URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 21266
[ Назад ]

Исходное сообщение
"Я нуб! Помогите разобратся с CISCO NAT-ом("

Отправлено MITNIK , 06-Июл-10 14:20 
Прошу помощи у Умных мира сего!

Проблема:

Есть 2 циски,
3825-на неё приходит инет
и
3750- на ней 36 Vlan-ов... она раздаёт инет от 3825.

Необходимо, настроить на сервер в VLAN-е, реальный статический инет IP.

Ситуация как я понял:
на 3825- есть скоп реальных ип 95.120.x.x, и второй скоп 73.230.x.x
Бывший админ, который пропал безвести, настраивал всем именно 73.230.x.x

Объясните схему?
Вот конфиги:
3825-на неё приходит инет
Using 8052 out of 491512 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$ZC19$oL5/zcjPRSt8fjLrUfHCd0
enable password 7 104F0D1453424B5314
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool USERS1
   network 10.1.1.0 255.255.255.0
   default-router 10.1.1.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS2
   network 10.1.2.0 255.255.255.0
   default-router 10.1.2.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS3
   network 10.1.3.0 255.255.255.0
   default-router 10.1.3.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS4
   network 10.1.4.0 255.255.255.0
   default-router 10.1.4.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS5
   network 10.1.5.0 255.255.255.0
   default-router 10.1.5.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS6
   network 10.1.6.0 255.255.255.0
   default-router 10.1.6.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS7
   network 10.1.7.0 255.255.255.0
   default-router 10.1.7.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS8
   network 10.1.8.0 255.255.255.0
   default-router 10.1.8.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS9
   network 10.1.9.0 255.255.255.0
   default-router 10.1.9.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS10
   network 10.1.10.0 255.255.255.0
   default-router 10.1.10.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS11
   network 10.1.11.0 255.255.255.0
   default-router 10.1.11.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS12
   network 10.1.12.0 255.255.255.0
   default-router 10.1.12.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS13
   network 10.1.13.0 255.255.255.0
   default-router 10.1.13.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS14
   network 10.1.14.0 255.255.255.0
   default-router 10.1.14.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS15
   network 10.1.15.0 255.255.255.0
   default-router 10.1.16.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS17
   network 10.1.17.0 255.255.255.0
   default-router 10.1.17.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS18
   network 10.1.18.0 255.255.255.0
   default-router 10.1.18.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS19
   network 10.1.19.0 255.255.255.0
   default-router 10.1.19.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS20
   network 10.1.20.0 255.255.255.0
   default-router 10.1.20.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS21
   network 10.1.21.0 255.255.255.0
   default-router 10.1.21.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS22
   network 10.1.22.0 255.255.255.0
   default-router 10.1.22.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS23
   network 10.1.23.0 255.255.255.0
   default-router 10.1.23.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS24
   network 10.1.24.0 255.255.255.0
   default-router 10.1.24.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS25
   network 10.1.25.0 255.255.255.0
   default-router 10.1.25.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS26
   network 10.1.26.0 255.255.255.0
   default-router 10.1.26.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS27
   network 10.1.27.0 255.255.255.0
   default-router 10.1.27.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS28
   network 10.1.28.0 255.255.255.0
   default-router 10.1.28.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS29
   network 10.1.29.0 255.255.255.0
   default-router 10.1.29.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS30
   network 10.1.30.0 255.255.255.0
   default-router 10.1.30.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS31
   network 10.1.31.0 255.255.255.0
   default-router 10.1.31.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS32
   network 10.1.32.0 255.255.255.0
   default-router 10.1.32.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS33
   network 10.1.33.0 255.255.255.0
   default-router 10.1.33.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS34
   network 10.1.34.0 255.255.255.0
   default-router 10.1.34.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS35
   network 10.1.35.0 255.255.255.0
   default-router 10.1.35.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS36
   network 10.1.36.0 255.255.255.0
   default-router 10.1.36.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS47
   network 10.1.47.0 255.255.255.0
   default-router 10.1.47.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USER37
   network 10.1.37.0 255.255.255.0
   default-router 10.1.37.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
ip dhcp pool USERS16
!
ip dhcp pool USERS37
   lease infinite
!
ip dhcp pool USER32
!
ip dhcp pool USERS46
   network 10.1.46.0 255.255.255.0
   default-router 10.1.46.1
   dns-server 73.230.35.98 73.230.43.42
   lease infinite
!
!
ip domain name yourdomain.com
!
username mstroi password 7 045A0F0B5974151611
!
!
!
interface GigabitEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip flow egress
ip nat inside
ip route-cache flow
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
ip address 95.120.17.240 255.255.255.0 secondary
ip address 95.120.17.241 255.255.255.0 secondary
ip address 95.120.17.242 255.255.255.0 secondary
ip address 95.120.17.243 255.255.255.0 secondary
ip address 95.120.17.244 255.255.255.0 secondary
ip address 95.120.17.245 255.255.255.0 secondary
ip address 95.120.17.238 255.255.255.252
ip nat outside
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 95.120.17.237
ip route 10.0.0.0 255.0.0.0 10.0.0.2
ip route 73.230.58.112 255.255.255.240 10.0.0.2
ip flow-export version 5
ip flow-export destination 10.1.47.2 3000
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip nat inside source static 10.1.28.223 95.120.17.241 extendable
ip nat inside source static 10.1.46.4 95.120.17.242 extendable
ip nat inside source static tcp 10.1.1.44 3389 95.120.17.244 22356 extendable
ip nat inside source static tcp 10.1.1.5 3389 95.120.17.244 23467 extendable
ip nat outside source static 10.1.28.223 95.120.17.241 extendable
!
access-list 100 permit ip 10.1.0.0 0.0.255.255 any
access-list 100 deny   ip 10.0.0.0 0.255.255.255 10.1.48.0 0.0.0.255
access-list 100 deny   ip 10.1.0.0 0.0.255.255 10.1.48.0 0.0.0.255
!
control-plane
!
!
line con 0
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end


