ISDN Backup - Help Needed

Unanswered Question
Feb 9th, 2007

Hi,

I know we visited this before but I still have the problem. I have attached a diagram to illustrate my dilemme.

Basically we run OSPF between between Sites A and B. At Site A I have injected a static route from Router 1 to 2. The reason for this that the ISDN backup is on router 2.

What's happening at the moment is the ISDN backup keeps initialing for no apparent reason. Could it be OSPF related?

Check attachments for errors and diagram.

Config on Router 1:

ip route <network B> 255.255.255.0 <router1 IP> 240 name isdn-backup

On Router 2 I have a dialer configured and a route statement pointing to that dialer.

Here is config:

ip route <network B> 255.255.255.0 Dialer3 240 name isdn-backup

Config on Router 2

------------------

interface Dialer3

description <number>/site b-backup

ip address 192.168.225.21 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

no ip split-horizon

shutdown

dialer pool 1

dialer remote-name cr17

dialer string <number>

dialer-group 1

no keepalive

no cdp enable

ppp authentication pap callin

ppp pap sent-username cr1 password removed

ppp multilink

ppp multilink links maximum 8

ppp multilink links minimum 4

ppp multilink load-threshold 75 either

ppp multilink endpoint hostname

max-reserved-bandwidth 90

end

!

router ospf 2

log-adjacency-changes

redistribute connected subnets

redistribute static subnets

network 192.168.225.0 0.0.0.255 area 0.0.0.0

!

access-list 130 deny eigrp any any

access-list 130 permit ospf any any

access-list 130 permit icmp any any

access-list 130 permit tcp any any

access-list 130 permit udp any any

access-list 180 permit icmp any any

dialer-list 1 protocol ip list 130

Config on Router 1

------------------

router ospf 2

log-adjacency-changes

redistribute connected subnets

redistribute static subnets

network 192.168.225.0 0.0.0.255 area 0.0.0.0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
smothuku Fri, 02/09/2007 - 04:37

Hi ,

Can you change the config as below.

int dialer 3

dialer map 192.168.225.22 name < router 2> broadcast

config)# ip route < destination> 192.168.225.22 240.

config)# access-list 130 deny ospf any any

access-list 130 permit ip any any

OSPF routing packets are denied in the dialer-list.

dialer-list 1 protocol ip list 130

and do the same thing on the other end.

In configuration you allowed ospf and applied it for dialer-list.Actually it should deny ospf.

IMP: remove redistibute static and connected commands configured under ospf.

Thanks,

satish

bradlesliect Fri, 02/09/2007 - 06:09

Will try what you suggested but will the ISDN activate when it needs to?

bradlesliect Fri, 02/09/2007 - 13:15

Satish,

You still online. I have a problem. The Site B has this config on the access-list.

sh run | inc access-list 130

access-list 130 remark user by dialer-list 1

access-list 130 deny eigrp any any

access-list 130 permit icmp any any

access-list 130 permit tcp any any

access-list 130 permit udp any any

The rest is the same, except for this.

smothuku Fri, 02/09/2007 - 21:36

Hi Brad ,

I have given example where eigrp is used as a routing protocol.In your case ospf is the routing protocol and u should deny ospf and permit any any.

As soon as ospf route vanishes folating static route comes in to the picture and isdn will be active.

When ospf comes back isdn will be deativated automatically...

whatever document i posted in the previous thread is an example.

Instead of eigrp put ospf and configure ity according to document.

If possible please paste the config of both router, i can do the mofdifications.

Thanks,

satish

smothuku Fri, 02/09/2007 - 21:46

Configure the following commands on both routers .i.e End-A router and End-B router.

end -A:

config)# ip route < destination> 192.168.225.22 240.

config)# access-list 130 deny ospf any any

access-list 130 permit ip any any

config)#dialer-list 1 protocol ip list 130

End-B:

config)# ip route < destination> 192.168.225.21 240.

config)# access-list 130 deny ospf any any

access-list 130 permit ip any any

config)# dialer-list 1 protocol ip list 130.

IMP:Before that remove all access-list and dialer-list 1 command from both the routers.

