establish basic connectivity. For more information, see the Getting Started Guide for your device.
  3. Order a US Robotics USB 56k V.92 Modem, model number USR Model 5637 (http://www.usr.com/).
  4. Order a public switched telephone network (PSTN) line from your telecommunications service provider. Contact your service provider for more information.
  5. Connect the USB modem to the device's USB port.
    Note:

    When you connect the USB modem to the USB port on the device, the USB modem is initialized with the modem initialization string configured for the USB modem interface on the device.

    1. Plug the modem into the USB port.
    2. Connect the modem to your telephone network.

Suppose you have a branch office router and a head office router each with a USB modem interface and a dialer interface. This example shows you how to establish a backup connection between the branch office and head office routers. See Table 2 for a summarized description of the procedure.

Table 2: Configuring Branch Office and Head Office Routers for USB Modem Backup Connectivity

Router Location

Configuration Requirement

Procedure

Branch Office

Configure the logical dialer interface on the branch office router for USB modem dial backup.

To configure the logical dialer interface, see Example: Configuring a USB Modem Interface.

Configure the dialer interface dl0 on the branch office router using one of the following backup methods:

  • Configure the dialer interface dl0 as the backup interface on the branch office router's primary T1 interface t1-1/0/0.

  • Configure a dialer filter on the branch office router's dialer interface.

  • Configure a dialer watch on the branch office router's dialer interface.

Configure the dialer interface using one of the following backup methods:

Head Office

Configure dial-in on the dialer interface dl0 on the head office router.

To configure dial-in on the head office router, see Example: Configuring a Dialer Interface for USB Modem Dial-In.

If the dialer interface is configured to accept only calls from a specific caller ID, the device matches the incoming call's caller ID against the caller IDs configured on its dialer interfaces. If an exact match is not found and the incoming call's caller ID has more digits than the configured caller IDs, the device performs a right-to-left match of the incoming call's caller ID with the configured caller IDs and accepts the incoming call if a match is found. For example, if the incoming call's caller ID is 4085321091 and the caller ID configured on a dialer interface is 5321091, the incoming call is accepted. Each dialer interface accepts calls from only callers whose caller IDs are configured on it.

See Table 3 for a list of available incoming map options.

Table 3: Incoming Map Options

Option

Description

accept-all

Dialer interface accepts all incoming calls.

You can configure the accept-all option for only one of the dialer interfaces associated with a USB modem physical interface. The dialer interface with the accept-all option configured is used only if the incoming call's caller ID does not match the caller IDs configured on other dialer interfaces.

caller

Dialer interface accepts calls from a specific caller ID. You can configure a maximum of 15 caller IDs per dialer interface.

The same caller ID must not be configured on different dialer interfaces. However, you can configure caller IDs with more or fewer digits on different dialer interfaces. For example, you can configure the caller IDs 14085551515, 4085551515, and 5551515 on different dialer interfaces.

You configure dialer interfaces to support PAP. PAP allows a simple method for a peer to establish its identity using a two-way handshake during initial link establishment. After the link is established, an ID and password pair are repeatedly sent by the peer to the authenticator until authentication is acknowledged or the connection is terminated.

Example: Configuring a USB Modem Interface

This example shows how to configure a USB modem interface for dial backup.

Note:

USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, and SRX345 devices.

Requirements

No special configuration beyond device initialization is required before configuring this feature.

Overview

In this example, you create an interface called as umd0 for USB modem connectivity and set the dialer pool priority to 25. You also configure a modem initialization string to autoanswer after a specified number of rings. The default modem initialization string is AT S7=45 S0=0 V1 X4 &C1 E0 Q0 &Q8 %C0. The modem command S0=0 disables the modem from autoanswering the calls. Finally, you set the modem to act as a dial-in WAN backup interface.

Configuration

Procedure

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure a USB modem interface for dial backup:

  1. Create an interface.

  2. Set the dialer options and priority.

  3. Specify the modem options.

  4. Set the modem to act as a dial-in WAN backup interface.

Results

From configuration mode, confirm your configuration by entering the show interface umd0 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Configuration

Purpose

Verify a USB modem interface for dial backup.

Action

From configuration mode, enter the show interfaces umd0 extensive command. The output shows a summary of interface information and displays the modem status.

Example: Configuring Dialer Interfaces and Backup Methods for USB Modem Dial Backup

This example shows how to configure a dialer interfaces and backup methods for USB modem dial backup.

Note:

USB modems are no longer supported for dial backup on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices.

Requirements

Before you begin, configure a USB modem for the device. See Example: Configuring a USB Modem Interface.

Overview

In this example, you configure a logical dialer interface on the branch office router for the USB modem dial backup. You then configure dial backup to allow one or more dialer interfaces to be configured as the backup link for the primary serial interface. To configure dialer watch, you first add a dialer watch interface and then configure the USB modem interface to participate as a dialer watch interface. The USB modem interface must have the same pool identifier to participate in dialer watch. Dialer pool name dw-pool is used when configuring the USB modem interface.

Topology

Configuration

Configuring a Dialer Interface for USB Modem Dial Backup

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure a logical dialer interface on the branch office router for the USB modem dial backup:

  1. Create an interface.

  2. Specify a description.

  3. Configure PPP encapsulation.

    Note:

    You cannot configure Cisco High-Level Data Link Control (HDLC) or Multilink PPP (MLPPP) encapsulation on dialer interfaces used in USB modem connections.

