Архивировано

Эта тема находится в архиве и закрыта для публикации сообщений.

A_Petrenko

Cisco871WK9 + Corbina L2TP

Рекомендованные сообщения

2 User-login

Спасибо.

Немного освободился сейчас перейду к тестам уже более детально :)

Пока откатился на своего старого провайдера - Tesontel.

Они работают по pppoe. Cisco по этому протоколу просто летает B)

Но проблема с ними в другом, даже не в деньгах :rofl:

Они даже при наличии реального IP на моем интерфейсе пытаются проксировать весь трафик, включая 25 порт. Этот идиотиз приводит к тому, что сейчас меня не пускает ни один почтовый сервер, включая мой, который на площадке Zenon, утверждая, что я судя по моему IP адресу - ЗЛОСТНЫЙ СПАМЕР.

Это так сказать - реальная мотивация вернуться к Корбине ;)

По пути, можно попросить Ваш конфиг на этом IOS?

Самому сочинять все - боюсь НИИИАСИЛИТЬ :P

Да не вопрос:

#sh run

Building configuration...

 

Current configuration : 12128 bytes

!

! Last configuration change at 21:13:54 gmt Fri Mar 28 2008 by cisco

! NVRAM config last updated at 21:14:02 gmt Fri Mar 28 2008 by cisco

!

version 12.4

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname 871_router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$.DFc$ubYQQDkJ3eO13f05cyPcl/

!

no aaa new-model

memory-size iomem 25

clock timezone gmt 3

clock summer-time gmt recurring last Sun Mar 2:00 last Sun Oct 2:00

!

ip cef

!

ip domain name corbina.net

ip name-server 195.14.50.1

ip name-server 195.14.50.21

ip multicast-routing

ip inspect name test ntp alert on

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip ips config location flash:/ips5/ retries 1

ip ips fail closed

ip ips deny-action ips-interface

ip ips name ios-ips

!

ip ips signature-category

category all

retired true

category all

retired true

!

ip reflexive-list timeout 120

no ip igmp snooping

login on-failure log

login on-success log

l2tp-class l2-class-1

hostname unknown

receive-window 512

!

!

multilink bundle-name authenticated

vpdn enable

!

password encryption aes

!

!

memory reserve critical 1024

l2tp congestion-control

username ******** privilege 15 secret 5 ********************

username cisco secret 0 cisco

!

crypto key pubkey-chain rsa

named-key realm-cisco.pub signature

key-string

30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101

00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16

17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128

B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E

5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35

FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85

50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36

006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE

2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3

F3020301 0001

quit

!

archive

log config

hidekeys

!

pseudowire-class pw-class-1

encapsulation l2tpv2

protocol l2tpv2 l2-class-1

ip local interface FastEthernet4

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description Corbina intranet

ip address dhcp

ip access-group lan_in in

no ip unreachables

no ip proxy-arp

ip pim neighbor-filter 2

ip pim dense-mode

ip nat outside

ip ips ios-ips in

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface Virtual-PPP1

description Corbina internet

ip address negotiated

ip access-group in_filt in

ip access-group out_filt out

ip verify unicast reverse-path allow-self-ping

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip ips ios-ips in

ip virtual-reassembly

keepalive 60 10

no cdp enable

ppp authentication chap callin

ppp chap hostname **********

ppp chap password 0 *********

pseudowire 85.21.0.255 1 pw-class pw-class-1

!

