04-01-2003 06:14 PM - edited 03-02-2019 06:19 AM
I am trying to modify and existing Dialer watch setup to only initiate the backup dial-up call during certain times of the day. I have used time-base access lists in the dialer watch-list, but it doesn't seem to work. Dialing occurs at all times...
access-list 111 deny ospf any any
access-list 111 permit ip any any time-range DIALBK
dialer watch-list 129 ip 10.9.8.0 255.255.255.0
dialer-list 1 protocol ip list 111
any ideas?
04-01-2003 06:55 PM
CSCdw21635
Externally found moderate defect: New (N)
Add time based control to dialer watch
I see this feature request , so I doubt if time based access list is supported
on dialer watch ?
Can you please run some debug
debug time-range ?
Also you can try putting the log word at end of access list .
Nilesh
04-01-2003 07:40 PM
Hi Nilesh,
I will try, but the remote router is a production box in a remote location, and I *don't* want to have to drive out to reload the box. :-)
The entire router config is below.
My experience is that the dialer watch doesn't appear to hit the access-list at all, but a manual attempt to initiate dialing works perfectly, failing during the "off" hours.
please contact me at cisco@brucemacdougall.ca if you wish to discuss.
Bruce
R3#wr t
Building configuration...
Current configuration : 3682 bytes
!
! Last configuration change at 23:32:44 AST Tue Apr 1 2003
! NVRAM config last updated at 23:33:25 AST Tue Apr 1 2003
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname R3
!
logging buffered 10000 debugging
logging rate-limit console 10 except errors
enable secret ....
!
username R0 password ...
memory-size iomem 25
clock timezone AST -4
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
no ip domain-lookup
ip dhcp excluded-address 10.122.228.0 10.122.228.15
!
ip dhcp pool dpool
network 10.122.228.0 255.255.255.0
default-router 10.122.228.1
dns-server 192.168.1.10
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
chat-script Dialit ABORT ERROR ABORT BUSY "" "AT" OK "ATDT \T" TIMEOUT 45 CONNEC
T \c
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key
!
!
crypto ipsec transform-set vpn1 esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map CMAP local-address Ethernet0
crypto map CMAP 10 ipsec-isakmp
set peer
set transform-set vpn1
match address 101
!
!
!
!
interface Loopback1
ip address 10.2.228.1 255.255.255.0
ip nat inside
!
interface Tunnel0
bandwidth 1000
ip address 10.3.3.3 255.255.255.0
ip nat inside
ip ospf cost 5
tunnel source Loopback1
tunnel destination 10.2.225.1
crypto map CMAP
!
interface Ethernet0
ip address dhcp
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map CMAP
!
interface FastEthernet0
ip address 10.122.228.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
interface Async5
ip address 10.1.228.2 255.255.255.0
ip nat inside
encapsulation ppp
no ip route-cache
ip ospf network point-to-point
ip ospf cost 65000
no ip mroute-cache
dialer in-band
dialer map ip 10.9.8.0 name R0 broadcast 1number
dialer map ip 10.1.228.1 name R0 broadcast 1number
dialer watch-group 129
dialer-group 1
async default routing
async mode interactive
ppp authentication chap
!
router ospf 100
log-adjacency-changes
network 10.1.228.0 0.0.0.255 area 0
network 10.3.3.0 0.0.0.255 area 0
network 10.122.228.0 0.0.0.255 area 0
!
ip nat pool natpool 10.122.228.16 10.122.228.254 netmask 255.255.255.0
ip nat inside source list 50 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
access-list 50 deny 10.122.228.0 0.0.0.15
access-list 50 permit 10.122.228.0 0.0.0.255
access-list 101 permit ip host 10.2.228.1 host 10.2.225.1
access-list 110 deny ospf any any
access-list 110 permit ip any any
access-list 111 deny ospf any any
access-list 111 permit ip any any log time-range DIALBK
dialer watch-list 129 ip 10.9.8.0 255.255.255.0
dialer-list 1 protocol ip list 111
!
!
!
line con 0
exec-timeout 0 0
escape-character 88
line aux 0
script dialer Dialit
modem InOut
modem autoconfigure discovery
transport input all
autoselect ppp
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
password ....
login
line vty 5 15
login
!
no scheduler allocate
ntp clock-period 17168727
ntp peer 192.5.41.41
time-range DIALBK
periodic Monday 7:00 to 19:00
periodic Tuesday 7:00 to 19:00
periodic Wednesday 7:00 to 19:00
periodic Friday 7:00 to 22:00
periodic Saturday 7:00 to 19:00
periodic Thursday 7:00 to 19:00
!
end
04-02-2003 05:57 AM
Dialer watch does not require "interesting traffic" to place a call (one of its key advantages). You have put the time constraints on the access-list defining interesting traffic, not on the definition of what IP addresses to watch.
Easiest solution is to forget dialer watch and just use dial on demand. Of course, whether that is an acceptable solution for you will depend upon your specific requirements.
Good luck and have fun!
Vincent C Jones
04-02-2003 06:31 AM
Hi Vincent,
You're right...but I am using Dialer Watch because I don't have much choice in the application.
I guess I'll just have to wait for the feature to be added...
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide