forum.opennet.ru

Составление сообщения

Исходное сообщение

"Cisco 871 & Dilaer PPPOE"
Отправлено sysadm, 22-Авг-11 15:14

Товарищи. Помогите пожалуйста разобраться с проблемой. Есть Cisco 877 . У ней отключен ATM интерфейс.  Созданы 2 Vlan интерфейса  на Ethernet интерфейсах . Dialer1   поднимается PPPOE сессию  к провайдеру.
Всё бы хорошо, но через  неопределённые промежутки времени (чаще всего неделя,  реже две, три не более) интерфейсы на маршрутизаторе вдруг перестают отвечать.
Естественно пробовал диагностировать. show ip nat stat, show processes cpu , show buffers - всё в норме.  Больше всего грешил на переполнение буферов. Но show buffers в момент проблемы не показало ни одного no buffers...
Через консоль спокойно захожу, остальные интерфейсы не отвечайт, хотя находятся в up. shutdown, no shutdown для dialer 1 никакого эффекта. только перезапуск роутера. При работе с консоли никаких тормозов. От безысходности настроил раз в неделю reload роутера, но это не выход, вернее это временное решение.
Единственное что заметил в момент проблемы это разница в выводе show int Dialer1:
Вот в момент проблемы: (нет вообще упоминания об Virtual-Access1+ не показывается внешний ip)
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address will be negotiated using IPCP
  MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 1w2d
  Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/300/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     1347913 packets input, 531312992 bytes
     1277062 packets output, 608373118 bytes
А вот когда всё ок:
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is xxxxxxx/32
  MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi1
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 01:41:48
  Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/300/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     37365 packets input, 4999448 bytes
     43031 packets output, 52920616 bytes
Bound to:
Virtual-Access1 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:39, output never, output hang never
  Last clearing of "show interface" counters 01:40:51
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     37375 packets input, 4999776 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     43041 packets output, 52920949 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
т.е. в момент проблемы отсутствует Bound to: Virtual-Access1 is up, и не показывает внешний ip.

Вся эта проблема не может быть со стороны провайдера?
вот конфиг роутера.
Заранее спасибо за совет...
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco-mmp
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 128000 debugging
logging console critical
enable secret 5 xxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 3:00 last Sun Oct 2:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip name-server 192.168.10.252
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name DEFAULT100 ntp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 h323
!
!
crypto pki trustpoint TP-self-signed-2593702234
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2593702234
revocation-check none
rsakeypair TP-self-signed-2593702234
!
!
crypto pki certificate chain TP-self-signed-2593702234
certificate self-signed 01
xxxxxxxxxxxxx
  quit
username sysadm privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
policy-map test
!
!
!
buffers large permanent 2
buffers large min-free 1
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
shutdown
no snmp trap link-status
pvc 0/35
  pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 3
!
interface FastEthernet2
switchport access vlan 4
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.10.137 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
hold-queue 300 in
!
interface Vlan3
no ip address
ip mtu 1492
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
rate-limit input access-group 199 2496000 468000 600000 conform-action transmit exceed-action drop
rate-limit output access-group 199 2496000 468000 600000 conform-action transmit exceed-action drop
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 2
dialer-group 2
fair-queue 300 16 0
no cdp enable
ppp authentication chap pap callin
ppp chap hostname officecentre
ppp chap password 7 xxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx
hold-queue 300 in
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip flow-export version 5
ip flow-export destination 192.168.10.70 9996
!
no ip http server
no ip http secure-server
ip nat translation timeout 130
ip nat translation tcp-timeout 200
ip nat translation udp-timeout 200
ip nat translation syn-timeout 200
ip nat translation max-entries 500
ip nat translation max-entries all-host 400
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.10.252 25 xxxxxxxxxxx 25 extendable
ip nat inside source static tcp 192.168.10.252 53 xxxxxxxxxxxx 53 extendable
ip nat inside source static udp 192.168.10.252 53 xxxxxxxxx 53 extendable
!
kron occurrence weekly_reebot at 5:00 Sun recurring
policy-list clear_dialer
!
kron policy-list clear_dialer
cli reload
!
logging trap debugging
logging facility local6
logging 192.168.10.102
access-list 1 permit 192.168.10.49
access-list 1 permit 192.168.10.24
access-list 1 permit 192.168.10.254
access-list 1 permit 192.168.10.252
access-list 1 permit 192.168.10.140
access-list 2 permit 192.168.10.102
access-list 2 permit 192.168.10.34
access-list 2 permit 192.168.10.49
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip host 192.168.10.254 any
access-list 100 permit ip host 192.168.10.34 any
access-list 100 permit ip host 192.168.10.70 any
access-list 100 permit ip host 192.168.10.49 any
access-list 100 permit ip host 192.168.10.102 any
access-list 100 permit ip host 192.168.10.116 any
access-list 100 permit ip host 192.168.10.252 any
access-list 100 deny   ip any any
access-list 101 deny   ip 192.168.0.0 0.0.0.255 any log
access-list 101 deny   ip 192.168.10.0 0.0.0.255 any log
access-list 101 permit tcp any host xxxxxxxx gt 1024
access-list 101 permit udp any host xxxxx gt 1024
access-list 101 permit tcp any host xxxxxx eq 389
access-list 101 permit tcp any any established
access-list 101 permit tcp any host xxxxxx eq smtp
access-list 101 permit tcp any host xxxxxx eq domain
access-list 101 permit udp any host xxxxxxxx eq domain
access-list 101 permit tcp any eq domain any gt 1023
access-list 101 permit udp any eq domain any gt 1023
access-list 101 permit tcp any eq ftp-data any gt 1023
access-list 101 deny   icmp any any redirect log
access-list 101 permit icmp any any
access-list 101 permit udp any any eq ntp
access-list 101 deny   tcp any any log
access-list 101 deny   udp any any log
access-list 101 deny   ip any any log
access-list 102 permit ip any any
access-list 199 permit tcp any any eq smtp
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner login Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175038
ntp server 192.168.10.254
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

Исходное сообщение
"Cisco 871 & Dilaer PPPOE" Отправлено sysadm, 22-Авг-11 15:14
Товарищи. Помогите пожалуйста разобраться с проблемой. Есть Cisco 877 . У ней отключен ATM интерфейс. Созданы 2 Vlan интерфейса на Ethernet интерфейсах . Dialer1 поднимается PPPOE сессию к провайдеру. Всё бы хорошо, но через неопределённые промежутки времени (чаще всего неделя, реже две, три не более) интерфейсы на маршрутизаторе вдруг перестают отвечать. Естественно пробовал диагностировать. show ip nat stat, show processes cpu , show buffers - всё в норме. Больше всего грешил на переполнение буферов. Но show buffers в момент проблемы не показало ни одного no buffers... Через консоль спокойно захожу, остальные интерфейсы не отвечайт, хотя находятся в up. shutdown, no shutdown для dialer 1 никакого эффекта. только перезапуск роутера. При работе с консоли никаких тормозов. От безысходности настроил раз в неделю reload роутера, но это не выход, вернее это временное решение. Единственное что заметил в момент проблемы это разница в выводе show int Dialer1: Вот в момент проблемы: (нет вообще упоминания об Virtual-Access1+ не показывается внешний ip) Dialer1 is up, line protocol is up (spoofing) Hardware is Unknown Internet address will be negotiated using IPCP MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) DTR is pulsed for 1 seconds on reset Last input never, output never, output hang never Last clearing of "show interface" counters 1w2d Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/300/0 (size/max total/threshold/drops) Conversations 0/0/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 42 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1347913 packets input, 531312992 bytes 1277062 packets output, 608373118 bytes А вот когда всё ок: Dialer1 is up, line protocol is up (spoofing) Hardware is Unknown Internet address is xxxxxxx/32 MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, loopback not set Keepalive set (10 sec) DTR is pulsed for 1 seconds on reset Interface is bound to Vi1 Last input never, output never, output hang never Last clearing of "show interface" counters 01:41:48 Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/300/0 (size/max total/threshold/drops) Conversations 0/0/16 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 42 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 37365 packets input, 4999448 bytes 43031 packets output, 52920616 bytes Bound to: Virtual-Access1 is up, line protocol is up Hardware is Virtual Access interface MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: IPCP PPPoE vaccess, cloned from Dialer1 Vaccess status 0x44, loopback not set Keepalive set (10 sec) DTR is pulsed for 5 seconds on reset Interface is bound to Di1 (Encapsulation PPP) Last input 00:00:39, output never, output hang never Last clearing of "show interface" counters 01:40:51 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 37375 packets input, 4999776 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 43041 packets output, 52920949 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out т.е. в момент проблемы отсутствует Bound to: Virtual-Access1 is up, и не показывает внешний ip. Вся эта проблема не может быть со стороны провайдера? вот конфиг роутера. Заранее спасибо за совет... version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname cisco-mmp ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 128000 debugging logging console critical enable secret 5 xxxxxx ! no aaa new-model ! resource policy ! clock timezone MSK 3 clock summer-time MSD recurring last Sun Mar 3:00 last Sun Oct 2:00 no ip source-route ip cef ! ! ! ! ip tcp synwait-time 10 no ip bootp server ip name-server 192.168.10.252 ip ssh time-out 60 ip ssh authentication-retries 2 ip inspect name DEFAULT100 ntp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 h323 ! ! crypto pki trustpoint TP-self-signed-2593702234 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2593702234 revocation-check none rsakeypair TP-self-signed-2593702234 ! ! crypto pki certificate chain TP-self-signed-2593702234 certificate self-signed 01 xxxxxxxxxxxxx quit username sysadm privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx ! ! policy-map test ! ! ! buffers large permanent 2 buffers large min-free 1 ! ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ shutdown no snmp trap link-status pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 switchport access vlan 3 ! interface FastEthernet2 switchport access vlan 4 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.10.137 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1412 hold-queue 300 in ! interface Vlan3 no ip address ip mtu 1492 pppoe enable group global pppoe-client dial-pool-number 2 ! interface Dialer1 mtu 1492 ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly rate-limit input access-group 199 2496000 468000 600000 conform-action transmit exceed-action drop rate-limit output access-group 199 2496000 468000 600000 conform-action transmit exceed-action drop encapsulation ppp ip route-cache flow ip tcp adjust-mss 1452 no ip mroute-cache dialer pool 2 dialer-group 2 fair-queue 300 16 0 no cdp enable ppp authentication chap pap callin ppp chap hostname officecentre ppp chap password 7 xxxxxxxxxxxxx ppp pap sent-username xxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx hold-queue 300 in ! ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip flow-export version 5 ip flow-export destination 192.168.10.70 9996 ! no ip http server no ip http secure-server ip nat translation timeout 130 ip nat translation tcp-timeout 200 ip nat translation udp-timeout 200 ip nat translation syn-timeout 200 ip nat translation max-entries 500 ip nat translation max-entries all-host 400 ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp 192.168.10.252 25 xxxxxxxxxxx 25 extendable ip nat inside source static tcp 192.168.10.252 53 xxxxxxxxxxxx 53 extendable ip nat inside source static udp 192.168.10.252 53 xxxxxxxxx 53 extendable ! kron occurrence weekly_reebot at 5:00 Sun recurring policy-list clear_dialer ! kron policy-list clear_dialer cli reload ! logging trap debugging logging facility local6 logging 192.168.10.102 access-list 1 permit 192.168.10.49 access-list 1 permit 192.168.10.24 access-list 1 permit 192.168.10.254 access-list 1 permit 192.168.10.252 access-list 1 permit 192.168.10.140 access-list 2 permit 192.168.10.102 access-list 2 permit 192.168.10.34 access-list 2 permit 192.168.10.49 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip host 192.168.10.254 any access-list 100 permit ip host 192.168.10.34 any access-list 100 permit ip host 192.168.10.70 any access-list 100 permit ip host 192.168.10.49 any access-list 100 permit ip host 192.168.10.102 any access-list 100 permit ip host 192.168.10.116 any access-list 100 permit ip host 192.168.10.252 any access-list 100 deny ip any any access-list 101 deny ip 192.168.0.0 0.0.0.255 any log access-list 101 deny ip 192.168.10.0 0.0.0.255 any log access-list 101 permit tcp any host xxxxxxxx gt 1024 access-list 101 permit udp any host xxxxx gt 1024 access-list 101 permit tcp any host xxxxxx eq 389 access-list 101 permit tcp any any established access-list 101 permit tcp any host xxxxxx eq smtp access-list 101 permit tcp any host xxxxxx eq domain access-list 101 permit udp any host xxxxxxxx eq domain access-list 101 permit tcp any eq domain any gt 1023 access-list 101 permit udp any eq domain any gt 1023 access-list 101 permit tcp any eq ftp-data any gt 1023 access-list 101 deny icmp any any redirect log access-list 101 permit icmp any any access-list 101 permit udp any any eq ntp access-list 101 deny tcp any any log access-list 101 deny udp any any log access-list 101 deny ip any any log access-list 102 permit ip any any access-list 199 permit tcp any any eq smtp dialer-list 1 protocol ip permit no cdp run ! ! ! ! control-plane ! banner login Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user! ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 ntp clock-period 17175038 ntp server 192.168.10.254 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> Товарищи. Помогите пожалуйста разобраться с проблемой. Есть Cisco 877 . У ней 
> отключен ATM интерфейс.  Созданы 2 Vlan интерфейса  на Ethernet 
> интерфейсах . Dialer1   поднимается PPPOE сессию  к провайдеру. 
 
> Всё бы хорошо, но через  неопределённые промежутки времени (чаще всего неделя, 
>  реже две, три не более) интерфейсы на маршрутизаторе вдруг перестают 
> отвечать.
> Естественно пробовал диагностировать. show ip nat stat, show processes cpu , show 
> buffers - всё в норме.  Больше всего грешил на переполнение 
> буферов. Но show buffers в момент проблемы не показало ни одного 
> no buffers...
>  Через консоль спокойно захожу, остальные интерфейсы не отвечайт, хотя находятся в 
> up. shutdown, no shutdown для dialer 1 никакого эффекта. только перезапуск 
> роутера. При работе с консоли никаких тормозов. От безысходности настроил раз 
> в неделю reload роутера, но это не выход, вернее это временное 
> решение.
> Единственное что заметил в момент проблемы это разница в выводе show int 
> Dialer1: 
> Вот в момент проблемы: (нет вообще упоминания об Virtual-Access1+ не показывается внешний 
> ip) 
> Dialer1 is up, line protocol is up (spoofing) 
>   Hardware is Unknown 
>   Internet address will be negotiated using IPCP 
>   MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, 
>      reliability 255/255, txload 1/255, rxload 1/255 
>   Encapsulation PPP, loopback not set 
>   Keepalive set (10 sec) 
>   DTR is pulsed for 1 seconds on reset 
>   Last input never, output never, output hang never 
>   Last clearing of "show interface" counters 1w2d 
>   Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0 
>   Queueing strategy: weighted fair 
>   Output queue: 0/1000/300/0 (size/max total/threshold/drops) 
>      Conversations  0/0/16 (active/max active/max total) 
>      Reserved Conversations 0/0 (allocated/max allocated) 
>      Available Bandwidth 42 kilobits/sec 
>   5 minute input rate 0 bits/sec, 0 packets/sec 
>   5 minute output rate 0 bits/sec, 0 packets/sec 
>      1347913 packets input, 531312992 bytes 
>      1277062 packets output, 608373118 bytes

> А вот когда всё ок: 
> Dialer1 is up, line protocol is up (spoofing) 
>   Hardware is Unknown 
>   Internet address is xxxxxxx/32 
>   MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, 
>      reliability 255/255, txload 1/255, rxload 1/255 
>   Encapsulation PPP, loopback not set 
>   Keepalive set (10 sec) 
>   DTR is pulsed for 1 seconds on reset 
>   Interface is bound to Vi1 
>   Last input never, output never, output hang never 
>   Last clearing of "show interface" counters 01:41:48 
>   Input queue: 0/300/0/0 (size/max/drops/flushes); Total output drops: 0 
>   Queueing strategy: weighted fair 
>   Output queue: 0/1000/300/0 (size/max total/threshold/drops) 
>      Conversations  0/0/16 (active/max active/max total) 
>      Reserved Conversations 0/0 (allocated/max allocated) 
>      Available Bandwidth 42 kilobits/sec 
>   5 minute input rate 0 bits/sec, 0 packets/sec 
>   5 minute output rate 0 bits/sec, 0 packets/sec 
>      37365 packets input, 4999448 bytes 
>      43031 packets output, 52920616 bytes 
> Bound to: 
> Virtual-Access1 is up, line protocol is up 
>   Hardware is Virtual Access interface 
>   MTU 1492 bytes, BW 56 Kbit, DLY 20000 usec, 
>      reliability 255/255, txload 1/255, rxload 1/255 
>   Encapsulation PPP, LCP Open 
>   Open: IPCP 
>   PPPoE vaccess, cloned from Dialer1 
>   Vaccess status 0x44, loopback not set 
>   Keepalive set (10 sec) 
>   DTR is pulsed for 5 seconds on reset 
>   Interface is bound to Di1 (Encapsulation PPP) 
>   Last input 00:00:39, output never, output hang never 
>   Last clearing of "show interface" counters 01:40:51 
>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 
>   Queueing strategy: fifo 
>   Output queue: 0/40 (size/max) 
>   5 minute input rate 0 bits/sec, 0 packets/sec 
>   5 minute output rate 0 bits/sec, 0 packets/sec 
>      37375 packets input, 4999776 bytes, 0 no 
> buffer 
>      Received 0 broadcasts, 0 runts, 0 giants, 
> 0 throttles 
>      0 input errors, 0 CRC, 0 frame, 
> 0 overrun, 0 ignored, 0 abort 
>      43041 packets output, 52920949 bytes, 0 underruns 
 
>      0 output errors, 0 collisions, 0 interface 
> resets 
>      0 output buffer failures, 0 output buffers 
> swapped out

> т.е. в момент проблемы отсутствует Bound to: Virtual-Access1 is up, и не 
> показывает внешний ip.

> Вся эта проблема не может быть со стороны провайдера?
> вот конфиг роутера.
> Заранее спасибо за совет...

> version 12.4 
> no service pad 
> service tcp-keepalives-in 
> service tcp-keepalives-out 
> service timestamps debug datetime msec localtime show-timezone 
> service timestamps log datetime msec localtime show-timezone 
> service password-encryption 
> service sequence-numbers 
> !
> hostname cisco-mmp 
> !
> boot-start-marker 
> boot-end-marker 
> !
> security authentication failure rate 3 log 
> security passwords min-length 6 
> logging buffered 128000 debugging 
> logging console critical 
> enable secret 5 xxxxxx 
> !
> no aaa new-model 
> !
> resource policy 
> !
> clock timezone MSK 3 
> clock summer-time MSD recurring last Sun Mar 3:00 last Sun Oct 2:00 
 
> no ip source-route 
> ip cef 
> !
> !
> !
> !
> ip tcp synwait-time 10 
> no ip bootp server 
> ip name-server 192.168.10.252 
> ip ssh time-out 60 
> ip ssh authentication-retries 2 
> ip inspect name DEFAULT100 ntp 
> ip inspect name DEFAULT100 tcp 
> ip inspect name DEFAULT100 udp 
> ip inspect name DEFAULT100 h323 
> !
> !
> crypto pki trustpoint TP-self-signed-2593702234 
>  enrollment selfsigned 
>  subject-name cn=IOS-Self-Signed-Certificate-2593702234 
>  revocation-check none 
>  rsakeypair TP-self-signed-2593702234 
> !
> !
> crypto pki certificate chain TP-self-signed-2593702234 
>  certificate self-signed 01 
>  xxxxxxxxxxxxx 
>   quit 
> username sysadm privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx 
> !
> !
> policy-map test 
> !
> !
> !
> buffers large permanent 2 
> buffers large min-free 1 
> !
> !
> !
> interface ATM0 
>  no ip address 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  shutdown 
>  no atm ilmi-keepalive 
>  dsl operating-mode auto 
> !
> interface ATM0.1 point-to-point 
>  description $ES_WAN$$FW_OUTSIDE$ 
>  shutdown 
>  no snmp trap link-status 
>  pvc 0/35 
>   pppoe-client dial-pool-number 1 
>  !
> !
> interface FastEthernet0 
> !
> interface FastEthernet1 
>  switchport access vlan 3 
> !
> interface FastEthernet2 
>  switchport access vlan 4 
> !
> interface FastEthernet3 
> !
> interface Vlan1 
>  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ 
>  ip address 192.168.10.137 255.255.255.0 
>  ip access-group 100 in 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip nat inside 
>  ip virtual-reassembly 
>  ip route-cache flow 
>  ip tcp adjust-mss 1412 
>  hold-queue 300 in 
> !
> interface Vlan3 
>  no ip address 
>  ip mtu 1492 
>  pppoe enable group global 
>  pppoe-client dial-pool-number 2 
> !

