From: Sundar Palaniappan (sundarp@gmail.com)
Date: Sun Apr 10 2005 - 13:11:59 GMT-3
Mani,
Dialer list is used for two reasons. One is to define interesting
traffic that's allowed to bring up the ISDN (DDR) link. Another reason
being the traffic defined as interesting will reset the dialer idle
timeout anytime that traffic traverses that link. Default dialer idle
timeout is 120 seconds.
If you are told to prevent OSPF from bringing the ISDN link up then
ofcourse deny ospf and permit all other IP traffic. If you want to
permit pings defined as interesting then permit both icmp echo & echo
replies. Remember there's an implicit deny when you build an ACL that
will take care of all other traffic that's not to be deinfed as
interesting.
HTH,
Sundar Palaniappan
CCIE # 14532
On Apr 10, 2005 9:51 AM, mani poopal <mani_ccie@yahoo.com> wrote:
> Hi GS gurus,
>
> In ISDN/OSPF dialer watch, what is the best combination of access-list for dialer group:
>
> (A.)When they dont specify any thing;
> access-list 101 deny ospf any any
> access-list 101 permit ip any any
> or
> access-lisg 101 deny ip any any
>
> (B)If ping supposed to work:
> access-list 101 permit icmp any any
> access-list 101 deny ospf any any
> access-list 101 permit ip any any
>
> or
>
> access-list 101 permit icmp any any
>
> (c.)DENY EVERY THING
> access-list 101 deny ip any any<--EVERY THING IS DENIED(Includes multicast/dlsw etc)
>
> NOW FOR THE QUESTION;
> What is the best practise, is it
> deny ospf any any
> permit ip any any
> OR
> deny ip any any
>
> Suggestions are appreciated.
>
> Mani
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:55 GMT-3