interface Vlan1

description LAN; ip=192.168.0.1/29

ip address 192.168.0.1 255.255.255.248

ip mtu 1072

ip pim dense-mode

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1032

ip igmp helper-address 10.84.72.1

ip igmp mroute-proxy FastEthernet4

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 10.0.0.0 255.0.0.0 dhcp

ip route 89.179.135.67 255.255.255.255 dhcp

ip route 85.21.79.0 255.255.255.0 dhcp

ip route 85.21.90.0 255.255.254.0 dhcp

ip route 195.14.50.1 255.255.255.255 dhcp

ip route 195.14.50.16 255.255.255.255 dhcp

ip route 195.14.50.21 255.255.255.255 dhcp

ip route 195.14.50.26 255.255.255.255 dhcp

ip route 195.14.50.93 255.255.255.255 dhcp

ip route 83.102.231.32 255.255.255.240 dhcp

ip route 85.21.108.16 255.255.255.240 dhcp

ip route 78.107.69.98 255.255.255.255 dhcp

ip route 85.21.0.255 255.255.255.255 dhcp

ip route 85.21.88.130 255.255.255.255 dhcp

ip route 85.21.138.208 255.255.255.240 dhcp

ip route 85.21.52.254 255.255.255.255 dhcp

ip route 83.102.146.96 255.255.255.224 dhcp

ip route 78.107.23.0 255.255.255.0 dhcp

ip route 85.21.72.80 255.255.255.240 dhcp

!

no ip http server

ip http secure-server

ip dns server

ip pim autorp listener

ip mroute 85.21.91.0 255.255.255.0 10.84.72.1

ip mroute 172.16.16.0 255.255.255.0 10.84.72.1

ip nat inside source static udp 192.168.0.2 63540 interface Virtual-PPP1 63540

ip nat inside source static tcp 192.168.0.2 63530 interface Virtual-PPP1 63530

ip nat inside source route-map local interface FastEthernet4 overload

ip nat inside source route-map public interface Virtual-PPP1 overload

!

ip access-list extended in_filt

permit icmp any any echo

permit icmp any any echo-reply

permit icmp any any source-quench

permit icmp any any packet-too-big

permit icmp any any unreachable

permit icmp any any time-exceeded

deny icmp any any

permit tcp host xxx.xxx.xxx.xxx any eq 22

permit tcp host xxx.xxx.xxx.xxx any eq 22

permit tcp any any eq 63530

permit tcp any any eq 8080

permit udp any any eq isakmp non500-isakmp domain 63540

permit udp host 138.96.64.10 any eq ntp

permit gre any any

evaluate traffic

deny ip any any

ip access-list extended lan_in

permit icmp any any log

permit udp any eq bootps any eq bootpc

permit udp any eq domain any

permit udp any eq 1701 any eq 1701

permit tcp any any established

permit igmp any any

permit udp 172.16.16.0 0.0.0.255 any

deny ip any any

ip access-list extended nat

permit ip 192.168.0.0 0.0.0.7 any

ip access-list extended out_filt

permit tcp any any reflect traffic

permit esp any any reflect traffic

permit udp any any reflect traffic

permit icmp any any reflect traffic

deny ip any any log-input

!

access-list 1 permit xxx.xxx.xxx.xxx

access-list 1 permit xxx.xxx.xxx.xxx

access-list 1 permit xxx.xxx.xxx.xxx

access-list 1 permit xxx.xxx.xxx.xxx

access-list 1 permit xxx.xxx.xxx.xxx 0.0.0.63

access-list 1 permit xxx.xxx.xxx.xxx 0.0.0.255

access-list 2 deny any

!

route-map public permit 10

match ip address nat

match interface Virtual-PPP1

!

route-map local permit 10

match ip address nat

match interface FastEthernet4

!

control-plane

!

alias exec qm sh cry isa sa

alias exec ses sh cry session remote

!

line con 0

exec-timeout 0 0

no modem enable

line aux 0

no exec

line vty 0 4

access-class 1 in

exec-timeout 60 0

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler interval 5000

ntp clock-period 17174984

ntp server 138.96.64.10 source Virtual-PPP1

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

Вот конфиг с работающего....

Я его почистил от всякой рабочей требухи, если убил что-то нужное или появятся вопросы - пишите.

 

А вообще никто не вкурсе, не планирует ли Корбина без лимитного тарифа в 1 Мбит за 300 руб? А то мне 2 много да и дорого...

 

 

 

 

Доброе время суток!

 

Извините за то, что повторяюсь, тема не раз обсуждалась. Решение для себя пока не нашел (

Проблема в падение туннеля l2tp каждую минуту.

Думаю причина в том, что при поднятии туннеля происходит перезапись маршрута для 85.21.0.255 (tp.corbina.net)

 

 

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 85.21.0.255 255.255.255.255 dhcp

ip route 10.0.0.0 255.0.0.0 dhcp

 

 

 

sh ip route

без поднятого туннеля

 

Gateway of last resort is 10.220.0.1 to network 0.0.0.0

 

85.0.0.0/32 is subnetted, 1 subnets

S 85.21.0.255 [1/0] via 10.220.0.1

83.0.0.0/32 is subnetted, 1 subnets

S 83.102.233.200 [254/0] via 10.220.0.1, FastEthernet4

172.16.0.0/25 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, BVI1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

S 10.0.0.0/8 [1/0] via 10.220.0.1

C 10.220.0.0/21 is directly connected, FastEthernet4

89.0.0.0/32 is subnetted, 1 subnets

S 89.179.135.67 [254/0] via 10.220.0.1

195.14.50.0/32 is subnetted, 1 subnets

S 195.14.50.26 [254/0] via 10.220.0.1

S* 0.0.0.0/0 [254/0] via 10.220.0.1

 

Router851W#traceroute 85.21.0.255

 

Type escape sequence to abort.

Tracing the route to vpn255-l0.msk.corbina.net (85.21.0.255)

 

1 10.220.0.1 4 msec 0 msec 4 msec

2 10.219.6.49 0 msec 0 msec 0 msec

3 10.219.5.233 8 msec 0 msec 4 msec

4 mo-bb-teng2-1.msk.corbina.net (195.14.54.250) 144 msec 8 msec 4 msec

5 10.2.250.11 8 msec * 4 msec

 

 

 

sh ip route

 

с поднятым туннелем

 

 

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

 

85.0.0.0/32 is subnetted, 1 subnets

C 85.21.0.255 is directly connected, Virtual-PPP1

83.0.0.0/32 is subnetted, 1 subnets

S 83.102.233.200 [254/0] via 10.220.0.1, FastEthernet4

172.16.0.0/25 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, BVI1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

S 10.0.0.0/8 [1/0] via 10.220.0.1

C 10.220.0.0/21 is directly connected, FastEthernet4

95.0.0.0/32 is subnetted, 1 subnets

C 95.24.140.171 is directly connected, Virtual-PPP1

89.0.0.0/32 is subnetted, 1 subnets

S 89.179.135.67 [254/0] via 10.220.0.1

195.14.50.0/32 is subnetted, 1 subnets

S 195.14.50.26 [254/0] via 10.220.0.1

S* 0.0.0.0/0 is directly connected, Virtual-PPP1

 

 

 

Router851W#traceroute 85.21.0.255

 

Type escape sequence to abort.

Tracing the route to vpn255-l0.msk.corbina.net (85.21.0.255)

 

1 * * *

2 * * *

3 * * *

4 * * *

5 * * *

 

 

 

 

Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T9, RELEASE SOFTWARE (fc5)

Copyright © 1986-2009 by Cisco Systems, Inc.

Compiled Wed 29-Apr-09 08:48 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI, RELEASE SOFTWARE

System returned to ROM by reload

 

System image file is "flash:c850-advsecurityk9-mz.124-15.T9.bin"

 

 

 

config:

 

 

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router851W

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxx

!

no aaa new-model

clock timezone moscow 3

clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00

clock save interval 8

!

crypto pki trustpoint TP-self-signed-3414444794

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3414444794

revocation-check none

rsakeypair TP-self-signed-3414444794

!

