Привет,
как говорится Данила, нид хэлп
Не роутится второе PPPOE соединение на cisco 2801
Киска - гейтвей для сети, на ней поднято pppoe к прову, по нему идет дефалтный роут.
Когда поднимаю второе pppoe к гостевым ресурсам этого же прова и прописываю роуты получается вот что:
второе pppoe поднимается и с циски можно пинговать внутренние ресурсы, но трэйсроут не делает полного трэйса маршрута (притом так обстаят дела как с поднятым dialer2 и выключенным dialer1, так и когда оба соединения подняты) С локальной сети, с машины на которой ip киски установлен шлюзом внутренние ресурсы провайдера (т.е. все что идет через dialer 2)не пингуются, трэйс только до киски. Вот конфиг
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec!
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
vpdn enable
!
!
!
voice-card 0
!
!
!
class-map match-any http
match protocol http
class-map match-any ftp
match protocol ftp
class-map match-any ssh
match protocol ssh
class-map match-any gre
match protocol gre
class-map match-any voice
match protocol rtp
match protocol skinny
match protocol h323
match protocol sip
!
!
policy-map qos-mapFa01
class ssh
priority 164
class class-default
shape average 1000000
policy-map qos-mapFa00
class ssh
priority 624
class class-default
shape average 1000000
!
!
!
!
!
interface Tunnel1
...................
!
interface Tunnel2
................
!
interface Tunnel3
...................
!
interface FastEthernet0/0
ip address 192.168.1.250 255.255.255.0
ip broadcast-address 192.168.1.255
ip access-group 103 in
ip access-group 103 out
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
duplex auto
speed auto
no snmp ifindex persist
service-policy output qos-mapFa00
!
interface FastEthernet0/1
ip address 192.168.250.250 255.255.255.0
ip broadcast-address 192.168.250.255
ip access-group 103 in
ip access-group 103 out
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 3
pppoe-client dial-pool-number 1
no cdp enable
service-policy output qos-mapFa01
!
interface Dialer1
ip address negotiated
ip broadcast-address 1111.1111.1111.1111
ip mtu 1492
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly max-reassemblies 32
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname login
ppp chap password 0 pass
!
!
interface Dialer3
description internal PPPOE TO PROV
ip address 222.333.222.222 255.128.0.0
ip broadcast-address 222.333.255.255
ip nbar protocol-discovery
ip virtual-reassembly
encapsulation ppp
dialer pool 3
dialer-group 3
no cdp enable
ppp authentication chap callin
ppp chap hostname login_guest
ppp chap password 0 pass_guest
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 444.444.444.32 255.255.255.224 Dialer3
!
ip flow-export version 9
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip nat inside source list NetNat interface Dialer1 overload
ip nat inside source list NetNatINT interface Dialer3 overload
!
ip access-list extended NetNat
deny ip host 111.111.111.111 192.168.1.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.250.0 0.0.0.255 any
deny ip any any
ip access-list extended NetNatINT
deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.250.0 0.0.0.255 any
deny ip any any
!
...............
access-list 103 permit ip 444.444.444.32 0.0.0.31 any
access-list 103 permit ip any 444.444.444.32 0.0.0.31
access-list 103 permit ip 10.0.0.0 0.127.255.255 any
access-list 103 permit ip any 10.0.0.0 0.127.255.255
................
!
dialer-list 1 protocol ip permit
dialer-list 3 protocol ip permit
priority-list 1 protocol ip high tcp 22
priority-list 1 default low
priority-list 3 protocol ip high tcp 22
priority-list 3 default low
snmp-server community stat RW
snmp-server ifindex persist
no cdp run
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
.................
!
scheduler allocate 20000 1000
end
Вот пинг и трэйс когда оба дилера подняты
o#ping 444.444.444.61Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 444.444.444.61, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/28 ms
belarus-cisco#trceroute 444.444.444.61
belarus-cisco#traceroute 444.444.444.61
Type escape sequence to abort.
Tracing the route to issa.telecom.by (444.444.444.61)
1 host1.com (444.444.444.18) 20 msec 16 msec 20 msec
2 host2.com (444.444.444.13) 20 msec 20 msec 20 msec
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
show ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0 444.444.444.0/24 is variably subnetted, 2 subnets, 2 masks
C 444.444.444.18/32 is directly connected, Dialer1
is directly connected, Dialer3
S 444.444.444.32/27 is directly connected, Dialer3
C 192.168.250.0/24 is directly connected, FastEthernet0/1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 222.333.222.222/32 is directly connected, Dialer3
111.1111.111.0/32 is subnetted, 1 subnets
C 111.111.111.111 is directly connected, Dialer1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer1
Когда опущен dialer1 все тож самое с той разницей
C 444.444.444.18/32 is directly connected, Dialer3
is directly connected, Dialer3 (???? пояляется при влючении di1 и di3 вместе )
S 444.444.444.32/27 is directly connected, Dialer3
Пинги и трэйсы те же самые, не могу показать так как не могу опустить сейчас dialer1, но проверял.
Подскажите куда копать ?
В сторону файрволла ? но с выключенным dialer2 он пускает к внутренним ресурсам
а с поднятым dialer2 счетчики правил показывют что пакет к прову ушел, а обратно нет
Или в сторону ната ?
Или у прова что то не дружит с кисками судя по трэйсам
#sh ver
Cisco IOS Software, 2801 Software (C2801-ADVIPSERVICESK9-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 20-Jun-07 09:14 by prod_rel_teamROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
belarus-cisco uptime is 5 days, 23 minutes
System returned to ROM by power-on
System image file is "flash:c2801.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 2801 (revision 7.0) with 116736K/14336K bytes of memory.
Processor board ID FCZ114511D2
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x7922
sh log
Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 243 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level warnings, 61 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabledNo active filter modules.
Trap logging: level informational, 223 message lines logged
Log Buffer (51200 bytes):
*Sep 24 12:12:36.103: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Sep 24 12:12:42.043: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 24 12:12:42.043: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 24 13:15:34.871: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 24 13:16:31.771: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 24 13:16:37.543: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 24 13:20:50.055: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 24 13:20:59.103: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 24 13:21:12.303: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 24 13:33:37.031: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 24 13:35:17.747: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 24 13:35:20.195: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 24 13:37:42.587: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 24 13:47:28.975: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 24 13:47:31.143: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 24 14:29:08.307: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 24 14:29:19.711: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 24 14:29:30.431: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 24 15:08:59.379: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 07:23:30.127: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 07:23:33.755: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 09:22:14.522: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 09:32:21.142: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 09:32:23.246: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 09:33:18.058: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 09:36:21.730: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 09:36:22.134: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 10:03:09.634: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 10:44:10.050: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 10:44:11.818: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 11:04:06.362: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 11:38:22.138: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 11:38:32.302: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 12:03:49.858: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 14:32:56.553: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 14:33:11.901: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 14:44:31.021: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 14:44:41.561: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 14:44:53.521: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 25 14:48:17.205: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 25 14:48:24.053: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 25 14:48:39.313: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 28 15:19:49.759: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 28 15:20:13.167: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 28 15:20:19.839: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 28 15:20:35.263: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 28 15:22:04.727: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
*Sep 28 15:22:13.355: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 28 15:27:00.191: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 28 15:27:08.391: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 28 15:27:22.371: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 28 15:27:29.287: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Sep 28 15:30:22.503: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
*Sep 28 15:30:33.211: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Sep 28 15:37:14.567: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 28 15:37:23.643: %LINK-3-UPDOWN: Interface Dialer3, changed state to up
*Sep 28 15:37:36.659: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 28 15:48:01.019: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up