Access List for DDR Example

RouterA allows all IP traffic except Telnet and FTP to trigger ISDN calls to RouterB, and access subnet 192.168.1.0

© 2004 Cisco Systems, In

This figure displays how to combine DDR commands with an extended access list to trigger an ISDN call. The configuration uses many of the same commands for configuring a simple ISDN call. Through dialer lists, access lists are applied to a dialer group to trigger call setup.

DDR is configured on RouterA to connect with RouterB for all IP traffic except Telnet and the FTP. The details about what is interesting to DDR are defined in an access list.

The service provider offering the ISDN service uses a Northern Telecom DMS-100 switch. Therefore, the configuration requires that the service profile identifiers (SPIDs) be specified. The service provider supplies other details to use when you are configuring the router for ISDN.

It is more common in networks to reference an access list in the dialer list because it offers more granular control over the protocols, users, and destinations that trigger a call. The previous example permitted any IP packet to trigger the call. It is likely that noncritical packets will activate the line unnecessarily, thereby resulting in an inflated line.

Access List for DDR Example: RouterA

Citco-tom

hOCtnJIDC EDUtClfA

a-sdji switsli-typc basic-dnslOO

iHeenane FeutarB jiasswoid its aseóte t uieiiuiie SeuttlC password itsHEecret in be Tf ace b^i. 0

hOCtnJIDC EDUtClfA

a-sdji switsli-typc basic-dnslOO

iHeenane FeutarB jiasswoid its aseóte t uieiiuiie SeuttlC password itsHEecret in be Tf ace b^i. 0

dealer 3ÜO

nui.p ip lO.nO.O.2 T.jimtr: RinTil-.=rB ¿Q6555¿<1ÜO

d-ale^ cnE.p lp 10.170.0.3 r^ne RcuterC 4iEs55123i íiiilíi^-qrcup 2 ppp Mthwtlcft'ticn Cbgip (continued on next figuro)

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—6-12

This figure displays the configuration of RouterA from the previous figure. This configuration is for legacy DDR and uses dialer maps and extended access lists. The table describes the commands that are used in the configuration.

Access List Configuration Commands

Command

Description

isdn switch-type

Selects the ISDN switch type for this interface.

username RouterB password itsasecret

Sets up the CHAP username and password for the remote router in the local user database.

interface bri0

Enters BRI 0 configuration mode, and sets up DDR and ISDN functions.

ip address 10.170.0.1 255.255.0.0

Specifies the BRI 0 IP address and net mask.

encapsulation ppp

Sets up PPP encapsulation for BRI 0.

dialer idle-timeout 300

Specifies the number of seconds of idle time (300 sec = 5 min) before the router drops the ISDN call.

dialer map

Establishes the IP address and ISDN number to call the next-hop routers.

dialer-group 2

Associates the BRI 0 interface with dialer list 2.

ppp authentication chap

Sets up CHAP PPP authentication for BRI 0.

Access List for DDR Example: RouterA (Cont.)

CiMO-Mtm

This figure shows the continuation of the configuration of RouterA. This simple example shows how access lists are linked to dialer lists and dialer groups to determine interesting traffic that triggers DDR calls. Either simple or extended access lists can be linked with dialer lists and dialer groups to identify interesting traffic, thus creating a powerful set of tools to control dialup costs.

The table describes the commands that are used in the configuration.

Access List Configuration Example Commands

Command

Description

ip route ...

Configures static routes to subnets on remote router Ethernet interfaces.

access-list 101 deny ...

Defines extended TCP access list entries to prevent FTP and Telnet packets from triggering calls.

access-list 101 permit ...

Defines entry in the extended access list to permit remaining IP traffic to trigger ISDN calls.

dialer-list 2 protocol ip list 101

Sets up control for automatic DDR dialing. Assigns access list 101 to dialer list 2, which is assigned to the BRI 0 interface by the dialer-group command statement. Only IP will trigger DDR calls with this configuration.

0 0

Post a comment