Thanks,

satish.

bradlesliect Sun, 02/11/2007 - 04:12

What you mean by

"IMP:Before that remove all access-list and dialer-list 1 command from both the routers."

You mean before I make the changes you recommend I need to remove the current access-list applied to the dailer-list 1?

bradlesliect Sun, 02/11/2007 - 04:24

Hi Satish,

This did not fix my problem. Look at the log from a debug dialer

126377: Feb 11 14:19:00.234 SAST: Se1/1:15 DDR: Dialing cause ip (s=192.168.225.21, d=224.0.0.5)

126378: Feb 11 14:19:00.234 SAST: Se1/1:15 DDR: Attempting to dial 0116212200

126379: Feb 11 14:19:02.230 SAST: %LINK-3-UPDOWN: Interface Serial1/1:30, changed state to up

126380: Feb 11 14:19:02.230 SAST: Se1/1:30: interface must be fifo queue, force fifo

126381: Feb 11 14:19:02.238 SAST: %DIALER-6-BIND: Interface Se1/1:30 bound to profile Di3

126382: Feb 11 14:19:02.238 SAST: %ISDN-6-CONNECT: Interface Serial1/1:30 is now connected to 0116212200 N/A

126383: Feb 11 14:19:03.294 SAST: %ISDN-6-DISCONNECT: Interface Serial1/1:30 disconnected from , call lasted 1 seconds

There is still something activating this dialer

bradlesliect Sun, 02/11/2007 - 09:50

Hi,

Thanks for the help on the config for the 2 sites. It worked. I still see something trying to activate ospf in access-list 130. How can I see who the culprit is? I see this on both sites A and B.

sh access-lists 130

Extended IP access list 130

10 deny eigrp any any

20 deny ospf any any (5 matches)

30 permit icmp any any

40 permit tcp any any

50 permit udp any any

smothuku Sun, 02/11/2007 - 20:00

Hi,

Glad to hear that your problem is resolved.

You can check it with the help of show ip route when the isdn is active.

Thanks,

satish

bradlesliect Sun, 02/11/2007 - 23:28

If it wasn't for the deny ospf statement on the access-list the dialer would be connecting all the time.

sh access-lists 130

Extended IP access list 130

10 deny eigrp any any

20 deny ospf any any (29448 matches)

30 permit icmp any any (345 matches)

40 permit tcp any any (992 matches)

50 permit udp any any (99 matches)

How do I debug these packets?

smothuku Mon, 02/12/2007 - 01:21

Hi Brad ,

we are denying the ospf using access-list because it prevent opsf packets from keeping the link up.

You can see what's happening with the packet using the following command.

debug ip packey detail.

Hope it helps you.

IMP: Don't use debug all or debug ip packet detail because router may go down after issuing the debug command due to high cpu utilization.

If you want to debug ip packet then use access-list in debug command as mentioned above.

Thanks,

satish

bradlesliect Mon, 02/12/2007 - 02:48

hey ...

you've been EXTREMELY helpful and VERY patient!

Thanks got the info. I got the source and destination addresses. It does make sense though.

208123: Feb 12 12:33:18.790 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER (FastEthernet0/0), routed via FIB

208124: Feb 12 12:33:18.790 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208125: Feb 12 12:33:18.790 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208126: Feb 12 12:33:18.794 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208127: Feb 12 12:33:18.794 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208128: Feb 12 12:33:18.794 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208129: Feb 12 12:33:18.794 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208130: Feb 12 12:33:18.798 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208131: Feb 12 12:33:18.798 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

208132: Feb 12 12:33:18.798 SAST: IP: tableid=0, s=ROUTER A IP (local), d=MONITORING SERVER IP (FastEthernet0/0), routed via FIB

smothuku Mon, 02/12/2007 - 03:17

Hi Brad ,

Thanks for your rating..

Netpro is very useful one...

Thanks,

Satish

smothuku Mon, 02/12/2007 - 05:36

Hi Brad ,

Do you have Site Administrator Security Token (SAST) device in LAN ?

Thanks,

satish

Actions

This Discussion