Имеется проблема на циске 2851, используется в качестве pppoe сервера, плюс нат...
Проблема заключается в том, что при переключении пользователей на эту циску, трафик по сравнению с использовавшейся ранее для этих целей уменьшается раза в три, однако совсем не пропадает... все пользователи по pppoe подключаются, все пользователи без проблем пингуют внешний интерфейс gi0/1.2, однако больше половины не видят ничего дальше... самое странное, что у части пользователей все работает нормально, причем пользователи и из за ната и с реальными адресами, из разных вланов, в общем ничем не объединенные...подскажите куда смотреть, как попытаться продиагностировать, может кто-то сталкивался с подобным? version 12.4
service tcp-keepalives-in
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname c2851
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret
!
aaa new-model
aaa session-mib disconnect
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local if-authenticated
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius
!
aaa nas port extended
aaa session-id common
clock timezone EET 2
clock summer-time EET recurring last Sun Mar 2:00 last Sun Oct 2:00
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip name-server 123.123.123.4
ip name-server 123.123.123.5
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip accounting-threshold 8000
virtual-profile if-needed
!
async-bootp dns-server 123.123.123.4 123.123.123.5
!
voice-card 0
no dspfarm
!
username fealindar privilege 15 password 7
archive
log config
hidekeys
!
!
ip tcp mss 1452
ip tcp path-mtu-discovery
!
!
!
!
bba-group pppoe global
virtual-template 1
ac name AS3
sessions per-mac limit 1
sessions auto cleanup
!
!
interface Loopback0
no ip address
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/0.901
encapsulation dot1Q 901
no ip proxy-arp
no ip mroute-cache
pppoe enable group global
pppoe max-sessions 300
no cdp enable
!
interface GigabitEthernet0/0.902
encapsulation dot1Q 902
no ip proxy-arp
no ip mroute-cache
pppoe enable group global
pppoe max-sessions 300
no cdp enable
!
interface GigabitEthernet0/0.903
encapsulation dot1Q 903
no ip proxy-arp
no ip mroute-cache
pppoe enable group global
pppoe max-sessions 300
no cdp enable
!
interface GigabitEthernet0/0.904
encapsulation dot1Q 904
no ip proxy-arp
no ip mroute-cache
pppoe enable group global
pppoe max-sessions 300
no cdp enable
!
interface GigabitEthernet0/0.905
encapsulation dot1Q 905
ip address 192.168.103.8 255.255.255.0
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex full
speed 100
no keepalive
no cdp enable
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 123.123.123.6 123.123.123.240
ip broadcast-address 123.123.123.15
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip mroute-cache
ip ospf network broadcast
ip ospf flood-reduction
no cdp enable
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1.2
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
timeout absolute 180 0
no peer default ip address
ppp mtu adaptive
ppp authentication pap
ppp ipcp dns 123.123.123.4 123.123.123.5
ppp ipcp address unique
ppp timeout retry 30
ppp timeout authentication 30
ppp timeout aaa
ppp timeout idle 300
!
router ospf 20
router-id 123.123.123.6
log-adjacency-changes
summary-address 10.0.0.0 255.0.0.0
redistribute connected subnets route-map con-2-os
redistribute static subnets route-map S-2-O
network 123.123.123.0 0.0.0.31 area 5
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 85.90.205.1
ip route 10.0.0.0 255.0.0.0 Null0 254
ip route 172.16.0.0 255.255.0.0 Null0 254
ip route 192.168.0.0 255.255.0.0 Null0 254
!
!
no ip http server
no ip http secure-server
ip nat translation tcp-timeout 100
ip nat translation max-entries 30000
ip nat inside source route-map NAT-ADSL interface GigabitEthernet0/1.2 overload
!
logging trap debugging
logging facility local2
logging 123.123.123.4
access-list 10 remark = S-2-O =
access-list 10 permit 123.123.123.116 0.0.0.3
access-list 98 permit 123.123.123.4
access-list 99 remark SNMP access list
access-list 99 permit 123.123.123.4
access-list 99 permit 123.123.123.5
access-list 99 permit 195.234.220.0 0.0.0.63
access-list 99 deny any log
access-list 120 permit ip 172.16.128.0 0.0.0.255 any
access-list 198 permit ip 195.234.220.0 0.0.0.63 any
access-list 198 permit ip 123.123.123.0 0.0.0.15 any
snmp-server community fuck RW 98
snmp-server ifindex persist
snmp-server enable traps tty
no cdp run
!
route-map st-2-os permit 10
match ip address 50
!
route-map S-2-O permit 10
match ip address 10
match route-type local
!
route-map con-2-os deny 5
match ip address 30
!
route-map con-2-os permit 10
!
route-map NAT-ADSL permit 10
match ip address 120
!
!
!
radius-server attribute 8 include-in-access-req
radius-server host 123.123.123.4 auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 10
radius-server key 7
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 198 in
exec-timeout 0 0
history size 256
transport preferred none
transport input telnet
transport output telnet
line vty 5 15
access-class 198 in
exec-timeout 0 0
history size 256
transport preferred none
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180058
ntp server 123.123.123.1
ntp server 123.123.123.1 source GigabitEthernet0/1.2 prefer
!
end
|
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(??) on 30-Янв-09, 23:36 
