Is there any way to permit only some IP can initiate the ISDN call ?
I've two internet connections, one through VSAT and other using ISDN.
I just want to allow a few people to use isdn when the VSAT connection is down.
Below is my configuration.
I can't get connected when I use dialer-group 2 in BRI interface.
Anyway to solve ?
ip address 192.168.1.1 255.255.255.0
ip nat outside
ip address 192.168.6.3 255.255.255.0
ip nat inside
ip address negotiated
ip nat outside
dialer idle-timeout 180
dialer string "67#"
isdn switch-type vn3
ppp authentication pap callin
ppp pap sent-username abcdef password 0 abcdef
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 BRI0/0/0 200
ip nat inside source list 10 interface FastEthernet0/0 overload
ip nat inside source list 11 interface BRI0/0/0 overload
access-list 10 permit 192.168.6.0 0.0.0.255
access-list 11 permit 192.168.6.0 0.0.0.255
access-list 101 permit ip 192.168.6.32 0.0.0.8 any
dialer-list 2 protocol ip list 101
dialer-list 1 protocol ip permit
The problem with dialer-group 2 is the mask used in access list 101 (permit ip 192.168.6.32 0.0.0.8). With this mask there are only 2 addresses that are permitted (and these are 192.168.6.32 and 192.168.6.40). Unless you are testing from one of these addresses you will not be able to initiate calls on the BRI. I am not sure who you want to permit and so can not suggest what mask would be appropriate.
There is some ambiguity in your question. At first you say:"only some IP can initiate the ISDN call" but then you say:"I just want to allow a few people to use isdn". The dialer group will control who can initiate the BRI (and satisfy your first requirement). But once the BRI is up, then anyone can use it. If you really mean that only a few people can use the ISDN, then dialer group is not the mechanism that you need to use. To really control who can use the BRI you need an outbound access list on the BRI interface which will permit only the addresses that you specify.