Sickgolem
-
Gesamte Inhalte
7 -
Registriert seit
-
Letzter Besuch
Beiträge erstellt von Sickgolem
-
-
Hallo,
folgende Frage.
Ich würde genre allen Traffic von bestimmten public IP Addressen 80.xxx.xxx.xxx und 217.xxx.xxx.xxx auf eine
interne IP routen 192.168.0.201
Im ersten Schritt habe ich erst einmal ohne alle Einschränkungen allen
Traffic auf die interne IP 192.168.0.201 schicken wollen.
Dazu habe ich folgende config Änderung vorgenmmen.
ip nat inside source static 192.168.0.201 217.91.xxx.xxx
Leider funktioniert es nicht.
Anbei die Config.
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2MBSDSL
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxx
clock timezone cst 0
clock summer-time EDT recurring
no aaa new-model
ip subnet-zero
no ip cef
!
!
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
description SDSL
no ip address
ip tcp adjust-mss 1452
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Ethernet1/0
description Internes Lan
ip address 192.168.0.200 255.255.255.0
ip nat inside
full-duplex
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname feste-ip/TBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxxxx
ppp pap sent-username feste-ip/TBxxxxxxxxxxxxxxxxxxxxxxxxxxxx password 0 xxxxxxxxxxxxxxxxxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip nat inside source static 192.168.0.201 217.91.xxx.xxx
!
!
access-list 1 permit any
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit tcp 192.0.168.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
end
-
Gleiches problem
Komisch ist die Antwort die ich auf dem Router von der
genstelle bekomme.
Vi1 PAP: I AUTH-NAK id 1 len 39 msg is "0012 PSFFM002 0345625243 test user"
-
Hi,
denke ich brauch die Ip nicht.
Aber du Hast schon Recht checke es noch mal mit dem Eintrag
interface Dialer1
ip address 217.xxx.xxx.xxx 255.255.255.255
Melde mich gleich.
-
Hallo,
habe die config etwas geändert.
Anbei die show running.
Problem ist aber leider noch immer vorhanden.
Hat vielleicht jemand einen Tip,
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2MBSDSL
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxx
!
no aaa new-model
no ip subnet-zero
no ip cef
!
!
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
description SDSL
no ip address
ip nat outside
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/0
description Internes Lan
ip address 192.168.0.200 255.255.255.0
ip nat inside
full-duplex
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
no ip route-cache
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname t-online-com217.xxx.xxx.xxxTBxxxxxxxxxxxxx6@t-online-com.de
ppp chap password 0 xxxxxxxxxxxxxx
ppp pap sent-username t-online-com217.xxx.xxx.xxxTBxxxxxxxx@t-online-com.de password 0 xxxxxx
!
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip nat inside source list 1 interface Dialer1 overload
!
!
access-list 1 permit any
access-list 1 permit 192.168.0.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password xxxxxxx
login
!
!
end
2MBSDSL#
%DIALER-6-BIND: Interface Vi1 bound to profile Di1
00:04:17: Vi1 PPP: Using dialer call direction
00:04:17: Vi1 PPP: Treating connection as a callout
00:04:17: Vi1 PPP: Authorization required
00:04:17: Vi1 PPP: No remote authentication for call-out
00:04:17: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
00:04:17: Vi1 PPP: No authorization without authentication
00:04:17: Vi1 PAP: Using hostname from interface PAP
00:04:17: Vi1 PAP: Using password from interface PAP
00:04:17: Vi1 PAP: O AUTH-REQ id 1 len 67 from "t-online-com217.xxx.xxx.xxxTBxxxxxxxxxx@t-online-com.de"
00:04:17: Vi1 PAP: I AUTH-NAK id 1 len 39 msg is "0012 PSFFM002 0345625243 test user"
00:04:17: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
00:04:17: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
hier mal meine runnining conf.
Stehe echt auf dem Schlauch.
-
Hallo,
Danke erst mal für das freundliche Wilkommen.
Ich checke deine Angaben mal und melde mich.
-
Hallo,
habe ein Problem mit einem 2610 an einer SDSL Leitung mit fixer IP der T-Com.
Problem ist das ich die Einwahl per PPOE nicht hinbekomme.
Freue mich auf Hilfe.
Hier mal ein sh running und ein debug ppp auth
2MBSDSL>enable
Password:
2MBSDSL#show running
Building configuration...
Current configuration : 1269 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2MBSDSL
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxx!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
description SDSL
no ip address
ip nat outside
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/0
description Internes Lan
ip address 192.168.0.200 255.255.255.0
ip nat inside
full-duplex
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
no ip route-cache
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
description T-Com SDSL mit fester ip
ppp pap sent-username t-online-com/fest.ipxxx.xxx.xxx.x/userxxxxxxxxxxx@t-online-com.de password 0 xxxxxxxxxxxxxxx
!
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip nat inside source list 1 interface Dialer1 overload
!
!
access-list 1 permit any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password xxxx
login
!
!
end
2MBSDSL#
Und hier nun mal ein deb ppp auth
2MBSDSL#terminal monitor
2MBSDSL#debug ppp auth
PPP authentication debugging is on
2MBSDSL#
2MBSDSL#
*Mar 1 04:54:23.074: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 1 04:54:23.074: Vi1 PPP: Using dialer call direction
*Mar 1 04:54:23.078: Vi1 PPP: Treating connection as a callout
*Mar 1 04:54:23.078: Vi1 PPP: Authorization required
*Mar 1 04:54:23.078: Vi1 PPP: No remote authentication for call-out
*Mar 1 04:54:23.082: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar 1 04:54:23.082: Vi1 DDR: Dialer statechange to up
*Mar 1 04:54:23.142: Vi1 PPP: No authorization without authentication
*Mar 1 04:54:23.142: Vi1 PAP: Using hostname from interface PAP
*Mar 1 04:54:23.142: Vi1 PAP: Using password from interface PAP
*Mar 1 04:54:23.142: Vi1 PAP: O AUTH-REQ id 1 len 69 from "t-online-com/xxx.xxx.xxx.x/xxxxxxxxxxxxxxxxx@t-online-com.de"
*Mar 1 04:54:23.679: Vi1 PAP: I AUTH-NAK id 1 len 24 msg is "Zugriff verweigert "
*Mar 1 04:54:23.691: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
*Mar 1 04:54:23.699: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
*Mar 1 04:54:46.187: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 1 04:54:46.187: Vi1 PPP: Using dialer call direction
*Mar 1 04:54:46.187: Vi1 PPP: Treating connection as a callout
*Mar 1 04:54:46.191: Vi1 PPP: Authorization required
*Mar 1 04:54:46.191: Vi1 PPP: No remote authentication for call-out
*Mar 1 04:54:46.191: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Mar 1 04:54:46.195: Vi1 DDR: Dialer statechange to up
*Mar 1 04:54:46.264: Vi1 PPP: No authorization without authentication
*Mar 1 04:54:46.264: Vi1 PAP: Using hostname from interface PAP
*Mar 1 04:54:46.264: Vi1 PAP: Using password from interface PAP
*Mar 1 04:54:46.264: Vi1 PAP: O AUTH-REQ id 1 len 69 from "t-online-com/xxx.xxxxxx./xxxxxxxxxxxxx@t-online-com.de"
*Mar 1 04:54:46.480: Vi1 PAP: I AUTH-NAK id 1 len 24 msg is "Zugriff verweigert "
Cisco 3640 mit festen IPs
in Cisco Forum — Allgemein
Geschrieben
Hi,
ich habe eine Cisco 3640 mit 2 MBSDSL.
Ethernet Port 0/1 ist der dialup für SDSL per PPPOE
Ethernet Port 0/0 ist der Port fürs Lan.
Dem Router wird bei der Verbindung die IP xxx.xxx.100.193 zugewiesen WAN Seite.
Zusätzlich wird der Adressbereich xxx.xxx.196.224/29 geroutet.
Der 3640 soll die xxx.xxx.196.225 bekommen.
Der Rest der IPs soll dem Lan als IPs zur Verfügung stehen.
Alle IPs sollen aus dem Internet erreichbar sein und aus dem Lan das Internet.
Habe folgende Konfiguration, aber es klappt noch nicht.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3640
!
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username Trapp
clock timezone cet 2
ip subnet-zero
!
!
no ip domain-lookup
!
ip cef
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface Ethernet0/0
description " Lan "
ip address xxx.xxx.196.225 255.255.255.248
no ip proxy-arp
half-duplex
no cdp enable
hold-queue 100 out
interface Ethernet0/1
description " Wan Interface "
no ip address
no ip proxy-arp
ip nat inside
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
hold-queue 100 out
!
interface Dialer1
description " PPP-Dialup "
mtu 1456
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip pim bidir-enable
!
!
no cdp run
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 1200 0
ial-peer cor custom
!
!
!
!
line con 0
exec-timeout 1200 0
stopbits 1
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
line vty 5 15
exec-timeout 1200 0
password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
!
scheduler max-task-time 5000
ntp server 130.149.17.21
Hoffe Ihr könnt helfen.
Stehe auf dem Schlauch.