ISDN Bridging access lists

Unanswered Question
Apr 23rd, 2007
User Badges:

Hi all.


Hope you can help me here.


I'm setting up an ISDN bridged network in a hub and spoke configuration. In normal circumstances, only the spokes will be allowed to dial the hub. I've configured this with all the timeouts etc and works fine.

However, I would like to set up the hub so it can dial the spokes only for telnet traffic. I know that I will need an access list to do this, but how do I 'map' this access list to the 'dialer map bridge' command thus allowing telnet to dial but nothing else. I currently have

'dialer map bridge name <spoke name> broadcast'

without the spoke phone number to prevent it dialing.


Thanks


Bernie

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
paolo bevilacqua Mon, 04/23/2007 - 14:37
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


I suggest you do not bridge over ISDN, because beside other problems, you cannot filter or trigger dialer based on L3 parameters, as you just have found.


What is forcing you to bridge for this design ?

Bernard Steadman Mon, 04/23/2007 - 23:36
User Badges:

Hi,


Thanks for your reply.


Unfortunatly, the 'designers' of the networks I have to administer do not have the knowledge of how they work. They just tell us to do it, get it working, but don't come to us when it doesn't. All, of course, without any finacial cost.


Private IPs is not an option so we cannot route to the remote sites without great expense. Therefore I'm forced to use the spare addresses within the Hubs LAN. So bridging is the only option (unless anyone can think of another soloution).


Bernie



paolo bevilacqua Tue, 04/24/2007 - 04:31
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi,


I understand you frustration but this could be a good occastion to explain the customer why the "designers" made a poor job and things must be changed now.

You will find pleaty of documents on CCO to support you.

Also if you cannot do NAT but need to put some IPs taken from the LAN, remotely via ISDN, you can do that with routing and it will work nice. The router with ISDN will proxy-arp for the remote IP's once they are connected.

paolo bevilacqua Tue, 04/24/2007 - 06:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Thanks for the nice rating, good luck, and come back in case of problems with routing. Almost all can be fixed.

Bernard Steadman Tue, 05/08/2007 - 22:59
User Badges:

Hi all,


I still have a problem with this. I had a trial set up, using a 801 for the spoke and a 2522 for the hub. Link came up and passed traffic. The 2522 was then swapped for a 3620 with 8 port bri, and NM2FE2W loaded with WIC2Ts. The config from the 2522 was mirrored across to the 3620 with modifications for the change of hardware.

The link now comes up but does not pass traffic. Suggestions please.

Edited sho ver and sho run of the 2522 and 3620 are below. IP addresses have also been edited.


2522



System image file is "flash:igs-i-l.110-13", booted via flash


cisco 2522 (68030) processor (revision M) with 2048K/2048K bytes of memory.

Processor board ID 12021904, with hardware revision 00000003

Bridging software.

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

Basic Rate ISDN software, Version 1.0.

1 Ethernet/IEEE 802.3 interface.

2 Serial network interfaces.

8 Low-speed serial(sync/async) network interfaces.

1 ISDN Basic Rate interface.

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read ONLY)


Configuration register is 0x2102


2522#sho run


(edited)

!

hostname 2522

!

enable secret 5 (edited)

!

username 2522 password 7 (edited)

username 801 password 7 (edited)

no ip routing

isdn switch-type basic-net3

!

interface Ethernet0

ip address xxx.153.73.222 255.255.254.0

no ip mroute-cache

no ip route-cache

bridge-group 1

!

(edited)

!

interface BRI0

ip address xxx.153.73.222 255.255.254.0

no ip mroute-cache

encapsulation ppp

no ip route-cache

dialer idle-timeout 60

dialer map bridge name 801 broadcast

dialer-group 1

no fair-queue

ppp multilink

ppp authentication chap

bridge-group 1

!

ip classless

dialer-list 1 protocol bridge permit

bridge 1 protocol ieee

bridge 1 priority 1

!

(edited)

!

end


3620


System image file is "flash:c3620-i-mz.122-27b.bin"


cisco 3620 (R4700) processor (revision 0x81) with 24576K/8192K bytes of memory.

Processor board ID 29402708

R4700 CPU at 80Mhz, Implementation 33, Rev 1.0

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 FastEthernet/IEEE 802.3 interface(s)

4 Serial(sync/async) network interface(s)

8 ISDN Basic Rate interface(s)

DRAM configuration is 32 bits wide with parity disabled.

29K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)


Configuration register is 0x2102


sho run


Current configuration : 3143 bytes

!

(edited)

!

hostname 3620

!

enable secret 5 (edited)

!

username 3620 password 7 (edited)

username 801 password 7 (edited)

ip subnet-zero

no ip routing

!

!

no ip domain-lookup

!

isdn switch-type basic-net3

!

!

!

interface BRI0/0

ip address xxx.153.73.222 255.255.254.0

encapsulation ppp

no ip route-cache

no ip mroute-cache

dialer map bridge name 801 broadcast

dialer-group 1

isdn switch-type basic-net3

no fair-queue

no cdp enable

ppp authentication chap

ppp multilink

bridge-group 1

bridge-group 1 spanning-disabled

!

(edited)

!

interface FastEthernet1/0

ip address xxx.153.73.222 255.255.254.0

no ip route-cache

no ip mroute-cache

speed 10

half-duplex

bridge-group 1

bridge-group 1 spanning-disabled

!

(edited)

!

ip classless

!

dialer-list 1 protocol bridge permit

bridge 1 protocol ieee

bridge 1 priority 1

!

(edited)

!

end



Thanks


Bernie


Actions

This Discussion