horhe_new (horhe_new) wrote in ru_cisco,
horhe_new
horhe_new
ru_cisco

неправильная работа PPPoE + NAT overload IOS 15.2

День добрый!

Прошу помочь, сталкиваюсь с этим первый раз.

Есть маршрутизатор 7204 VXR (NPE-G1) с IOS 15.2.
Подключен к провайдеру интерфейсом gi0/1, pppoe dialer. Gi0/2 смотрит в локалку. Сабинтерфейсов нет, акцесс листы все приведены ниже. Все ост. порты на маршрутизаторе админ. выключены, кроме gi0/1 и gi0/2. Все стандартно:

int gi0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1


int Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1


int gi0/2
ip address 10.0.100.1 255.255.255.0
ip nat inside

ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat inside source list 10 interface Dialer1 overload
access-list 10 permit 10.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit


sh ip route
[Spoiler (click to open)]

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.100.0/24 is directly connected, GigabitEthernet0/2
L        10.0.100.1/32 is directly connected, GigabitEthernet0/2
      91.0.0.0/32 is subnetted, 2 subnets
C        91.204.176.25 is directly connected, Dialer1
C        91.243.236.71 is directly connected, Dialer1


Внимание, проблема!
Пинги с самой циски (в консоли ping 8.8.8.8) до люб. узлов в глоб. сети идут нормально, а с любого хоста в локалке нет. К примеру, с 10.0.100.2 на 8.8.8.8 пинги не проходят (коммутатор не рассматриваем, т.к. подключаем в порт gi0/2 комп). Трассировка с компа 10.0.100.2 на 8.8.8.8 показ. 1 узел 10.0.100.1, а дальше пакеты не идут.

Смущает еще то, что в списке интерфейсов есть аж 3 интерфейса Virtual-Access.
До этого в конфиге был включен vpdn, затем отключил.

[interface Virtual-Access]Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 91.243.236.71/32
  MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi2
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 01:46:00
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     4739 packets input, 386599 bytes
     3869 packets output, 269233 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 56 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters 00:06:50
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     97 packets input, 6351 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     102 packets output, 5350 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
Virtual-Access1 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed
  Base PPPoE vaccess
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 01:46:01
  Input queue: 0/4096/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 56 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:02, output never, output hang never
  Last clearing of "show interface" counters 00:07:08
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     104 packets input, 6811 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     109 packets output, 5808 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions


UPD: всем спасибо, все решилось путем замены IOS на 15.2(4)M6, стиранием старого конфига, конфигурация не менялась.
Debug ip nat показал, что трансляции от лок. источника 10.0.100.10 (хост) завершались неудачей. Хотя в выводах sh ip nat tr и sh ip nat stat все было чисто и нормально.
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

  • 39 comments