!

crypto pki certificate chain TP-self-signed-3414444794

certificate self-signed 01

30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

quit

dot11 syslog

!

dot11 ssid air

max-associations 5

authentication open

authentication key-management wpa

wpa-psk ascii 7 xxx

!

no ip dhcp use vrf connected

ip dhcp excluded-address 172.16.1.1

ip dhcp excluded-address 172.16.1.2

ip dhcp excluded-address 172.16.1.3

ip dhcp excluded-address 172.16.1.4

ip dhcp excluded-address 172.16.1.5

ip dhcp excluded-address 172.16.1.50

!

ip dhcp pool local_home

import all

network 172.16.1.0 255.255.255.128

default-router 172.16.1.1

dns-server 85.21.192.3 213.234.192.8

lease 3

!

ip dhcp pool hp

host 172.16.1.50 255.255.255.128

hardware-address 001f.29b2.1cdb

!

!

ip cef

l2tp-class corbina

receive-window 128

!

!

!

!

username vmois privilege 15 secret 5 xxx

!

!

archive

log config

hidekeys

!

!

pseudowire-class class1

encapsulation l2tpv2

protocol l2tpv2 corbina

ip local interface FastEthernet4

!

!

bridge irb

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description #corbina l2tp#

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Dot11Radio0

no ip address

!

encryption mode ciphers tkip

!

ssid air

!

speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0

power local cck 7

power local ofdm 7

power client 20

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Virtual-PPP1

description #corbina inet#

ip address negotiated

ip mtu 1380

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1320

no cdp enable

ppp authentication chap callin

ppp chap hostname xxx

ppp chap password 7 xxx

pseudowire 85.21.0.255 1 pw-class class1

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Dialer0

description ###PPPoE STREAM###

ip ddns update hostname soho.homeunix.com

ip ddns update dyndns host members.dyndns.org

ip address negotiated

ip access-group IN_FROM_ISP in

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

shutdown

dialer pool 1

ppp authentication chap pap callin

ppp chap hostname pppxxx@mtu

ppp chap password 7 xxx

ppp pap sent-username pppxxx@mtu password 7 xxx

ppp ipcp dns request accept

!

interface BVI1

ip address 172.16.1.1 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 85.21.0.255 255.255.255.255 dhcp

ip route 10.0.0.0 255.0.0.0 dhcp

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip dns server

ip nat translation timeout 3600

ip nat translation tcp-timeout 3600

ip nat translation udp-timeout 600

ip nat inside source list corbina_lan interface FastEthernet4 overload

ip nat inside source list corbina_wan interface Virtual-PPP1 overload

!

ip access-list extended corbina_lan

permit ip 172.16.1.0 0.0.0.127 10.0.0.0 0.255.255.255

ip access-list extended corbina_wan

permit ip 172.16.1.0 0.0.0.127 any

!

no cdp run

!

control-plane

!

bridge 1 route ip

!

line con 0

exec-timeout 0 0

no modem enable

line aux 0

line vty 0 4

exec-timeout 0 0

password 7 xxx

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

 

 

 

debug ppp authen

 

 

*Aug 7 19:18:51.987: Vp1 PPP: Authorization required

*Aug 7 19:18:51.987: Vp1 PPP: No remote authentication for call-out

*Aug 7 19:18:54.007: Vp1 PPP: No authorization without authentication

*Aug 7 19:18:54.019: Vp1 CHAP: I CHALLENGE id 1 len 28 from "bras255"

*Aug 7 19:18:54.019: Vp1 CHAP: Using hostname from interface CHAP

*Aug 7 19:18:54.019: Vp1 CHAP: Using password from interface CHAP

*Aug 7 19:18:54.019: Vp1 CHAP: O RESPONSE id 1 len 26 from "xxx"

*Aug 7 19:18:54.079: Vp1 CHAP: I SUCCESS id 1 len 4

 

 

debug vpdn l2x-errrors

 

 

