Прошу помощи у Умных мира сего!Проблема:
Есть 2 циски,
3825-на неё приходит инет
и
3750- на ней 36 Vlan-ов... она раздаёт инет от 3825.Необходимо, настроить на сервер в VLAN-е, реальный статический инет IP.
Ситуация как я понял:
на 3825- есть скоп реальных ип 95.120.x.x, и второй скоп 73.230.x.x
Бывший админ, который пропал безвести, настраивал всем именно 73.230.x.xОбъясните схему?
Вот конфиги:
3825-на неё приходит инет
Using 8052 out of 491512 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$ZC19$oL5/zcjPRSt8fjLrUfHCd0
enable password 7 104F0D1453424B5314
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool USERS1
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS2
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS3
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS4
network 10.1.4.0 255.255.255.0
default-router 10.1.4.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS5
network 10.1.5.0 255.255.255.0
default-router 10.1.5.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS6
network 10.1.6.0 255.255.255.0
default-router 10.1.6.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS7
network 10.1.7.0 255.255.255.0
default-router 10.1.7.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS8
network 10.1.8.0 255.255.255.0
default-router 10.1.8.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS9
network 10.1.9.0 255.255.255.0
default-router 10.1.9.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS10
network 10.1.10.0 255.255.255.0
default-router 10.1.10.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS11
network 10.1.11.0 255.255.255.0
default-router 10.1.11.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS12
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS13
network 10.1.13.0 255.255.255.0
default-router 10.1.13.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS14
network 10.1.14.0 255.255.255.0
default-router 10.1.14.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS15
network 10.1.15.0 255.255.255.0
default-router 10.1.16.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS17
network 10.1.17.0 255.255.255.0
default-router 10.1.17.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS18
network 10.1.18.0 255.255.255.0
default-router 10.1.18.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS19
network 10.1.19.0 255.255.255.0
default-router 10.1.19.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS20
network 10.1.20.0 255.255.255.0
default-router 10.1.20.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS21
network 10.1.21.0 255.255.255.0
default-router 10.1.21.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS22
network 10.1.22.0 255.255.255.0
default-router 10.1.22.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS23
network 10.1.23.0 255.255.255.0
default-router 10.1.23.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS24
network 10.1.24.0 255.255.255.0
default-router 10.1.24.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS25
network 10.1.25.0 255.255.255.0
default-router 10.1.25.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS26
network 10.1.26.0 255.255.255.0
default-router 10.1.26.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS27
network 10.1.27.0 255.255.255.0
default-router 10.1.27.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS28
network 10.1.28.0 255.255.255.0
default-router 10.1.28.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS29
network 10.1.29.0 255.255.255.0
default-router 10.1.29.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS30
network 10.1.30.0 255.255.255.0
default-router 10.1.30.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS31
network 10.1.31.0 255.255.255.0
default-router 10.1.31.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS32
network 10.1.32.0 255.255.255.0
default-router 10.1.32.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS33
network 10.1.33.0 255.255.255.0
default-router 10.1.33.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS34
network 10.1.34.0 255.255.255.0
default-router 10.1.34.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS35
network 10.1.35.0 255.255.255.0
default-router 10.1.35.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS36
network 10.1.36.0 255.255.255.0
default-router 10.1.36.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS47
network 10.1.47.0 255.255.255.0
default-router 10.1.47.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USER37
network 10.1.37.0 255.255.255.0
default-router 10.1.37.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
ip dhcp pool USERS16
!
ip dhcp pool USERS37
lease infinite
!
ip dhcp pool USER32
!
ip dhcp pool USERS46
network 10.1.46.0 255.255.255.0
default-router 10.1.46.1
dns-server 73.230.35.98 73.230.43.42
lease infinite
!
!
ip domain name yourdomain.com
!
username mstroi password 7 045A0F0B5974151611
!
!
!
interface GigabitEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip flow egress
ip nat inside
ip route-cache flow
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
ip address 95.120.17.240 255.255.255.0 secondary
ip address 95.120.17.241 255.255.255.0 secondary
ip address 95.120.17.242 255.255.255.0 secondary
ip address 95.120.17.243 255.255.255.0 secondary
ip address 95.120.17.244 255.255.255.0 secondary
ip address 95.120.17.245 255.255.255.0 secondary
ip address 95.120.17.238 255.255.255.252
ip nat outside
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 95.120.17.237
ip route 10.0.0.0 255.0.0.0 10.0.0.2
ip route 73.230.58.112 255.255.255.240 10.0.0.2
ip flow-export version 5
ip flow-export destination 10.1.47.2 3000
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip nat inside source static 10.1.28.223 95.120.17.241 extendable
ip nat inside source static 10.1.46.4 95.120.17.242 extendable
ip nat inside source static tcp 10.1.1.44 3389 95.120.17.244 22356 extendable
ip nat inside source static tcp 10.1.1.5 3389 95.120.17.244 23467 extendable
ip nat outside source static 10.1.28.223 95.120.17.241 extendable
!
access-list 100 permit ip 10.1.0.0 0.0.255.255 any
access-list 100 deny ip 10.0.0.0 0.255.255.255 10.1.48.0 0.0.0.255
access-list 100 deny ip 10.1.0.0 0.0.255.255 10.1.48.0 0.0.0.255
!
control-plane
!
!
line con 0
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end
3750-свитч с VLANамиUsing 18027 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Core
!
enable password 7 020700565D53567954
!
username mstroi password 7 045A0F0B5974151611
no aaa new-model
switch 1 provision ws-c3750-48ts
ip subnet-zero
ip routing
!
ip dhcp pool qwerty
network 10.100.0.0 255.255.255.0
!
!
mls qos
!
!
errdisable recovery interval 120
no file verify auto
!
mac access-list extended test_arp2
permit any any
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
class-map match-all vlan32
description bind-to-interface
match input-interface FastEthernet1/0/32
!
!
policy-map limit5
class class-default
police 1000000 500000 exceed-action drop
policy-map limit4
class class-default
police 1000000 500000 exceed-action drop
policy-map limit7
class class-default
police 1000000 500000 exceed-action drop
policy-map limit6
class class-default
police 1000000 500000 exceed-action drop
policy-map limit1
class class-default
police 1000000 500000 exceed-action drop
policy-map limit3
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit2
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit9
class class-default
police 256000 128000 exceed-action drop
policy-map limit8
class class-default
police 1000000 500000 exceed-action drop
policy-map limit14
class class-default
police 1000000 500000 exceed-action drop
policy-map limit27
class class-default
police 128000 64000 exceed-action drop
policy-map limit36
class class-default
police 1000000 500000 exceed-action drop
policy-map limit15
class class-default
police 1000000 500000 exceed-action drop
policy-map limit26
class class-default
police 1000000 500000 exceed-action drop
policy-map limit37
class class-default
police 1000000 500000 exceed-action drop
policy-map limit16
class class-default
police 1000000 500000 exceed-action drop
policy-map limit25
class class-default
police 1000000 500000 exceed-action drop
policy-map limit34
class class-default
police 1000000 500000 exceed-action drop
policy-map limit17
class class-default
police 1000000 500000 exceed-action drop
policy-map limit24
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit35
class class-default
police 500000 250000 exceed-action drop
policy-map limit10
class class-default
police 200000 100000 exceed-action drop
policy-map limit23
class class-default
police 125000 62500 exceed-action drop
policy-map limit32
class class-default
police 10000000 1000000 exceed-action drop
policy-map limit11
class class-default
police 125000 64000 exceed-action drop
policy-map limit22
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit33
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit12
class class-default
police 1000000 500000 exceed-action drop
policy-map limit21
class class-default
police 500000 250000 exceed-action drop
policy-map limit30
class class-default
police 2000000 1000000 exceed-action drop
policy-map linit11
policy-map limit13
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit20
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit31
class class-default
police 500000 250000 exceed-action drop
policy-map limit18
class class-default
police 2000000 1000000 exceed-action drop
policy-map limit19
class class-default
police 125000 62500 exceed-action drop
policy-map limit29
class class-default
police 1000000 500000 exceed-action drop
policy-map limit38
class class-default
police 1000000 500000 exceed-action drop
policy-map limit28
class class-default
police 2000000 1000000 exceed-action drop
!
