ISDN question

Unanswered Question
Jun 2nd, 2007
User Badges:

Hi i have a question:

If my condition for invoking an isdn call is:

>dialer-list 1 protocol ip permit

does it mean that when someone tries to ping my router or send it some other packets the dial occurs?

2)another question is that if i combine the following inbound acl:

>access-list 101 deny ip any host [my router's ip address]

with the configuration of the dialer-list above, who takes precedes?

Will the acl override the dialer settings and as a result the isdn dial will never happen?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Sat, 06/02/2007 - 06:49
User Badges:
  • Green, 3000 points or more

"dialer-list 1 protocol ip permit

does it mean that when someone tries to ping my router or send it some other packets the dial occurs?"


This statement considers any IP traffic as interesting to trigger the ISDN link. This works in conjunction with the routing. If you have a route pointing to the next hop via ISDN then any IP traffic to that network would cause the router to initiate the ISDN link.


"2)another question is that if i combine the following inbound acl:

>access-list 101 deny ip any host [my router's ip address]"


You only use either or and not both. I don't know if the router would even let you configure both commands. Even if it would why would you want to configure both commands. If you want to be granular in identifying interesting traffic then use the second option of access lists or the first command if you want any IP traffic to trigger the DDR link.



HTH


Sundar

milkdroogy Sat, 06/02/2007 - 08:31
User Badges:

Sundar


But who is "stronger" ACL's or the Dialer-list rules(when not using ACLs in them)?


Its like in windows "Security Permissions" are stronger than "Sharing Permissions"...

Richard Burts Sat, 06/02/2007 - 10:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Oren


I believe that Sunday misunderstood your question. His response indicates that he believes that you intend to try to use both access lists in the dialer list. I understand that you want to use the first access list with dialer list and the second access list as an inbound ip access-group on the dialing interface.


I would answer your question by observing that the dialer list controls when dialing activity will occur and the access-group filters traffic after the interface has dialed. In that sense you might interpret the dialer list as "stronger". But I will also note that it is a quite different relationship than that of "Security Permissions" or "Sharing Permissions".


HTH


Rick

milkdroogy Sat, 06/02/2007 - 12:45
User Badges:

Rick


Thank you, so they wont collide as i thought they would...

sundar.palaniappan Sat, 06/02/2007 - 12:53
User Badges:
  • Green, 3000 points or more

Oren,


I did infact misunderstood your 2nd question. As Rick pointed out they serve independent functions.


Dialer list identifies interesting traffic that can trigger the ISDN link. Access list inbound applies access rules to the traffic arriving on the dialer interface after the call connects successfully.


HTH


Sundar


Richard Burts Sun, 06/03/2007 - 04:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sundar


Quite right.


And my apologies for the typo in my previous post that mis-spelled your name.


HTH


Rick

Actions

This Discussion