Добрый день!!!
Имеется cisco 2611XM на с двумя интерфейсами FE. Один конец смотрит в Интернет другой в свитч поддерживающий VLAN.На киске поднят NAT+VLAN+NETFlow+ACL
Ситуация в следюющем коммутация на свитче между портами запрещена то есть весь локальный трафик через Vlan заворачиваеться на киску.
Проблема в том что Интернет трафик считаеться нормально, а локальный трафик удваеваеться.
Вот конфиг киски.
Current configuration : 2351 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Nat
!
boot-start-marker
boot-end-marker
!
no logging on
enable secret 5
enable password
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host billing 172.16.0.3 billing enable
no ftp-server write-enable
!
username billing privilege 8 password 0 pass123456
!
interface FastEthernet0/0
no ip address
ip route-cache policy
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 172.16.0.2 255.255.255.0
ip access-group 105 in
ip access-group 106 out
ip flow egress
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 172.16.2.1 255.255.255.252
ip access-group 105 in
ip access-group 106 out
ip flow egress
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 172.16.2.5 255.255.255.252
ip access-group 105 in
ip access-group 106 out
ip flow egress
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1
ip address 217.107.x.x 255.255.255.248
ip nat outside
ip route-cache policy
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 217.107.x.x
ip route 172.16.0.0 255.255.0.0 Null0
ip route 172.16.1.0 255.255.255.0 172.16.0.7
!
ip flow-export version 5
ip flow-export destination 172.16.0.3 9996
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 105 dynamic test1 permit ip any any
access-list 105 permit ip host 172.16.0.3 any
access-list 105 permit ip host 172.16.0.7 any
access-list 105 permit ip host 172.16.1.3 any
access-list 106 dynamic test2 permit ip any any
access-list 106 permit ip any host 172.16.0.3
access-list 106 permit ip any host 172.16.0.7
access-list 106 permit ip any host 172.16.1.3
dialer-list 1 protocol ip permit
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password pass
login
!
end
Пробовал на прошивке 12,4 telco то же самое.
Можно ли с помощью фильтрации NetFlow удалить одинаковые записи в статистике. Либо не считать исходящий трафик между сабинтерфесами.
sh ip cache flow
IP packet size distribution (66417 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .328 .239 .019 .008 .003 .012 .026 .002 .003 .005 .004 .002 .003 .003
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.006 .003 .006 .017 .303 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
27 active, 4069 inactive, 5293 added
113151 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
27 active, 997 inactive, 5289 added, 5289 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-WWW 1795 0.3 10 513 3.8 6.4 4.2
TCP-other 320 0.0 44 703 2.8 6.2 10.8
UDP-DNS 31 0.0 15 64 0.1 43.5 15.4
UDP-other 2306 0.4 6 115 3.0 8.8 15.4
ICMP 630 0.1 2 60 0.2 2.7 15.4
IP-other 185 0.0 2 206 0.0 1.4 15.4
Total: 5267 1.0 9 429 10.2 7.0 11.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0.1 172.16.0.33 Fa0/1 85.112.148.21 06 0B53 0050 18
Fa0/0.3 172.16.2.6 Fa0/1 81.19.70.1 06 0BED 0050 18
Fa0/0.3 172.16.2.6 Fa0/1 81.19.70.1 06 0BF5 0050 4
Fa0/0.1 10.6.0.61 Null 10.6.0.255 11 0089 0089 187
Fa0/1 81.19.70.1 Fa0/0.3* 172.16.2.6 06 0050 0BF5 2
Fa0/1 81.19.70.1 Fa0/0.3* 172.16.2.6 06 0050 0BED 19
Fa0/0.1 10.6.0.172 Null 10.6.0.255 11 0089 0089 763
Fa0/0.1 10.6.0.174 Null 10.6.0.255 11 0089 0089 801
Fa0/0.1 10.6.0.227 Null 10.6.0.255 11 0089 0089 124
!!!Fa0/0.3 172.16.2.6 Fa0/0.2 172.16.2.2 06 008B 04BC 10K
Fa0/0.2 172.16.2.2 Fa0/0.3 172.16.2.6 06 04BC 008B 5823
!!!Fa0/0.3 172.16.2.6 Fa0/0.2* 172.16.2.2 06 008B 04BC 10K
Fa0/0.2 172.16.2.2 Fa0/0.3* 172.16.2.6 06 04BC 008B 5871
Fa0/0.3 172.16.2.6 Null 213.59.151.2 11 0BB9 0035 4
Fa0/0.3 172.16.2.6 Fa0/1 81.19.80.4 06 0BF6 0050 2
Fa0/1 81.19.80.4 Fa0/0.3* 172.16.2.6 06 0050 0BF6 1
Fa0/0.3 172.16.2.6 Local 172.16.0.2 01 0000 0800 1
Fa0/0.3 172.16.2.6 Fa0/1 81.19.66.65 06 0BFB 0050 6
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0.3 172.16.2.6 Fa0/1 81.19.66.4 06 0BF8 0050 10
Fa0/1 81.19.66.65 Fa0/0.3* 172.16.2.6 06 0050 0BFB 7
Fa0/1 81.19.66.65 Fa0/0.3* 172.16.2.6 06 0050 0BF7 1
Fa0/1 81.19.66.65 Fa0/0.3* 172.16.2.6 06 0050 0BF1 16
Fa0/1 81.19.66.65 Fa0/0.3* 172.16.2.6 06 0050 0BF2 16
Fa0/1 81.19.66.4 Fa0/0.3* 172.16.2.6 06 0050 0BF8 11
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on 25-Янв-07, 12:42 
