alextp
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Добрый день.
Досталась Cisco 881-K9, на четвертом порту провайдер, на третьем - транк в локалку с виланами 5, 101, 102, 105, 777. С маршрутизатора все сети пингуются, с ПК в вилане 777 пинг идет на оборудование в вилане 5,102, 105, а на 101 нет. Конфиг ниже. В чем засада?
Building configuration...
Current configuration : 6718 bytes
!
! Last configuration change at 08:24:05 Moscow Tue Nov 16 2021 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dom
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
memory-size iomem 10
clock timezone Moscow 3 0
!
crypto pki trustpoint TP-self-signed-3048406895
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3048406895
revocation-check none
rsakeypair TP-self-signed-3048406895
!
!
crypto pki certificate chain TP-self-signed-3058406797
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303438 34303637 3935301E 170D3134 30363136 30373437
30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30343834
30363739 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E9C6 BAD1B1C7 69371F69 B36FE9B5 6C0DD337 642BF25D 199BD119 EEF5861F
6F376633 FEDD912D 89489FDB 074DC67F F6F80168 DAEAA48A F59ACA05 640DAF9A
4F3A48F1 0C2F8B0E 9A0D396C F5BCF1D0 D7CE93B3 EEF669B5 C105C2A4 21230184
26BDBA4E 5CC3392F 6B49BF07 5ED28CFD 2B00FBE6 4CA7FD92 2A2CBC64 96A43053
3B410203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1491F1CF 0D11855F BE426B38 69C3F0B7 A4B10AE6 14301D06
03551D0E 04160414 91F1CF0D 11855FBE 426B3869 C3F0B7A4 B10AE614 300D0609
2A864886 F90D0101 05080003 8181002C 4942614D E4A5DB60 3A8A3796 EAC812A1
EE56CB0F A3F68FA4 E0E555C0 BF40E3DA AAF203FD 61DE7629 BD9176E3 5C1301FD
511DEC96 BA0F809E E9C5681C B91D1859 F92EED9E BB78857C 06C364CE 241F9543
6B6ECA08 819A9061 551DD4C4 E674ABB2 04236366 0A8C4827 7ED31B3E 7A2FB5AB
AB9FA50B 4E6638C8 589A30DE D50E4B
quit
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool pc
network 10.0.4.0 255.255.254.0
default-router 10.0.4.1
dns-server 8.8.8.8
!
ip dhcp pool inet
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8
!
ip dhcp manag
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1
dns-server 8.8.8.8
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip dhcp-server 172.16.0.1
ip dhcp-server 192.168.2.1
ip dhcp-server 10.0.4.1
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ1718C77R
!
!
username admin privilege 15 secret 4 llEIWK.SsA/zY89MDJHKlrWsvIZZj99nUbVVOl/g/mJI
!
!
!
!
!
ip finger rfc-compliant
ip ssh source-interface FastEthernet4
ip ssh version 2
!
class-map match-any torrents
match protocol http url "*.torrent"
!
policy-map torrent-requests
class torrents
drop
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
no ip address
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination 8.8.8.8
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport trunk allowed vlan 1,5,101,102,105,777,1002-1005
switchport mode trunk
no ip address
!
interface FastEthernet4
ip address ххх.ххх.ххх.ххх
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan5
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan101
ip address 10.0.2.4 255.255.254.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan102
ip address 10.0.4.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan105
ip address 192.168.7.248 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan777
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 172.16.0.36 23 interface FastEthernet4 2363
ip nat inside source static tcp 172.16.0.36 22 interface FastEthernet4 2362
ip nat inside source static tcp 172.16.0.32 22 interface FastEthernet4 2232
ip nat inside source static tcp 172.16.0.51 80 interface FastEthernet4 8051
ip nat inside source static tcp 172.16.0.40 80 interface FastEthernet4 8040
ip nat inside source static tcp 172.16.0.32 443 interface FastEthernet4 8032
ip nat inside source static tcp 172.16.0.36 80 interface FastEthernet4 8036
ip nat inside source static tcp 172.16.0.45 22 interface FastEthernet4 2245
ip nat inside source static tcp 172.16.0.20 80 interface FastEthernet4 2080
ip nat inside source static tcp 172.16.0.215 80 interface FastEthernet4 21580
ip nat inside source static tcp 172.16.0.215 34567 interface FastEthernet4 34567
ip nat inside source static tcp 172.16.0.215 5801 interface FastEthernet4 5801
ip nat inside source static tcp 172.16.0.38 80 interface FastEthernet4 8038
ip nat inside source list al-nat interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.1
ip route 10.250.0.0 255.255.254.0 10.0.2.2
ip route 10.253.7.0 255.255.255.0 10.0.2.2
ip route 10.253.17.0 255.255.255.0 10.0.2.2
ip route 10.253.21.0 255.255.255.0 10.0.2.2
ip route 10.253.24.0 255.255.255.0 10.0.2.2
!
ip access-list extended al-nat
remark CCP_ACL Category=18
permit ip any any
permit ip 192.168.2.0 0.0.0.255 any
!
ip sla enable reaction-alerts
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 100 permit tcp any any range 3230 3280
no cdp run
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password none
transport input telnet ssh
transport output telnet ssh
!
ntp master 3
ntp update-calendar
ntp server 192.168.2.1 prefer source Vlan777
ntp server 85.118.230.129 minpoll 10 prefer source FastEthernet4
ntp server 172.16.0.1 prefer source Vlan5
ntp server 10.0.2.2 prefer source Vlan101
ntp server 89.109.251.22 prefer source FastEthernet4
sntp server 209.81.9.7
sntp server 85.118.230.129
!
end
|
