Имеется проблема на циске 2851, используется в качестве pppoe сервера, плюс нат... Проблема заключается в том, что при переключении пользователей на эту циску, трафик по сравнению с использовавшейся ранее для этих целей уменьшается раза в три, однако совсем не пропадает... все пользователи по pppoe подключаются, все пользователи без проблем пингуют внешний интерфейс gi0/1.2, однако больше половины не видят ничего дальше... самое странное, что у части пользователей все работает нормально, причем пользователи и из за ната и с реальными адресами, из разных вланов, в общем ничем не объединенные...подскажите куда смотреть, как попытаться продиагностировать, может кто-то сталкивался с подобным? version 12.4 service tcp-keepalives-in service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname c2851 ! boot-start-marker boot-end-marker ! no logging buffered enable secret ! aaa new-model aaa session-mib disconnect ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local if-authenticated aaa authorization network default group radius aaa accounting delay-start aaa accounting network default start-stop group radius ! aaa nas port extended aaa session-id common clock timezone EET 2 clock summer-time EET recurring last Sun Mar 2:00 last Sun Oct 2:00 no ip source-route ! ! ip cef ! ! no ip bootp server ip name-server 123.123.123.4 ip name-server 123.123.123.5 ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ip accounting-threshold 8000 virtual-profile if-needed ! async-bootp dns-server 123.123.123.4 123.123.123.5 ! voice-card 0 no dspfarm ! username fealindar privilege 15 password 7 archive log config hidekeys ! ! ip tcp mss 1452 ip tcp path-mtu-discovery ! ! ! ! bba-group pppoe global virtual-template 1 ac name AS3 sessions per-mac limit 1 sessions auto cleanup ! ! interface Loopback0 no ip address ! interface GigabitEthernet0/0 no ip address duplex auto speed auto no cdp enable ! interface GigabitEthernet0/0.901 encapsulation dot1Q 901 no ip proxy-arp no ip mroute-cache pppoe enable group global pppoe max-sessions 300 no cdp enable ! interface GigabitEthernet0/0.902 encapsulation dot1Q 902 no ip proxy-arp no ip mroute-cache pppoe enable group global pppoe max-sessions 300 no cdp enable ! interface GigabitEthernet0/0.903 encapsulation dot1Q 903 no ip proxy-arp no ip mroute-cache pppoe enable group global pppoe max-sessions 300 no cdp enable ! interface GigabitEthernet0/0.904 encapsulation dot1Q 904 no ip proxy-arp no ip mroute-cache pppoe enable group global pppoe max-sessions 300 no cdp enable ! interface GigabitEthernet0/0.905 encapsulation dot1Q 905 ip address 192.168.103.8 255.255.255.0 no cdp enable ! interface GigabitEthernet0/1 no ip address duplex full speed 100 no keepalive no cdp enable ! interface GigabitEthernet0/1.2 encapsulation dot1Q 2 ip address 123.123.123.6 123.123.123.240 ip broadcast-address 123.123.123.15 no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly no ip mroute-cache ip ospf network broadcast ip ospf flood-reduction no cdp enable ! interface Virtual-Template1 ip unnumbered GigabitEthernet0/1.2 no ip redirects no ip proxy-arp ip nat inside ip virtual-reassembly timeout absolute 180 0 no peer default ip address ppp mtu adaptive ppp authentication pap ppp ipcp dns 123.123.123.4 123.123.123.5 ppp ipcp address unique ppp timeout retry 30 ppp timeout authentication 30 ppp timeout aaa ppp timeout idle 300 ! router ospf 20 router-id 123.123.123.6 log-adjacency-changes summary-address 10.0.0.0 255.0.0.0 redistribute connected subnets route-map con-2-os redistribute static subnets route-map S-2-O network 123.123.123.0 0.0.0.31 area 5 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 85.90.205.1 ip route 10.0.0.0 255.0.0.0 Null0 254 ip route 172.16.0.0 255.255.0.0 Null0 254 ip route 192.168.0.0 255.255.0.0 Null0 254 ! ! no ip http server no ip http secure-server ip nat translation tcp-timeout 100 ip nat translation max-entries 30000 ip nat inside source route-map NAT-ADSL interface GigabitEthernet0/1.2 overload ! logging trap debugging logging facility local2 logging 123.123.123.4 access-list 10 remark = S-2-O = access-list 10 permit 123.123.123.116 0.0.0.3 access-list 98 permit 123.123.123.4 access-list 99 remark SNMP access list access-list 99 permit 123.123.123.4 access-list 99 permit 123.123.123.5 access-list 99 permit 195.234.220.0 0.0.0.63 access-list 99 deny any log access-list 120 permit ip 172.16.128.0 0.0.0.255 any access-list 198 permit ip 195.234.220.0 0.0.0.63 any access-list 198 permit ip 123.123.123.0 0.0.0.15 any snmp-server community fuck RW 98 snmp-server ifindex persist snmp-server enable traps tty no cdp run ! route-map st-2-os permit 10 match ip address 50 ! route-map S-2-O permit 10 match ip address 10 match route-type local ! route-map con-2-os deny 5 match ip address 30 ! route-map con-2-os permit 10 ! route-map NAT-ADSL permit 10 match ip address 120 ! ! ! radius-server attribute 8 include-in-access-req radius-server host 123.123.123.4 auth-port 1812 acct-port 1813 radius-server retransmit 5 radius-server timeout 10 radius-server key 7 radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 198 in exec-timeout 0 0 history size 256 transport preferred none transport input telnet transport output telnet line vty 5 15 access-class 198 in exec-timeout 0 0 history size 256 transport preferred none transport input telnet transport output telnet ! scheduler allocate 20000 1000 ntp clock-period 17180058 ntp server 123.123.123.1 ntp server 123.123.123.1 source GigabitEthernet0/1.2 prefer ! end
|