cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
432
Views
0
Helpful
5
Replies

800 Router dialer

FINNITTO
Level 1
Level 1

We have a supposedly DDR configured 801 router which dials out to the ISP at an average of every 15 secs. This sporadic behaviour also occurs at odd hours btw 10pm and 6am.

I really need to stop the router from dialing out in this manner as the phone bill is rather too high.

Following is the running config of the 800 router.

Building configuration...

Current configuration:

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname bcmrouter

!

enable secret 5 $1$cC/A$wQoTZGIV5/itbbMxeHIbf/

!

!

!

!

!

ip subnet-zero

!

no ip domain-lookup

isdn switch-type basic-net3

!

!

process-max-time 200

!

interface Ethernet0

ip address 192.168.0.2 255.255.255.0

no ip directed-broadcast

ip nat inside

!

interface BRI0

ip address negotiated

no ip directed-broadcast

ip nat outside

encapsulation ppp

dialer idle-timeout 300

dialer string 08450798202

dialer hold-queue 10

dialer load-threshold 180 either

dialer-group 1

isdn switch-type basic-net3

no cdp enable

ppp authentication chap pap callin

ppp chap hostname bcm

ppp chap password 7 04550A125E2E424F05

ppp pap sent-username bcm password 7 082F4D5A58160B161E

ppp multilink

!

ip nat inside source list 100 interface BRI0 overload

ip nat inside source static tcp 192.168.0.1 25 212.188.176.118 25 extendable

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 BRI0

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 deny udp any any eq netbios-ns

access-list 100 deny udp any any eq netbios-dgm

access-list 100 deny udp any any eq netbios-ss

access-list 100 permit tcp any any eq www

access-list 100 permit tcp host 192.168.0.1 any eq smtp

access-list 100 permit tcp host 192.168.0.1 any eq domain

access-list 100 permit ip host 192.168.0.1 any

access-list 100 permit ip 192.160.0.0 0.0.0.255 any

dialer-list 1 protocol ip list 100

!

line con 0

transport input none

stopbits 1

line vty 0 4

end

5 Replies 5

bobd
Level 1
Level 1

The last line in your access-list 100 is going to activate the dialer for any traffic not explicitly denied in the previous statements. That's probably where your problem lies. If the connection is used just for internet access remove the

access-list 100 permit ip 192.160.0.0 0.0.0.255 any

and add

access-list 100 permit tcp 192.168.0.0 255.255.255.0 any eq 443

access-list 100 permit tcp 192.168.0.0 255.255.255.0 any eq ftp

access-list 100 permit tcp 192.168.0.0 255.255.255.0 any eq (any other ports you really need)

This should eliminate your unwanted dialer activations. You can of course modify the access list to your particular needs.

Bob

I have re -edited the access-list as below, (ignore the access-list 1)

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 deny udp any any eq netbios-ns

access-list 100 deny udp any any eq netbios-dgm

access-list 100 deny udp any any eq netbios-ss

access-list 100 permit tcp any any eq www

access-list 100 permit tcp host 192.168.0.1 any eq smtp

access-list 100 permit tcp host 192.168.0.1 any eq domain

access-list 100 permit ip host 192.168.0.1 any

I realise that without the last entry of '100 permit ip host 192.168.0.1 any' no one can access the internet. The 192.168.0.1 is the proxy server.

What else do I need to add to allow http traffic and remove last line on access-list?

I have re -edited the access-list as below, (ignore the access-list 1)

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 deny udp any any eq netbios-ns

access-list 100 deny udp any any eq netbios-dgm

access-list 100 deny udp any any eq netbios-ss

access-list 100 permit tcp any any eq www

access-list 100 permit tcp host 192.168.0.1 any eq smtp

access-list 100 permit tcp host 192.168.0.1 any eq domain

access-list 100 permit ip host 192.168.0.1 any

I realise that without the last entry of '100 permit ip host 192.168.0.1 any' no one can access the internet. The 192.168.0.1 is the proxy server.

What else do I need to add to allow http traffic and remove last line on access-list?

the line that reads

access-list 100 permit tcp any any eq www

is all that's needed to permit web traffic. For DNS lookups you may want to add

access-list 100 permit udp host 192.168.0.1 any eq domain

for secure web site access you will neeed

access-list 100 permit tcp host 192.168.0.1 any eq 443

and that should be it.

bobd
Level 1
Level 1

I noticed something else that may be causing a little confusion as well. Your using the same access-list 100 as both the nat source and dialer list. Use another list for your NAT. acccess-list 1 would work well for this.

ip nat inside source list 1 interface BRI0 overload

That done, I think everything will work fine.

Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: