Cisco801 being triggered to dial every 7/8 mins

[qman]

Below is a config I have installed on a Cisco801. The router works fine and does what it should except something
on the network (I suspect the Win2000 server) is causing it to dial every 7/8 mins or so. I have tried most things but as I am only learning the Cisco commands I am probably missing something simple. If anyone can help it would be great...


version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco801
!
no logging console
enable password 7 06160E325F59060B01
!
!
!
!
!
ip subnet-zero
no ip source-route
!
no ip domain-lookup
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.1.250 255.255.255.0
ip access-group 121 in
no ip proxy-arp
ip nat inside
!
interface BRI0
description connected to Internet
no ip address
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
no cdp enable
!
interface Dialer1
description connected to Internet
ip address 999.999.999.999 255.255.0.0
ip access-group 121 in
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer string 9999999999
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname santa
ppp chap password 7 09444B0F1800031D13
ppp pap sent-username santa password 7 12110011130E180B32
!
router rip
version 2
passive-interface Dialer1
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.3 25 999.999.999.999 25 extendable
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
password 7 15020A1F173D24362C
login
transport input none
stopbits 1
line vty 0 4
password 7 021605481811003348
login
!
no rcapi server
!
!
end

 

[Saeed42]

If you're using win2000 you might need to add this to your access list

access-list 101 deny tcp any any eq 445
access-list 101 deny udp any any eq 445

you can always use a packet sniffer to see what's been broadcasted, or you can anable the debug ip packets and see what's going through the router

Hope that helps

 

[mitsie]

Hello, I had the same problem and this configuration cured it. I think all you need it to tell the dialer to use your access-list, in you case "dialer-list 1 protocol ip list 121" Hope it helps

Cisco-801#sh ru
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco-801
!
enable password *********
!
!
!
!
!
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
!
process-max-time 200
!
interface Ethernet0
description connection to local Lan
ip address 10.0.0.101 255.0.0.0
no ip directed-broadcast
ip nat inside
!
interface BRI0
description connected to Internet
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
dialer-group 1
isdn switch-type basic-net3
!
interface Dialer1
description connected to Internet
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 180
dialer string *******
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ************
ppp chap password ************
ppp pap sent-username eircomconnect password **********
!
ip nat inside source list 1 interface Dialer1 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 101 deny udp any eq netbios-dgm any
access-list 101 deny udp any eq netbios-ns any
access-list 101 deny udp any eq netbios-ss any
access-list 101 deny tcp any eq 137 any
access-list 101 deny tcp any eq 138 any
access-list 101 deny tcp any eq 139 any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server engineID local 00000009020000D0BA1B5888
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password **********
login
transport input none
stopbits 1
line vty 0
exec-timeout 0 0
password **********
login
line vty 1 4
password **********
login
!
end

 

[qman]

Thanks for that guys - I'll try that this evening and see how I get on...

 

[qman]

All the help above is appreciated, and did help the overall setup, but not the repeated dialling.

I turned on debugging for ip packets and isdn events and the sh ip nat trans command to find eventually that there were two Win2000 Pro workstations with incorrect DNS settings , and these were causing the problem on the network. It appears to be solved now. Heres hoping...