  4. Create the logical unit.

    Note:

    You can set the logical unit to 0 only.

  5. Configure the dialer options.

  6. Configure the telephone number of the remote destination.

  7. Configure source and destination IP addresses.

Results

From configuration mode, confirm your configuration by entering the show interfaces dl0 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Dial Backup for a USB Modem Connection

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

To configure a dial backup for a USB modem connection:

  1. Select the physical interface.

  2. Configure the backup dialer interface.

Results

From configuration mode, confirm your configuration by entering the show interfaces t1-1/0/0 command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Dialer Filter for USB Modem Dial Backup

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

To configure a dialer filter for USB modem dial backup:

  1. Create an interface.

  2. Configure the dialer filter name.

  3. Configure the dialer filter rule name and term behavior.

  4. Configure the then part of the dialer filter.

  5. Select the dialer interface to apply the filter.

  6. Apply the dialer filter to the dialer interface.

Results

From configuration mode, confirm your configuration by entering the show firewall family inet dialer-filter interesting-traffic and show interfaces dl0commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Dialer Watch for USB Modem Dial Backup

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

To configure a dialer watch for USB modem dial backup:

  1. Create an interface.

  2. Specify a description.

  3. Configure the route to the head office router for dialer watch.

  4. Configure the name of the dialer pool.

  5. Select the USB modem physical interface.

Results

From configuration mode, confirm your configuration by entering the show interfaces dl0 and show interfaces umd0 commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Configuration

Purpose

Verify the configuration output.

Action

From operational mode, enter the show interface terse command.

Example: Configuring a Dialer Interface for USB Modem Dial-In

This example shows how to configure a dialer interface for USB modem dial-in.

Note:

USB modems are no longer supported for dial-in to a dialer interface on SRX300, SRX320, SRX340, and SRX345 devices.

Requirements

No special configuration beyond device initialization is required before configuring this feature.

Overview

To enable connections to the USB modem from a remote location, you must configure the dialer interfaces set up for USB modem use to accept incoming calls. You can configure a dialer interface to accept all incoming calls or accept only calls from one or more caller IDs.

If the dialer interface is configured to accept only calls from a specific caller ID, the system matches the incoming call's caller ID against the caller IDs configured on its dialer interfaces. If an exact match is not found and the incoming call's caller ID has more digits than the configured caller IDs, the system performs a right-to-left match of the incoming call's caller ID with the configured caller IDs and accepts the incoming call if a match is found. For example, if the incoming call's caller ID is 4085550115 and the caller ID configured on a dialer interface is 5550115, the incoming call is accepted. Each dialer interface accepts calls from only callers whose caller IDs are configured on it.

You can configure the following incoming map options for the dialer interface:

  • accept-all—Dialer interface accepts all incoming calls.

    You can configure the accept-all option for only one of the dialer interfaces associated with a USB modem physical interface. The device uses the dialer interface with the accept-all option configured only if the incoming call's caller ID does not match the caller IDs configured on other dialer interfaces.

  • caller—Dialer interface accepts calls from a specific caller ID— for example, 4085550115. You can configure a maximum of 15 caller IDs per dialer interface.

    The same caller ID must not be configured on different dialer interfaces. However, you can configure caller IDs with more or fewer digits on different dialer interfaces. For example, you can configure the caller IDs 14085550115, 4085550115, and 5550115 on different dialer interfaces.

In this example, you configure the incoming map option as caller 4085550115 for dialer interface dl0.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following command, paste it into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the command into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Procedure

Step-by-Step Procedure

To configure a dialer interface for USB modem dial-in:

  1. Select a dialer interface.

  2. Configure the incoming map options.

  3. If you are done configuring the device, commit the configuration.

Verification

To verify the configuration is working properly, enter the show interface dl0 command.

Example: Configuring PAP on Dialer Interfaces

This example shows how to configure PAP on dialer interfaces.

Note:

Configuring PAP on dialer interfaces is no longer supported on SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550HM devices.

Requirements

No special configuration beyond device initialization is required before configuring this feature.

Overview

In this example, you specify a PAP access profile with a client username and a PAP password and select a dialer interface. Finally, you configure PAP on the dialer interface and specify the local name and password.

Configuration

Procedure

Step-by-Step Procedure

To configure PAP on the dialer interface:

  1. Specify a PAP access profile.

  2. Select a dialer interface.

  3. Configure PAP on the dialer interface.

  4. If you are done configuring the device, commit the configuration.

Verification

To verify the configuration is working properly, enter the show interface dl0 command.

Example: Configuring CHAP on Dialer Interfaces

This example shows how to configure CHAP on dialer interfaces for authentication.

Requirements

No special configuration beyond device initialization is required before configuring this feature.

Overview

In this example, you configure dialer interfaces to support CHAP for authentication. CHAP is a server-driven, three-step authentication method that depends on a shared secret password residing on both the server and the client. You specify a CHAP access profile with a client username and a password. You then specify a dialer interface as dl0. Finally, you enable CHAP on a dialer interface and specify a unique profile name containing a client list and access parameters.

Configuration

Procedure

Step-by-Step Procedure

To configure CHAP on a dialer interface:

  1. Specify a CHAP access profile.

  2. Select a dialer interface.

  3. Enable CHAP on the dialer interface.

  4. If you are done configuring the device, commit the configuration.

Verification

To verify the configuration is working properly, enter the show interface dl0 command.