Ok, I am a bit puzzled by what you are trying to achieve.
If the ISDN link is a backup and your configuration is working properly the
FR link and the ISDN should not be both up except when the FR link is
restored and the ISDN link's has not been closed yet which is just a
temporary condition.
Moreover, as long as the FR link is up all traffic should be routed via this
link; this includes the ping to 202.x.y.z.
However, I worked on a setup where I had to test if the backup was working
without bringing down the FR link. In this case the FR link and ISDN had to
use two different networks, see the diagram below
HQ LAN---Router-HQ----FR---------------------FR-----------Router-A
172.18.0.0/16 | 172.16.0.1/30 172.16.0.2/30 |
| l0=172.16.0.4/32 |
|-----ISDN-------------------ISDN--------|
172.17.0.1/30 172.17.0.2/30
On router A I put a static route to 172.18.0.0/16 via 172.16.0.4/32 with a
higher metric than the IGP metric to make it the less preferred route. The
IGP advertises routes that are a longer match than the 172.18.0.0/16 static
route.
Then I put another static route to 172.16.0.4/32 via 172.17.0.1/30
The dialer map cmd uses the 172.17.0.1 IP so that the ISDN line is activated
only when the less-preferable route is the only route available. However, to
test the dial-up all you need to do is ping 172.16.0.4, from router A. This
will always bring up the ISDN line. You can setup the same on Router-HQ, so
that you have static route to a loop back interface on Router A, using
172.17.0.2
An access-list will not help as the FR link will always be chosen to forward
the traffic and the ping packet will be dropped after the next-hop address
has already been determined.
I am not sure if you can achieve the same using PBR; I have never tired it
myself.
Any comments from the others?
Regards
George Murage
-----Original Message-----
From: Md Nazri [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 11:32 AM
To: [EMAIL PROTECTED]
Subject: Accesss List(deny ping) [7:72147]
hi all,
I got one scenario, where we got 2 routers, one is A and another is HQ,
connection between A & HQ are via Frame Relay and ISDN as a backup.
ISDN is using loopback address 202.x.y.z.
Question:
when both Frame Relay and ISDN are up,
how do I create access list in router A to deny ping to 202.x.y.z via Frame
Relay(Serial port) but only allow it via ISDN Bri port in router A.
tq
rgds
nazri
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72233&t=72147
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
