forum.opennet.ru

Составление сообщения

Исходное сообщение

"не пингуются NAT адреса на интерфейсах"
Отправлено drumisco, 13-Ноя-09 11:47

>а чтобы это понять нужно тот конфиг видеть.
а вот он, конфиг. немного сокращенный, кучу интерфейсов одинаковых просто не написал.
c2801#sh run
Building configuration...
Current configuration : 50515 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname c2801
!
boot-start-marker
boot system flash:c2801++++.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 ++++
enable password 7 ++++
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication ppp default local
aaa authorization exec local_author local
!
aaa session-id common
clock timezone PCTime 6
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool ADSL-1
   network 192.168.++++ 255.255.255.252
   dns-server 91.185.++++ 91.185.++++
   default-router 192.168.++++
!
.
.
.
.
!
ip dhcp pool ADSL-2
   network 192.168.++++ 255.255.255.248
   default-router 192.168.26.17
   dns-server 91.185.2.10 91.185.6.10
!
!
ip flow-cache timeout active 1
no ip bootp server
ip domain name MTS.yourdomain.com
!
!
voice-card 0
!
ip tcp synwait-time 10
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
description ++++
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.1
description ++++
bandwidth 256
encapsulation dot1Q 1 native
ip address 192.168.++++ 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/0.2
description ++++
bandwidth 1024
encapsulation dot1Q 2
ip address 212.++++ 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
rate-limit input 1000000 120000 150000 conform-action transmit exceed-action drop
rate-limit output 1000000 120000 150000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/0.3
description
bandwidth 128
encapsulation dot1Q 3
ip address 192.168.++++ 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip policy route-map ISP
shutdown
traffic-shape rate 128000 7936 7936 1000
no cdp enable
!
!
interface FastEthernet0/0.6
description
bandwidth 1024
encapsulation dot1Q 6
ip address 95.56.++++ 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
rate-limit input 1000000 48000 60000 conform-action transmit exceed-action drop
rate-limit output 1000000 48000 60000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
.
.
!
interface FastEthernet0/0.320
description ADSL-1
bandwidth 512
encapsulation dot1Q 320
ip address 192.168.++++ 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
rate-limit input 512000 12000 15000 conform-action transmit exceed-action drop
rate-limit output 512000 12000 15000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/0.347
description ADSL-2
bandwidth 512
encapsulation dot1Q 347
ip address 192.168.++++ 255.255.255.252     вот эти адреса на интерфейсе с самой cisco и не пингуются
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
rate-limit input 512000 48000 60000 conform-action transmit exceed-action drop
rate-limit output 512000 48000 60000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/1
no ip address
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
!
ip local pool dialup 192.168.10.200 192.168.10.202
ip route ++++
.
.
.
ip route ++++
!
ip flow-export version 9
ip flow-export destination 192.168.++++ 9996
!
ip http server
ip http access-class 99
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool ++++-pool 92.46.++++ 92.46.++++ prefix-length 30
ip nat pool ++-pool 94.247.++++ 94.247.++++ prefix-length 30
ip nat inside source route-map DKP-NAT pool DKP-pool overload
ip nat inside source route-map Kris-NAT pool Kris-pool overload
!
logging trap debugging
access-list 10 permit 192.168.++++
access-list 10 permit 192.168.++++
access-list 20 permit 192.168.10.0 0.0.0.255
.
.  -куча акцеслистов
.
.
snmp-server community public RO
snmp-server host 192.168.++++ public
snmp-server host 192.168.++++ public
no cdp run
!
route-map ++++-NAT permit 10
match ip address 30
!
route-map ++++-NAT permit 10
match ip address 10
!
route-map ISP deny 10
match ip address 101
!
route-map ISP permit 20
match ip address 10
set ip next-hop 82.++++.++++
!
route-map ISP permit 30
match ip address 20
set ip next-hop 94.++++.++++
!
route-map ISP permit 40
match ip address 30
set ip next-hop 89.21++++ 95.14.++++
!
route-map ++++-NAT permit 10
match ip address 20
!
!
!
!
control-plane
!
!
!
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
modem InOut
modem autoconfigure type default
transport input all
transport output telnet
autoselect during-login
autoselect ppp
speed 2400
line vty 0 4
access-class 100 in
authorization exec local_author
login authentication local_authen
transport input telnet
transport output telnet
line vty 5 15
access-class 100 in
authorization exec local_author
login authentication local_authen
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
end

Исходное сообщение
"не пингуются NAT адреса на интерфейсах" Отправлено drumisco, 13-Ноя-09 11:47
>а чтобы это понять нужно тот конфиг видеть. а вот он, конфиг. немного сокращенный, кучу интерфейсов одинаковых просто не написал. c2801#sh run Building configuration... Current configuration : 50515 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname c2801 ! boot-start-marker boot system flash:c2801++++.bin boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 ++++ enable password 7 ++++ ! aaa new-model ! ! aaa authentication login local_authen local aaa authentication ppp default local aaa authorization exec local_author local ! aaa session-id common clock timezone PCTime 6 no ip source-route ip cef ! ! no ip dhcp use vrf connected ! ip dhcp pool ADSL-1 network 192.168.++++ 255.255.255.252 dns-server 91.185.++++ 91.185.++++ default-router 192.168.++++ ! . . . . ! ip dhcp pool ADSL-2 network 192.168.++++ 255.255.255.248 default-router 192.168.26.17 dns-server 91.185.2.10 91.185.6.10 ! ! ip flow-cache timeout active 1 no ip bootp server ip domain name MTS.yourdomain.com ! ! voice-card 0 ! ip tcp synwait-time 10 ! ! interface Loopback0 no ip address ! interface FastEthernet0/0 description ++++ no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/0.1 description ++++ bandwidth 256 encapsulation dot1Q 1 native ip address 192.168.++++ 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip policy route-map ISP no cdp enable ! interface FastEthernet0/0.2 description ++++ bandwidth 1024 encapsulation dot1Q 2 ip address 212.++++ 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp rate-limit input 1000000 120000 150000 conform-action transmit exceed-action drop rate-limit output 1000000 120000 150000 conform-action transmit exceed-action drop ip policy route-map ISP no cdp enable ! interface FastEthernet0/0.3 description bandwidth 128 encapsulation dot1Q 3 ip address 192.168.++++ 255.255.255.252 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip policy route-map ISP shutdown traffic-shape rate 128000 7936 7936 1000 no cdp enable ! ! interface FastEthernet0/0.6 description bandwidth 1024 encapsulation dot1Q 6 ip address 95.56.++++ 255.255.255.252 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp rate-limit input 1000000 48000 60000 conform-action transmit exceed-action drop rate-limit output 1000000 48000 60000 conform-action transmit exceed-action drop ip policy route-map ISP no cdp enable ! . . ! interface FastEthernet0/0.320 description ADSL-1 bandwidth 512 encapsulation dot1Q 320 ip address 192.168.++++ 255.255.255.252 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly rate-limit input 512000 12000 15000 conform-action transmit exceed-action drop rate-limit output 512000 12000 15000 conform-action transmit exceed-action drop ip policy route-map ISP no cdp enable ! interface FastEthernet0/0.347 description ADSL-2 bandwidth 512 encapsulation dot1Q 347 ip address 192.168.++++ 255.255.255.252 вот эти адреса на интерфейсе с самой cisco и не пингуются ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly rate-limit input 512000 48000 60000 conform-action transmit exceed-action drop rate-limit output 512000 48000 60000 conform-action transmit exceed-action drop ip policy route-map ISP no cdp enable ! interface FastEthernet0/1 no ip address ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ip route-cache flow duplex auto speed auto no mop enabled ! ! ip local pool dialup 192.168.10.200 192.168.10.202 ip route ++++ . . . ip route ++++ ! ip flow-export version 9 ip flow-export destination 192.168.++++ 9996 ! ip http server ip http access-class 99 ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat pool ++++-pool 92.46.++++ 92.46.++++ prefix-length 30 ip nat pool ++-pool 94.247.++++ 94.247.++++ prefix-length 30 ip nat inside source route-map DKP-NAT pool DKP-pool overload ip nat inside source route-map Kris-NAT pool Kris-pool overload ! logging trap debugging access-list 10 permit 192.168.++++ access-list 10 permit 192.168.++++ access-list 20 permit 192.168.10.0 0.0.0.255 . . -куча акцеслистов . . snmp-server community public RO snmp-server host 192.168.++++ public snmp-server host 192.168.++++ public no cdp run ! route-map ++++-NAT permit 10 match ip address 30 ! route-map ++++-NAT permit 10 match ip address 10 ! route-map ISP deny 10 match ip address 101 ! route-map ISP permit 20 match ip address 10 set ip next-hop 82.++++.++++ ! route-map ISP permit 30 match ip address 20 set ip next-hop 94.++++.++++ ! route-map ISP permit 40 match ip address 30 set ip next-hop 89.21++++ 95.14.++++ ! route-map ++++-NAT permit 10 match ip address 20 ! ! ! ! control-plane ! ! ! ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login authentication local_authen transport output telnet line aux 0 login authentication local_authen modem InOut modem autoconfigure type default transport input all transport output telnet autoselect during-login autoselect ppp speed 2400 line vty 0 4 access-class 100 in authorization exec local_author login authentication local_authen transport input telnet transport output telnet line vty 5 15 access-class 100 in authorization exec local_author login authentication local_authen transport input telnet transport output telnet ! scheduler allocate 20000 1000 end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру