|
ru.cisco
- RU.CISCO ---------------------------------------------------------------------
From : tenax 2:5020/400 24 Jan 2002 22:46:55
To : All
Subject : роутинг на асинке
--------------------------------------------------------------------------------
Привет!
В качестве NAS стоит 2511, поднят такакс сервер.....Юзер звонит,
аутентифицируется, авторизуется, получает айпи и все ....все стоит....юзера
не видно, он тоже ничего не видит....нутром чую что где-то рядом, а доказать
не могу :(
100% что-то с роутингом.....
.34 - адрес асинк1
.32 - гейт
.33 - NAS
.50 - такакс
Привожу конфиги
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname di-di-gw
!
logging rate-limit console 10 except errors
aaa new-model
aaa authentication ppp default group tacacs+
aaa authorization network default group tacacs+ if-authenticated
aaa accounting network default stop-only group tacacs+
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXXXXXXXXXXXXX
!
clock timezone MSK 3
clock summer-time MSD recurring
ip subnet-zero
no ip routing
no ip finger
ip name-server 21.21.21.10
ip name-server 21.21.21.12
!
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0
ip address 21.21.21.33 255.255.255.0
ip access-group eth0in in
no ip route-cache
no ip mroute-cache
no cdp enable
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no cdp enable
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no cdp enable
!
interface Async1
ip unnumbered Ethernet0
ip access-group asyncin in
ip access-group asyncout out
ip nat inside
encapsulation ppp
no ip route-cache
ip tcp header-compression passive
no ip mroute-cache
async default routing
async mode interactive
peer default ip address 21.21.21.34
ppp authentication chap
!
ip default-gateway 21.21.21.32
ip classless
ip route 0.0.0.0 0.0.0.0 21.21.21.32
no ip http server
!
!
ip access-list extended asyncin
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 0.0.0.0 0.255.255.255 any log
deny ip host 255.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 224.0.0.0 15.255.255.255 any log
deny ip 240.0.0.0 7.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
permit ip 21.21.21.0 0.0.0.255 any
deny ip any any log
ip access-list extended asyncout
permit ip 21.21.21.0 0.0.0.255 any
ip access-list extended eth0in
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 0.0.0.0 0.255.255.255 any log
deny ip host 255.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 224.0.0.0 15.255.255.255 any log
deny ip 240.0.0.0 7.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
permit ip 21.21.21.0 0.0.0.255 any
access-list 99 deny any
no cdp run
tacacs-server host 21.21.21.50
tacacs-server timeout 20
tacacs-server key XXXXXXXXXXXXXX
!
line con 0
transport input none
line 1
modem Dialin
modem autoconfigure type default
transport input all
autoselect during-login
autoselect ppp
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 99 in
exec-timeout 0 1
transport input none
!
end
такакс :
key=XXXXXXXXXXXXXXX
#make one group for all dialup users
group=dialup {
before authorization "/usr/local/sbin/./userin $user $port $address"
after authorization "/usr/local/sbin/./userout $user $port $address"
service=multilink {
max-link="1"
}
service=exec {
idletime=15
}
service=ppp protocol=ip {
default attribute=permit
}
service=ppp
protocol=lcp {
}
}
user=tenax {
member=dialup
chap=cleartext "tenax"
}
user=sam {
member=dialup
chap=cleartext "sam"
}
user=zinus {
member=dialup
chap=cleartext "zinus"
}
--- ifmail v.2.15dev5
* Origin: Diver NNTPCache (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