!
interface FastEthernet1/0/1
switchport access vlan 1001
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/2
switchport access vlan 2
service-policy input limit2
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/3
switchport access vlan 3
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/4
switchport access vlan 4
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/5
switchport access vlan 101
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
ip verify source
!
interface FastEthernet1/0/6
switchport access vlan 6
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/7
switchport access vlan 7
service-policy input limit7
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/8
switchport access vlan 8
service-policy input limit8
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/9
switchport access vlan 101
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/10
switchport access vlan 10
service-policy input limit10
shutdown
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/11
switchport access vlan 11
service-policy input limit11
speed 100
srr-queue bandwidth shape 200 200 200 200
flowcontrol receive desired
!
interface FastEthernet1/0/12
switchport access vlan 12
service-policy input limit12
shutdown
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/13
switchport access vlan 13
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/14
switchport access vlan 14
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/15
switchport access vlan 15
service-policy input limit15
shutdown
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/16
switchport access vlan 16
service-policy input limit16
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/17
switchport access vlan 17
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/18
switchport access vlan 18
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/19
switchport access vlan 19
service-policy input limit19
shutdown
speed 100
srr-queue bandwidth shape 781 781 781 781
flowcontrol receive desired
!
interface FastEthernet1/0/20
switchport access vlan 20
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/21
switchport access vlan 21
speed 100
srr-queue bandwidth shape 20 20 20 20
flowcontrol receive desired
!
interface FastEthernet1/0/22
switchport access vlan 22
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/23
switchport access vlan 101
service-policy input limit23
shutdown
speed 100
srr-queue bandwidth shape 50 50 50 50
flowcontrol receive desired
!
interface FastEthernet1/0/24
switchport access vlan 24
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/25
switchport access vlan 25
service-policy input limit25
shutdown
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/26
switchport access vlan 26
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/27
switchport access vlan 27
speed 100
duplex full
srr-queue bandwidth shape 781 781 781 781
!
interface FastEthernet1/0/28
switchport access vlan 28
speed 100
srr-queue bandwidth shape 5 5 5 5
!
interface FastEthernet1/0/29
switchport access vlan 29
speed 100
srr-queue bandwidth shape 10 10 10 10
flowcontrol receive desired
!
interface FastEthernet1/0/30
switchport access vlan 30
service-policy input limit30
shutdown
speed 100
srr-queue bandwidth shape 100 100 100 100
flowcontrol receive desired
!
interface FastEthernet1/0/31
switchport access vlan 101
speed 100
srr-queue bandwidth shape 20 20 20 20
ip verify source
!
interface FastEthernet1/0/32
switchport access vlan 32
service-policy input limit32
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/33
switchport access vlan 33
service-policy input limit33
shutdown
speed 100
srr-queue bandwidth shape 100 100 100 100
!
interface FastEthernet1/0/34
switchport access vlan 34
service-policy input limit34
speed 100
srr-queue bandwidth shape 100 100 100 100
!
interface FastEthernet1/0/35
switchport access vlan 35
srr-queue bandwidth shape 10 10 10 10
!
interface FastEthernet1/0/36
switchport access vlan 36
service-policy input limit36
shutdown
speed 100
srr-queue bandwidth shape 100 100 100 100
!
interface FastEthernet1/0/37
switchport access vlan 37
service-policy input limit37
shutdown
speed 100
srr-queue bandwidth shape 50 50 50 50
!
interface FastEthernet1/0/38
switchport access vlan 101
service-policy input limit38
shutdown
speed 100
srr-queue bandwidth shape 100 100 100
ip verify source
!
interface FastEthernet1/0/39
switchport access vlan 101
service-policy input limit19
speed 100
srr-queue bandwidth shape 1000 1000 100
ip verify source
!
interface FastEthernet1/0/40
switchport access vlan 101
service-policy input limit19
srr-queue bandwidth shape 1000 1000 100
ip verify source
!
interface FastEthernet1/0/41
switchport access vlan 101
service-policy input limit19
speed 100
srr-queue bandwidth shape 1000 1000 100
ip verify source
!
interface FastEthernet1/0/42
switchport access vlan 101
service-policy input limit19
srr-queue bandwidth shape 1000 1000 100
!
interface FastEthernet1/0/43
switchport access vlan 101
!
interface FastEthernet1/0/44
switchport access vlan 101
!
interface FastEthernet1/0/45
switchport access vlan 101
!
