06-02-2007 06:13 AM - edited 03-03-2019 05:16 PM
Hi i have a question:
If my condition for invoking an isdn call is:
>dialer-list 1 protocol ip permit
does it mean that when someone tries to ping my router or send it some other packets the dial occurs?
2)another question is that if i combine the following inbound acl:
>access-list 101 deny ip any host [my router's ip address]
with the configuration of the dialer-list above, who takes precedes?
Will the acl override the dialer settings and as a result the isdn dial will never happen?
06-02-2007 06:49 AM
"dialer-list 1 protocol ip permit
does it mean that when someone tries to ping my router or send it some other packets the dial occurs?"
This statement considers any IP traffic as interesting to trigger the ISDN link. This works in conjunction with the routing. If you have a route pointing to the next hop via ISDN then any IP traffic to that network would cause the router to initiate the ISDN link.
"2)another question is that if i combine the following inbound acl:
>access-list 101 deny ip any host [my router's ip address]"
You only use either or and not both. I don't know if the router would even let you configure both commands. Even if it would why would you want to configure both commands. If you want to be granular in identifying interesting traffic then use the second option of access lists or the first command if you want any IP traffic to trigger the DDR link.
HTH
Sundar
06-02-2007 08:31 AM
Sundar
But who is "stronger" ACL's or the Dialer-list rules(when not using ACLs in them)?
Its like in windows "Security Permissions" are stronger than "Sharing Permissions"...
06-02-2007 10:01 AM
Oren
I believe that Sunday misunderstood your question. His response indicates that he believes that you intend to try to use both access lists in the dialer list. I understand that you want to use the first access list with dialer list and the second access list as an inbound ip access-group on the dialing interface.
I would answer your question by observing that the dialer list controls when dialing activity will occur and the access-group filters traffic after the interface has dialed. In that sense you might interpret the dialer list as "stronger". But I will also note that it is a quite different relationship than that of "Security Permissions" or "Sharing Permissions".
HTH
Rick
06-02-2007 12:45 PM
Rick
Thank you, so they wont collide as i thought they would...
06-02-2007 12:53 PM
Oren,
I did infact misunderstood your 2nd question. As Rick pointed out they serve independent functions.
Dialer list identifies interesting traffic that can trigger the ISDN link. Access list inbound applies access rules to the traffic arriving on the dialer interface after the call connects successfully.
HTH
Sundar
06-03-2007 04:49 AM
Sundar
Quite right.
And my apologies for the typo in my previous post that mis-spelled your name.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide