форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка

Вариант для распечатки		Пред. тема | След. тема
Форум Маршрутизаторы CISCO и др. оборудование. (Диагностика и решение проблем)
Изначальное сообщение		[ Отслеживать ]

"Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
Сообщение от Balabans (ok) on 01-Окт-10, 21:24
L2tp server tp.internet.beeline.ru (85.21.0.239) DNS 213.234.192.8 и 85.21.192.3 -------------------------------------------- Melchior#sh ver Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Mon 19-Jul-10 07:17 by prod_rel_team ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1) Melchior uptime is 2 minutes System returned to ROM by reload at 21:11:10 MSD Fri Oct 1 2010 System image file is "flash:c880data-universalk9_npe-mz.151-1.T1.bin" Last reload type: Normal Reload Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory. Processor board ID FCZ143393X0 5 FastEthernet interfaces 256K bytes of non-volatile configuration memory. 125440K bytes of ATA CompactFlash (Read/Write) License Info: License UDI: ------------------------------------------------- Device#   PID                   SN ------------------------------------------------- *0        CISCO881-K9           FCZ143393X0     License Information for 'c880-data'     License Level: advsecurity_npe   Type: Permanent     Next reboot license Level: advsecurity_npe Сonfiguration register is 0x2102 ------------------------------------------------------------------------------- Melchior#sh running-c Building configuration... Current configuration : 2021 bytes ! version 15.1 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Melchior ! boot-start-marker boot-end-marker ! no logging console enable secret 5 ****** enable password ****** ! no aaa new-model no process cpu extended history no process cpu autoprofile hog memory-size iomem 10 clock timezone Moscow 3 clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00 ip source-route no ip routing ! ! ! ! no ip cef no ip domain lookup ip name-server 213.234.192.8 ip name-server 85.21.192.3 no ipv6 cef l2tp-class beeline receive-window 128 ! ! ! no virtual-template snmp ! ! license udi pid CISCO881-K9 sn FCZ143393X0 ! ! ! ! pseudowire-class class1 encapsulation l2tpv2 ip local interface FastEthernet4 ! ! ! ! ! interface FastEthernet0 duplex full speed 100 no cdp enable ! interface FastEthernet1 shutdown no cdp enable ! interface FastEthernet2 shutdown no cdp enable ! interface FastEthernet3 shutdown no cdp enable ! interface FastEthernet4 description +++ L2TP Provoder +++ ip address dhcp ip nat outside ip virtual-reassembly no ip route-cache duplex full speed 100 no cdp enable ! interface Virtual-PPP1 description --- L2TP virtual --- ip address negotiated no ip proxy-arp ip mtu 1452 ip nat outside ip virtual-reassembly ip tcp adjust-mss 1320 no peer neighbor-route keepalive 10000 ppp authentication chap callin ppp chap hostname *** ppp chap password 0 *** no cdp enable pseudowire 85.21.0.239 10 pw-class class1 ! interface Vlan1 description === LAN === ip address 192.168.1.100 255.255.255.0 ip nat inside ip virtual-reassembly no ip route-cache ! ip forward-protocol nd no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 ! no cdp run ! ! ! ! !         control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 password *** login transport input all ! scheduler max-task-time 5000 end ------------------------------------------------------------ Melchior#sh ip interface FastEthernet0 is up, line protocol is up   Internet protocol processing disabled FastEthernet1 is administratively down, line protocol is down   Internet protocol processing disabled FastEthernet2 is administratively down, line protocol is down   Internet protocol processing disabled FastEthernet3 is administratively down, line protocol is down   Internet protocol processing disabled FastEthernet4 is up, line protocol is up   Internet address will be negotiated using DHCP   Broadcast address is 255.255.255.255   MTU is 1500 bytes   Helper address is not set   Directed broadcast forwarding is disabled   Outgoing access list is not set   Inbound  access list is not set   Proxy ARP is enabled   Local Proxy ARP is disabled   Security level is default   Split horizon is enabled   ICMP redirects are always sent   ICMP unreachables are always sent   ICMP mask replies are never sent   IP fast switching is disabled   IP fast switching on the same interface is disabled   IP Flow switching is disabled   IP CEF switching is disabled   IP Null turbo vector   IP multicast fast switching is disabled   IP multicast distributed fast switching is disabled   IP route-cache flags are None   Router Discovery is disabled   IP output packet accounting is disabled   IP access violation accounting is disabled   TCP/IP header compression is disabled   RTP/IP header compression is disabled   Policy routing is disabled   Network address translation is enabled, interface in domain outside   BGP Policy Mapping is disabled   Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check   Output features: Post-routing NAT Outside, Stateful Inspection NVI0 is administratively down, line protocol is down   Internet protocol processing disabled Virtual-PPP1 is up, line protocol is down   Internet address will be negotiated using IPCP   Broadcast address is 255.255.255.255   MTU is 1452 bytes   Helper address is not set   Directed broadcast forwarding is disabled   Outgoing access list is not set   Inbound  access list is not set   Proxy ARP is disabled   Local Proxy ARP is disabled   Security level is default   Split horizon is enabled   ICMP redirects are always sent   ICMP unreachables are always sent   ICMP mask replies are never sent   IP fast switching is disabled   IP fast switching on the same interface is enabled   IP Flow switching is disabled   IP CEF switching is disabled   IP Null turbo vector   IP Null turbo vector   IP multicast fast switching is enabled   IP multicast distributed fast switching is disabled   IP route-cache flags are Fast   Router Discovery is disabled   IP output packet accounting is disabled   IP access violation accounting is disabled   TCP/IP header compression is disabled   RTP/IP header compression is disabled   Policy routing is disabled   Network address translation is enabled, interface in domain outside   BGP Policy Mapping is disabled   Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check, TCP Adjust MSS   Output features: Post-routing NAT Outside, Stateful Inspection, TCP Adjust MSS Vlan1 is up, line protocol is up   Internet address is 192.168.1.100/24   Broadcast address is 255.255.255.255   Address determined by non-volatile memory   MTU is 1500 bytes   Helper address is not set   Directed broadcast forwarding is disabled   Outgoing access list is not set   Inbound  access list is not set   Proxy ARP is enabled   Local Proxy ARP is disabled   Security level is default   Split horizon is enabled   ICMP redirects are always sent   ICMP unreachables are always sent   ICMP mask replies are never sent   IP fast switching is disabled   IP fast switching on the same interface is disabled   IP Flow switching is disabled   IP CEF switching is disabled   IP Null turbo vector   IP Null turbo vector   IP multicast fast switching is disabled   IP multicast distributed fast switching is disabled   IP route-cache flags are None   Router Discovery is disabled   IP output packet accounting is disabled   IP access violation accounting is disabled   TCP/IP header compression is disabled   RTP/IP header compression is disabled   Policy routing is disabled   Network address translation is enabled, interface in domain inside   BGP Policy Mapping is disabled   Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check   Output features: NAT Inside, Stateful Inspection ------------------------------------------------------------- Melchior#sh vpdn %No active L2TP tunnels
Высказать мнение | Ответить | Правка | Cообщить модератору

Сообщения по теме

[Сортировка по времени | RSS]

1. "Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
Сообщение от sat on 01-Окт-10, 23:36
вот кусок моего рабочего конфига, который может помочь разобраться. l2tp-class corbina ! pseudowire-class class1 encapsulation l2tpv2 protocol l2tpv2 corbina ip local interface FastEthernet4 ! interface FastEthernet4 ip address dhcp no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Virtual-PPP1 ip address negotiated ip access-group FIREWALL in ip mtu 1460 ip nat outside ip virtual-reassembly ip tcp adjust-mss 1420 no peer neighbor-route ppp chap hostname * ppp chap password 7 * no cdp enable pseudowire 85.21.0.255 10 pw-class class1 ! ip nat inside source list LAN interface FastEthernet4 overload ip nat inside source list WAN interface Virtual-PPP1 overload ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 ip route 10.0.0.0 255.0.0.0 dhcp ip route 83.102.146.96 255.255.255.224 dhcp ip route 85.21.29.242 255.255.255.255 dhcp ip route 85.21.79.0 255.255.255.0 dhcp ip route 85.21.90.0 255.255.255.0 dhcp ip route 195.14.50.16 255.255.255.255 dhcp ip route 85.21.17.253 255.255.255.255 dhcp ip route 89.179.135.67 255.255.255.255 dhcp ip route 195.14.50.21 255.255.255.255 dhcp ip route 195.14.50.1 255.255.255.255 dhcp ip route 85.21.0.251 255.255.255.255 dhcp ip route 85.21.0.253 255.255.255.255 dhcp ip route 172.16.16.0 255.255.255.0 dhcp ip route 85.21.108.19 255.255.255.255 dhcp ip route 195.14.50.26 255.255.255.255 dhcp ip route 85.21.72.83 255.255.255.255 dhcp ip route 85.21.0.255 255.255.255.255 dhcp ! ip access-list extended FIREWALL deny   tcp any eq 139 any deny   udp any eq netbios-ns any eq netbios-ns deny   udp any eq netbios-dgm any eq netbios-dgm deny   udp any eq netbios-ss any eq netbios-ss deny   udp any any range snmp snmptrap deny   tcp any any eq 3128 deny   ip 10.0.0.0 0.0.255.255 any deny   ip 127.0.0.0 0.0.0.255 any deny   udp any any range 130 140 deny   tcp any any range 130 140 deny   tcp any any eq 8080 permit ip any any permit udp any any permit gre any any permit tcp any any permit icmp any any permit pcp any any permit esp any any permit ipinip any any permit nos any any ip access-list extended LAN permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 permit ip 192.168.1.0 0.0.0.255 83.102.146.0 0.0.0.231 permit ip 192.168.1.0 0.0.0.255 host 85.21.29.242 permit ip 192.168.1.0 0.0.0.255 85.21.79.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 85.21.90.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 host 195.14.50.16 permit ip 192.168.1.0 0.0.0.255 host 195.14.50.26 ip access-list extended WAN permit ip 192.168.1.0 0.0.0.255 any ! и хотелось бы увидеть дебаг, что выводится при попытке установки соединения.
Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

	2. "Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
	Сообщение от Balabans (ok) on 02-Окт-10, 22:01
	По прежнему Melchior#sh interface virtual-ppp1 Virtual-PPP1 is up, line protocol is down   Hardware is Virtual PPP interface   Description: --- L2TP virtual ---   Internet address will be negotiated using IPCP   MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,      reliability 255/255, txload 1/255, rxload 1/255   Encapsulation PPP, LCP Closed, loopback not set   Keepalive set (10000 sec)   DTR is pulsed for 1 seconds on reset   Last input never, output never, output hang never   Last clearing of "show interface" counters 00:07:17   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0   Queueing strategy: fifo   Output queue: 0/40 (size/max)   5 minute input rate 0 bits/sec, 0 packets/sec   5 minute output rate 0 bits/sec, 0 packets/sec      0 packets input, 0 bytes, 0 no buffer      Received 0 broadcasts (0 IP multicasts)      0 runts, 0 giants, 0 throttles      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort      0 packets output, 0 bytes, 0 underruns      0 output errors, 0 collisions, 0 interface resets      0 unknown protocol drops      0 output buffer failures, 0 output buffers swapped out      0 carrier transitions > и хотелось бы увидеть дебаг, что выводится при попытке установки соединения. Как добраться до дебага?
	Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

	3. "Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
	Сообщение от sat on 03-Окт-10, 00:24
	>> и хотелось бы увидеть дебаг, что выводится при попытке установки соединения. > Как добраться до дебага? debug ppp nego debug vpdn l2x-errors debug vpdn l2x-packets и сюда выложить кусочек, чтобы понятно было почему не устанавливается ps. прошивкой не поделитесь, если не жалко? на рапиду например, или на почту olegbelkov на gmail.com
	Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

4. "Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
Сообщение от Fsh on 03-Окт-10, 08:55
> ip source-route > no ip routing > ! Для начала: ip routing > ! > ! > no ip cef ip cef
Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

	5. "Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
	Сообщение от Balabans (ok) on 03-Окт-10, 21:51
	Конфиг немного изменился... ! ! Last configuration change at 15:01:32 MSD Sun Oct 3 2010 ! version 15.1 no service pad service timestamps debug datetime msec service timestamps log datetime localtime show-timezone no service password-encryption ! hostname Melchior ! boot-start-marker boot-end-marker ! logging buffered 4096 no logging console enable secret 5 *** enable password *** ! no aaa new-model no process cpu extended history no process cpu autoprofile hog memory-size iomem 10 clock timezone Moscow 3 clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00 no ip source-route ! ! ! ! ip cef no ip domain lookup ip name-server 213.234.192.8 ip name-server 85.21.192.3 ip inspect name InspectRule icmp ip inspect name InspectRule tcp ip inspect name InspectRule udp no ipv6 cef l2tp-class corbina ! ! ! no virtual-template snmp ! ! license udi pid CISCO881-K9 sn FCZ143393X0 ! ! ! ! pseudowire-class class1 encapsulation l2tpv2 protocol l2tpv2 corbina ip local interface FastEthernet4 ! ! ! ! ! interface Loopback0 ip address 192.168.0.1 255.255.255.0 ip virtual-reassembly shutdown ! interface Null0 no ip unreachables ! interface FastEthernet0 description *** LAN *** duplex full speed 100 no cdp enable spanning-tree portfast ! interface FastEthernet1 shutdown no cdp enable spanning-tree portfast ! interface FastEthernet2 shutdown no cdp enable spanning-tree portfast ! interface FastEthernet3 shutdown no cdp enable spanning-tree portfast ! interface FastEthernet4 description +++ L2TP Provider +++ ip address dhcp no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly duplex full speed 100 no cdp enable ! interface Virtual-PPP1 description --- L2TP virtual --- ip address negotiated ip access-group FireVal in ip mtu 1460 ip nat outside ip inspect InspectRule in ip virtual-reassembly ip tcp adjust-mss 1420 no peer neighbor-route no keepalive ppp chap hostname *** ppp chap password 7 *** no cdp enable pseudowire 85.21.0.255 10 pw-class class1 ! interface Vlan1 description === Lan === ip address 192.168.1.100 255.255.255.0 ip access-group FireVal in ip nat inside ip inspect InspectRule in ip virtual-reassembly ! no ip forward-protocol nd no ip http server no ip http secure-server ! ip nat inside source static udp 192.168.1.11 7476 interface Virtual-PPP1 7476 ip nat inside source static tcp 192.168.1.11 7474 interface Virtual-PPP1 7474 ip nat inside source static udp 192.168.1.11 12966 interface Virtual-PPP1 12966 ip nat inside source list LAN interface FastEthernet4 overload ip nat inside source list WAN interface Virtual-PPP1 overload ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 ip route 10.0.0.0 255.0.0.0 dhcp ip route 83.102.146.96 255.255.255.224 dhcp ip route 85.21.29.242 255.255.255.255 dhcp ip route 85.21.79.0 255.255.255.0 dhcp ip route 85.21.90.0 255.255.255.0 dhcp ip route 195.14.50.16 255.255.255.255 dhcp ip route 85.21.17.253 255.255.255.255 dhcp ip route 89.179.135.67 255.255.255.255 dhcp ip route 195.14.50.21 255.255.255.255 dhcp ip route 195.14.50.1 255.255.255.255 dhcp ip route 85.21.0.251 255.255.255.255 dhcp ip route 85.21.0.253 255.255.255.255 dhcp ip route 172.16.16.0 255.255.255.0 dhcp ip route 85.21.108.19 255.255.255.255 dhcp ip route 195.14.50.26 255.255.255.255 dhcp ip route 85.21.72.83 255.255.255.255 dhcp ip route 85.21.0.255 255.255.255.255 dhcp ! ip access-list extended FireVal deny   tcp any eq 139 any deny   udp any eq netbios-ns any eq netbios-ns deny   udp any eq netbios-dgm any eq netbios-dgm deny   udp any eq netbios-ss any eq netbios-ss deny   udp any any range snmp snmptrap deny   tcp any any eq 3128 deny   ip 10.0.0.0 0.0.255.255 any deny   ip 127.0.0.0 0.0.0.255 any deny   udp any any range 130 140 deny   tcp any any range 130 140 deny   tcp any any eq 8080 permit ip any any permit udp any any permit gre any any permit tcp any any permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any unreachable permit pcp any any permit esp any any permit ipinip any any permit nos any any permit tcp any any eq 7474 permit udp any any eq 7476 permit udp any any eq 12966 deny   ip any any ip access-list extended LAN permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 permit ip 192.168.1.0 0.0.0.255 83.102.146.0 0.0.0.231 permit ip 192.168.1.0 0.0.0.255 host 85.21.29.242 permit ip 192.168.1.0 0.0.0.255 85.21.79.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 85.21.90.0 0.0.0.255 permit ip 192.168.1.0 0.0.0.255 host 195.14.50.16 permit ip 192.168.1.0 0.0.0.255 host 195.14.50.26 deny   ip any any ip access-list extended WAN permit ip 192.168.1.0 0.0.0.255 any deny   ip any any ! logging trap emergencies logging 192.168.1.11 access-list 115 permit ip 192.168.1.0 0.0.0.255 any no cdp run ! ! ! ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 115 in password *** login transport input telnet transport output none ! scheduler max-task-time 5000 ntp server 207.232.83.70 end --------------------------------------------------------------- Melchior#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2        ia - IS-IS inter area, * - candidate default, U - per-user static route        o - ODR, P - periodic downloaded static route, + - replicated route Gateway of last resort is 10.73.16.1 to network 0.0.0.0 S*    0.0.0.0/0 [254/0] via 10.73.16.1       10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks S        10.0.0.0/8 [1/0] via 10.73.16.1 C        10.73.16.0/21 is directly connected, FastEthernet4 L        10.73.19.232/32 is directly connected, FastEthernet4       83.0.0.0/8 is variably subnetted, 2 subnets, 2 masks S        83.102.146.96/27 [1/0] via 10.73.16.1 S        83.102.233.202/32 [254/0] via 10.73.16.1, FastEthernet4       85.0.0.0/8 is variably subnetted, 9 subnets, 2 masks S        85.21.0.251/32 [1/0] via 10.73.16.1 S        85.21.0.253/32 [1/0] via 10.73.16.1 S        85.21.0.255/32 [1/0] via 10.73.16.1 S        85.21.17.253/32 [1/0] via 10.73.16.1 S        85.21.29.242/32 [1/0] via 10.73.16.1 S        85.21.72.83/32 [1/0] via 10.73.16.1 S        85.21.79.0/24 [1/0] via 10.73.16.1 S        85.21.90.0/24 [1/0] via 10.73.16.1 S        85.21.108.19/32 [1/0] via 10.73.16.1       89.0.0.0/32 is subnetted, 1 subnets S        89.179.135.67 [254/0] via 10.73.16.1       172.16.0.0/24 is subnetted, 1 subnets S        172.16.16.0 [1/0] via 10.73.16.1       192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C        192.168.1.0/24 is directly connected, Vlan1 L        192.168.1.100/32 is directly connected, Vlan1       195.14.50.0/32 is subnetted, 4 subnets S        195.14.50.1 [1/0] via 10.73.16.1 S        195.14.50.16 [1/0] via 10.73.16.1 S        195.14.50.21 [1/0] via 10.73.16.1 S        195.14.50.26 [254/0] via 10.73.16.1 --------------------------------------------------- Melchior#sh vpdn L2TP Tunnel and Session Information Total tunnels 1 sessions 1 LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/                                                            Count VPDN Group 31039      31236      bras255.msk   est    85.21.0.255     1     corbina         LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID                                    Vcid, Circuit                                   63913      32344      31039      10, Vp1              est    00:00:01 1         --------------------------------------------------------- Melchior#sh ip int br Interface                  IP-Address      OK? Method Status                Protocol FastEthernet0              unassigned      YES unset  up                    up       FastEthernet1              unassigned      YES unset  administratively down down     FastEthernet2              unassigned      YES unset  administratively down down     FastEthernet3              unassigned      YES unset  administratively down down     FastEthernet4              10.73.19.232    YES DHCP   up                    up       Loopback0                  192.168.0.1     YES NVRAM  administratively down down     NVI0                       unassigned      YES unset  administratively down down     Virtual-PPP1               unassigned      YES NVRAM  up                    down     Vlan1                      192.168.1.100   YES NVRAM  up                    up       ------------------------------------------- Melchior#show ip interface virtual-ppp1 Virtual-PPP1 is up, line protocol is down   Internet address will be negotiated using IPCP   Broadcast address is 255.255.255.255   MTU is 1460 bytes   Helper address is not set   Directed broadcast forwarding is disabled   Outgoing access list is not set   Inbound  access list is FireVal   Proxy ARP is enabled   Local Proxy ARP is disabled   Security level is default   Split horizon is enabled   ICMP redirects are always sent   ICMP unreachables are always sent   ICMP mask replies are never sent   IP fast switching is enabled   IP fast switching on the same interface is enabled   IP Flow switching is disabled   IP CEF switching is enabled   IP CEF switching turbo vector   IP Null turbo vector   IP multicast fast switching is enabled   IP multicast distributed fast switching is disabled   IP route-cache flags are Fast, CEF   Router Discovery is disabled   IP output packet accounting is disabled   IP access violation accounting is disabled   TCP/IP header compression is disabled   RTP/IP header compression is disabled   Policy routing is disabled   Network address translation is enabled, interface in domain outside   BGP Policy Mapping is disabled   Input features: Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check, TCP Adjust MSS   Output features: CCE Output Classification, Post-routing NAT Outside, Stateful Inspection, Firewall (NAT), Firewall (inspect), TCP Adjust MSS   Inbound inspection rule is InspectRule ---------------------------------------------- Почему интерфейс Virtual-PPP1 теряет адрес ip? Как через него пойдёт роутинг? (ip route 0.0.0.0 0.0.0.0 Virtual-PPP1) С интерфейса FastEthernet0 идут пинги в локалку, а с FastEthernet4 пингуются интернет сервера по ip. ------------------------------ Вот дебаг *Mar  1 00:00:02.667: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c880-data Next reboot level = advsecurity_npe and License = advsecurity_npe *Oct  3 17:33:58.051: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory *Oct  3 17:34:15.643: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up *Oct  3 17:34:16.587: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down *Oct  3 17:34:16.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up *Oct  3 20:34:18 Moscow: %SYS-6-CLOCKUPDATE: System clock has been updated from 17:34:18 UTC Sun Oct 3 2010 to 20:34:18 Moscow Sun Oct 3 2010, configured from console by console. *Oct  3 21:34:18 MSD: %SYS-6-CLOCKUPDATE: System clock has been updated from 20:34:18 Moscow Sun Oct 3 2010 to 21:34:18 MSD Sun Oct 3 2010, configured from console by console. *Oct  3 21:34:19 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up *Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down *Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet1, changed state to administratively down *Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet2, changed state to administratively down *Oct  3 21:34:20 MSD: %LINK-5-CHANGED: Interface FastEthernet3, changed state to administratively down *Oct  3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down *Oct  3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down *Oct  3 21:34:21 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down *Oct  3 21:34:27 MSD: %SYS-5-CONFIG_I: Configured from memory by console *Oct  3 21:34:27 MSD: %FW-6-INIT: Firewall inspection startup completed; beginning operation. *Oct  3 21:34:27 MSD: %LINK-3-UPDOWN: Interface Virtual-PPP1, changed state to up *Oct  3 21:34:31 MSD: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down *Oct  3 21:34:31 MSD: %SYS-5-RESTART: System restarted -- Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9_NPE-M), Version 15.1(1)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Mon 19-Jul-10 07:17 by prod_rel_team *Oct  3 21:34:31 MSD: %SNMP-5-COLDSTART: SNMP agent on host Melchior is undergoing a cold start *Oct  3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up *Oct  3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down *Oct  3 21:34:32 MSD: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up *Oct  3 21:34:41 MSD: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet4 assigned DHCP address 10.73.19.232, mask 255.255.248.0, hostname Melchior -------------------------------------------
	Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

	6. "Cisco 881. Не получается подключиться по L2TP к Провайдеру."	+/–
	Сообщение от Balabans (ok) on 04-Окт-10, 02:27
	Звонилка... interface Virtual-PPP1 description --- L2TP virtual --- ip address negotiated ip access-group FireVal in ip mtu 1460 ip nat outside ip inspect InspectRule in ip virtual-reassembly ip tcp adjust-mss 1420 no peer neighbor-route no keepalive ppp authentication chap ms-chap ms-chap-v2 callin ppp chap hostname 0893724777 ppp chap password 7 0893724777 no cdp enable pseudowire 85.21.0.255 10 pw-class class1 ------------- Строчку ppp authentication chap ms-chap ms-chap-v2 callin Менял на ppp authentication chap callin и на пустоту Всё равно не АУТИНФИЦИРУЕТ! ------------------------------------------ Melchior#debug ppp nego PPP protocol negotiation debugging is on Melchior#debug l2tp error L2TP errors debugging is on Melchior#debug l2tp packet error L2TP packet errors debugging is on Melchior#show logging Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator.     Console logging: level informational, 25 messages logged, xml disabled,                      filtering disabled     Monitor logging: level debugging, 0 messages logged, xml disabled,                      filtering disabled     Buffer logging:  level debugging, 353 messages logged, xml disabled,                     filtering disabled     Exception Logging: size (4096 bytes)     Count and timestamp logging messages: disabled     Persistent logging: disabled No active filter modules.     Trap logging: level emergencies, 0 message lines logged         Logging to 192.168.1.11  (udp port 514,  audit disabled,               authentication disabled, encryption disabled, link down),               0 message lines logged,               0 message lines rate-limited,               0 message lines dropped-by-MD,               xml disabled, sequence number disabled               filtering disabled Log Buffer (4096 bytes): 2:17:16.099: L2TP 00001:08002:0000C5F1: Unknown Cisco AVP 104 in CM CDN *Oct  3 22:17:16.099: L2TP 00001:08002:0000C5F1:   *Oct  3 22:17:16.099: Vp1 LCP: Event[CLOSE] State[Stopping to Closing] *Oct  3 22:17:16.099: Vp1 LCP: Event[DOWN] State[Closing to Initial] *Oct  3 22:17:16.099: Vp1 PPP: Phase is DOWN *Oct  3 22:17:20.783: PPP: Alloc Context [84D4A3C8] *Oct  3 22:17:20.783: ppp1 PPP: Phase is ESTABLISHING *Oct  3 22:17:20.783: Vp1 PPP: Using default call direction *Oct  3 22:17:20.783: Vp1 PPP: Treating connection as a dedicated line *Oct  3 22:17:20.783: Vp1 PPP: Session handle[ED000009] Session id[1] *Oct  3 22:17:20.783: Vp1 LCP: Event[OPEN] State[Initial to Starting] *Oct  3 22:17:20.783: Vp1 LCP: O CONFREQ [Starting] id 1 len 15 *Oct  3 22:17:20.783: Vp1 LCP:    AuthProto CHAP (0x0305C22305) *Oct  3 22:17:20.783: Vp1 LCP:    MagicNumber 0x66F3D30B (0x050666F3D30B) *Oct  3 22:17:20.783: Vp1 LCP: Event[UP] State[Starting to REQsent] *Oct  3 22:17:22.771: Vp1 LCP: O CONFREQ [REQsent] id 2 len 15 *Oct  3 22:17:22.771: Vp1 LCP:    AuthProto CHAP (0x0305C22305) *Oct  3 22:17:22.771: Vp1 LCP:    MagicNumber 0x66F3D30B (0x050666F3D30B) *Oct  3 22:17:22.771: Vp1 LCP: Event[Timeout+] State[REQsent to REQsent] *Oct  3 22:17:22.771: Vp1 LCP: I CONFREQ [REQsent] id 1 len 19 *Oct  3 22:17:22.771: Vp1 LCP:    MRU 1460 (0x010405B4) *Oct  3 22:17:22.771: Vp1 LCP:    AuthProto CHAP (0x0305C22305) *Oct  3 22:17:22.771: Vp1 LCP:    MagicNumber 0xEB87DDEC (0x0506EB87DDEC) *Oct  3 22:17:22.771: Vp1 LCP: O CONFNAK [REQsent] id 1 len 8 *Oct  3 22:17:22.771: Vp1 LCP:    MRU 1500 (0x010405DC) *Oct  3 22:17:22.771: Vp1 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] *Oct  3 22:17:22.771: Vp1 LCP: I CONFACK [REQsent] id 2 len 15 *Oct  3 22:17:22.771: Vp1 LCP:    AuthProto CHAP (0x0305C22305) *Oct  3 22:17:22.771: Vp1 LCP:    MagicNumber 0x66F3D30B (0x050666F3D30B) *Oct  3 22:17:22.771: Vp1 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd] *Oct  3 22:17:22.775: Vp1 LCP: I CONFREQ [ACKrcvd] id 2 len 19 *Oct  3 22:17:22.779: Vp1 LCP:    MRU 1500 (0x010405DC) *Oct  3 22:17:22.779: Vp1 LCP:    AuthProto CHAP (0x0305C22305) *Oct  3 22:17:22.779: Vp1 LCP:    MagicNumber 0xEB87DDEC (0x0506EB87DDEC) *Oct  3 22:17:22.779: Vp1 LCP: O CONFACK [ACKrcvd] id 2 len 19 *Oct  3 22:17:22.779: Vp1 LCP:    MRU 1500 (0x010405DC) *Oct  3 22:17:22.779: Vp1 LCP:    AuthProto CHAP (0x0305C22305) *Oct  3 22:17:22.779: Vp1 LCP:    MagicNumber 0xEB87DDEC (0x0506EB87DDEC) *Oct  3 22:17:22.779: Vp1 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open] *Oct  3 22:17:22.791: Vp1 PPP: Queue CHAP code[1] id[1] *Oct  3 22:17:22.803: Vp1 PPP: Phase is AUTHENTICATING, by both *Oct  3 22:17:22.803: Vp1 CHAP: O CHALLENGE id 1 len 31 from "*******" *Oct  3 22:17:22.803: Vp1 CHAP: Redirect packet to Vp1 *Oct  3 22:17:22.803: Vp1 CHAP: I CHALLENGE id 1 len 32 from "bras255.msk" *Oct  3 22:17:22.803: Vp1 LCP: State is Open *Oct  3 22:17:22.803: Vp1 CHAP: Using hostname from interface CHAP *Oct  3 22:17:22.803: Vp1 CHAP: Using password from interface CHAP *Oct  3 22:17:22.803: Vp1 CHAP: O RESPONSE id 1 len 31 from "*******" *Oct  3 22:17:22.815: Vp1 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed" *Oct  3 22:17:22.815: Vp1 PPP DISC: We failed authentication *Oct  3 22:17:22.815: Vp1 LCP: I TERMREQ [Open] id 3 len 4 *Oct  3 22:17:22.815: Vp1 LCP: O TERMACK [Open] id 3 len 4 *Oct  3 22:17:22.815: Vp1 LCP: Event[Receive TermReq] State[Open to Stopping] *Oct  3 22:17:22.815: Vp1 PPP: Phase is TERMINATING *Oct  3 22:17:22.819: L2TP       _____:________: ERROR: CDN AVP 46, vendor 0: unknown *Oct  3 22:17:22.819: L2TP 00001:08002:00006415: Unknown IETF AVP 46 in CM CDN *Oct  3 22:17:22.819: L2TP       _____:________: ERROR: CDN AVP 104, vendor 9: unknown *Oct  3 22:17:22.819: L2TP 00001:08002:00006415: Unknown Cisco AVP 104 in CM CDN *Oct  3 22:17:22.823: L2TP 00001:08002:00006415:   *Oct  3 22:17:22.823: Vp1 LCP: Event[CLOSE] State[Stopping to Closing] *Oct  3 22:17:22.823: Vp1 LCP: Event[DOWN] State[Closing to Initial] *Oct  3 22:17:22.823: Vp1 PPP: Phase is DOWN
	Высказать мнение | Ответить | Правка | ^ | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема