Добрый день!Есть Cisco 877-K9, у нее ADSLoPOTS и 4 FastEthernet.
Хочу сделать так что-бы в каждый порт FastE включалась отдельная подсеть, и для нее рабатол свой DHCP Сервер. Сейчас получаеться так что эти порты работают как свич, т.е. во всех портах присваеваеться адрес из пула 10.10.10.0 255.255.255.248.
Помогите советом, где я не прав.
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
username USER privilege $$$$$$$$$$$$$$$$$
clock timezone GMT 6
no aaa new-model
ip subnet-zero
ip cef
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
domain-name XXXXXXXXXXX
dns-server 10.10.10.1
lease 0 2
!
ip dhcp pool comp1
import all
network 192.168.0.0 255.255.255.252
default-router 192.168.0.1
lease 1
!
ip dhcp pool comp2
import all
network 192.168.1.0 255.255.255.252
default-router 192.168.1.1
lease 14
!
!
no ip domain lookup
ip domain name XXXXXXXXXXXXX.ru
ip name-server XXXXXX
ip name-server XXXXXXX
ip name-server XXXXXXXXX
no ftp-server write-enable
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 192.168.0.1 255.255.255.252
ip tcp adjust-mss 1452
!
interface Vlan3
ip address 192.168.1.1 255.255.255.252
ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86
!
no cdp run
!
control-plane
!
!
line con 0
login local
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end
interface FastEthernet0
sw ac vl 1
interface FastEthernet1
sw ac vl 2
interface FastEthernet2
sw ac vl 3
>interface FastEthernet0
>sw ac vl 1
>interface FastEthernet1
>sw ac vl 2
>interface FastEthernet2
>sw ac vl 3
Очень признателен вечером буду пробывать.Еще вопрос остальные принчипы применения ACL и NAT на Влане те-же что и на обычных интерфейсах или есть особенности?
Проблема осталась VLAN 2 не работаетпосле выполнения следующих команд
router:#vlan database
router(vlan)#vlan 2 media ethernet name Vlan2Выводиться сообщение:
Vlan can not be added. Maximum number of 1 vlan(s) in the database.
Делал по
http://www.cisco.com/en/US/products/hw/routers/ps380/product...Я подумал может у меня IOS не потдерживает больше одного VLAN.
Начну все сначала:interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/40
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet2
switchport access vlan 3
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface Vlan1
description For users hotel
ip address 10.10.10.1 255.255.255.240
ip access-group 110 in
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
description For users Bussenes
ip address 192.168.2.1 255.255.255.252 secondary
ip address 192.168.1.1 255.255.255.252
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
router#sh vlan-switchVLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0, Fa3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default activeVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0router#vlan database
router(vlan)#sh
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Translational Bridged VLAN: 1002
Translational Bridged VLAN: 1003VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Bridge Type: SRB
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1003VLAN ISL Id: 1003
Name: token-ring-default
Media Type: Token Ring
VLAN 802.10 Id: 101003
State: Operational
MTU: 1500
Bridge Type: SRB
Ring Number: 0
Bridge Number: 1
Parent VLAN: 1005
Maximum ARE Hop Count: 7
Maximum STE Hop Count: 7
Backup CRF Mode: Disabled
Translational Bridged VLAN: 1
Translational Bridged VLAN: 1002VLAN ISL Id: 1004
Name: fddinet-default
Media Type: FDDI Net
VLAN 802.10 Id: 101004
State: Operational
MTU: 1500
Bridge Type: SRB
Bridge Number: 1
STP Type: IBMVLAN ISL Id: 1005
Name: trnet-default
Media Type: Token Ring Net
VLAN 802.10 Id: 101005
State: Operational
MTU: 1500
Bridge Type: SRB
Bridge Number: 1
STP Type: IBM
sh verCisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.3(8)YI2, RE
LEASE SOFTWARE (fc1)
Synched to technology version 12.3(10.3)T2
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 14-Jun-05 18:58 by ealyonROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE
ROM: Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.3(8)YI
2, RELEASE SOFTWARE (fc1)Hotel_Medeo uptime is 4 days, 17 hours, 5 minutes
System returned to ROM by power-on
System restarted at 18:10:34 GMT Thu Jun 22 2006
System image file is "flash:c870-advsecurityk9-mz.123-8.YI2.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email to
export@cisco.com.Cisco 877 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memo
ry.
Processor board ID FCZ100123UN
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)router#sh int vlan2
Vlan2 is up, line protocol is down
Hardware is EtherSVI, address is 0016.9d29.8927 (bia 0016.9d29.8927)
Description: For users Bussenes
Internet address is 192.168.1.1/30
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 3 interface resets
0 output buffer failures, 0 output buffers swapped outrouter#sh int faste1
FastEthernet1 is up, line protocol is up
Hardware is Fast Ethernet, address is 0016.9d29.8928 (bia 0016.9d29.8928)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
147 packets input, 24053 bytes, 0 no buffer
Received 135 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
384 packets output, 32114 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
>Я подумал может у меня IOS не потдерживает больше одного VLAN.
>
>sh ver
>
>Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.3(8)YI2, RE
>LEASE SOFTWARE (fc1)
>
Именно.
12.3 "Advanced Security" не поддерживает несколько VLAN. Из 12.3 подойдет либо "Adv. IP Services", либо "Adv. Enterprise". Или переходи на 12.4