3750-свитч с VLANами

Using 18027 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Core
!
enable password 7 020700565D53567954
!
username mstroi password 7 045A0F0B5974151611
no aaa new-model
switch 1 provision ws-c3750-48ts
ip subnet-zero
ip routing
!
ip dhcp pool qwerty
   network 10.100.0.0 255.255.255.0
!
!
mls qos
!
!
errdisable recovery interval 120
no file verify auto
!
mac access-list extended test_arp2
permit any any
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
class-map match-all vlan32
  description bind-to-interface
  match input-interface  FastEthernet1/0/32
!
!
policy-map limit5
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit4
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit7
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit6
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit1
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit3
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit2
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit9
  class class-default
    police 256000 128000 exceed-action drop
policy-map limit8
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit14
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit27
  class class-default
    police 128000 64000 exceed-action drop
policy-map limit36
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit15
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit26
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit37
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit16
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit25
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit34
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit17
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit24
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit35
  class class-default
    police 500000 250000 exceed-action drop
policy-map limit10
  class class-default
    police 200000 100000 exceed-action drop
policy-map limit23
  class class-default
    police 125000 62500 exceed-action drop
policy-map limit32
  class class-default
    police 10000000 1000000 exceed-action drop
policy-map limit11
  class class-default
    police 125000 64000 exceed-action drop
policy-map limit22
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit33
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit12
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit21
  class class-default
    police 500000 250000 exceed-action drop
policy-map limit30
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map linit11
policy-map limit13
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit20
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit31
  class class-default
    police 500000 250000 exceed-action drop
policy-map limit18
  class class-default
    police 2000000 1000000 exceed-action drop
policy-map limit19
  class class-default
    police 125000 62500 exceed-action drop
policy-map limit29
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit38
  class class-default
    police 1000000 500000 exceed-action drop
policy-map limit28
  class class-default
    police 2000000 1000000 exceed-action drop
!
!
interface FastEthernet1/0/1
switchport access vlan 1001
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/2
switchport access vlan 2
service-policy input limit2
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/3
switchport access vlan 3
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/4
switchport access vlan 4
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/5
switchport access vlan 101
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
ip verify source
!
interface FastEthernet1/0/6
switchport access vlan 6
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/7
switchport access vlan 7
service-policy input limit7
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/8
switchport access vlan 8
service-policy input limit8
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/9
switchport access vlan 101
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/10
switchport access vlan 10
service-policy input limit10
shutdown
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/11
switchport access vlan 11
service-policy input limit11
speed 100
srr-queue bandwidth shape  200  200  200  200
flowcontrol receive desired
!
interface FastEthernet1/0/12
switchport access vlan 12
service-policy input limit12
shutdown
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/13
switchport access vlan 13
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/14
switchport access vlan 14
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/15
switchport access vlan 15
service-policy input limit15
shutdown
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/16
switchport access vlan 16
service-policy input limit16
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/17
switchport access vlan 17
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/18
switchport access vlan 18
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/19
switchport access vlan 19
service-policy input limit19
shutdown
speed 100
srr-queue bandwidth shape  781  781  781  781
flowcontrol receive desired
!
interface FastEthernet1/0/20
switchport access vlan 20
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/21
switchport access vlan 21
speed 100
srr-queue bandwidth shape  20  20  20  20
flowcontrol receive desired
!
interface FastEthernet1/0/22
switchport access vlan 22
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/23
switchport access vlan 101
service-policy input limit23
shutdown
speed 100
srr-queue bandwidth shape  50  50  50  50
flowcontrol receive desired
!
interface FastEthernet1/0/24
switchport access vlan 24
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/25
switchport access vlan 25
service-policy input limit25
shutdown
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/26
switchport access vlan 26
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/27
switchport access vlan 27
speed 100
duplex full
srr-queue bandwidth shape  781  781  781  781
!
interface FastEthernet1/0/28
switchport access vlan 28
speed 100
srr-queue bandwidth shape  5  5  5  5
!
interface FastEthernet1/0/29
switchport access vlan 29
speed 100
srr-queue bandwidth shape  10  10  10  10
flowcontrol receive desired
!
interface FastEthernet1/0/30
switchport access vlan 30
service-policy input limit30
shutdown
speed 100
srr-queue bandwidth shape  100  100  100  100
flowcontrol receive desired
!
interface FastEthernet1/0/31
switchport access vlan 101
speed 100
srr-queue bandwidth shape  20  20  20  20
ip verify source
!
interface FastEthernet1/0/32
switchport access vlan 32
service-policy input limit32
speed 100
flowcontrol receive desired
!
interface FastEthernet1/0/33
switchport access vlan 33
service-policy input limit33
shutdown
speed 100
srr-queue bandwidth shape  100  100  100  100
!
interface FastEthernet1/0/34
switchport access vlan 34
service-policy input limit34
speed 100
srr-queue bandwidth shape  100  100  100  100
!
interface FastEthernet1/0/35
switchport access vlan 35
srr-queue bandwidth shape  10  10  10  10
!
interface FastEthernet1/0/36
switchport access vlan 36
service-policy input limit36
shutdown
speed 100
srr-queue bandwidth shape  100  100  100  100
!
interface FastEthernet1/0/37
switchport access vlan 37
service-policy input limit37
shutdown
speed 100
srr-queue bandwidth shape  50  50  50  50
!
interface FastEthernet1/0/38
switchport access vlan 101
service-policy input limit38
shutdown
speed 100
srr-queue bandwidth shape  100  100  100
ip verify source
!
interface FastEthernet1/0/39
switchport access vlan 101
service-policy input limit19
speed 100
srr-queue bandwidth shape  1000  1000  100
ip verify source
!
interface FastEthernet1/0/40
switchport access vlan 101
service-policy input limit19
srr-queue bandwidth shape  1000  1000  100
ip verify source
!
interface FastEthernet1/0/41
switchport access vlan 101
service-policy input limit19
speed 100
srr-queue bandwidth shape  1000  1000  100
ip verify source
!
interface FastEthernet1/0/42
switchport access vlan 101
service-policy input limit19
srr-queue bandwidth shape  1000  1000  100
!
interface FastEthernet1/0/43
switchport access vlan 101
!
interface FastEthernet1/0/44
switchport access vlan 101
!
interface FastEthernet1/0/45
switchport access vlan 101
!
interface FastEthernet1/0/46
switchport access vlan 46
!
interface FastEthernet1/0/47
switchport access vlan 47
speed 100
spanning-tree portfast
!
interface FastEthernet1/0/48
switchport access vlan 48
speed 100
spanning-tree portfast
!
interface GigabitEthernet1/0/1
switchport access vlan 100
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
no ip address
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan2
ip address 10.1.2.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan3
ip address 10.1.3.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan4
ip address 10.1.4.1 255.255.255.0
ip access-group sk in
ip helper-address 10.0.0.1
!
interface Vlan5
ip address 10.1.5.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan6
ip address 10.1.6.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan7
ip address 10.1.7.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan8
ip address 10.1.8.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan9
ip address 10.1.9.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
ip access-group server in
ip helper-address 10.0.0.1
!
interface Vlan11
ip address 10.1.11.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan12
ip address 10.1.12.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan13
ip address 10.1.13.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan14
ip address 10.1.14.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan15
ip address 10.1.15.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan16
ip address 10.1.16.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan17
ip address 10.1.17.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan18
ip address 10.1.18.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan19
ip address 10.1.19.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan20
ip address 10.1.20.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan21
ip address 10.1.21.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan22
ip address 10.1.22.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan23
ip address 10.1.23.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan24
ip address 10.1.24.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan25
ip address 10.1.25.1 255.255.255.0
ip access-group sk in
ip helper-address 10.0.0.1
!
interface Vlan26
ip address 10.1.26.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan27
ip address 10.1.27.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan28
ip address 10.1.28.1 255.255.255.0
ip access-group server in
ip helper-address 10.0.0.1
!
interface Vlan29
ip address 10.1.29.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan30
ip address 10.1.30.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan31
ip address 10.1.31.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan32
ip address 10.1.32.1 255.255.255.0
ip access-group server in
ip helper-address 10.0.0.1
!
interface Vlan33
ip address 10.1.33.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan34
ip address 10.1.34.1 255.255.255.0
ip access-group sk in
ip helper-address 10.0.0.1
!
interface Vlan35
ip address 10.1.35.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan36
ip address 10.1.36.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan37
ip address 10.1.37.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
interface Vlan46
ip address 10.1.46.1 255.255.255.0
ip access-group testing in
ip helper-address 10.0.0.1
!
interface Vlan47
ip address 10.1.47.1 255.255.255.0
ip access-group servers in
ip helper-address 10.0.0.1
!
interface Vlan48
ip address 10.1.48.1 255.255.255.0
ip access-group SUBNETS in
ip helper-address 10.0.0.1
!
interface Vlan100
ip address 10.0.0.2 255.255.255.0
!
interface Vlan101
ip address 73.230.58.113 255.255.255.240
ip access-group USERS_EXT in
!
interface Vlan1001
ip address 10.1.1.1 255.255.255.0
ip access-group HTTP in
ip helper-address 10.0.0.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
no ip http server
!
ip access-list extended HTTP
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit tcp 10.1.0.0 0.0.255.255 host 10.1.47.2 eq www
deny   ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
ip access-list extended SUBNETS
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit ip 10.1.0.0 0.0.255.255 10.1.28.0 0.0.0.255
permit ip 10.1.28.0 0.0.0.255 10.1.0.0 0.0.255.255
deny   ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
ip access-list extended USERS_EXT
permit ip 73.230.58.112 0.0.0.15 any
ip access-list extended server
permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip any any
deny   ip host 10.1.32.4 host 194.50.120.10
ip access-list extended sk
permit ip host 10.1.28.10 host 10.1.32.74
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit ip 10.1.0.0 0.0.255.255 host 10.1.32.2
permit tcp 10.1.0.0 0.0.255.255 host 10.1.47.2 eq www
deny   ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
ip access-list extended testing
permit ip 10.1.0.0 0.0.255.255 10.1.0.1 0.0.255.0
permit ip 10.1.0.0 0.0.255.255 host 10.1.32.2
deny   ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 any
permit udp any any eq bootps bootpc
deny   ip 10.1.0.0 0.0.255.255 217.10.44.0 0.0.0.255
!
ip source binding 0001.0203.0405 vlan 101 73.230.58.116 interface Fa1/0/39
ip source binding 0001.0203.0407 vlan 101 73.230.58.117 interface Fa1/0/31
ip source binding 0001.0304.0807 vlan 101 73.230.58.115 interface Fa1/0/5
ip source binding 0002.0209.0408 vlan 101 73.230.58.119 interface Fa1/0/42
ip source binding 0001.0203.0408 vlan 101 73.230.58.118 interface Fa1/0/41
ip source binding 0001.0203.0406 vlan 101 73.230.58.114 interface Fa1/0/9
access-list 10 deny   10.1.0.0 0.0.255.255 log
access-list 10 permit any
access-list 20 permit 10.0.0.0 0.255.255.255
snmp-server community mstroi RO
snmp-server community secretmstroi RW
!
control-plane
!
!
line con 0
line vty 0 4
access-class 20 in
password 7 0215015819031B2C5F5A1B160C
login local
transport input telnet
line vty 5 15
access-class 20 in
password 7 15010E0F162F3F293B27272D1A
login local
transport input telnet
!
mac-address-table notification interval 60
mac-address-table notification history-size 500
end


Содержание

Сообщения в этом обсуждении
"Я нуб! Помогите разобратся с CISCO NAT-ом("
Отправлено maputa , 06-Июл-10 17:29 
Как много всего.:)
На 3825 пишите статик НАТ. Типа:
ip nat inside source static ip 10.1.1.X y.y.y.y
Соответственно внутренний адрес сервера (10.1.1.X) должен быть достижим с роутера.

P.S. Публиковать пароли не стоило. RW community тоже. Аналогично с пробросом tcp 3389.


"Я нуб! Помогите разобратся с CISCO NAT-ом("
Отправлено MITNIK , 06-Июл-10 17:55 
>Как много всего.:)
>На 3825 пишите статик НАТ. Типа:
>ip nat inside source static ip 10.1.1.X y.y.y.y
>Соответственно внутренний адрес сервера (10.1.1.X) должен быть достижим с роутера.
>
>P.S. Публиковать пароли не стоило. RW community тоже. Аналогично с пробросом tcp
>3389.

Пасиба за совет!
Пробывал.
ip nat inside source static 10.1.28.223 95.120.17.241 extendable
ip nat outside source static 10.1.28.223 95.120.17.241 extendable

в инете статический ип определяется. а вот подключение к нему из вне не работает(
Думаю дальше!

Тут какая то заморочка с...ip route 73.230.58.112 255.255.255.240 10.0.0.2 -на 3825. 10.0.0.2-это свитч 3750. а вот на свиче..

interface FastEthernet1/0/42
switchport access vlan 101

interface Vlan101
ip address 73.230.58.113 255.255.255.240
ip access-group USERS_EXT in

ip access-list extended USERS_EXT
permit ip 73.230.58.112 0.0.0.15 any


Пользователи который пропавший админ настраивал, работают с прописанными настройками LAN- 73.230.x.x....

:( выручайте братцы... куда копать?


"Я нуб! Помогите разобратся с CISCO NAT-ом("
Отправлено maputa , 06-Июл-10 18:34 
Идея в следующем:
Вы создаете статическую трансляцию с local ip на global ip:
ip nat inside source static 10.1.28.223 95.120.17.241

тем самым Вы делаете доступным сервер 10.1.28.223 из вне по адресу 95.120.17.241.
Если я всё правильно понимаю, то пакеты пришедшие на 95.120.17.241, согласно указаному маршруту, отправляются на 3750 в 28 VLAN. ACL нем permit ip any any. Если пакеты не дошли, то посмотрите локальный брандмауэр сервера.

>ip nat outside source static 10.1.28.223 95.120.17.241 extendable

Этот не нужен


"Я нуб! Помогите разобратся с CISCO NAT-ом("
Отправлено MITNIK , 07-Июл-10 10:04 
>[оверквотинг удален]
>маршруту, отправляются на 3750 в 28 VLAN. ACL нем permit ip
>any any. Если пакеты не дошли, то посмотрите локальный брандмауэр сервера.
>
>
>
>>ip nat outside source static 10.1.28.223 95.120.17.241 extendable
>
>Этот не нужен
>
>

Спасибо огромное за ответы)!

Пакеты на 28 VLAN уходят... И если в инете проверить свой ip, то показывает 95.120.17.241. Но, подключится ИЗ ВНЕ, к этому 95.120.17.241, невозможно! Открыты только 135 и 139 порт, хотя на серваке поднят HTTP и FTP. :(
Я думаю, что бывший админ, специально выделил 101 VLAN:
!
interface Vlan101
ip address 73.230.58.113 255.255.255.240
ip access-group USERS_EXT in

Скорее всего, только с этого VLANа можно увидить хост из инета!

Есть мысли?


"Я нуб! Помогите разобратся с CISCO NAT-ом("
Отправлено maputa , 07-Июл-10 13:19 
Сам сервер точно не блокирует? Я не вижу в ваших кофигах других ограничений.



"Я нуб! Помогите разобратся с CISCO NAT-ом("
Отправлено MITNIK , 08-Июл-10 17:45 
>Сам сервер точно не блокирует? Я не вижу в ваших кофигах других
>ограничений.

Уже разобрался)) Причём сам... вход. циска тупо маршрутит 73.230.x.x на свитч... создал Новый VLAN... прописал ему 73.230.x.x подсеть... хост в новый влан, и на хосте вбил статикой 73.230.x.x настройки.. Всё пашет как часы)

Спасибо!

ЗАКРОЙТЕ ТЕМУ)