08-18-2003 08:27 AM - edited 03-04-2019 02:53 AM
I am trying to configure a dialer-list using an access list to trigger the ISDN dial backup. The remote locations are using Wyse terminals running Citrix ICA with no local server. The remote clients obtain their IP information across the WAN through DHCP. I have tried triggering the dial backup using UDP port 68 (bootpc) to no avail. I have also tried UDP 67 (bootps) as well as all of the documented Citrix ports (1494, 2512, 2513, etc), but can't seem to get the DDR to trigger. If I remove the access list from the dialer list and use "dialer list 1 protocol IP permit" the dial backup triggers immediately when I disconnect the serial interface. This is not an issue when the business is open, but we don't want the dial backup to trigger when the business is closed (nights, weekends).
Does anybody have any experience with this?
08-18-2003 08:33 AM
You've got to show us what your doing if you want some help. What are the statements you are using that are not working?
08-18-2003 08:42 AM
IOS 11.3. Below are the commands I am trying to use:
dialer-list 1 protocol ip list 101
access-list 101 permit udp any any eq 68
access-list 101 permit udp any any eq 67
access-list 101 permit tcp any any eq 1494
access-list 101 permit tcp any any eq 2512
access-list 101 permit tcp any any eq 2513
As I stated, "dialer-list 1 protocol ip permit" works, but the ISDN dial backup triggers on any ip traffic. I want to add more granularity to the dial backup.
Regards,
Dan
08-18-2003 12:47 PM
Why don't you use
access-list 101 permit ip any any log (esentially the same thing as dialer-list 1 protocol ip permit)
This will tell you what is causing the line to dial , the boot P may not be what is triggereing the call as you suspect.
Another option you can you to limit the calling to businees hours is the the time-range command
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080094089.shtml
dialer-list 1 protocol ip list 101
Another
08-18-2003 01:00 PM
I'm guessing you have an ip-helper statement pointing to the bootp server. Do you have a route statement or are you learning a route pointing to the dialer for that helper address? If not then the router does not know it can find the helper through the dialer int. If this is backup then you probably need a floating static route that will get used when the primary dies. If you are using dynamic routing then you need to allow it too.
You can also do a sho dialer when you test with the other list and it might show what is bringing the link up.
08-18-2003 02:25 PM
Yes, I there is a helper address defined, and the routers are running eigrp.
08-18-2003 02:34 PM
Thank you for the suggestions. Certainly logging the traffic to determine what is causing the dialup to occur would be useful. Scheduling client resources for these after-hours activities is always a challenge.
The time-range command is also a useful tool, but that would involve upgrading the IOS on each of the remote routers. However, this may be the better solution.
Regards,
Dan
08-18-2003 03:21 PM
Thank you for the suggestions. Certainly logging the traffic to determine what is causing the dialup to occur would be useful. I did place a sniffer on the network to determine the nature of the IP traffic (types, ports, etc.) and did see bootp traffic. But I'm unsure how the routing processes handle traffic when the primary route fails. Is the secondary route (in this case, the ISDN dial backup) added to the routing table? Or will the router simply initiate the dial backup when the primary path is down and it sees bootp traffic on its LAN interface? Below are portions of the config.
The time-range command is also a useful tool, but that would involve upgrading the IOS on each of the remote routers. However, this may be the better solution.
The client is not using an external clock source. What happens to the router's clock when the device is power cycled or loses power for an extended period?
interface Loopback0
ip address 172.25.X.X 255.255.255.255
!
interface Ethernet0/0
ip address 10.X.X.X 255.255.0.0
ip helper-address 10.1.4.2
no keepalive
!interface Serial0/0
description
backup delay 0 30
backup interface Dialer1
ip address 172.25.X.X 255.255.255.252
bandwidth 1088
keepalive 5
!
interface BRI1/0
description
no ip address
no ip directed-broadcast
encapsulation ppp
keepalive 32767
isdn spid1 61051825540101
isdn spid2 61051828410101
dialer rotary-group 1
dialer-group 1
no fair-queue
!
interface Dialer1
description
ip unnumbered Loopback0
no ip directed-broadcast
encapsulation ppp
keepalive 32767
dialer in-band
dialer idle-timeout 1800
dialer string 86105185046
dialer load-threshold 125 either
dialer-group 1
no fair-queue
ppp authentication chap callin
ppp multilink
hold-queue 20 out
!
router eigrp 101
network 10.X.X.X - ETHERNET LAN
network 172.25.X.X - SERIAL WAN
no auto-summary
!
access-list 101 . . .
!
dialer-list permit ip list 101
Regards,
Dan
08-19-2003 05:13 AM
try to add this
ip route 0.0.0.0 0.0.0.0 dialer 1 250
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: