alextp
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Добрый день. Досталась Cisco 881-K9, на четвертом порту провайдер, на третьем - транк в локалку с виланами 5, 101, 102, 105, 777. С маршрутизатора все сети пингуются, с ПК в вилане 777 пинг идет на оборудование в вилане 5,102, 105, а на 101 нет. Конфиг ниже. В чем засада? Building configuration... Current configuration : 6718 bytes ! ! Last configuration change at 08:24:05 Moscow Tue Nov 16 2021 by admin version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname dom ! boot-start-marker boot-end-marker ! ! logging buffered 51200 ! aaa new-model ! aaa authentication login default local aaa authorization exec default local ! aaa session-id common memory-size iomem 10 clock timezone Moscow 3 0 ! crypto pki trustpoint TP-self-signed-3048406895 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3048406895 revocation-check none rsakeypair TP-self-signed-3048406895 ! ! crypto pki certificate chain TP-self-signed-3058406797 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33303438 34303637 3935301E 170D3134 30363136 30373437 30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30343834 30363739 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E9C6 BAD1B1C7 69371F69 B36FE9B5 6C0DD337 642BF25D 199BD119 EEF5861F 6F376633 FEDD912D 89489FDB 074DC67F F6F80168 DAEAA48A F59ACA05 640DAF9A 4F3A48F1 0C2F8B0E 9A0D396C F5BCF1D0 D7CE93B3 EEF669B5 C105C2A4 21230184 26BDBA4E 5CC3392F 6B49BF07 5ED28CFD 2B00FBE6 4CA7FD92 2A2CBC64 96A43053 3B410203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1491F1CF 0D11855F BE426B38 69C3F0B7 A4B10AE6 14301D06 03551D0E 04160414 91F1CF0D 11855FBE 426B3869 C3F0B7A4 B10AE614 300D0609 2A864886 F90D0101 05080003 8181002C 4942614D E4A5DB60 3A8A3796 EAC812A1 EE56CB0F A3F68FA4 E0E555C0 BF40E3DA AAF203FD 61DE7629 BD9176E3 5C1301FD 511DEC96 BA0F809E E9C5681C B91D1859 F92EED9E BB78857C 06C364CE 241F9543 6B6ECA08 819A9061 551DD4C4 E674ABB2 04236366 0A8C4827 7ED31B3E 7A2FB5AB AB9FA50B 4E6638C8 589A30DE D50E4B quit ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ip dhcp pool pc network 10.0.4.0 255.255.254.0 default-router 10.0.4.1 dns-server 8.8.8.8 ! ip dhcp pool inet network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 8.8.8.8 ! ip dhcp manag network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 8.8.8.8 ! ! ! no ip domain lookup ip domain name yourdomain.com ip dhcp-server 172.16.0.1 ip dhcp-server 192.168.2.1 ip dhcp-server 10.0.4.1 ip cef no ipv6 cef ! ! license udi pid CISCO881-K9 sn FCZ1718C77R ! ! username admin privilege 15 secret 4 llEIWK.SsA/zY89MDJHKlrWsvIZZj99nUbVVOl/g/mJI ! ! ! ! ! ip finger rfc-compliant ip ssh source-interface FastEthernet4 ip ssh version 2 ! class-map match-any torrents match protocol http url "*.torrent" ! policy-map torrent-requests class torrents drop ! ! ! ! ! ! ! ! ! ! interface Tunnel1 no ip address tunnel source FastEthernet4 tunnel mode ipsec ipv4 tunnel destination 8.8.8.8 ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 switchport trunk allowed vlan 1,5,101,102,105,777,1002-1005 switchport mode trunk no ip address ! interface FastEthernet4 ip address ххх.ххх.ххх.ххх ip nbar protocol-discovery ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface Vlan1 ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan5 ip address 172.16.0.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Vlan101 ip address 10.0.2.4 255.255.254.0 ip nat inside ip virtual-reassembly in ! interface Vlan102 ip address 10.0.4.1 255.255.254.0 ip nat inside ip virtual-reassembly in ! interface Vlan105 ip address 192.168.7.248 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Vlan777 ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! ip forward-protocol nd ip http server ip http access-class 1 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source static tcp 172.16.0.36 23 interface FastEthernet4 2363 ip nat inside source static tcp 172.16.0.36 22 interface FastEthernet4 2362 ip nat inside source static tcp 172.16.0.32 22 interface FastEthernet4 2232 ip nat inside source static tcp 172.16.0.51 80 interface FastEthernet4 8051 ip nat inside source static tcp 172.16.0.40 80 interface FastEthernet4 8040 ip nat inside source static tcp 172.16.0.32 443 interface FastEthernet4 8032 ip nat inside source static tcp 172.16.0.36 80 interface FastEthernet4 8036 ip nat inside source static tcp 172.16.0.45 22 interface FastEthernet4 2245 ip nat inside source static tcp 172.16.0.20 80 interface FastEthernet4 2080 ip nat inside source static tcp 172.16.0.215 80 interface FastEthernet4 21580 ip nat inside source static tcp 172.16.0.215 34567 interface FastEthernet4 34567 ip nat inside source static tcp 172.16.0.215 5801 interface FastEthernet4 5801 ip nat inside source static tcp 172.16.0.38 80 interface FastEthernet4 8038 ip nat inside source list al-nat interface FastEthernet4 overload ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.1 ip route 10.250.0.0 255.255.254.0 10.0.2.2 ip route 10.253.7.0 255.255.255.0 10.0.2.2 ip route 10.253.17.0 255.255.255.0 10.0.2.2 ip route 10.253.21.0 255.255.255.0 10.0.2.2 ip route 10.253.24.0 255.255.255.0 10.0.2.2 ! ip access-list extended al-nat remark CCP_ACL Category=18 permit ip any any permit ip 192.168.2.0 0.0.0.255 any ! ip sla enable reaction-alerts access-list 23 permit 192.168.2.0 0.0.0.255 access-list 100 permit tcp any any range 3230 3280 no cdp run ! ! ! ! ! line con 0 no modem enable line aux 0 line vty 0 4 privilege level 15 password none transport input telnet ssh transport output telnet ssh ! ntp master 3 ntp update-calendar ntp server 192.168.2.1 prefer source Vlan777 ntp server 85.118.230.129 minpoll 10 prefer source FastEthernet4 ntp server 172.16.0.1 prefer source Vlan5 ntp server 10.0.2.2 prefer source Vlan101 ntp server 89.109.251.22 prefer source FastEthernet4 sntp server 209.81.9.7 sntp server 85.118.230.129 ! end |