interface FastEthernet1/0/46
switchport access vlan 46
!
interface FastEthernet1/0/47
switchport access vlan 47
speed 100
spanning-tree portfast
!
interface FastEthernet1/0/48
switchport access vlan 48
speed 100
spanning-tree portfast
!
interface GigabitEthernet1/0/1
switchport access vlan 100
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
no ip address
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan2
ip address 10.1.2.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan3
ip address 10.1.3.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan4
ip address 10.1.4.1 255.255.255.0
ip access-group sk in
ip helper-address 10.0.0.1
!
interface Vlan5
ip address 10.1.5.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan6
ip address 10.1.6.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan7
ip address 10.1.7.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan8
ip address 10.1.8.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan9
ip address 10.1.9.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
ip access-group server in
ip helper-address 10.0.0.1
!
interface Vlan11
ip address 10.1.11.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan12
ip address 10.1.12.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan13
ip address 10.1.13.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan14
ip address 10.1.14.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan15
ip address 10.1.15.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan16
ip address 10.1.16.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan17
ip address 10.1.17.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan18
ip address 10.1.18.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan19
ip address 10.1.19.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan20
ip address 10.1.20.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan21
ip address 10.1.21.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan22
ip address 10.1.22.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan23
ip address 10.1.23.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan24
ip address 10.1.24.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan25
ip address 10.1.25.1 255.255.255.0
ip access-group sk in
ip helper-address 10.0.0.1
!
interface Vlan26
ip address 10.1.26.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan27
ip address 10.1.27.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan28
ip address 10.1.28.1 255.255.255.0
ip access-group server in
ip helper-address 10.0.0.1
!
interface Vlan29
ip address 10.1.29.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan30
ip address 10.1.30.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan31
ip address 10.1.31.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan32
ip address 10.1.32.1 255.255.255.0
ip access-group server in
ip helper-address 10.0.0.1
!
interface Vlan33
ip address 10.1.33.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan34
ip address 10.1.34.1 255.255.255.0
ip access-group sk in
ip helper-address 10.0.0.1
!
interface Vlan35
ip address 10.1.35.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan36
ip address 10.1.36.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan37
ip address 10.1.37.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan46
ip address 10.1.46.1 255.255.255.0
ip access-group testing in
ip helper-address 10.0.0.1
!
interface Vlan47
ip address 10.1.47.1 255.255.255.0
ip access-group servers in
ip helper-address 10.0.0.1
!
interface Vlan48
ip address 10.1.48.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan100
ip address 10.0.0.2 255.255.255.0
!
interface Vlan101
ip address 73.230.58.113 255.255.255.240
ip access-group USERS_EXT in
!
interface Vlan1001
ip address 10.1.1.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
no ip http server
!
ip access-list extended HTTP
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit tcp 10.1.0.0 0.0.255.255 host 10.1.47.2 eq www
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
ip access-list extended SUBNETS
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit ip 10.1.0.0 0.0.255.255 10.1.28.0 0.0.0.255
permit ip 10.1.28.0 0.0.0.255 10.1.0.0 0.0.255.255
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
ip access-list extended USERS_EXT
permit ip 73.230.58.112 0.0.0.15 any
ip access-list extended server
permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip any any
deny ip host 10.1.32.4 host 194.50.120.10
ip access-list extended sk
permit ip host 10.1.28.10 host 10.1.32.74
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit ip 10.1.0.0 0.0.255.255 host 10.1.32.2
permit tcp 10.1.0.0 0.0.255.255 host 10.1.47.2 eq www
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
ip access-list extended testing
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit ip 10.1.0.0 0.0.255.255 host 10.1.32.2
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
deny ip 10.1.0.0 0.0.255.255 217.10.44.0 0.0.0.255
!
ip source binding 0001.0203.0405 vlan 101 73.230.58.116 interface Fa1/0/39
ip source binding 0001.0203.0407 vlan 101 73.230.58.117 interface Fa1/0/31
ip source binding 0001.0304.0807 vlan 101 73.230.58.115 interface Fa1/0/5
ip source binding 0002.0209.0408 vlan 101 73.230.58.119 interface Fa1/0/42
ip source binding 0001.0203.0408 vlan 101 73.230.58.118 interface Fa1/0/41
ip source binding 0001.0203.0406 vlan 101 73.230.58.114 interface Fa1/0/9
access-list 10 deny 10.1.0.0 0.0.255.255 log
access-list 10 permit any
access-list 20 permit 10.0.0.0 0.255.255.255
snmp-server community mstroi RO
snmp-server community secretmstroi RW
!
control-plane
!
!
line con 0
line vty 0 4
access-class 20 in
password 7 0215015819031B2C5F5A1B160C
login local
transport input telnet
line vty 5 15
access-class 20 in
password 7 15010E0F162F3F293B27272D1A
login local
transport input telnet
!
mac-address-table notification interval 60
mac-address-table notification history-size 500
end
Как много всего.:)
На 3825 пишите статик НАТ. Типа:
ip nat inside source static ip 10.1.1.X y.y.y.y
Соответственно внутренний адрес сервера (10.1.1.X) должен быть достижим с роутера.P.S. Публиковать пароли не стоило. RW community тоже. Аналогично с пробросом tcp 3389.
>Как много всего.:)
>На 3825 пишите статик НАТ. Типа:
>ip nat inside source static ip 10.1.1.X y.y.y.y
>Соответственно внутренний адрес сервера (10.1.1.X) должен быть достижим с роутера.
>
>P.S. Публиковать пароли не стоило. RW community тоже. Аналогично с пробросом tcp
>3389.Пасиба за совет!
Пробывал.
ip nat inside source static 10.1.28.223 95.120.17.241 extendable
ip nat outside source static 10.1.28.223 95.120.17.241 extendable
в инете статический ип определяется. а вот подключение к нему из вне не работает(
Думаю дальше!Тут какая то заморочка с...ip route 73.230.58.112 255.255.255.240 10.0.0.2 -на 3825. 10.0.0.2-это свитч 3750. а вот на свиче..
interface FastEthernet1/0/42
switchport access vlan 101interface Vlan101
ip address 73.230.58.113 255.255.255.240
ip access-group USERS_EXT inip access-list extended USERS_EXT
permit ip 73.230.58.112 0.0.0.15 any
Пользователи который пропавший админ настраивал, работают с прописанными настройками LAN- 73.230.x.x....:( выручайте братцы... куда копать?
Идея в следующем:
Вы создаете статическую трансляцию с local ip на global ip:
ip nat inside source static 10.1.28.223 95.120.17.241тем самым Вы делаете доступным сервер 10.1.28.223 из вне по адресу 95.120.17.241.
Если я всё правильно понимаю, то пакеты пришедшие на 95.120.17.241, согласно указаному маршруту, отправляются на 3750 в 28 VLAN. ACL нем permit ip any any. Если пакеты не дошли, то посмотрите локальный брандмауэр сервера.
>ip nat outside source static 10.1.28.223 95.120.17.241 extendable
Этот не нужен
>[оверквотинг удален]
>маршруту, отправляются на 3750 в 28 VLAN. ACL нем permit ip
>any any. Если пакеты не дошли, то посмотрите локальный брандмауэр сервера.
>
>
>
>>ip nat outside source static 10.1.28.223 95.120.17.241 extendable
>
>Этот не нужен
>
>Спасибо огромное за ответы)!
Пакеты на 28 VLAN уходят... И если в инете проверить свой ip, то показывает 95.120.17.241. Но, подключится ИЗ ВНЕ, к этому 95.120.17.241, невозможно! Открыты только 135 и 139 порт, хотя на серваке поднят HTTP и FTP. :(
Я думаю, что бывший админ, специально выделил 101 VLAN:
!
interface Vlan101
ip address 73.230.58.113 255.255.255.240
ip access-group USERS_EXT inСкорее всего, только с этого VLANа можно увидить хост из инета!
Есть мысли?
Сам сервер точно не блокирует? Я не вижу в ваших кофигах других ограничений.
>Сам сервер точно не блокирует? Я не вижу в ваших кофигах других
>ограничений.Уже разобрался)) Причём сам... вход. циска тупо маршрутит 73.230.x.x на свитч... создал Новый VLAN... прописал ему 73.230.x.x подсеть... хост в новый влан, и на хосте вбил статикой 73.230.x.x настройки.. Всё пашет как часы)
Спасибо!
ЗАКРОЙТЕ ТЕМУ)