[c-nsp] dialer watch vs. matching interesting traffic

Piestaga piestaga at aster.pl
Mon Jan 9 10:52:30 EST 2006


Hello

You are right. My mistake when describing the problem.
Dialer watch-list works correctly.
I have problem with dialer-list. In the config bellow it is configured
as ip any any, and whatever I enter here (one particular source ip
address or the hole network) the dialer is always trigged as ip any
any.

This is my config:

interface BRI0
 no ip address
 encapsulation ppp
 dialer pool-member 127
 isdn switch-type basic-5ess
!
interface Dialer1
 ip unnumbered FastEthernet0
 encapsulation ppp
 dialer pool 127
 dialer idle-timeout 15
 dialer string <number>
 dialer watch-disable 30
 dialer watch-group 8
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username <login> password *****
 ppp multilink links maximum 2
 ppp multilink links minimum 1
 ppp multilink load-threshold 100 either!
!
ip route 0.0.0.0 0.0.0.0 10.254.3.1
ip route 54.54.54.54 255.255.255.255 10.254.3.1
ip route 54.54.54.54 255.255.255.255 3.3.3.13 200
!
access-list 101 permit ip any any
dialer watch-list 8 ip 54.54.54.54 255.255.255.255
dialer watch-list 8 delay disconnect 30
dialer-list 1 protocol ip list 101


I am triggering the traffic by host (eg. 60.60.60.2)
I had configured the access-list for nonexisting address as: permit ip host 10.10.10.10 host
54.54.54.54 and the dialer oslo dial out, and it should not in that
case, because the traffic was generated by 60.60.60.2

Sebastian




Monday, January 9, 2006, 4:27:26 PM, you wrote:

> Piestaga <> wrote on Friday, December 09, 2005 3:37 PM:
 
>> Does anybody know why the "dialer watch-list" which was intentionaly
>> created to match an "interesting" traffic that would trigger the
>> ISDN Dialer interface does not work correctly.
>> 
>> I mean it work, but whatever permit statement I enter, it
>> works as ip "permit any any".
>> 
>> I have got an ofline confirmation, that it always worked "that"
>> way, but I wonder why Cisco did not repair that.
>> 
>> Do you have any idea to cope with or workaround that case ?

> I'm not sure I can follow you. You are saying that you cannot watch any
> networks in the routing table using "dialer watch-list"? 
> the watch-list has nothing to do with interesting traffic, we don't need
> no interesting traffic to bring up the dialer with dialer-watch
> (actually "interesting traffic" matching the dialer-list has a different
> semantic when used with dialer-watch, please check
> http://www.cisco.com/warp/public/123/backup-main.html#dwatch or
> http://www.cisco.com/warp/public/123/backup-main.html for details).

> Please provide some more details/configs/show-outputs..

>         oli



-- 
Best regards,
 Piestaga                            mailto:piestaga at aster.pl



More information about the cisco-nsp mailing list