horhe_new (horhe_new) wrote in ru_cisco,
horhe_new
horhe_new
ru_cisco

неправильная работа PPPoE + NAT overload IOS 15.2

День добрый!

Прошу помочь, сталкиваюсь с этим первый раз.

Есть маршрутизатор 7204 VXR (NPE-G1) с IOS 15.2.
Подключен к провайдеру интерфейсом gi0/1, pppoe dialer. Gi0/2 смотрит в локалку. Сабинтерфейсов нет, акцесс листы все приведены ниже. Все ост. порты на маршрутизаторе админ. выключены, кроме gi0/1 и gi0/2. Все стандартно:

int gi0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1


int Dialer1
 mtu 1492
 ip address negotiated
 ip nat outside
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1


int gi0/2
ip address 10.0.100.1 255.255.255.0
ip nat inside

ip route 0.0.0.0 0.0.0.0 Dialer1

ip nat inside source list 10 interface Dialer1 overload
access-list 10 permit 10.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit


sh ip route
[Spoiler (click to open)]

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.100.0/24 is directly connected, GigabitEthernet0/2
L        10.0.100.1/32 is directly connected, GigabitEthernet0/2
      91.0.0.0/32 is subnetted, 2 subnets
C        91.204.176.25 is directly connected, Dialer1
C        91.243.236.71 is directly connected, Dialer1


Внимание, проблема!
Пинги с самой циски (в консоли ping 8.8.8.8) до люб. узлов в глоб. сети идут нормально, а с любого хоста в локалке нет. К примеру, с 10.0.100.2 на 8.8.8.8 пинги не проходят (коммутатор не рассматриваем, т.к. подключаем в порт gi0/2 комп). Трассировка с компа 10.0.100.2 на 8.8.8.8 показ. 1 узел 10.0.100.1, а дальше пакеты не идут.

Смущает еще то, что в списке интерфейсов есть аж 3 интерфейса Virtual-Access.
До этого в конфиге был включен vpdn, затем отключил.

[interface Virtual-Access]Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address is 91.243.236.71/32
  MTU 1492 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Interface is bound to Vi2
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 01:46:00
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 42 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     4739 packets input, 386599 bytes
     3869 packets output, 269233 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 56 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters 00:06:50
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     97 packets input, 6351 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     102 packets output, 5350 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
Virtual-Access1 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed
  Base PPPoE vaccess
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 01:46:01
  Input queue: 0/4096/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  MTU 1492 bytes, BW 56 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoE vaccess, cloned from Dialer1
  Vaccess status 0x44, loopback not set
  Keepalive set (10 sec)
  Interface is bound to Di1 (Encapsulation PPP)
  Last input 00:00:02, output never, output hang never
  Last clearing of "show interface" counters 00:07:08
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     104 packets input, 6811 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     109 packets output, 5808 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions


UPD: всем спасибо, все решилось путем замены IOS на 15.2(4)M6, стиранием старого конфига, конфигурация не менялась.
Debug ip nat показал, что трансляции от лок. источника 10.0.100.10 (хост) завершались неудачей. Хотя в выводах sh ip nat tr и sh ip nat stat все было чисто и нормально.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 39 comments