Добрый день всем!
Настроил AS5350, что бы подключались только лкальные пользователи, т.е. авторизация- на самом 5350. Но после того, как пользователь успешно подключился, он не может ни выйти в интернет, ни пропинговать ни один адрес, кроме себя самого и шлюза.
Вот конфиг:
Current configuration : 3199 bytes
!
! Last configuration change at 15:15:32 MSD Tue Jul 4 2006 by test
! NVRAM config last updated at 14:58:30 MSD Tue Jul 4 2006 by test
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname as5350
!
boot-start-marker
no boot startup-test
boot-end-marker
!
logging cns-events debugging
enable secret 5 $1$zKDa$jOTbjyj1qg2VyjXEIbYsJ/
enable password ******
!
!
!
resource-pool disable
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 3:00
spe default-firmware spe-firmware-1
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
aaa session-id unique
ip subnet-zero
!
!
ip cef
ip name-server 213.137.236.3
ip name-server 213.137.224.34
!
async-bootp dns-server 213.137.236.3 213.137.224.34
isdn switch-type primary-net5
!
voice call carrier capacity active
voice rtp send-recv
!
voice service voip
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
h323
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 0 password 0 *********
username test password 0 *******
!
!
controller E1 3/0
framing NO-CRC4
pri-group timeslots 1-31
!
controller E1 3/1
!
!
interface FastEthernet0/0
ip address 213.137.253.28 255.255.255.240
duplex auto
speed 100
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
!
interface Serial3/0:15
no ip address
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
isdn T309-enable
peer default ip address pool default
!
interface Group-Async0
ip unnumbered FastEthernet0/0
encapsulation ppp
no ip mroute-cache
async mode interactive
peer default ip address pool default
ppp authentication pap chap callin
group-range 1/00 1/59
!
ip local pool default 213.137.253.17 213.137.253.27
ip default-gateway 213.137.253.29
ip classless
ip route 0.0.0.0 0.0.0.0 213.137.253.61
ip route 0.0.0.0 0.0.0.0 213.137.253.29
no ip http server
!
!
ip radius source-interface FastEthernet0/0
logging trap debugging
logging facility local1
logging source-interface FastEthernet0/0
logging 213.137.250.170
!
snmp-server community public RO
!
radius-server host 213.137.250.170 auth-port 1812 acct-port 1813 key c5350
radius-server key c5350
radius-server authorization default Framed-Protocol ppp
radius-server vsa send accounting
radius-server vsa send authentication
!
voice-port 3/0:D
bearer-cap Speech
!
!
!
dial-peer voice 1 voip
destination-pattern 249971
session target ipv4:213.137.253.186
!
dial-peer voice 2 pots
application data_dialpeer
incoming called-number 249970
!
dial-peer voice 9999 pots
incoming called-number T
direct-inward-dial
!
!
!
line con 0
line aux 0
line vty 0 4
password qq
line 1/00 1/59
session-timeout 20
exec-timeout 120 0
no modem callout
modem Dialin
autocommand ppp
transport input all
transport output all
autoselect during-login
autoselect ppp
!
scheduler allocate 10000 400
ntp clock-period 17179913
ntp server 192.43.244.18 prefer
end
>Добрый день всем!
>Настроил AS5350, что бы подключались только лкальные пользователи, т.е. авторизация- на самом
>5350. Но после того, как пользователь успешно подключился, он не может
>ни выйти в интернет, ни пропинговать ни один адрес, кроме себя
>самого и шлюза.
>Вот конфиг:
>
>
>
>
>Current configuration : 3199 bytes
>!
>! Last configuration change at 15:15:32 MSD Tue Jul 4 2006 by
>test
>! NVRAM config last updated at 14:58:30 MSD Tue Jul 4 2006
>by test
>!
>version 12.3
>service timestamps debug datetime msec
>service timestamps log datetime msec
>no service password-encryption
>!
>hostname as5350
>!
>boot-start-marker
>no boot startup-test
>boot-end-marker
>!
>logging cns-events debugging
>enable secret 5 $1$zKDa$jOTbjyj1qg2VyjXEIbYsJ/
>enable password ******
>!
>!
>!
>resource-pool disable
>clock timezone MSK 3
>clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 3:00
>
>spe default-firmware spe-firmware-1
>aaa new-model
>!
>!
>aaa authentication login default local
>aaa authentication ppp default local
>aaa authorization network default local
>aaa session-id unique
>ip subnet-zero
>!
>!
>ip cef
>ip name-server 213.137.236.3
>ip name-server 213.137.224.34
>!
>async-bootp dns-server 213.137.236.3 213.137.224.34
>isdn switch-type primary-net5
>!
>voice call carrier capacity active
>voice rtp send-recv
>!
>voice service voip
> fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
> h323
>!
>!
>!
>!
>!
>!
>!
>!
>!
>!
>!
>username admin privilege 0 password 0 *********
>username test password 0 *******
>!
>!
>controller E1 3/0
> framing NO-CRC4
> pri-group timeslots 1-31
>!
>controller E1 3/1
>!
>!
>interface FastEthernet0/0
> ip address 213.137.253.28 255.255.255.240
> duplex auto
> speed 100
>!
>interface FastEthernet0/1
> no ip address
> shutdown
> duplex auto
> speed auto
>!
>interface Serial0/0
> no ip address
> shutdown
> clockrate 2000000
>!
>interface Serial0/1
> no ip address
> shutdown
> clockrate 2000000
>!
>interface Serial3/0:15
> no ip address
> encapsulation ppp
> isdn switch-type primary-net5
> isdn incoming-voice modem
> isdn T309-enable
> peer default ip address pool default
>!
>interface Group-Async0
> ip unnumbered FastEthernet0/0
> encapsulation ppp
> no ip mroute-cache
> async mode interactive
> peer default ip address pool default
> ppp authentication pap chap callin
> group-range 1/00 1/59
>!
>ip local pool default 213.137.253.17 213.137.253.27
>ip default-gateway 213.137.253.29
>ip classless
>ip route 0.0.0.0 0.0.0.0 213.137.253.61
>ip route 0.0.0.0 0.0.0.0 213.137.253.29
>no ip http server
>!
>!
>ip radius source-interface FastEthernet0/0
>logging trap debugging
>logging facility local1
>logging source-interface FastEthernet0/0
>logging 213.137.250.170
>!
>snmp-server community public RO
>!
>radius-server host 213.137.250.170 auth-port 1812 acct-port 1813 key c5350
>radius-server key c5350
>radius-server authorization default Framed-Protocol ppp
>radius-server vsa send accounting
>radius-server vsa send authentication
>!
>voice-port 3/0:D
> bearer-cap Speech
>!
>!
>!
>dial-peer voice 1 voip
> destination-pattern 249971
> session target ipv4:213.137.253.186
>!
>dial-peer voice 2 pots
> application data_dialpeer
> incoming called-number 249970
>!
>dial-peer voice 9999 pots
> incoming called-number T
> direct-inward-dial
>!
>!
>!
>line con 0
>line aux 0
>line vty 0 4
> password qq
>line 1/00 1/59
> session-timeout 20
> exec-timeout 120 0
> no modem callout
> modem Dialin
> autocommand ppp
> transport input all
> transport output all
> autoselect during-login
> autoselect ppp
>!
>scheduler allocate 10000 400
>ntp clock-period 17179913
>ntp server 192.43.244.18 prefer
>end
трассировку покажи с ppp-клиента до внешнего адреса
>>Добрый день всем!
>>Настроил AS5350, что бы подключались только лкальные пользователи, т.е. авторизация- на самом
>>5350. Но после того, как пользователь успешно подключился, он не может
>>ни выйти в интернет, ни пропинговать ни один адрес, кроме себя
>>самого и шлюза.
>>Вот конфиг:
>>
>>
>>
>>
>>Current configuration : 3199 bytes
>>!
>>! Last configuration change at 15:15:32 MSD Tue Jul 4 2006 by
>>test
>>! NVRAM config last updated at 14:58:30 MSD Tue Jul 4 2006
>>by test
>>!
>>version 12.3
>>service timestamps debug datetime msec
>>service timestamps log datetime msec
>>no service password-encryption
>>!
>>hostname as5350
>>!
>>boot-start-marker
>>no boot startup-test
>>boot-end-marker
>>!
>>logging cns-events debugging
>>enable secret 5 $1$zKDa$jOTbjyj1qg2VyjXEIbYsJ/
>>enable password ******
>>!
>>!
>>!
>>resource-pool disable
>>clock timezone MSK 3
>>clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 3:00
>>
>>spe default-firmware spe-firmware-1
>>aaa new-model
>>!
>>!
>>aaa authentication login default local
>>aaa authentication ppp default local
>>aaa authorization network default local
>>aaa session-id unique
>>ip subnet-zero
>>!
>>!
>>ip cef
>>ip name-server 213.137.236.3
>>ip name-server 213.137.224.34
>>!
>>async-bootp dns-server 213.137.236.3 213.137.224.34
>>isdn switch-type primary-net5
>>!
>>voice call carrier capacity active
>>voice rtp send-recv
>>!
>>voice service voip
>> fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
>> h323
>>!
>>!
>>!
>>!
>>!
>>!
>>!
>>!
>>!
>>!
>>!
>>username admin privilege 0 password 0 *********
>>username test password 0 *******
>>!
>>!
>>controller E1 3/0
>> framing NO-CRC4
>> pri-group timeslots 1-31
>>!
>>controller E1 3/1
>>!
>>!
>>interface FastEthernet0/0
>> ip address 213.137.253.28 255.255.255.240
>> duplex auto
>> speed 100
>>!
>>interface FastEthernet0/1
>> no ip address
>> shutdown
>> duplex auto
>> speed auto
>>!
>>interface Serial0/0
>> no ip address
>> shutdown
>> clockrate 2000000
>>!
>>interface Serial0/1
>> no ip address
>> shutdown
>> clockrate 2000000
>>!
>>interface Serial3/0:15
>> no ip address
>> encapsulation ppp
>> isdn switch-type primary-net5
>> isdn incoming-voice modem
>> isdn T309-enable
>> peer default ip address pool default
>>!
>>interface Group-Async0
>> ip unnumbered FastEthernet0/0
>> encapsulation ppp
>> no ip mroute-cache
>> async mode interactive
>> peer default ip address pool default
>> ppp authentication pap chap callin
>> group-range 1/00 1/59
>>!
>>ip local pool default 213.137.253.17 213.137.253.27
>>ip default-gateway 213.137.253.29
>>ip classless
>>ip route 0.0.0.0 0.0.0.0 213.137.253.61
>>ip route 0.0.0.0 0.0.0.0 213.137.253.29
>>no ip http server
>>!
>>!
>>ip radius source-interface FastEthernet0/0
>>logging trap debugging
>>logging facility local1
>>logging source-interface FastEthernet0/0
>>logging 213.137.250.170
>>!
>>snmp-server community public RO
>>!
>>radius-server host 213.137.250.170 auth-port 1812 acct-port 1813 key c5350
>>radius-server key c5350
>>radius-server authorization default Framed-Protocol ppp
>>radius-server vsa send accounting
>>radius-server vsa send authentication
>>!
>>voice-port 3/0:D
>> bearer-cap Speech
>>!
>>!
>>!
>>dial-peer voice 1 voip
>> destination-pattern 249971
>> session target ipv4:213.137.253.186
>>!
>>dial-peer voice 2 pots
>> application data_dialpeer
>> incoming called-number 249970
>>!
>>dial-peer voice 9999 pots
>> incoming called-number T
>> direct-inward-dial
>>!
>>!
>>!
>>line con 0
>>line aux 0
>>line vty 0 4
>> password qq
>>line 1/00 1/59
>> session-timeout 20
>> exec-timeout 120 0
>> no modem callout
>> modem Dialin
>> autocommand ppp
>> transport input all
>> transport output all
>> autoselect during-login
>> autoselect ppp
>>!
>>scheduler allocate 10000 400
>>ntp clock-period 17179913
>>ntp server 192.43.244.18 prefer
>>end
>
>
>трассировку покажи с ppp-клиента до внешнего адреса
на ppp-клиенте какой дефолтный шлюз у тебя показывается
>>трассировку покажи с ppp-клиента до внешнего адреса
>
>
>на ppp-клиенте какой дефолтный шлюз у тебя показываетсяДело в том, что tracert xxx.xxx.xxx.xxx не дает ровным счетом НИЧЕГО! одни звездочки :-(
А шлюз на клиенте такой же, как и его IP. Если я правильно понял, Вы хотите узнать именно про шлюз (route print - ). А адрес сервера - адрес самой 5350.
ip routing
>ip routing
Спасибо, заработало!!!
>>ip routing
>Спасибо, заработало!!!если не сложно скинь работающий конфиг....