*Aug 7 19:15:29.219: L2TP tnl 010A2:________: Create tunnel

*Aug 7 19:15:29.223: L2TP tnl 010A2:________: version set to V2

*Aug 7 19:15:29.223: L2TP tnl 010A2:________: remote ip set to 85.21.0.255

*Aug 7 19:15:29.223: L2TP tnl 010A2:________: local ip set to 10.220.0.82

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: class name corbina

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: FSM-CC ev Session-Conn

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: FSM-CC Idle->Wt-Sock

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: FSM-CC do Session-Conn-Sock

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: Session count now 1

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: XCONNECT Session count now 1

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: Open sock 10.220.0.82:1701->85.21.0.255:1701

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: FSM-CC ev Sock-Ready

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: FSM-CC Wt-Sock->Wt-SCCRP

*Aug 7 19:15:29.223: L2TP tnl 010A2:0000C692: FSM-CC do Tx-SCCRQ

*Aug 7 19:15:29.227: L2TP 00005:010A2:000000A4: Session attached

*Aug 7 19:15:29.227: L2TP 00005:010A2:000000A4:

*Aug 7 19:15:29.227: L2TP 00005:010A2:000000A4: FSM-Sn ev DP-Setup

*Aug 7 19:15:29.227: L2TP 00005:010A2:000000A4: FSM-Sn in Wt-CC

*Aug 7 19:15:29.227: L2TP 00005:010A2:000000A4: FSM-Sn do Ignore-DP-Setup

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: FSM-CC ev Rx-SCCRP

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: FSM-CC Wt-SCCRP->Proc-SCCRP

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: FSM-CC do Rx-SCCRP

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: FSM-CC ev SCCRP-OK

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: FSM-CC Proc-SCCRP->established

*Aug 7 19:15:29.235: L2TP tnl 010A2:0000C692: FSM-CC do Tx-SCCCN

*Aug 7 19:15:29.239: L2TP tnl 010A2:0000C692: Control channel up

*Aug 7 19:15:29.239: L2TP tnl 010A2:0000C692: 10.220.0.82<->85.21.0.255

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn ev CC-Up

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn Wt-CC->Wt-Sock

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn do CC-Up

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: Session needs to have:

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: V2 V3 Eth VLAN HDLC PPP FR-DLCI

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: ATM-PORT ATM-VP ATM-VC-CELL IP

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: Tie-Breaker

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: Peer cc can do:

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: V2 Tie-Breaker

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: Open sock 10.220.0.82:1701->85.21.0.255:1701

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn ev Sock-Ready

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn Wt-Sock->Wt-Tx-ICRQ

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn do Tx-ICRQ-Local-Check

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn ev Local-Cont

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn Wt-Tx-ICRQ->Wt-Rx-ICRP

*Aug 7 19:15:29.239: L2TP 00005:010A2:000000A4: FSM-Sn do Tx-ICRQ

*Aug 7 19:15:29.243: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:15:29.243: L2TP 00005:010A2:000000A4: FSM-Sn ev Rx-ICRP

*Aug 7 19:15:29.243: L2TP 00005:010A2:000000A4: FSM-Sn Wt-Rx-ICRP->Proc-ICRP

*Aug 7 19:15:29.243: L2TP 00005:010A2:000000A4: FSM-Sn do Rx-ICRP

*Aug 7 19:15:29.243: L2TP 00005:010A2:000000A4: Session data plane UP

*Aug 7 19:15:29.243: L2TP 00005:010A2:000000A4: Remote AC is now UP

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4:

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: XCONNECT: process AVPs

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4:

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: FSM-Sn ev Local-Up

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: FSM-Sn in Proc-ICRP

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: FSM-Sn do Noop-Local-State-Change

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4:

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: FSM-Sn ev ICRP-OK

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: FSM-Sn Proc-ICRP->Wt-Tx-ICCN

*Aug 7 19:15:29.247: L2TP 00005:010A2:000000A4: FSM-Sn do Tx-ICCN-Local-Check

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: FSM-Sn ev Local-Cont

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: FSM-Sn Wt-Tx-ICCN->established

