From: Ian Stong (istong@stong.org)
Date: Sun Apr 10 2005 - 11:37:01 GMT-3
Hi,
Not sure I follow your requirements/question. But if you are running ospf
and don't want ospf to bring up the link then the ACL can be either generic
in that it denies ospf packets and then permits all else or it can be more
specific to again deny ospf but then only permits specific traffic to bring
the link up (versus any ip traffic bringing the link up). Other things to
consider are the use of ospf demand circuit and filtering between IGPs if
redistributing on the same router that has your ISDN connection.
If I misinterpreted your requirements please elaborate.
Thanks,
Ian
http://www.ccie4u.com
Rack Rentals and CCIE Lab Scenarios starting at only $12
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of mani
poopal
Sent: Sunday, April 10, 2005 9:52 AM
To: ccielab@groupstudy.com
Subject: ospf dialer-watch///dialer watch-list statement//access-list for
dialer -group
Hi GS gurus,
In ISDN/OSPF dialer watch, what is the best combination of access-list for
dialer group:
(A.)When they dont specify any thing;
access-list 101 deny ospf any any
access-list 101 permit ip any any
or
access-lisg 101 deny ip any any
(B)If ping supposed to work:
access-list 101 permit icmp any any
access-list 101 deny ospf any any
access-list 101 permit ip any any
or
access-list 101 permit icmp any any
(c.)DENY EVERY THING
access-list 101 deny ip any any<--EVERY THING IS DENIED(Includes
multicast/dlsw etc)
NOW FOR THE QUESTION;
What is the best practise, is it
deny ospf any any
permit ip any any
OR
deny ip any any
Suggestions are appreciated.
Mani
B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM
---------------------------------
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:55 GMT-3