Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
1
Helpful
3
Replies

isdn has gone many times up and down

mijff
Level 1
Level 1

‎05-26-2003 03:12 AM - edited ‎03-02-2019 07:37 AM

We have two routers. The ethernet interfaces are combined for LAN and WAN.

both sides are connected via a wireless link.

for back-up of the Wireless link, the isdn is used.

The isdn link comes up if the route to 172.16.0.0 or 172.17.0.0 goes down, this is tested and worked well.

seeing the bill of the telco the last two months the isdn link was gone up and down many times, while the wireless link was okay.

can someone help me and see of the configuration is okay?

Could it be a RIP problem?

Please help me further?

thanks,

Michiel IJff

--------------------------------------

config router 1

hoofdlokatie#sh runn

Building configuration...

Current configuration : 1246 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname hoofdlokatie

!

enable secret 5xxxx

!

username xxxx password xxxxx

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 172.18.1.89 255.255.0.0 secondary

ip address 172.16.1.89 255.255.0.0

no ip split-horizon

!

interface BRI0

description back up

ip address 172.19.1.89 255.255.0.0

encapsulation ppp

dialer idle-timeout 180

dialer string 00111122222

dialer load-threshold 125 either

dialer-group 1

isdn switch-type basic-net3

isdn send-alerting

ppp authentication chap

ppp multilink

!

router rip

timers basic 30 60 90 120

passive-interface BRI0

network 172.16.0.0

network 172.18.0.0

neighbor 172.18.1.90

!

ip classless

ip route 172.17.0.0 255.255.0.0 172.19.1.90 150

ip http server

!

!

dialer-list 1 protocol ip permit

banner login ^CC

Welcome on the Router of "Gemeente Bergen"

Router configured by M. IJff Volker Stevin Telecom phone number 030 6389800

Only authorized perre allowed to login !!

^C

!

line con 0

stopbits 1

line vty 0 4

exec-timeout 15 0

password xxxx

login

!

no rcapi server

!

!

end

--------------------------------------------------------

config router 2:

Bijlokatie#sh runn

Building configuration...

Current configuration : 1373 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname xxxx

!

enable secret xxxx

!

username xxxx password xxxx

username xxxx password xxxx

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 172.18.1.90 255.255.0.0 secondary

ip address 172.17.1.90 255.255.0.0

no ip split-horizon

!

interface BRI0

description back up

ip address 172.19.1.90 255.255.0.0

encapsulation ppp

dialer idle-timeout 360

dialer string 0485348497

dialer load-threshold 125 either

dialer-group 1

isdn switch-type basic-net3

isdn send-alerting

no cdp enable

ppp authentication chap

ppp multilink

!

router rip

timers basic 30 60 90 120

passive-interface BRI0

network 172.17.0.0

network 172.18.0.0

neighbor 172.18.1.89

!

ip classless

ip route 172.16.0.0 255.255.0.0 172.19.1.89 150

ip http server

!

!

dialer-list 1 protocol ip permit

banner login ^CC

Welcome on the Router of "Gemeente Bergen"

Router configured by M. IJff Volker Stevin Telecom phone number 030 6389800

Only authorized persons are allowed to login !!

^C

!

line con 0

stopbits 1

line vty 0 4

exec-timeout 15 0

password xxxx

login

!

no rcapi server

!

!

end

Bijlokatie#

Labels:
0 Helpful
3 Replies 3

johan.den.hartog
Level 1
Level 1

‎05-27-2003 12:27 AM

Hi Michiel,

First of all you have to change all your passwords as you have published them now for the whole world, including the telephone number to dial-in and Volker Stevin would not appreciate this I think.

Concerning the ISDN problem: you can setup a debug or take a look at the log to see what's going on.

Good luck !

mijff
Level 1
Level 1
In response to johan.den.hartog

‎05-27-2003 11:35 AM

Johan,

thanks for your answer. I have changed the security issues.

regards,

Michiel

0 Helpful

deilert
Level 6
Level 6

‎05-27-2003 03:58 AM

your problem is with the line ' dialer-list 1 protocol ip permit ' this is allowing any kind of traffic initiate a call , you need to make an ACL that only allows certain traffic to initiate a call . see below

access-list 101 deny ip any host 255.255.255.255 (denies broadcasts)

ccess-list 101 deny udp any any eq domain (denies DNSqueries)

access-list 101 deny udp any any ea 137 (Denies net bios)

access-list 101 deny udp any any ea 139 (denies netbios)

access-list 101 deny ip 224.0.0.0 0.0.0.255 any (denies multicast)

access-list 101 deny udp any any eq ntp (denies ntp)

access-list 101 permit ip any any log (permits all other traffic , the 'log' keword will identify the SA & DA that brings up the line in the future with port #'s , you can do additional filtering if you wish by adding to ACL 101.

You will also need to modify your dialer-list

dialer-list 1 protocol ip list 101

good luck

'

0 Helpful
Customers Also Viewed These Support Documents