Richard Burts Fri, 09/07/2007 - 13:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Robert


Is your dialer for DDR configured with dialer-group on the interface which points to a dialer-list? If so configuring the dialer-list to use an access list which would permit only DLSW traffic would be the logical way to only initiate a DDR call to situations where there was DLSW traffic.


HTH


Rick

rbowers Mon, 09/10/2007 - 04:24
User Badges:

I did appy an access-list on the dialer to allow only port 2065 per cisco's reccomended config. The peers never come active.

Richard Burts Mon, 09/10/2007 - 07:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Robert


Perhaps posting the router config would help us figure out what is happening and to suggest a solution.


HTH


Rick

rbowers Mon, 09/10/2007 - 07:12
User Badges:

pri router

access-list 151 permit tcp any eq 2065 any

access-list 151 permit tcp any any eq 2065

access-list 151 deny ip any host 255.255.255.255

access-list 151 permit ip any any



main router

dlsw remote-peer 0 tcp x.x.x.x lf 4472 keepalive 0 timeout 90 dynamic


remote router

dlsw remote-peer 0 tcp x.x.x.x keepalive 0 timeout 90 dynamic


access-list 151 permit tcp any eq 2065 any

access-list 151 permit tcp any any eq 2065

access-list 151 deny ip any host 255.255.255.255

access-list 151 permit ip any any

Richard Burts Mon, 09/10/2007 - 07:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Robert


Thanks for the additional information. In looking at the access list other than deny anything that is a broadcast everything else is permitted (you have specific permits for the TCP 2065 traffic and then you have a permit ip any any). So I have a hard time believing that the access list is preventing formation of peer relationship.


If you do show access-list 151 do you see any hit count on the permits for TCP 2065?


Was it forming peer relationship and stopped when you made the configuration changes or has it always had problems forming peer relationship?


HTH


Rick

rbowers Mon, 09/10/2007 - 07:53
User Badges:

I was seeing no deniels on the acl. It was working before I made changes. Here is the debug output while trying to connect.

10w6d: DLSw: Packet for disconnected dynamic peer 192.168.x.x

10w6d: DLSw: START-TPFSM (peer 192.168.x.x(2065)): event:ADMIN-OPEN CONNECTION state:DISCONN

10w6d: DLSw: dtp_action_a() attempting to connect peer 192.168.x.x(2065)

10w6d: DLSw: END-TPFSM (peer 192.168.x.x(2065)): state:DISCONN->WAIT_WR


10w6d: DLSw: CONN: peer 192.168.x.x async open callback failed, Connection re

fused by remote host [9]

10w6d: DLSw: START-TPFSM (peer 192.168.x.x(2065)): event:TCP-ASYNC OPEN FAILED state:WAIT_WR

10w6d: DLSw: dtp_action_b() close connection for peer 192.168.x.x(2065)

10w6d: DLSw: END-TPFSM (peer 192.168.x.x(2065)): state:WAIT_WR->DISCONN

Kevin Dorrell Mon, 09/10/2007 - 07:49
User Badges:
  • Green, 3000 points or more

If you are having problems getting the line to come up, I would start with simply access-list 151 permit ip any any. If that doesn't bring the line up, nothing will. You will then know whether you should be looking at your access-list or looking at the config of your dialer.


Kevin Dorrell

Luxembourg

Richard Burts Mon, 09/10/2007 - 08:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kevin


Welcome back. It has been quite a while since I have seen a post from you on the forum. I am glad to see you back.


Frankly the access list that he has got which denies packets to a broadcast address is almost equivalent to your suggestion since it permits everything else.


Robert


I notice this in the messages that you posted:

10w6d: DLSw: CONN: peer 192.168.x.x async open callback failed, Connection re

fused by remote host [9]


I am not sure about async open callback failed (are you attempting callback?). But the part about Connection refused by remote host is pretty clear that there is an issue on the other end of the connection. Can you provide some information about that router?


HTH


Rick

rbowers Mon, 09/10/2007 - 08:26
User Badges:

It is the master router for this connection and several other dlsw connections. All which are working.

DLSW config from the master:

source-bridge ring-group 101

source-bridge transparent 101 2 1 1

dlsw local-peer peer-id x.x.x.x

dlsw remote-peer 0 tcp x.x.x.x lf 4472 keepalive 0 timeout 90 dynamic

dlsw icanreach mac-exclusive

dlsw icanreach mac-address xxxx.xxxx.xxxx mask ffff.ffff.ffff

dlsw udp-disable

Richard Burts Mon, 09/10/2007 - 08:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Robert


Thanks for the additional information from the DLSW on the master which all looks quite normal.


I believe that the issue is not so much with the DLSW configuration but is more likely in the DDR configuration. Can you post the DDR configuration from both routers?


HTH


Rick

Actions

This Discussion