|
ru.cisco
- RU.CISCO ---------------------------------------------------------------------
From : Alexander N. Sham 2:5020/400 25 Jan 2002 12:51:15
To : tenax
Subject : Re: роутинг на асинке
--------------------------------------------------------------------------------
Руслан, inside на асинках видно, а где ip nat outside?
>
> Привет!
> В качестве NAS стоит 2511, поднят такакс сервер.....Юзер звонит,
> аутентифицируется, авторизуется, получает айпи и все ....все стоит....юзера
> не видно, он тоже ничего не видит....нутром чую что где-то рядом, а доказать
> не могу :(
> 100% что-то с роутингом.....
>
> .34 - адрес асинк1
> .32 - гейт
> .33 - NAS
> .50 - такакс
>
> Привожу конфиги
> !
> version 12.2
> no service single-slot-reload-enable
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname di-di-gw
> !
> logging rate-limit console 10 except errors
> aaa new-model
> aaa authentication ppp default group tacacs+
> aaa authorization network default group tacacs+ if-authenticated
> aaa accounting network default stop-only group tacacs+
> enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXX
> enable password 7 XXXXXXXXXXXXXXXXXXXXXXXX
> !
> clock timezone MSK 3
> clock summer-time MSD recurring
> ip subnet-zero
> no ip routing
> no ip finger
> ip name-server 21.21.21.10
> ip name-server 21.21.21.12
> !
> no ip dhcp-client network-discovery
> !
> !
> !
> interface Ethernet0
> ip address 21.21.21.33 255.255.255.0
> ip access-group eth0in in
> no ip route-cache
> no ip mroute-cache
> no cdp enable
> !
> interface Serial0
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
> no cdp enable
> !
> interface Serial1
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
> no cdp enable
> !
> interface Async1
> ip unnumbered Ethernet0
> ip access-group asyncin in
> ip access-group asyncout out
> ip nat inside
> encapsulation ppp
> no ip route-cache
> ip tcp header-compression passive
> no ip mroute-cache
> async default routing
> async mode interactive
> peer default ip address 21.21.21.34
> ppp authentication chap
> !
> ip default-gateway 21.21.21.32
> ip classless
> ip route 0.0.0.0 0.0.0.0 21.21.21.32
> no ip http server
> !
> !
> ip access-list extended asyncin
> deny ip 192.168.0.0 0.0.255.255 any log
> deny ip 0.0.0.0 0.255.255.255 any log
> deny ip host 255.255.255.255 any log
> deny ip 127.0.0.0 0.255.255.255 any log
> deny ip 224.0.0.0 15.255.255.255 any log
> deny ip 240.0.0.0 7.255.255.255 any log
> deny ip 10.0.0.0 0.255.255.255 any log
> deny ip 172.16.0.0 0.15.255.255 any log
> permit ip 21.21.21.0 0.0.0.255 any
> deny ip any any log
> ip access-list extended asyncout
> permit ip 21.21.21.0 0.0.0.255 any
> ip access-list extended eth0in
> deny ip 192.168.0.0 0.0.255.255 any log
> deny ip 0.0.0.0 0.255.255.255 any log
> deny ip host 255.255.255.255 any log
> deny ip 127.0.0.0 0.255.255.255 any log
> deny ip 224.0.0.0 15.255.255.255 any log
> deny ip 240.0.0.0 7.255.255.255 any log
> deny ip 10.0.0.0 0.255.255.255 any log
> deny ip 172.16.0.0 0.15.255.255 any log
> permit ip 21.21.21.0 0.0.0.255 any
> access-list 99 deny any
> no cdp run
> tacacs-server host 21.21.21.50
> tacacs-server timeout 20
> tacacs-server key XXXXXXXXXXXXXX
> !
> line con 0
> transport input none
> line 1
> modem Dialin
> modem autoconfigure type default
> transport input all
> autoselect during-login
> autoselect ppp
> stopbits 1
> speed 115200
> flowcontrol hardware
> line aux 0
> line vty 0 4
> access-class 99 in
> exec-timeout 0 1
> transport input none
> !
> end
>
> такакс :
>
> key=XXXXXXXXXXXXXXX
> #make one group for all dialup users
>
> group=dialup {
>
> before authorization "/usr/local/sbin/./userin $user $port $address"
> after authorization "/usr/local/sbin/./userout $user $port $address"
>
> service=multilink {
> max-link="1"
> }
>
> service=exec {
> idletime=15
> }
>
> service=ppp protocol=ip {
> default attribute=permit
> }
>
> service=ppp
> protocol=lcp {
> }
>
> }
>
> user=tenax {
> member=dialup
> chap=cleartext "tenax"
> }
> user=sam {
> member=dialup
> chap=cleartext "sam"
> }
> user=zinus {
> member=dialup
> chap=cleartext "zinus"
> }
--- ifmail v.2.15dev5
* Origin: ISP MAKET Inc. (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
Re: роутинг на асинке 