forum.opennet.ru - "Cisco 3640, NAT & NetFlow" (3)

форумы

помощь

поиск

регистрация

майллист

ВХОД

слежка

"Cisco 3640, NAT & NetFlow"

Форумы Маршрутизаторы CISCO и др. оборудование. (Public)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[Проследить за развитием треда]

"Cisco 3640, NAT & NetFlow"
Сообщение от Dmitriy Sirant on 21-Фев-06, 14:03
Имеем: cisco-3640#sh ver Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3640-IO3-M), Version 12.2(32), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Fri 02-Dec-05 15:19 by Image text-base: 0x60008930, data-base: 0x60A88000 ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) cisco-3640 uptime is 4 hours, 3 minutes System returned to ROM by reload System image file is "flash:c3640-io3-mz.122-32.bin" cisco 3640 (R4700) processor (revision 0x00) with 61440K/4096K bytes of memory. Processor board ID 21961002 R4700 CPU at 100Mhz, Implementation 33, Rev 1.0 Bridging software. X.25 software, Version 3.0.0. 2 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 2 Serial network interface(s) DRAM configuration is 64 bits wide with parity disabled. 125K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Проблема, что траффик идущий через NAT не попадает в NetFlow, а именно: 04:04:36: IP: s=66.225.214.106 (Ethernet0/0), d=192.168.23.15, len 40, policy match 04:04:36: IP: route map netflow_nat, item 10, permit 04:04:36: IP: s=66.225.214.106 (Ethernet0/0), d=192.168.23.15 (Loopback0), len 40, policy routed 04:04:36: IP: Ethernet0/0 to Loopback0 192.168.23.15 а cisco-3640#sh ip cache flow \| include 66.225.214.106 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 100C 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 100F 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 1008 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 1007 3 Et0/1 192.168.23.15 Et0/0 66.225.214.106 06 0F57 22B8 22 Et0/0 66.225.214.106 Null 192.168.23.15 06 22B8 0F57 25 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0EAA 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0EA6 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0EE3 6 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0EC3 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0E71 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FA9 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FBB 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F8C 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F8F 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F98 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F94 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FEF 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FE7 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FE3 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FF2 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FF3 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FCF 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FC5 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0FD4 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F1C 9 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F19 6 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F1A 4 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F6A 3 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F64 4 Et0/0 66.225.214.106 Null 192.168.23.15 06 0050 0F7F 3 т.е. с помощью route-map я его перенаправил на интерфейс loopback, а он всеравно не попадает в netflow...
Правка \| Высказать мнение \| Ответить \| Cообщить модератору \| Наверх

Оглавление

Cisco 3640, NAT & NetFlow, NoSe, 01:16 , 23-Фев-06, (1)

Cisco 3640, NAT & NetFlow, Dmitriy Sirant, 11:43 , 23-Фев-06, (2)

Cisco 3640, NAT & NetFlow, ser00, 13:41 , 28-Фев-06, (3)

Сообщения по теме [Сортировка по времени, UBB]

1. "Cisco 3640, NAT & NetFlow"

Сообщение от NoSe (??) on 23-Фев-06, 01:16

конфигурацию в этом случае не плохо бы показать...

Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

2. "Cisco 3640, NAT & NetFlow"

Сообщение от Dmitriy Sirant on 23-Фев-06, 11:43

>конфигурацию в этом случае не плохо бы показать...
Внешний интерфейс Eth0/0
Внутрение Eth0/1, Fast2/0
Статистика льется через внутренний Fast2/0
Помимо вышеуказанной проблемы есть еще одна, из этой же области. Не все, даже с двух сторон с реальными IP потоки выливаются в статистику (тоже при  sh ip cache flow в DstInt стоит null), причем другой поток между этими IP может записаться. Ни в какие ACL (блокирующие) неучтенный поток не попадает.
Current configuration : 12674 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco-3640
!
boot system flash c3640-io3-mz.122-32.bin
no logging console guaranteed
aaa new-model
!
ip subnet-zero
no ip rcmd domain-lookup
ip rcmd rsh-enable
ip flow-cache entries 4094
ip flow-cache timeout inactive 240
ip flow-cache timeout active 45
ip cef
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
interface Loopback0
ip address 193.xxx.xxx.225 255.255.255.255
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
no keepalive
!
interface Tunnel0
ip address 192.168.200.1 255.255.255.0
ip access-group 199 in
ip mtu 1470
ip nat inside
ip route-cache flow
no ip mroute-cache
tunnel source 172.16.1.1
tunnel destination 172.16.0.1
tunnel mode ipip
!
interface Ethernet0/0
ip address 172.16.1.1 255.255.255.0 secondary
ip address 195.xxx.xxx.66 255.255.255.192
ip access-group 199 in
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no ip mroute-cache
ip policy route-map netflow_nat
no keepalive
half-duplex
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
ip address 192.168.4.250 255.255.255.0 secondary
ip address 193.xxx.xxx.253 255.255.255.252 secondary
ip address 193.xxx.xxx.65 255.255.255.192
ip access-group 199 in
no ip unreachables
no ip proxy-arp
ip nat inside
rate-limit input access-group 115 96000 18000 36000 conform-action transmit exceed-action drop
rate-limit input access-group 117 256000 48000 96000 conform-action transmit exceed-action drop
rate-limit input access-group 119 64000 12000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 121 96000 18000 36000 conform-action transmit exceed-action drop
rate-limit input access-group 123 96000 18000 36000 conform-action transmit exceed-action drop
rate-limit input access-group 125 96000 18000 36000 conform-action transmit exceed-action drop
rate-limit input access-group 127 96000 18000 36000 conform-action transmit exceed-action drop
rate-limit input access-group 129 64000 12000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 131 64000 12000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 135 64000 12000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 137 128000 24000 48000 conform-action transmit exceed-action drop
rate-limit input access-group 139 64000 12000 24000 conform-action transmit exceed-action drop
ip route-cache flow
no ip mroute-cache
no keepalive
half-duplex
traffic-shape group 116 96000 12000 12000 128
traffic-shape group 118 256000 32000 32000 128
traffic-shape group 120 64000 8000 8000 128
traffic-shape group 122 96000 12000 12000 128
traffic-shape group 124 96000 12000 12000 128
traffic-shape group 126 96000 12000 12000 128
traffic-shape group 128 96000 12000 12000 128
traffic-shape group 130 64000 8000 8000 128
traffic-shape group 132 64000 8000 8000 128
traffic-shape group 136 64000 8000 8000 128
traffic-shape group 138 128000 16000 16000 128
traffic-shape group 140 64000 8000 8000 128
no cdp enable
!
interface Serial0/1
no ip address
shutdown
!
interface FastEthernet2/0
ip address 193.xxx.xxx.9 255.255.255.192
ip access-group 199 in
no ip unreachables
no ip proxy-arp
ip nat inside
rate-limit input access-group 111 512000 96000 192000 conform-action transmit exceed-action drop
rate-limit input access-group 113 96000 18000 36000 conform-action transmit exceed-action drop
rate-limit input access-group 133 32000 6000 12000 conform-action transmit exceed-action drop
ip route-cache flow
no ip mroute-cache
no keepalive
speed 100
full-duplex
traffic-shape group 112 512000 32000 32000 512
traffic-shape group 114 96000 12000 12000 128
traffic-shape group 134 32000 4000 4000 128
no cdp enable
!
ip nat inside source list 5 interface Ethernet0/0 overload
ip nat inside source list 102 interface Ethernet0/0 overload
ip flow-export source FastEthernet2/0
ip flow-export version 5
ip flow-export destination 193.xxx.xxx.1 2100
ip classless
no ip http server
!
access-list 5 permit 192.168.1.249
access-list 5 permit 192.168.1.253
access-list 5 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.12.0 0.0.0.255
access-list 5 permit 192.168.14.0 0.0.0.255
access-list 5 permit 192.168.23.0 0.0.0.255
access-list 5 permit 192.168.6.0 0.0.0.255
access-list 5 permit 192.168.29.0 0.0.0.255
access-list 5 permit 192.168.20.0 0.0.0.255
access-list 5 permit 192.168.5.0 0.0.0.255
access-list 5 permit 192.168.30.0 0.0.0.255
access-list 102 permit ip any host 212.109.57.226
access-list 102 permit ip any host 213.186.198.70
access-list 102 permit ip any host 62.244.21.62
access-list 102 permit ip any host 212.82.220.134
access-list 103 permit ip any 192.168.0.0 0.0.255.255
access-list 199 remark Zhashishaemsa ot nekotorih virusov
access-list 199 deny   tcp any any eq 135
access-list 199 deny   udp any any eq 135
access-list 199 permit ip any any
!
route-map netflow_nat permit 10
match ip address 103
set interface Loopback0 Ethernet0/0
!
line con 0
line aux 0
line vty 0 4
!
end

Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

3. "Cisco 3640, NAT & NetFlow"

Сообщение от ser00 on 28-Фев-06, 13:41

Вот рабочий конфиг моей кошки
IOS
c3640-jk9o3s-mz.123-14.T3.bin
Current configuration : 2452 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname igate
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting nested
aaa accounting update newinfo
aaa accounting network default start-stop group radius
!
aaa session-id common
!
resource policy
!
clock timezone IRK 8
clock summer-time IRK recurring last Sun Mar 2:00 last Sun Oct 2:00
ip subnet-zero
ip flow-egress input-interface
ip flow-cache timeout inactive 60
ip flow-cache timeout active 1
!
!
ip cef
no ip domain lookup
ip domain name angarskhome.net
ip name-server 192.168.2.10
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
vpdn-group 2
accept-dialin
protocol pppoe
virtual-template 2
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no crypto isakmp ccm
!
!
!
!
interface Ethernet0/0
ip address 192.168.2.20 255.255.255.0
no ip redirects
full-duplex
pppoe enable
!
interface Ethernet0/1
ip address XXX.XXX.XXX.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache policy
full-duplex
!
interface Virtual-Template1
mtu 1460
bandwidth 1024
ip unnumbered Ethernet0/0
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
delay 200
autodetect encapsulation ppp
no keepalive
ppp authentication chap callin
!
interface Virtual-Template2
mtu 1492
bandwidth 1024
ip unnumbered Ethernet0/0
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
delay 200
autodetect encapsulation ppp
no keepalive
ppp authentication pap callin
!
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.10
ip flow-export version 5
ip flow-export destination 192.168.2.10 9996
!
!
ip nat inside source list 4 interface Ethernet0/1 overload
!
access-list 4 permit 10.0.0.0 0.0.255.255
access-list 108 permit ip any 10.0.0.0 0.0.255.255
!
!
radius-server host 192.168.2.10 auth-port 1812 acct-port 1813
radius-server key ciscanasP@S
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Правка | Высказать мнение | Ответить | Cообщить модератору | Наверх

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема

Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "Cisco 3640, NAT & NetFlow"
Сообщение от NoSe (??) on 23-Фев-06, 01:16
конфигурацию в этом случае не плохо бы показать...
Правка \| Высказать мнение \| Ответить \| Cообщить модератору \| Наверх


	2. "Cisco 3640, NAT & NetFlow"
	Сообщение от Dmitriy Sirant on 23-Фев-06, 11:43
	>конфигурацию в этом случае не плохо бы показать... Внешний интерфейс Eth0/0 Внутрение Eth0/1, Fast2/0 Статистика льется через внутренний Fast2/0 Помимо вышеуказанной проблемы есть еще одна, из этой же области. Не все, даже с двух сторон с реальными IP потоки выливаются в статистику (тоже при sh ip cache flow в DstInt стоит null), причем другой поток между этими IP может записаться. Ни в какие ACL (блокирующие) неучтенный поток не попадает. Current configuration : 12674 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname cisco-3640 ! boot system flash c3640-io3-mz.122-32.bin no logging console guaranteed aaa new-model ! ip subnet-zero no ip rcmd domain-lookup ip rcmd rsh-enable ip flow-cache entries 4094 ip flow-cache timeout inactive 240 ip flow-cache timeout active 45 ip cef ! ! ip audit notify log ip audit po max-events 100 ! ! ! interface Loopback0 ip address 193.xxx.xxx.225 255.255.255.255 no ip unreachables no ip proxy-arp ip route-cache flow no ip mroute-cache no keepalive ! interface Tunnel0 ip address 192.168.200.1 255.255.255.0 ip access-group 199 in ip mtu 1470 ip nat inside ip route-cache flow no ip mroute-cache tunnel source 172.16.1.1 tunnel destination 172.16.0.1 tunnel mode ipip ! interface Ethernet0/0 ip address 172.16.1.1 255.255.255.0 secondary ip address 195.xxx.xxx.66 255.255.255.192 ip access-group 199 in no ip unreachables no ip proxy-arp ip nat outside ip route-cache flow no ip mroute-cache ip policy route-map netflow_nat no keepalive half-duplex no cdp enable ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 ip address 192.168.4.250 255.255.255.0 secondary ip address 193.xxx.xxx.253 255.255.255.252 secondary ip address 193.xxx.xxx.65 255.255.255.192 ip access-group 199 in no ip unreachables no ip proxy-arp ip nat inside rate-limit input access-group 115 96000 18000 36000 conform-action transmit exceed-action drop rate-limit input access-group 117 256000 48000 96000 conform-action transmit exceed-action drop rate-limit input access-group 119 64000 12000 24000 conform-action transmit exceed-action drop rate-limit input access-group 121 96000 18000 36000 conform-action transmit exceed-action drop rate-limit input access-group 123 96000 18000 36000 conform-action transmit exceed-action drop rate-limit input access-group 125 96000 18000 36000 conform-action transmit exceed-action drop rate-limit input access-group 127 96000 18000 36000 conform-action transmit exceed-action drop rate-limit input access-group 129 64000 12000 24000 conform-action transmit exceed-action drop rate-limit input access-group 131 64000 12000 24000 conform-action transmit exceed-action drop rate-limit input access-group 135 64000 12000 24000 conform-action transmit exceed-action drop rate-limit input access-group 137 128000 24000 48000 conform-action transmit exceed-action drop rate-limit input access-group 139 64000 12000 24000 conform-action transmit exceed-action drop ip route-cache flow no ip mroute-cache no keepalive half-duplex traffic-shape group 116 96000 12000 12000 128 traffic-shape group 118 256000 32000 32000 128 traffic-shape group 120 64000 8000 8000 128 traffic-shape group 122 96000 12000 12000 128 traffic-shape group 124 96000 12000 12000 128 traffic-shape group 126 96000 12000 12000 128 traffic-shape group 128 96000 12000 12000 128 traffic-shape group 130 64000 8000 8000 128 traffic-shape group 132 64000 8000 8000 128 traffic-shape group 136 64000 8000 8000 128 traffic-shape group 138 128000 16000 16000 128 traffic-shape group 140 64000 8000 8000 128 no cdp enable ! interface Serial0/1 no ip address shutdown ! interface FastEthernet2/0 ip address 193.xxx.xxx.9 255.255.255.192 ip access-group 199 in no ip unreachables no ip proxy-arp ip nat inside rate-limit input access-group 111 512000 96000 192000 conform-action transmit exceed-action drop rate-limit input access-group 113 96000 18000 36000 conform-action transmit exceed-action drop rate-limit input access-group 133 32000 6000 12000 conform-action transmit exceed-action drop ip route-cache flow no ip mroute-cache no keepalive speed 100 full-duplex traffic-shape group 112 512000 32000 32000 512 traffic-shape group 114 96000 12000 12000 128 traffic-shape group 134 32000 4000 4000 128 no cdp enable ! ip nat inside source list 5 interface Ethernet0/0 overload ip nat inside source list 102 interface Ethernet0/0 overload ip flow-export source FastEthernet2/0 ip flow-export version 5 ip flow-export destination 193.xxx.xxx.1 2100 ip classless no ip http server ! access-list 5 permit 192.168.1.249 access-list 5 permit 192.168.1.253 access-list 5 permit 192.168.4.0 0.0.0.255 access-list 5 permit 192.168.12.0 0.0.0.255 access-list 5 permit 192.168.14.0 0.0.0.255 access-list 5 permit 192.168.23.0 0.0.0.255 access-list 5 permit 192.168.6.0 0.0.0.255 access-list 5 permit 192.168.29.0 0.0.0.255 access-list 5 permit 192.168.20.0 0.0.0.255 access-list 5 permit 192.168.5.0 0.0.0.255 access-list 5 permit 192.168.30.0 0.0.0.255 access-list 102 permit ip any host 212.109.57.226 access-list 102 permit ip any host 213.186.198.70 access-list 102 permit ip any host 62.244.21.62 access-list 102 permit ip any host 212.82.220.134 access-list 103 permit ip any 192.168.0.0 0.0.255.255 access-list 199 remark Zhashishaemsa ot nekotorih virusov access-list 199 deny tcp any any eq 135 access-list 199 deny udp any any eq 135 access-list 199 permit ip any any ! route-map netflow_nat permit 10 match ip address 103 set interface Loopback0 Ethernet0/0 ! line con 0 line aux 0 line vty 0 4 ! end
	Правка \| Высказать мнение \| Ответить \| Cообщить модератору \| Наверх

3. "Cisco 3640, NAT & NetFlow"
Сообщение от ser00 on 28-Фев-06, 13:41
Вот рабочий конфиг моей кошки IOS c3640-jk9o3s-mz.123-14.T3.bin Current configuration : 2452 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname igate ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting delay-start aaa accounting nested aaa accounting update newinfo aaa accounting network default start-stop group radius ! aaa session-id common ! resource policy ! clock timezone IRK 8 clock summer-time IRK recurring last Sun Mar 2:00 last Sun Oct 2:00 ip subnet-zero ip flow-egress input-interface ip flow-cache timeout inactive 60 ip flow-cache timeout active 1 ! ! ip cef no ip domain lookup ip domain name angarskhome.net ip name-server 192.168.2.10 no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! vpdn enable vpdn ip udp ignore checksum ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! vpdn-group 2 accept-dialin protocol pppoe virtual-template 2 ! no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface Ethernet0/0 ip address 192.168.2.20 255.255.255.0 no ip redirects full-duplex pppoe enable ! interface Ethernet0/1 ip address XXX.XXX.XXX.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow egress ip nat outside ip virtual-reassembly ip route-cache policy full-duplex ! interface Virtual-Template1 mtu 1460 bandwidth 1024 ip unnumbered Ethernet0/0 no ip proxy-arp ip flow ingress ip flow egress ip nat inside ip virtual-reassembly delay 200 autodetect encapsulation ppp no keepalive ppp authentication chap callin ! interface Virtual-Template2 mtu 1492 bandwidth 1024 ip unnumbered Ethernet0/0 no ip proxy-arp ip flow ingress ip flow egress ip nat inside ip virtual-reassembly delay 200 autodetect encapsulation ppp no keepalive ppp authentication pap callin ! no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.10 ip flow-export version 5 ip flow-export destination 192.168.2.10 9996 ! ! ip nat inside source list 4 interface Ethernet0/1 overload ! access-list 4 permit 10.0.0.0 0.0.255.255 access-list 108 permit ip any 10.0.0.0 0.0.255.255 ! ! radius-server host 192.168.2.10 auth-port 1812 acct-port 1813 radius-server key ciscanasP@S ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
Правка \| Высказать мнение \| Ответить \| Cообщить модератору \| Наверх

Архив \| Удалить	Индекс форумов \| Темы \| Пред. тема \| След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 \| 2 \| 3 \| 4 \| 5 ] [Рекомендовать для помещения в FAQ]