From: Yu Kay (kaykkyu@yahoo.com)
Date: Mon Mar 17 2003 - 10:22:36 GMT-3
I suppose the statement is below, since it should deny
ospf any any in any time because you add "ip ospf
demand".
On the other hands, you want the interest traffic only
effective on specify time range
access-list 101 deny ospf any any
access-list 101 permit ip any any time-range maxtime
Keith
--- Emmett Brown <bremmett@hotmail.com> wrote:
> How about doing it under dialer-list?
>
> int bri0
> dialer-group 10
> ip ospf demand-circuit
> <others ommitted...>
>
> dialer-list 10 protocol ip permit list 101
> access-list 101 permit ip any any time-range maxtime
> access-list 101 deny ip any any
>
> time-range maxtime
> periodic Friday Saturday 7:00 to 21:00
>
> This way, the link will only be triggered on the
> specified time interval by
> OSPF/IP on time specified in the time-range command.
> If it is otherwise,
> then switch the deny and permit keywords on the
> access list while keeping
> the order of the list itself. I wonder if this is
> what you need?
>
>
> Emmett Brown
>
> ----- Original Message -----
> From: "Brian Dennis" <brian@labforge.com>
> To: "'Voss, David'" <dvoss@heidrick.com>;
> <ccielab@groupstudy.com>
> Sent: Saturday, March 15, 2003 3:19 PM
> Subject: RE: Question in logic anyone?
>
>
> > This ACL will always permit OSPF. If the first
> line isn't active the
> > second line will permit all IP which of course
> includes OSPF.
> >
> > access-list 101 permit ospf any any time-range
> maxtime
> > access-list 101 permit ip any any
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> CCSI# 98640
> > brian@labforge.com
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> > Voss, David
> > Sent: Friday, March 14, 2003 7:57 PM
> > To: 'Stewart, Dirk'; ccielab@groupstudy.com
> > Subject: RE: Question in logic anyone?
> >
> > I think you may be making it harder than it really
> is:
> >
> > access-list 101 permit ospf any any time-range
> maxtime
> > access-list 101 permit ip any any
> >
> >
> >
> > -----Original Message-----
> > From: Stewart, Dirk
> [mailto:dirk.stewart@co.fulton.ga.us]
> > Sent: Friday, March 14, 2003 6:07 PM
> > To: ccielab@groupstudy.com
> > Subject: Question in logic anyone?
> >
> >
> > which one is better in logic to keep ospf from
> dialing on time only?
> > Is deny ospf on the whole better within the time
> or putting ospf in time
> > only access!
> >
> > access-list 101 deny ospf any any
> > access-list 101 permit ospf any any time-range
> maxtime
> > access-list 101 permit ip any any time-range
> maxtime
> >
> > OR
> >
> > access-list 101 deny ospf any any time-range
> maxtime
> > access-list 101 permit ip any any time-range
> maxtime
> > !
> > time-range maxtime
> > periodic Friday Saturday 7:00 to 21:00
> >
> > interface config
> -------------------------------------------------
> > !
> > interface BRI0
> > ip address 133.20.1.1 255.255.255.252
> > encapsulation ppp
> > ip ospf authentication message-digest
> > ip ospf message-digest-key 10 md5 cisco1
> >
> > ip ospf cost 9999
> > ip ospf demand-circuit
> >
> > dialer map ip 133.20.1.2 name R3 broadcast
> 7155491000
> > dialer map ip 133.20.1.2 name R3 broadcast
> 7155491001
> > dialer load-threshold 1 outbound
> > dialer-group 10
> > isdn switch-type basic-net3
> > ppp authentication chap
> > ppp multilink
> >
> >
> >
>
-----------------------------------------------------------------------
> >
> > The contents of this message have been scanned for
> viruses by
> > the TruSecure ShadowMail Service, and no viruses
> were found.
> >
> >
> >
>
-----------------------------------------------------------------------
> >
> >
> > * This message has been processed by TruSecure's
> ShadowMail service
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3