Вообщем нужна помощь, так как в этой теме являюсь "чайником". Подскажите отцы сети....
Тема такая, есть 4 независимые машины в портах GI0/1, GI0/1/0, GI0/1/1, GI0/1/2. Нужна двусторонняя связь GI0/1 с GI0/1/0; односторонняя с остальными. Делал двумя способами "руками" и CISCO configurator. Результат при вроде идентичной настройке пинг с GI0/1/0 в сторону GI0/1 есть, а вот в обратную сторону никак "привышено время запроса". В вайршарке ответных пакетов не видно. Файрволы отключены со всех сторон.version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
ip domain name yourdomain.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-4273568507
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4273568507
revocation-check none
rsakeypair TP-self-signed-4273568507
!
!
crypto pki certificate chain TP-self-signed-4273568507
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323733 35363835 3037301E 170D3134 31313238 31303339
35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373335
36383530 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B2F3 E840E01A B684069A 4204258E F135F8F5 FF06E275 3D90490D 46C95D5B
A282C9FA 3437F578 DC1168F3 9B611838 8FCFCA4D 41D723DC 44481832 8CF04B9C
394A5AD2 AFD5EA70 BBDD8625 CD778FED 381662F7 C26ABF28 DCE7BF9D A2CFA974
B5C60848 18EE64AB 34F29C4D 1DAE4F09 4BCC34C1 637D5C60 EC497AA7 6014CB14
42610203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1405E56C 2ED55403 AE0DFDDA 51D8B42E E48A3B00 70301D06
03551D0E 04160414 05E56C2E D55403AE 0DFDDA51 D8B42EE4 8A3B0070 300D0609
2A864886 F70D0101 05050003 81810019 DC809B20 BBFFBD0C BFAFFDBF 17090A00
C6E94AF6 F13CCCC4 133AF38C 1E7C0E90 B5FEAD09 7AF1612E C6C73742 72F2EDD0
78F177C2 0F2F88F7 A54EF887 15733748 5DCB0CC8 9B2A9C9B 2ECC72DE 696B506A
34EAC7A0 B6DD9E44 760D99BB 080C2770 1B6537CB F87060E9 D8E3125B 16286C4E
6692F3B4 058945BE BD2E5710 4B7457
quit
license udi pid CISCO2901/K9 sn FTX1729853X
!
!
username ovation privilege 15 secret 4 mM6AlDFFLsg781g01q0LsEv/uX/TuHn4.vXiO8VvhLA
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Ovation$ETH-LAN$
ip address 192.168.11.9 255.255.254.0
ip access-group 101 in
ip access-group 2101 out
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
description CHSR
switchport access vlan 101
no ip address
!
interface GigabitEthernet0/1/1
description STK
switchport access vlan 102
no ip address
!
interface GigabitEthernet0/1/2
description Station
switchport access vlan 103
no ip address
!
interface GigabitEthernet0/1/3
description Antivir
switchport access vlan 104
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
no ip address
!
interface GigabitEthernet0/3/0
no ip address
!
interface GigabitEthernet0/3/1
no ip address
!
interface GigabitEthernet0/3/2
no ip address
!
interface GigabitEthernet0/3/3
no ip address
!
interface GigabitEthernet0/3/4
no ip address
!
interface GigabitEthernet0/3/5
no ip address
!
interface GigabitEthernet0/3/6
no ip address
!
interface GigabitEthernet0/3/7
no ip address
!
interface Vlan1
no ip address
!
interface Vlan101
ip address 192.168.100.9 255.255.255.0
ip access-group 102 in
ip access-group 2102 out
!
interface Vlan102
ip address 10.25.9.9 255.255.255.0
ip access-group 103 in
!
interface Vlan103
ip address 172.16.64.9 255.255.254.0
ip access-group 104 in
!
interface Vlan104
ip address 192.168.12.9 255.255.254.0
!
router rip
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
passive-interface Vlan1
passive-interface Vlan101
passive-interface Vlan102
passive-interface Vlan103
passive-interface Vlan104
network 10.0.0.0
network 172.16.0.0
network 192.168.10.0
network 192.168.100.0
no auto-summary
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip host 192.168.10.160 host 192.168.100.10
access-list 101 permit ip host 192.168.10.160 host 192.168.11.9
access-list 101 permit ip host 192.168.10.160 host 10.25.9.10
access-list 101 permit ip host 192.168.10.160 host 172.16.64.131
access-list 101 permit icmp host 192.168.10.160 host 192.168.100.10
access-list 101 permit icmp host 192.168.10.160 host 10.25.9.10
access-list 101 permit tcp host 192.168.10.160 host 192.168.100.10
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip host 192.168.100.10 host 192.168.10.160
access-list 102 permit ip host 192.168.100.10 host 192.168.11.9
access-list 102 permit icmp host 192.168.100.10 host 192.168.10.160
access-list 102 permit tcp host 192.168.100.10 host 192.168.10.160
access-list 103 remark CCP_ACL Category=1
access-list 103 permit ip host 10.25.9.10 host 192.168.10.160
access-list 104 remark CCP_ACL Category=1
access-list 104 permit ip host 172.16.64.131 host 192.168.10.160
access-list 2101 remark CCP_ACL Category=1
access-list 2101 permit ip host 192.168.100.10 host 192.168.10.160
access-list 2101 permit icmp host 192.168.100.10 host 192.168.10.160
access-list 2101 permit tcp host 192.168.100.10 host 192.168.10.160
access-list 2102 remark CCP_ACL Category=1
access-list 2102 permit ip host 192.168.10.160 host 192.168.100.10
access-list 2102 permit icmp host 192.168.10.160 host 192.168.100.10
access-list 2102 permit tcp host 192.168.10.160 host 192.168.100.10
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end
Вариант для распечатки
(??) on 29-Ноя-14, 18:04 