> interface Dialer1 
>  mtu 1492 
>  ip address negotiated 
>  ip access-group 101 in 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip nat outside 
>  ip inspect DEFAULT100 out 
>  ip virtual-reassembly 
>  rate-limit input access-group 199 2496000 468000 600000 conform-action transmit exceed-action 
> drop 
>  rate-limit output access-group 199 2496000 468000 600000 conform-action transmit exceed-action 
> drop 
>  encapsulation ppp 
>  ip route-cache flow 
>  ip tcp adjust-mss 1452 
>  no ip mroute-cache 
>  dialer pool 2 
>  dialer-group 2 
>  fair-queue 300 16 0 
>  no cdp enable 
>  ppp authentication chap pap callin 
>  ppp chap hostname officecentre 
>  ppp chap password 7 xxxxxxxxxxxxx 
>  ppp pap sent-username xxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx 
>  hold-queue 300 in 
> !
> ip route 0.0.0.0 0.0.0.0 Dialer1 
> !
> ip flow-export version 5 
> ip flow-export destination 192.168.10.70 9996 
> !
> no ip http server 
> no ip http secure-server 
> ip nat translation timeout 130 
> ip nat translation tcp-timeout 200 
> ip nat translation udp-timeout 200 
> ip nat translation syn-timeout 200 
> ip nat translation max-entries 500 
> ip nat translation max-entries all-host 400 
> ip nat inside source list 1 interface Dialer1 overload 
> ip nat inside source static tcp 192.168.10.252 25 xxxxxxxxxxx 25 extendable 
> ip nat inside source static tcp 192.168.10.252 53 xxxxxxxxxxxx 53 extendable 
> ip nat inside source static udp 192.168.10.252 53 xxxxxxxxx 53 extendable 
> !
> kron occurrence weekly_reebot at 5:00 Sun recurring 
>  policy-list clear_dialer 
> !
> kron policy-list clear_dialer 
>  cli reload 
> !
> logging trap debugging 
> logging facility local6 
> logging 192.168.10.102 
> access-list 1 permit 192.168.10.49 
> access-list 1 permit 192.168.10.24 
> access-list 1 permit 192.168.10.254 
> access-list 1 permit 192.168.10.252 
> access-list 1 permit 192.168.10.140 
> access-list 2 permit 192.168.10.102 
> access-list 2 permit 192.168.10.34 
> access-list 2 permit 192.168.10.49 
> access-list 100 deny   ip host 255.255.255.255 any 
> access-list 100 deny   ip 127.0.0.0 0.255.255.255 any 
> access-list 100 permit ip host 192.168.10.254 any 
> access-list 100 permit ip host 192.168.10.34 any 
> access-list 100 permit ip host 192.168.10.70 any 
> access-list 100 permit ip host 192.168.10.49 any 
> access-list 100 permit ip host 192.168.10.102 any 
> access-list 100 permit ip host 192.168.10.116 any 
> access-list 100 permit ip host 192.168.10.252 any 
> access-list 100 deny   ip any any 
> access-list 101 deny   ip 192.168.0.0 0.0.0.255 any log 
> access-list 101 deny   ip 192.168.10.0 0.0.0.255 any log 
> access-list 101 permit tcp any host xxxxxxxx gt 1024 
> access-list 101 permit udp any host xxxxx gt 1024 
> access-list 101 permit tcp any host xxxxxx eq 389 
> access-list 101 permit tcp any any established 
> access-list 101 permit tcp any host xxxxxx eq smtp 
> access-list 101 permit tcp any host xxxxxx eq domain 
> access-list 101 permit udp any host xxxxxxxx eq domain 
> access-list 101 permit tcp any eq domain any gt 1023 
> access-list 101 permit udp any eq domain any gt 1023 
> access-list 101 permit tcp any eq ftp-data any gt 1023 
> access-list 101 deny   icmp any any redirect log 
> access-list 101 permit icmp any any 
> access-list 101 permit udp any any eq ntp 
> access-list 101 deny   tcp any any log 
> access-list 101 deny   udp any any log 
> access-list 101 deny   ip any any log 
> access-list 102 permit ip any any 
> access-list 199 permit tcp any any eq smtp 
> dialer-list 1 protocol ip permit 
> no cdp run 
> !
> !
> !
> !
> control-plane 
> !
> banner login Authorized access only!
>  Disconnect IMMEDIATELY if you are not an authorized user! 
> !
> line con 0 
>  login local 
>  no modem enable 
>  transport output telnet 
> line aux 0 
>  login local 
>  transport output telnet 
> line vty 0 4 
>  privilege level 15 
>  login local 
>  transport input telnet ssh 
> !
> scheduler max-task-time 5000 
> scheduler allocate 4000 1000 
> scheduler interval 500 
> ntp clock-period 17175038 
> ntp server 192.168.10.254 
> !
> webvpn context Default_context 
>  ssl authenticate verify all 
>  !
>  no inservice 
> !
> end

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру