Re: Time based access lists

Kent Hundley Tue, 06 Jun 2000 12:18:02 -0700
Olden,

You are allowing any IP traffic to initiate dialing:

"dialer-list 1 protocol ip permit"

Even if you are applying the access-list 101 outbound on the dialer
interface, this will only prevent the packets from being sent across the
wire, it won't prevent the router from initiating a dial because you
have told it that all IP traffic is "interesting".  In other words, the
router will first ask: "should I dial?" and then it will ask "should
this particular packet be allowed out the interface?".

Try referencing the 101 access-list in the dialer list:

dialer-list 1 protocol ip list 101"

There is an example of this on cco:

<http://www.cisco.com/warp/public/793/access_dial/10.html>

which is a link from the "Cisco access dial configuration cookbook":

<http://www.cisco.com/warp/public/793/access_dial/index.html>

HTH,
Kent

Olden Pieterse wrote:
> 
> Hi there
> 
> Here is the config
> At the moment we are just trying to block all traffic that the server is
> sending out via the router over an isdn line .
> As soon as it generates traffic , it brings up the isdn line .
> I know you can push up the threshold but I want it to stop any traffic that
> the server will send out to the router it calls
> 
> (server)--(router(1600,isdn wic))-------------(3640router)(172.16.140.1)
> 
> Thx in advance !
> Cheers
> Olden
> 
> access-list 101 deny   udp any 172.16.140.1 0.0.252.255  time-range tblock
> 
> access-list 101 deny   udp any 172.16.140.1 0.0.252.255 time-range tblock
> access-list 101 deny   tcp any 172.16.140.1 0.0.252.255 time-range tblock
> access-list 101 deny   icmp any 172.16.140.1 0.0.252.255 time-range tblock
> access-list 101 permit udp any any time-range workhrs
> access-list 101 permit tcp any any time-range workhrs
> access-list 101 permit icmp any any time-range workhrs
> 
> dialer-list 1 protocol ip permit
> !
> line con 0
>  transport input none
> line vty 0 4
>  password rcape
>  login
> !
> time-range tblock
>  periodic weekdays 20:00 to 23:59
>  periodic weekdays 0:00 to 6:00
>  periodic weekend 0:00 to 23:59
> 
> time-range workhrs
>  periodic weekdays 06:01 to 19:59
> 
> !
> end
> 
> -----Original Message-----
> From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> Sent: 06 June 2000 16:55
> To: Olden Pieterse; [EMAIL PROTECTED]
> Subject: RE: Time based access lists
> 
> It would help if you were to post a config.
> 
> Do you have NTP set on your router? Or at least is the router clock set so
> that it's time matches local time more or less?
> 
> Are you trying to block certain activities / certain ports? Or do you just
> have a blanket deny in your access list?
> 
> There are plenty of examples on CCO. I'm sure they work.
> 
> Chuck
> 
> -----Original Message-----
> From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Olden Pieterse
> Sent:   Tuesday, June 06, 2000 1:05 AM
> To:     '[EMAIL PROTECTED]'
> Subject:        Time based access lists
> 
> Hi there gang
> 
> Does any one have a working example of this ?
> Mine doesnt want to work the way I like it . It basically just block !!
> 
> Cheers
> 
>                           Olden Pieterse
>                     Technical Consultant
> Mobile : +27 82 410 8621
> Office   : +27 21 419 5505
> MCP , CCNA
> 
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

-- 
##################################################
Kent Hundley            Lucent Networkcare
CISSP, CCSE             Sr. Network Consultant
##################################################


___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Time based access lists

Reply via email to
