Access list on dialer interface [7:56584]
Hi all I am having a strange problem with an access-list on a dialer interface. Although the access list is applied to the interface it does not seem to be denying the packets. specified. Is there something odd about access-lists on dialers that I have missed? Below us the config in question: interface Dialer2 description X ip address 10.252.248.1 255.255.255.252 ip access-group 101 in no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 900 dialer map ip 10.252.248.2 name XXX dialer load-threshold 20 either dialer-group 1 no peer default ip address no cdp enable ppp authentication ms-chap chap ! ! access-list 101 permit tcp any host 10.7.1.1 eq telnet access-list 101 deny ip any any log Any ideas? Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56584t=56584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access list on dialer interface [7:56584]
Could be the direction of the traffic, your acl is applied to incoming traffic only, try outgoing instead cheers Pat Duncan wrote in message news:20021033.LAA31424;groupstudy.com... Hi all I am having a strange problem with an access-list on a dialer interface. Although the access list is applied to the interface it does not seem to be denying the packets. specified. Is there something odd about access-lists on dialers that I have missed? Below us the config in question: interface Dialer2 description X ip address 10.252.248.1 255.255.255.252 ip access-group 101 in no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 900 dialer map ip 10.252.248.2 name XXX dialer load-threshold 20 either dialer-group 1 no peer default ip address no cdp enable ppp authentication ms-chap chap ! ! access-list 101 permit tcp any host 10.7.1.1 eq telnet access-list 101 deny ip any any log Any ideas? Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56585t=56584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access list on dialer interface [7:56584]
Pat I have discovered the reason, a little more complex that I first imagined. Isn't it always. The router was configured with Legacy DDR which meant that inbound calls where only using the first dialer. I changed it to use 'dialer pool-member x' on the PRI interface with 'dialer pool' in the dialers. There where a few little changes but this fixed the problem as the call was now coming into the correct interface (dialer2) and thus assigning the access list. Thanks for your help. Duncan Patrick Donlon wrote in message news:200210311232.MAA07738;groupstudy.com... Could be the direction of the traffic, your acl is applied to incoming traffic only, try outgoing instead cheers Pat Duncan wrote in message news:20021033.LAA31424;groupstudy.com... Hi all I am having a strange problem with an access-list on a dialer interface. Although the access list is applied to the interface it does not seem to be denying the packets. specified. Is there something odd about access-lists on dialers that I have missed? Below us the config in question: interface Dialer2 description X ip address 10.252.248.1 255.255.255.252 ip access-group 101 in no ip directed-broadcast encapsulation ppp dialer in-band dialer idle-timeout 900 dialer map ip 10.252.248.2 name XXX dialer load-threshold 20 either dialer-group 1 no peer default ip address no cdp enable ppp authentication ms-chap chap ! ! access-list 101 permit tcp any host 10.7.1.1 eq telnet access-list 101 deny ip any any log Any ideas? Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56590t=56584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]