Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
3
Replies

IDSN router calls another without any reason

m.saulis
Level 1
Level 1

‎02-18-2002 06:15 AM - edited ‎03-01-2019 08:31 PM

Hi, I have scenario of 2 remote ofices, Cico 1601 router in each. Router in first office calls second office and establishes TCP/IP connection. The problem is that first ISDN router makes a call to other router without any reason aprox 10 min. After 2 min (iddle timeout) ir drops this call. That involves unnecessary international call costs. using IOS verion 12.2.6c. Configuration of first router is following:

.

service timestamps debug uptime

service timestamps log uptime

service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname Cisco1601_Vilnius

!

enable password dddddddd

username Cisco1601_Riga password chappassw

!

ip source-route

no ip name-server

!

isdn switch-type basic-net3

!

ip subnet-zero

no ip domain-lookup

ip routing

!

interface Dialer 1

description connected to Cisco1601_Riga

ip address 192.168.109.1 255.255.255.252

ip access-group 101 in

no ip split-horizon

encapsulation ppp

dialer in-band

dialer idle-timeout 120

dialer hold-queue 10

dialer map snapshot 1 name Cisco1601_Riga 08103717505231

dialer map ip 192.168.109.2 name Cisco1601_Riga speed 64 08103717505231

dialer-group 1

ppp authentication chap

no ppp multilink

snapshot client 15 360 suppress-statechange-update dialer

no cdp enable

!

interface Ethernet 0

no shutdown

description connected to EthernetLAN

ip address 192.168.0.252 255.255.255.0

ip access-group 100 in

keepalive 10

!

interface BRI 0

no shutdown

description connected to Cisco1601_Riga

no ip address

dialer rotary-group 1

!

interface Serial 0

no description

no ip address

shutdown

!

! Access Control List 100

!

! For outgoing trafic allow TS (Terminal server) from client to server and ping

no access-list 100

access-list 100 permit tcp host 192.168.0.40 gt 1100 host 192.168.2.2 eq 3389

access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.252 eq telnet

access-list 100 permit udp 192.168.0.0 0.0.0.255 host 192.168.0.252 eq tftp

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 unreachable

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 echo-reply

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 packet-too-big

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 time-exceeded

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 traceroute

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 administratively-prohibited

access-list 100 permit icmp host 192.168.0.40 host 192.168.2.2 echo

access-list 100 deny ip 192.168.109.0 0.0.0.3 any

!!access-list 100 deny ip 192.168.2.0 0.0.0.255 any

!!access-list 100 permit tcp any any established

!!access-list 100 permit tcp any 192.168.109.0 0.0.0.3 range 20 21

!!access-list 100 permit tcp any 192.168.2.0 0.0.0.255 range 20 21

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 deny ip any any

!

! Access Control List 101

!

! For incomming trafic allow TS from server to client and ping

!

no access-list 101

!!access-list 101 deny ip 192.168.0.0 0.0.0.255 any

!!access-list 101 permit tcp any any established

access-list 101 permit tcp host 192.168.2.2 eq 3389 host 192.168.0.40 gt 1100

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 unreachable

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 echo-reply

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 packet-too-big

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 time-exceeded

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 traceroute

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 administratively-prohibited

access-list 101 permit icmp host 192.168.2.2 host 192.168.0.40 echo

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip any any

!

! Dialer Control List 1

!

no dialer-list 1

dialer-list 1 protocol ip permit

!

ip classless

!

! IP Static Routes

ip route 192.168.2.2 255.255.255.255 192.168.109.2

ip route 0.0.0.0 0.0.0.0 192.168.0.15

no ip http server

no snmp-server

!

line console 0

exec-timeout 0 0

password zz

login

!

line vty 0 4

password zz

login

!

end

Could anybody tell how to make C1600 not to call if isn't necessary ?

Regards,

Mindaugas Saulis

Systems Expert,Adventus Solution

msaulis@adventus.lt

tel: +370-2660088

Labels:
0 Helpful
3 Replies 3

tepatel
Cisco Employee
Cisco Employee

‎02-18-2002 09:47 AM

"debug isdn q931" along with "debug dialer" will tell us everyting about "why" the isdn line dialout.

But looking from the config, since all the ip traffic is interisting, i think that may be bringing the line up.

So lets turn on the debug for a call.

debug isdn q931

debug dialer

Thx..Tejal

0 Helpful

zahmed
Cisco Employee
Cisco Employee

‎02-18-2002 11:21 PM

Right now, you have :

dialer-list 1 prot ip permit

Make it : dialer-list 1 prot ip list 101

and create access list 101 :

acc 101 deny ip any host 255.255.255.255

acc 101 perm ip a a

If this doesnt stop it, capture debug dialer and

debug dialer packet.

0 Helpful

Kevin Dorrell
Level 10
Level 10

‎02-20-2002 02:45 PM

While it is connected, do "show dialer int Dialer1". That will tell you at least the source and destination IP addresses of the packet that opened the link.

Following on from that, the control over the link really resides in the dialer-list.

You could also try putting an outgoing access list on the dialer interface, permitting everything that might be interesting , but with the keyword "log".

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card