From: Dmitry Volkov (dmitry.volkov@rogers.com)
Date: Sun Feb 08 2004 - 14:48:50 GMT-3
when idle time is not equal 0 it doesn't matter whether dialer-group
configured (denying all IP) or not configured at all
please note: I talk about server
with regards to dialer-group on client when we have dialer watch
configured - we don't need dialer-group because
watched routes are "interesting" traffic, checked every idle period (def 120
sec)
if we have dialer group allowing some traffic which constantly resets idle
timeout - ISDN will stay UP as long as interesting traffic (other than
watched route) is going through isdn.
Dialer watch will still able to notice that Primary route is UP via other
interface
00:48:32: DDR: Dialer Watch: watch-group = 1
00:48:32: DDR: network 10.10.10.0/255.255.255.0 UP,
00:48:32: DDR: primary UP
but it will not disconnect call because of other interesting traffic defined
with dialer list/group
However my quest was more about psychology/intuition rather than technology
:)
When I asked to have callback ISDN backup scenario when client calls server,
server gets dial string from AAA and calls back to client - Should I config
dialer group with proper acl on server (callback scenario) considering that
server is "capable" to initiate call
and forget about the fact that server will disconnect call after idle timer
is expired.
I.e. should server be "interesting traffic" aware and participate in
maintenance of interesting traffic or it's really client's duty ?
I have feeling that lab is graded based on exactly what they expect but not
on any working config not contradicting with requirements
In well known CCO example
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_examp
le09186a00800946ff.shtml
author configs idle timeout and dialer group on server. It doesn't make much
sense for me for any type of isdn BACKUP situations because server's
function to call back and since client did initiate call - because it lost
watched route or because of connected interface was down (or whatever else
backup situation) - it should be client's function when and why to
disconnect call.
Server doesn't have even dial string - it gets it from AAA during callback
only.
The same time I agree that in normal remote access (not backup) scenario it
may be perfectly legitimate to have dialer group and idle > 0 on server
just interesting to hear diff opinions...
Thanks,
Dmitry
> -----Original Message-----
> From: Michael Snyder [mailto:msnyder@revolutioncomputer.com]
> Sent: Sunday, February 08, 2004 11:16 AM
> To: ccielab@groupstudy.com
> Cc: 'Dmitry Volkov'
> Subject: RE: interesting traffic on server (isdn callback)
>
>
> I've had problems without the dialer-group or at least a dialer watch
> commands in the bri configs. When I don't need it I normally put a
> dialer-list 1 protocol ip deny.
>
> Is there a difference between not having, and denying everything with
> it?
>
> At one time I thought there was, and haven't reexamined it since.
>
>
> BTW, someone posted the isdn rollover delay 1 command a few
> weeks back.
> Thank you. You would not believe how I fought with my damn routers
> getting multiline dialback to work. I added that command and life is
> good.
>
> Speaking of timing with callback, what timing settings do you use?
> Carrier wait of 2 on one side, and (can't think of it right
> now) of 4 on
> the other side?
>
>
> -----Original Message-----
> From: Dmitry Volkov [mailto:dmitry.volkov@rogers.com]
> Sent: Sunday, February 08, 2004 9:28 AM
> To: security@groupstudy.com
> Subject: interesting traffic on server (isdn callback)
>
> Group,
>
> when we configure isdn callback - what is the common
> sense/opinion about
> "dialer-group" & "dialer idle-timeout" commands
> on Server ?
>
> I'm asking NOT about real world but about different lab
> exercises we all
> doing in out test environment targeting to pass lab test.
>
> My logic - since server usually doesn't suppose to call client (only
> callback) so server doesn't need "dialer-group" at all and
> need "dialer
> idle-timeout 0"
> It's duty of client to maintain / break call.
>
> Does anybody have different opinion / approach ?
>
> Thanks,
> Dmitry
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:47 GMT-3