RE: time-based ACL with dialer-watch and backup interface

From: Yasser Abdullah (yasser@alharbitelecom.com)
Date: Sat Feb 21 2004 - 17:28:29 GMT-3

• Next message: Larry Roberts: "RE: ISDN equipment! -Groupstudy deal?"
• Previous message: rbeltranj@hotmail.com: "DLSW disconnect session"
• Maybe in reply to: Raymond: "time-based ACL with dialer-watch and backup interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just for fun, I'm trying to find a way to associate time-based access
list with dialer-watch:

 Let's say I have:

 R1----fr---R2-----fr---R3

 R3 has a dialer-watch matching R1's loopback address. If R3 loses R1
Loopback subnet from the routing table, it would dial R1.

 So far, nothing special!

 But let's say that R2's link to R1 has been going up and down quite
often. Your ISDN link is up most of the time and your manager is not
happy about the bill.

 You know that your office hours are weekdays 8-5 and there isn't really
a need for the ISDN link to be active outside these hours.

So, I start by configuring a static route to null with a high admin
distance on R2. The subnet is also R1's loopback subnet. As long as FR
to R1 is up, the route is not used. I then redistribute static on R2
with a route map that will match the static route to null using a time
range access-list. The route will get redistributed only during weekends
& 17:00 to 08:00 daily. If the R1-R2 link falls during these times, the
dialer-watch will not be used since the route injected by R2 would be in
R3's route table. If the link fails during working hours, dialer-watch
will be triggered.

 Thought someone might find this interesting.

Yasser
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian Dennis
Sent: Saturday, February 21, 2004 6:40 PM
To: 'Raymond'; ccielab@groupstudy.com
Subject: RE: time-based ACL with dialer-watch and backup interface

In regards to your comment:

<Raymond>
It will not dial out as it is out of time range/restricted by
dialer-list.
But it seems the behaviour is not match what I want.
</Raymond>

Even if you do not have a dialer-list or dialer-group, dialer watch can
still call whenever the 'watched' route is missing from the routing
table.
The two features that do not rely on interesting traffic to trigger a
call
are dialer watch and dialer persistent.

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Raymond
Sent: Saturday, February 21, 2004 2:19 AM
To: Brian Dennis; ccielab@groupstudy.com
Subject: RE: time-based ACL with dialer-watch and backup interface

Hi All,

Yes.
May be I let you all misunderstand. Let say, undoubtedly there is
"dialer-group" and "dialer watch-group" in the BRI interface.
I use time-based ACL in dialer-list.
I suppose even though the router lose the watched route. It will not
dial
out
as it is out of time range/restricted by dialer-list. But it seems the
behaviour is not match what I want.

Moreover, for backup interface, it seems the router must dial once when
primary
link is failed.

Thanks
Ray

 --- Brian Dennis <bdennis@internetworkexpert.com> *:6l%s$:.e!G> <Quote>
> I would like to know is the dialer watch cannot be controlled by
time-based
> ACL???
> </Quote>
>
> Dialer watch does not rely on interesting traffic. This means that
your
> dialer-list is irrelevant in regards to dialer watch. Dialer watch
uses
the
> routing table to determine when to place a call or when to allow a
call to
> drop.
>
> Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
> bdennis@internetworkexpert.com
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 775-745-6404 (Outside the US and Canada)
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Raymond
> Sent: Friday, February 20, 2004 9:23 AM
> To: ccielab@groupstudy.com
> Subject: time-based ACL with dialer-watch and backup interface
>
> Hi All,
>
> I would like to use time-based ACL with dialer-watch and also that
with
> backup
> interface using BRI interface
> 1. I use time-based ACL with backup interface, when the primary link
is
> down,
> the backup ISDN is still up once even after the time range. And it
will
not
> dial out again after idle timeout. Is it normal?
> 2. I use time-based ACL with dialer watch, when the router lose the
watched
> route, it will dial out even after the time range. I have tried
several
> time,
> the backup ISDN line still dial out after time range when losing
watched
> route.
> I would like to know is the dialer watch cannot be controlled by
time-based
> ACL???
>
> Thanks and Regards,
> Ray
>
> _________________________________________________________
> %21~'^!B6<:q!B$p,P,P...
> .v:)9aAn 1!$_3sC4
> http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
>
>

• Next message: Larry Roberts: "RE: ISDN equipment! -Groupstudy deal?"
• Previous message: rbeltranj@hotmail.com: "DLSW disconnect session"
• Maybe in reply to: Raymond: "time-based ACL with dialer-watch and backup interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:54 GMT-3