Добрый день,
На CiSCO 1841 поднято два PPPoE соединения с одним провайдером. Оба соединения со статическими адресами. На втором соединении поднят туннель (с другой CiSCO-й в другом городе). При физическом выключении одного из соединений (выключается конвертор из E1 в Ethernet) перестает работать передача по туннелю, идущему по второму соединению с интернетом. В чем может быть ошибка?
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER-PU
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable **********************************
enable password *************************
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone *** 3
no ip gratuitous-arps
ip cef
!
!
ip dhcp use vrf connected
!
no ip bootp server
ip name-server ***.***.**.*
ppp limit ccp 2
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
vpdn-group 2
!
!
!
archive
log config
hidekeys
!
!
interface Tunnel0
description Tunnel to IVANOVO
ip address 172.16.1.94 255.255.255.252
ip broadcast-address 172.16.1.95
ip mtu 1400
tunnel source Dialer2
tunnel destination **.***.***.**
!
interface FastEthernet0/0
description E1-Flex
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no mop enabled
!
interface FastEthernet0/1
description Internet-LAN$ETH-LAN$
bandwidth 100000
no ip address
duplex auto
speed auto
no mop enabled
!interface FastEthernet0/1
description Internet-Tunnel to IVANOVO
bandwidth 100000
no ip address
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1.20
description inet-lan
encapsulation dot1Q 20
ip address 192.168.0.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.23
description inet-to IVANOVO
encapsulation dot1Q 23
ip address 10.2.24.1 255.255.255.0
ip broadcast-address 10.2.24.255
ip nat inside
ip virtual-reassembly
rate-limit input 512000 128000 128000 conform-action transmit exceed-action drop
rate-limit output 512000 128000 128000 conform-action transmit exceed-action drop
ip tcp adjust-mss 1452
no cdp enable
!
interface FastEthernet0/1/0
description E1-Flex-Tunnel-insode
switchport access vlan 19
mac-address ****.****.****
no mop enabled
!
interface FastEthernet0/1/1
shutdown
!
interface FastEthernet0/1/2
shutdown
!
interface FastEthernet0/1/3
shutdown
!
interface Vlan1
no ip address
!
interface Vlan19
description inet-to IVANOVO-515kb
ip address 10.22.88.1 255.255.255.0
ip access-group inet-to IVANOVO in
pppoe enable
pppoe-client dial-pool-number 2
!
interface Dialer1
description InterNET- PPPoE
mtu 1492
bandwidth 2048
ip address negotiated
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname *******@********.ru
ppp chap password 7 ********************
ppp pap sent-username *************@******** password 7 ****************
!
interface Dialer2
description InterNET-to IVANOVO PPPoE
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication chap callin
ppp chap hostname *****@********.ru
ppp chap password 7 *************
ppp pap sent-username *****@******.ru password 7 ************
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.2.128 255.255.255.128 Tunnel0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 21 interface Dialer1 21
ip nat inside source static tcp 192.168.0.2 22 interface Dialer1 22
ip nat inside source static tcp 192.168.0.2 10000 interface Dialer1 10000
ip nat inside source list 4 interface Dialer1 overload
ip nat inside source static tcp 172.15.10.2 3389 interface Dialer1 10001
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer1 overload
ip nat inside source list 12 interface FastEthernet0/1.20 overload
ip nat inside source list 13 interface Dialer1 overload
ip nat inside source list 36 interface Dialer2 overload
ip nat inside source list 37 interface Dialer1 overload
!
ip access-list standard server
remark SDM_ACL Category=256
permit 192.168.0.2
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 4 permit 172.15.10.2
access-list 10 permit 10.2.7.0 0.0.0.255
access-list 11 permit 10.2.8.0 0.0.0.255
access-list 11 permit 10.2.18.0 0.0.0.255
access-list 11 permit 10.2.24.0 0.0.0.255
access-list 12 deny 10.2.7.0 0.0.0.255
access-list 13 permit 10.2.9.0 0.0.0.255
access-list 36 permit 10.2.10.0 0.0.0.255
access-list 37 permit 10.2.11.0 0.0.0.255
access-list 101 permit ip 10.1.2.0 0.0.0.255 any
access-list 102 permit ip any host 192.168.0.3
access-list 110 permit tcp any host 192.168.0.2 eq ftp
access-list 110 permit tcp any host 192.168.0.2 eq ftp-data
access-list 110 permit tcp any eq ftp-data any gt 1024
access-list rate-limit 117 0024.be42.3a78
access-list rate-limit 120 0004.23d2.c182
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
priority-list 1 protocol ip high tcp www
priority-list 1 protocol ip low tcp ftp
no cdp run
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password 7 ****************
!
scheduler allocate 20000 1000
ntp clock-period 17178435
ntp server ***.**.***.**
ntp server ***.**.***.***
end
>[оверквотинг удален]
> line con 0
> line aux 0
> line vty 0 4
> password 7 ****************
> !
> scheduler allocate 20000 1000
> ntp clock-period 17178435
> ntp server ***.**.***.**
> ntp server ***.**.***.***
> endУ вас маршрут
ip route 0.0.0.0 0.0.0.0 Dialer1
Следовательно трафик туннеля ходит через первое соединение.
Когда Dialer1 падает, туннель рассыпается потому что нет нормального маршрута.
Когда Dialer2 падает, туннель рассыпается потому что у вас в качестве tunnel source стоит Dialer2.