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: FSM-Sn do Tx-ICCN

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4:

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: FSM-Sn ev Established

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: FSM-Sn in established

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: FSM-Sn do Established

*Aug 7 19:15:29.251: L2TP 00005:010A2:000000A4: Session up

*Aug 7 19:15:29.255: L2TP 00005:010A2:000000A4: 10.220.0.82<->85.21.0.255

*Aug 7 19:15:29.255: L2TP 00005:010A2:000000A4: FSM-Sn ev Local-Up

*Aug 7 19:15:29.255: L2TP 00005:010A2:000000A4: FSM-Sn in established

*Aug 7 19:15:29.255: L2TP 00005:010A2:000000A4: FSM-Sn do Tx-SLI

*Aug 7 19:15:32.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up

 

 

Aug 7 19:16:25.755: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down

*Aug 7 19:16:29.251: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:16:29.851: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up

*Aug 7 19:16:33.263: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:16:42.255: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:16:50.259: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:16:58.259: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:17:06.263: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:17:14.267: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:17:22.267: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:17:28.943: L2TP tnl 010A2:0000C692: Control connection authentication skipped/passed.

*Aug 7 19:17:28.943: L2TP _____:________: ERROR: CDN AVP 46, vendor 0: unknown

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4: Unknown IETF AVP 46 in CM CDN

*Aug 7 19:17:28.943: L2TP _____:________: ERROR: CDN AVP 104, vendor 9: unknown

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4: Unknown Cisco AVP 104 in CM CDN

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4: FSM-Sn ev Rx-CDN

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4: FSM-Sn established->Idle

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4: FSM-Sn do Rx-CDN

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4: XCONNECT: process AVPs

*Aug 7 19:17:28.943: L2TP 00005:010A2:000000A4:

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Shutting down session

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Result Code

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Call disconnected, refer to error msg (2)

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Error Code

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Vendor specific (6)

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Vendor Error

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: None (0)

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Optional Message

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: "Locally generated disconnect"

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4:

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: FSM-Sn ev Shut

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: FSM-Sn Idle->Dead

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: FSM-Sn do Destroy

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4:

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Session down

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: 10.220.0.82<->85.21.0.255

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Destroying session

*Aug 7 19:17:28.947: L2TP 00005:010A2:000000A4: Request teardown data plane

*Aug 7 19:17:28.947: L2TP tnl 010A2:0000C692: FSM-CC ev Session-Disc

*Aug 7 19:17:28.947: L2TP tnl 010A2:0000C692: FSM-CC in established

*Aug 7 19:17:28.947: L2TP tnl 010A2:0000C692: FSM-CC do Session-Disc-Est

*Aug 7 19:17:28.947: L2TP tnl 010A2:0000C692: Session count now 0

*Aug 7 19:17:28.951: L2TP tnl 010A2:0000C692: XCONNECT Session count now 0

*Aug 7 19:17:28.951: L2TP tnl 010A2:0000C692: FSM-CC ev No-Users

*Aug 7 19:17:28.951: L2TP tnl 010A2:0000C692: FSM-CC established->Est-No-User

*Aug 7 19:17:28.951: L2TP tnl 010A2:0000C692: FSM-CC do No-Users

*Aug 7 19:17:28.951: L2TP tnl 010A2:0000C692: No more cc users, shutdown (likely) in 15 secs

*Aug 7 19:17:28.951: L2TP 00005:_____:________: Session detached

*Aug 7 19:17:29.939: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down

 

 

deb ppp nego

 

*Aug 8 10:36:45.847: Vp1 LCP: State is Open

*Aug 8 10:36:45.851: Vp1 PPP: Phase is AUTHENTICATING, by the peer

*Aug 8 10:36:45.867: Vp1 CHAP: I CHALLENGE id 1 len 28 from "bras255"

*Aug 8 10:36:45.871: Vp1 CHAP: Using hostname from interface CHAP

*Aug 8 10:36:45.871: Vp1 CHAP: Using password from interface CHAP

*Aug 8 10:36:45.871: Vp1 CHAP: O RESPONSE id 1 len 26 from "xxx"

*Aug 8 10:36:45.959: Vp1 CHAP: I SUCCESS id 1 len 4

*Aug 8 10:36:45.959: Vp1 PPP: Phase is FORWARDING, Attempting Forward

*Aug 8 10:36:45.959: Vp1 PPP: Queue IPCP code[1] id[1]

*Aug 8 10:36:45.959: Vp1 PPP: Phase is ESTABLISHING, Finish LCP

*Aug 8 10:36:45.963: Vp1 PPP: Phase is UP

*Aug 8 10:36:45.963: Vp1 IPCP: O CONFREQ [Closed] id 1 len 10

*Aug 8 10:36:45.963: Vp1 IPCP: Address 0.0.0.0 (0x030600000000)

*Aug 8 10:36:45.963: Vp1 PPP: Process pending ncp packets

*Aug 8 10:36:45.963: Vp1 IPCP: Redirect packet to Vp1

*Aug 8 10:36:45.963: Vp1 IPCP: I CONFREQ [REQsent] id 1 len 10

*Aug 8 10:36:45.963: Vp1 IPCP: Address 85.21.0.255 (0x0306551500FF)

*Aug 8 10:36:45.963: Vp1 IPCP: O CONFACK [REQsent] id 1 len 10

*Aug 8 10:36:45.963: Vp1 IPCP: Address 85.21.0.255 (0x0306551500FF)

*Aug 8 10:36:45.979: Vp1 IPCP: I CONFNAK [ACKsent] id 1 len 10

*Aug 8 10:36:45.979: Vp1 IPCP: Address 95.24.128.1 (0x03065F188001)

*Aug 8 10:36:45.979: Vp1 IPCP: O CONFREQ [ACKsent] id 2 len 10

*Aug 8 10:36:45.979: Vp1 IPCP: Address 95.24.128.1 (0x03065F188001)

*Aug 8 10:36:45.987: Vp1 IPCP: I CONFACK [ACKsent] id 2 len 10

*Aug 8 10:36:45.987: Vp1 IPCP: Address 95.24.128.1 (0x03065F188001)

*Aug 8 10:36:45.987: Vp1 IPCP: State is Open

*Aug 8 10:36:45.987: Vp1 IPCP: Install negotiated IP interface address 95.24.128.1

*Aug 8 10:36:45.987: Vp1 IPCP: Install route to 85.21.0.255

*Aug 8 10:36:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to up

 

 

Aug 8 10:39:14.351: Vp1 LCP: State is Listen

*Aug 8 10:39:14.359: Vp1 IPCP: Remove route to 85.21.0.255

*Aug 8 10:39:15.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down

 

 

Регистрация на сервере корбины происходит, примерно на 1 мин

Подскажите плиз, чего подебажить, как победить.

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах
как победить.

Рецепт by vanitka:

В настройках интерфейса Virtual-ppp1 добавить:

no peer neighbor-route

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Ещё полезно добавить ip tcp path-mtu-discovery что бы мту сам подстраивался. На Интерфейсах МТУ можно отключить.

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах

Есть две известные проблемы:

 

1) Интерфейс не получает IP-адресацию

2) PPP (L2TP) интерфейс падает через минуту после поднятия, в силу того что перестает быть доступен шлюз

 

Решается:

 

1) Заменой IOS с 12.4 на 15.0 и выше

2) no ip gratuitous-arps

 

Все остальное - мелкие проблемы, ошибки конфигурации. Админов вменяемых в провайдере нет. Потому уверен мой опыт станет полезным.

Поделиться сообщением


Ссылка на сообщение
Поделиться на других сайтах