CISCO 871

tcpмоеip · 13 февраля 2009

Доброго времени суток.

Опыт работы с CISCO не большой

Проблема: не устанавливается туннель.

Имеем:

taylung#sh ver 
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T5,  RELEASE SOFTWARE (fc4)

определим локальные настройки:

>nslookup tp.corbina.net 
Name:	tp.corbina.net 
Addresses:  85.21.0.255, 85.21.0.251, 85.21.0.253 

>ipconfig /all 

Настройка протокола IP для Windows 

	IP-адрес  . . . . . . . . . . . . : 10.246.4.212 
	Маска подсети . . . . . . . . . . : 255.255.248.0 
	Основной шлюз . . . . . . . . . . : 10.246.0.1 
	DHCP-сервер . . . . . . . . . . . : 83.102.233.200 
	DNS-серверы . . . . . . . . . . . : 213.234.192.8 
										85.21.192.3

Конфиг CISCO:

! 
version 12.4 
no service pad 
service timestamps debug datetime msec 
service timestamps log datetime msec 
service password-encryption 
! 
hostname taylung 
! 
boot-start-marker 
boot-end-marker 
! 
enable secret 5 ******* 
! 
aaa new-model 
! 
! 
aaa authentication login default local 
aaa authentication ppp default none 
aaa authorization network default local 
! 
! 
aaa session-id common 
clock timezone moscow 3 
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00 
clock save interval 8 
! 
! 
! 
! 
no ip dhcp use vrf connected 
ip dhcp excluded-address 192.168.1.1 192.168.1.7 
! 
ip dhcp pool HOME 
  import all 
  network 192.168.1.0 255.255.255.0 
  default-router 192.168.1.1 
  dns-server 192.168.1.1 
  lease 5 
! 
! 
ip domain name corbina.net 
ip name-server 213.234.192.8 
ip name-server 85.21.192.3 
ip auth-proxy max-nodata-conns 3 
ip admission max-nodata-conns 3 
l2tp-class corbina 
! 
! 
! 
! 
username **** privilege 15 ***** 
! 
! 
archive 
log config 
 hidekeys 
! 
! 
ip tftp source-interface Vlan1 
pseudowire-class class1 
encapsulation l2tpv2 
protocol l2tpv2 corbina 
ip local interface FastEthernet4 
! 
! 
! 
! 
interface FastEthernet0 
! 
interface FastEthernet1 
! 
interface FastEthernet2 
! 
interface FastEthernet3 
! 
interface FastEthernet4 
description LanCorbina 
no ip address 
ip mask-reply 
ip mtu 1460 
ip nat outside 
ip virtual-reassembly 
duplex auto 
speed auto 
! 
interface Virtual-PPP1 
description LanCorbinaVirtualPPP 
ip address negotiated 
ip mtu 1460 
ip nat outside 
ip virtual-reassembly 
no cdp enable 
ppp authentication chap callout 
ppp chap hostname мой_логин 
ppp chap password 7 мой_пароль 
pseudowire 85.21.0.253 10 pw-class class1 
! 
! 
interface Vlan1 
ip address 192.168.1.1 255.255.255.0 
ip nat inside 
ip virtual-reassembly 
! 
ip forward-protocol nd 
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 
ip route 10.0.0.0 255.0.0.0 dhcp 
ip route 85.21.0.255 255.255.255.255 dhcp 
ip route 195.14.50.16 255.255.255.255 dhcp 
ip route 195.14.50.26 255.255.255.255 dhcp 
ip route 195.14.50.93 255.255.255.255 dhcp 
ip route 213.234.192.8 255.255.255.255 dhcp 
ip route 85.21.0.253 255.255.255.255 dhcp 
! 
! 
no ip http server 
no ip http secure-server 
ip nat inside source list 101 interface FastEthernet4 overload 
! 
access-list 101 permit ip any any 
access-list 101 permit udp any any 
access-list 101 permit tcp any any 
access-list 101 permit icmp any any 
access-list 101 permit igmp any any 
no cdp run 
! 
! 
! 
! 
control-plane 
! 
! 
line con 0 
password 7 ******** 
no modem enable 
line aux 0 
line vty 0 4 
password 7 ******* 
! 
scheduler max-task-time 5000 
end

Дебажим, ибо туннель не устанавливается debug l2tp all:

*Feb 12 22:35:57.183: L2X	  1:_____:_____: 
*Feb 12 22:35:57.183: L2X	  1:_____:_____: APP->L2TP: Session reopen, 
*Feb 12 22:35:57.183: L2X	  1:_____:_____:			sock 0xBC000001 
*Feb 12 22:35:57.183: L2X	  1:_____:_____:			serv 0x00000000 
*Feb 12 22:35:57.183: L2X	  1:_____:_____:			data 0x8430F3B4[92] 
*Feb 12 22:35:57.183: L2X	  1:_____:_____: 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____: Create session 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:   nApp type set to XCONNECT 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:   Need cc version: V2 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:   Session classname corbina 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:   L2TPoUDP session needed between 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:	 <unset>:39328<->85.21.0.253:33092 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:   Using ICRQ FSM 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:	 remote ip set to 85.21.0.253 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:	 local ip set to 192.168.1.1 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____:	 guessed local ip of 192.168.1.1 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____: no cookies enabled 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____: FSM-Sn ev App-Conn 
*Feb 12 22:35:57.183: L2TP	 1:_____:_____: FSM-Sn	Idle->Wt-CC 
*Feb 12 22:35:57.187: L2TP	 1:_____:_____: FSM-Sn do App-Connect 
*Feb 12 22:35:57.187: L2TP	 1:_____:_____: Find or create cc for session 
*Feb 12 22:35:57.187: L2TP	   _____:_____: Find cc between 
*Feb 12 22:35:57.187: L2TP	   _____:_____:   <unset><->85.21.0.253 
*Feb 12 22:35:57.187: L2TP	   _____:_____:   with class: corbina 
*Feb 12 22:35:57.187: L2TP	   _____:_____:   and IP proto: L2TPoUDP 
*Feb 12 22:35:57.187: L2TP	   _____:_____:   and framing type: none 
*Feb 12 22:35:57.187: L2TP	   _____:_____:   and bearer type: none 
*Feb 12 22:35:57.187: L2TP	   _____:_____:   and version: V2 
*Feb 12 22:35:57.187: L2TP	   _____:_____: Need to instiga 

*Feb 12 22:35:57.187: L2X  tnl   4101 :_____: Create logical tunnel 
*Feb 12 22:35:57.187: L2TP tnl   4101 :_____: Create tunnel 
*Feb 12 22:35:57.187: L2TP tnl   4101 :_____:	 version set to V2 
*Feb 12 22:35:57.187: L2TP tnl   4101 :_____:	 remote ip set to 85.21.0.253 
*Feb 12 22:35:57.187: L2TP tnl   4101 :_____:	 local ip set to 192.168.1.1 
*Feb 12 22:35:57.187: L2TP tnl   4101 :_____:	 guessed local ip of 192.168.1.1 
*Feb 12 22:35:57.187: L2TP tnl   4101 :61104:	 nclass name corbina 
*Feb 12 22:35:57.187: L2TP tnl   4101 :61104: FSM-CC ev Session-Conn 
*Feb 12 22:35:57.187: L2TP tnl   4101 :61104: FSM-CC	Idle->Wt-Sock 
*Feb 12 22:35:57.187: L2TP tnl   4101 :61104: FSM-CC do Session-Conn-Sock 
*Feb 12 22:35:57.187: L2TP tnl   4101 :61104:   Session count now 1 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104:   XCONNECT Session count now 1 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104: Open sock 192.168.1.1:1701->85.21.0.253:1701 
*Feb 12 22:35:57.191: L2TP tnl   410o 1 :61104: FSM-CC ev Sock-Ready 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104: FSM-CC	Wt-Sock->Wt-SCCRP 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104: FSM-CC do Tx-SCCRQ 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104: 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104: O SCCRQ to 85.21.0.253 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104:  IETF v2: 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104:   Protocol Version  1, Revision 0 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104:   Framing Cap	   none(0x0) 
*Febde 12 22:35:57.191: L2TP tnl   4101 :61104:   Tie Breaker 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104:	 16098715160138808520 
*Feb 12 22:35:57.191: L2TP tnl   4101 :61104:   Firmware Ver	  0x1130 
*Feb 12 22:35:57.195: L2TP tnl   4101 :61104:   Hostname		  "taylung" 
*Feb 12 22:35:57.195: L2TP tnl   4101 :61104:   Vendor Name 
*Feb 12 22:35:57.195: L2TP tnl   4101 :61104:	 "Cisco Systems, Inc." 
*Feb 12 22:35:57.195: L2TP tnl   4101 :61104:   Assigned Tunnel I 61104 
*Feb 12 22:35:57.bu195: L2TP tnl   4101 :61104:   Rx Window Size	256 
*Feb 12 22:35:57.195: L2TP tnl   4101 :61104: 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: Session attached 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: APP->L2TP: setup dataplane, 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	:			sock 0xBC000001 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	:			serv 0x00000000 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	:			no serv hdl ye t; use socket 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: FSM-Sn ev DP-Setup 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: FSM-Sn	in Wt-CC 
*Feb 12 22:35:57.199: L2TP	 1:4101 :7	: FSM-Sn do Ignore-DP-Setup 
*Feb 12 22:35:58.199: L2TP tnl   4101 :61104: O Resend SCCRQ, flg TLS, ver 2, len 114 
*Feb 12 22:36:00.199: L2TP tnl   4101 :61104: O Resend SCCRQ, flg TLS, ver 2, len 114 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104: 
*Feb 12 22:36:04.19l29: L2TP tnl   4101 :61104: Shutting down tunnel 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:   With 1 session 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:   Result Code 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:	 Request to clear control connection 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:   Error Code 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:	 Vendor specific 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:   Vendor Error 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:	 Tunnel shutp t 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:   Optional Message 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104:	 "Too many retransmits to 85.21.0.253" 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104: 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104: FSM-CC ev Shut 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104: FSM-CC	Wt-SCCRP->Wt-STOPACK 
*Feb 12 22:36:04.199: L2TP tnl   4101 :61104: FSM-CC do Tx-StopCCN-Error 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	: FSM-Sn ev CC-Down 
*Feb 12 22:36:04.199: L2TallP	 1:4101 :7	: FSM-Sn	Wt-CC->Idle 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	: FSM-Sn do CC-Down 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	: 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	: Shutting down session 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	:   Result Code 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	:	 Call disconnected, refer to error msg (2) 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	:   Error Code 
*Feb 12 22:36:04.199: L2TP	 1:4101 :7	:	 Vendor specific (6) 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:   Vendor Error 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:	 Tunnel shut (1) 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:   Optional Message 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:	 "control channel down" 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: FSM-Sn ev Shut 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: FSM-Sn	Idle->Dead 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: FSM-Sn do Destroy 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: APP<-L2TP: disconnect 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:			sock 0xBC000001 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:			serv 0x00001000 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: Session down 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	:   192.168.1.1<->85.21.0.253 
*Feb 12 22:36:04.203: L2TP	 1:4101 :7	: Destroying session 
*Feb 12 22:36:04.203: L2TP tnl   4101 :61104: FSM-CC ev Session-Disc 
*Feb 12 22:36:04.203: L2TP tnl   4101 :61104: FSM-CC	in Wt-STOPACK 
*Feb 12 22:36:04.203: L2TP tnl   4101 :61104: FSM-CC do Session-Disc-Shut 
*Feb 12 22:36:04.203: L2TP tnl   4101 :61104:   Session count now 0 
*Feb 12 22:36:04.203: L2TP tnl   4101 :61104:   XCONNECT Session count now 0 
*Feb 12 22:36:04.207: L2TP	 1:_____:_____: Session detached

Ясно, что руки кривые. Прошу помочь разобраться с проблемой.

Спасибо.

Добренький · 14 февраля 2009

В этом куске:

interface FastEthernet4
description LanCorbina
no ip address
ip mask-reply
ip mtu 1460
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

Заменить no ip address

на ip address dhcp

В interface Virtual-PPP1

ppp authentication chap callout поменять на ppp authentication chap callin

tcpмоеip · 14 февраля 2009

Конфиг поправил:

! 
version 12.4 
no service pad 
service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 
hostname taylung 
! 
boot-start-marker 
boot-end-marker 
! 
! 
aaa new-model 
! 
! 
aaa authentication login default local 
aaa authentication ppp default none 
aaa authorization network default local 
! 
aaa session-id common 
! 
resource policy 
! 
ip subnet-zero 
ip cef 
no ip dhcp use vrf connected 
ip dhcp excluded-address 192.168.1.1 192.168.1.7
! 
ip dhcp pool HOME 
  import all 
  network 192.168.1.0 255.255.255.248 
  default-router 192.168.1.1 
  dns-server 195.14.50.1 
  lease infinite 
! 
! 
ip domain name corbina.net 
ip multicast-routing 
l2tp-class corbina 
! 
! 
pseudowire-class class1 
encapsulation l2tpv2 
protocol l2tpv2 corbina 
ip local interface FastEthernet4 
! 
! 
! 
username ****** privilege 15 nopassword 
! 
! 
! 
! 
! 
interface FastEthernet0 
! 
interface FastEthernet1 
! 
interface FastEthernet2 
! 
interface FastEthernet3 
! 
interface FastEthernet4 
ip address dhcp 
ip nat outside 
ip virtual-reassembly 
duplex auto 
speed auto 
! 
interface Virtual-PPP1 
ip address negotiated 
ip nat outside 
ip virtual-reassembly 
no cdp enable 
ppp chap hostname ****** 
ppp chap password ******
ppp authentication chap callin  
pseudowire 85.21.0.255 10 pw-class class1 
! 
interface Vlan1 
ip address 192.168.1.1 255.255.255.248 
ip nat inside 
ip virtual-reassembly
ip tcp adjust-mss 1032  
! 
ip classless 
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 
ip route 10.0.0.0 255.0.0.0 dhcp 
ip route 85.21.0.255 255.255.255.255 dhcp 
ip route 195.14.50.1 255.255.255.255 dhcp 
! 
no ip http server 
no ip http secure-server 
! 
ip access-list extended 100 
deny   ip any host 85.21.0.255 
permit ip 192.168.1.0 0.0.0.255 any 
! 
route-map public permit 10 
match ip address 100 
match interface Virtual-PPP1 
! 
route-map local permit 10 
match ip address 100 
match interface FastEthernet4 
! 
ip nat inside source route-map local interface FastEthernet4 overload 
ip nat inside source route-map public interface Virtual-PPP1 overload
!  
! 
control-plane 
! 
! 
line con 0 
no modem enable 
line aux 0 
line vty 0 4 
privilege level 15 
transport input telnet ssh 
! 
scheduler max-task-time 5000 
end

debug l2tp all

*Feb 13 07:52:53.539: L2TP	   _____:_____: ERROR: CDN AVP 46, vendor 0: unknown
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	: Unknown IETF AVP 46 in CM CDN
*Feb 13 07:52:53.539: L2TP	   _____:_____: ERROR: CDN AVP 104, vendor 9: unknown
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	: Unknown Cisco AVP 104 in CM CDN
*Feb 13 07:52:53.539: L2TP tnl   8193 :46834:
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	: I CDN, flg TLS, ver 2, len 88
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:  IETF v2:
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:   Result Code
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:	 Call disconnected, refer to error msg(2)
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:	 Error code
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:	   Vendor specific(6)
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:	 Optional msg
*Feb 13 07:52:53.539: L2TP	 1:8193 :4	:	   "Locally generated disconnect"
*Feb 13 07:52:53.543: L2TP	 1:8193 :4	:   Assigned Call ID  19599
*Feb 13 07:52:53.543: L2TP	 1:8193 :4	:
*Feb 13 07:52:53.543: L2TP	 1:8193 :4	: O ZLB ACK to bras255 63631/19599
*Feb 13 07:52:53.543: L2TP	 1:8193 :4	:
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: FSM-Sn ev Rx-CDN
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: FSM-Sn	established->Idle
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: FSM-Sn do Rx-CDN
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: XCONNECT: process AVPs
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: Shutting down session
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:   Result Code
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:	 Call disconnected, refer to error msg (2)
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:   Error Code
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:	 Vendor specific (6)
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:   Vendor Error
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:	 None (0)
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:   Optional Message
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:	 "Locally generated disconnect"
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: FSM-Sn ev Shut
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: FSM-Sn	Idle->Dead
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: FSM-Sn do Destroy
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	: APP<-L2TP: disconnect
*Feb 13 07:52:53.547: L2TP	 1:8193 :4	:			sock 0xF4000001
*Feb 13 07:52:53.551: L2TP	 1:8193 :4	:			serv 0x00001000
*Feb 13 07:52:53.551: L2TP	 1:8193 :4	:
*Feb 13 07:52:53.551: L2TP	 1:8193 :4	: Session down
*Feb 13 07:52:53.551: L2TP	 1:8193 :4	:   10.246.5.210<->85.21.0.255
*Feb 13 07:52:53.551: L2TP	 1:8193 :4	: Destroying session

Ne0_rus · 15 февраля 2009

Конфиг поправил:

...

Поднимите IOS хотя бы до 15(T8) или до 22-го.

P.S. Вам проще взять готовый конфиг и поправить под себя. В поиске посмотрите - уже выкладывали готовые решения.

Anton_sa · 23 марта 2010

Доброго всем вермени суток!

ищется стабильный конфиг для домашней сети Корбины под cisco 871 IOS 12.4(15)T7

если кому удалось настроить, поделитесь пожалуйста!

redride · 8 мая 2010

Работало, работало... и сегодня отвалилась 871. Дебаг следующий (debug l2tp all):

005731: *Apr  3 06:29:31.683: L2TP 00001:08030:000095A9/uid:1[83.102.254.234/10]: Session attached
005732: *Apr  3 06:29:32.099: %SEC-6-IPACCESSLOGP: list FROM-INTERNET denied udp 10.35.50.246(137) -> 10.35.55.255(137), 1 packet
TheGate#
005733: *Apr  3 06:29:32.679: L2TP tnl   08030:00008A1B: O Resend SCCRQ, flg TLS, ver 2, len 138
TheGate#
005734: *Apr  3 06:29:34.680: L2TP tnl   08030:00008A1B: O Resend SCCRQ, flg TLS, ver 2, len 138
TheGate#
005735: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:
005736: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B: Shutting down tunnel
005737: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:   With 1 session
005738: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:   Result Code
005739: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:     Request to clear control connection
005740: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:   Error Code
005741: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:     Vendor specific
005742: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:   Vendor Error
005743: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:     Tunnel shut
005744: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:   Optional Message
005745: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:     "Too many retransmits to 83.102.254.234"
005746: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B:
005747: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B: FSM-CC ev Shut
005748: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B: FSM-CC    Wt-SCCRP->Wt-STOPACK
005749: *Apr  3 06:29:38.681: L2TP tnl   08030:00008A1B: FSM-CC do Tx-StopCCN-Error

Видно что подключается к брасу, но общение с ним не получается, вопрос почему?

Обновил IOS до c870-advsecurityk9-mz.151-1.T.bin, не помогло (да и могло, ли?)

Вот ещё информация:

interface Virtual-PPP1
description ### L2TP ###
bandwidth 12000
ip address negotiated
ip access-group FROM-INTERNET in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip verify unicast reverse-path allow-self-ping
ip inspect Internet out
ip nat outside
no ip virtual-reassembly
ip tcp adjust-mss 1347
no peer neighbor-route
snmp trap ip verify drop-rate
keepalive 60 10
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password xxx
no cdp enable
pseudowire 83.102.254.234 10 encapsulation l2tpv2 pw-class class1

Очень похоже, что корбина опять что-то у себя сломала, как это было с "no peer neighbor-route".

redride · 9 мая 2010

Причина выяснена: с 8 мая сервера vpn.internet.beeline.ru (у меня это 4 адреса) перестали принимать l2tp подключения. Пользуйтесь tp.internet.beeline.ru (83.102.254.223).

Спасибо тех. поддержке, которая, как обычно, не в курсе изменений, а только пытается отшить при упоминании маршрутизатора cisco.

**maslovyu** · 10 мая 2010

Причина выяснена: с 8 мая сервера vpn.internet.beeline.ru (у меня это 4 адреса) перестали принимать l2tp подключения.

с этим все-таки не так просто и очевидно - вроде как нигде и не заявлена работа l2tp @ vpn.internet.beeline.ru

redride · 10 мая 2010

Причина выяснена: с 8 мая сервера vpn.internet.beeline.ru (у меня это 4 адреса) перестали принимать l2tp подключения.

с этим все-таки не так просто и очевидно - вроде как нигде и не заявлена работа l2tp @ vpn.internet.beeline.ru

да, но эти сервера допускали подключения ещё со времен корбины, тогда им соответствовало другое dns имя, и возможно работа их по l2tp была описана в документации (сейчас это сложно установить)

в любом случае, плохо, что тех. поддержка не в курсе переконфигурации сети

monkeyeater · 16 июня 2010

Фух…. после дня заебов наконец то все завелось

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime localtime

service password-encryption

!

hostname myhome

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxx

!

aaa new-model

!

aaa authentication ppp default local

aaa authorization network default none

!

aaa session-id common

clock timezone moscow 3

clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00

clock save interval 8

!

ip cef

!

ip domain name corbina.net

ip multicast-routing

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

l2tp-class corbina

receive-window 128

!

multilink bundle-name authenticated

no virtual-template snmp

!

username хуенегр privilege 15 secret 5 xxx

!

archive

log config

hidekeys

!

ip tftp source-interface Vlan1

pseudowire-class class1

encapsulation l2tpv2

protocol l2tpv2 corbina

ip local interface FastEthernet4

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Virtual-PPP1

ip address negotiated

ip verify unicast reverse-path allow-self-ping

ip mtu 1400

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1032

no peer neighbor-route

no cdp enable

ppp pfc local request

ppp authentication chap ms-chap ms-chap-v2 callin

ppp chap hostname xxx

ppp chap password 7 xxx

pseudowire 85.21.0.251 10 pw-class class1

!

interface Vlan1

ip address 172.16.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

no ip classless

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 10.0.0.0 255.0.0.0 dhcp

ip route 83.102.146.96 255.255.255.224 dhcp

ip route 85.21.29.242 255.255.255.255 dhcp

ip route 85.21.79.0 255.255.255.0 dhcp

ip route 85.21.90.0 255.255.255.0 dhcp

ip route 195.14.50.16 255.255.255.255 dhcp

ip route 195.14.50.26 255.255.255.255 dhcp

ip route 85.21.17.253 255.255.255.255 dhcp

ip route 85.21.0.253 255.255.255.255 dhcp

ip route 85.21.0.254 255.255.255.255 dhcp

ip route 85.21.0.252 255.255.255.255 dhcp

ip route 85.21.0.251 255.255.255.255 dhcp

ip route 85.21.0.255 255.255.255.255 dhcp

ip route 78.107.23.0 255.255.255.0 dhcp

ip route 83.102.231.32 255.255.255.240 dhcp

ip route 85.21.37.16 255.255.255.240 dhcp

ip route 85.21.52.254 255.255.255.255 dhcp

ip route 85.21.72.83 255.255.255.255 dhcp

ip route 85.21.79.100 255.255.255.255 dhcp

ip route 85.21.88.130 255.255.255.255 dhcp

ip route 85.21.108.16 255.255.255.240 dhcp

ip route 85.21.138.208 255.255.255.240 dhcp

ip route 85.21.192.3 255.255.255.255 dhcp

ip route 89.179.135.67 255.255.255.255 dhcp

ip route 172.16.16.0 255.255.255.0 dhcp

ip route 195.14.40.141 255.255.255.255 dhcp

ip route 195.14.50.21 255.255.255.255 dhcp

ip route 195.14.50.93 255.255.255.255 dhcp

ip route 213.234.192.8 255.255.255.255 dhcp

ip route 85.21.0.0 255.255.255.0 dhcp

!

no ip http server

no ip http secure-server

ip nat inside source list 100 interface Virtual-PPP1 overload

ip nat inside source list 101 interface FastEthernet4 overload

ip nat inside source static tcp 172.16.1.пыщь 25 93.81.пыщь.пыщь 25 extendable

ip nat inside source static tcp 172.16.1.пыщь 53 93.81.пыщь.пыщь 53 extendable

ip nat inside source static udp 172.16.1.пыщь 53 93.81.пыщь.пыщь 53 extendable

ip nat inside source static tcp 172.16.1.пыщь 80 93.81.пыщь.пыщь 80 extendable

ip nat inside source static tcp 172.16.1.пыщь 110 93.81.пыщь.пыщь 110 extendable

ip nat inside source static tcp 172.16.1.пыщь 143 93.81.пыщь.пыщь 143 extendable

!

logging trap errors

access-list 100 permit ip 172.16.1.0 0.0.0.255 any

access-list 101 permit ip 172.16.1.0 0.0.0.255 any

no cdp run

!

control-plane

!

line con 0

exec-timeout 0 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

transport input telnet ssh

transport output all

!

scheduler max-task-time 5000

sntp server 195.170.62.130

end

Затык был в том что добавлялся маршрут автоматом до l2tp сервера.

Решилось так:

no peer neighbor-route )))))))

Disobedient · 27 ноября 2010

Ошибся веткой, пост перенёс

fastclick · 1 декабря 2010

А что означает пыщь-пыщь ?)

fastclick · 5 декабря 2010

Уважаемые знатоки, помогите, пожалуйста поднастроить мою кису..

Имеется 871-я циска, конфиг настраивал сам, без всяких знаний (основываясь на конфигах других участников). Многие параметры вводил методом подбора. В итоге добился стабильно поднятого l2tp туннеля и работы IPTv через приставку (Cisco 430).

IPTv показывает, только имеются периодические подвисания, секунд на 30 и более. Если переключить на другой канал, все работает, но потом вновь зависает. Если подключаю приставку через switch, все работает хорошо (ну если не брать во внимания россыпь экрана в какие-то интервалы времени).

Задача от циски у меня простая:

1. Виртуальная сеть (желательно защищенная от ВНЕ, т.к. нет желания использовать программный firewall).

2. Стабильный L2tp туннель.

3. Стабильная работа IPTv (без всяких подвисаний и россыпей).

4. Минимальная загрузка CPU циски.

В моём конфиге наверняка есть какие-то недочеты, на которые вы надеюсь мне укажете.

(Если какие-то строчки вам покажутся лишними или неправильными, пожалуйста дайте свой комментарий, буду очень признателен).

p.s. Готов предоставить вам любой debug который вы запросите.

Конфиг:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$t/2z$1sa4SuE7ONSIwsafNbII5.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization network default none
!
aaa session-id common
!
resource policy
!
clock timezone moscow 3
clock summer-time Moscow recurring last Sun Mar 2:00 last Sun Oct 2:00
clock save interval 8
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool HOME
  import all
  network 192.168.0.0 255.255.255.248
  default-router 192.168.0.1
  dns-server 195.14.50.1
  lease infinite
!
!
ip tftp source-interface Vlan1
ip domain lookup source-interface Virtual-PPP1
ip domain name corbina.net
ip multicast-routing
ip multicast cache-headers
l2tp-class corbina
!
!
!
crypto pki trustpoint TP-self-signed-2086397154
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2086397154
revocation-check none
rsakeypair TP-self-signed-2086397154
!
!
crypto pki certificate chain TP-self-signed-2086397154
certificate self-signed 01 nvram:IOS-Self-Sig#3402.cer
!
no spanning-tree vlan 1
username XXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXX
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet4
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip pim dense-mode
ip nat outside
ip virtual-reassembly
ip igmp version 3
duplex auto
speed auto
no cdp enable
!
interface Virtual-PPP1
ip address negotiated
ip access-group 111 in
ip nat outside
ip virtual-reassembly
no peer neighbor-route
no keepalive
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXXXX
ppp chap password 7 XXXXXXXXXXXX
pseudowire 85.21.0.243 10 pw-class class1
!
interface Vlan1
description Home Net
ip address 192.168.0.1 255.255.255.248
ip pim dense-mode
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
ip igmp helper-address 10.57.24.1
!
ip route 172.16.16.0 255.255.255.0 10.57.24.1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.29.242 255.255.255.255 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 85.21.17.253 255.255.255.255 dhcp
ip route 217.118.84.167 255.255.255.255 dhcp
ip route 85.21.78.0 255.255.255.0 dhcp
ip route 85.21.138.208 255.255.255.240 dhcp
ip route 85.21.52.254 255.255.255.255 dhcp
ip route 85.21.88.130 255.255.255.255 dhcp
ip route 83.102.146.96 255.255.255.255 dhcp
!
!
no ip http server
no ip http secure-server
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
!
ip access-list extended LAN
permit ip 192.168.0.0 0.0.0.255 195.14.50.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.0.0 0.0.0.255 85.21.151.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 83.102.146.96 0.0.0.31
permit ip 192.168.0.0 0.0.0.255 host 85.21.52.254
permit ip 192.168.0.0 0.0.0.255 host 85.21.88.130
permit ip 192.168.0.0 0.0.0.255 85.21.90.0 0.0.1.255
permit ip 192.168.0.0 0.0.0.255 host 85.21.138.211
permit ip 192.168.0.0 0.0.0.255 host 85.21.138.212
permit ip 192.168.0.0 0.0.0.255 217.118.84.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 85.21.78.0 0.0.1.255
permit ip 192.168.0.0 0.0.0.255 host 85.21.0.0
permit ip 192.168.0.0 0.0.0.255 83.102.146.0 0.0.0.224
permit ip 192.168.0.0 0.0.0.255 85.21.138.0 0.0.0.240
permit ip 192.168.0.0 0.0.0.255 0.0.0.0 255.255.255.0
permit ip 192.168.0.0 0.0.0.255 172.16.16.0 0.0.0.240
permit ip 192.168.0.0 0.0.0.255 172.16.16.0 0.0.0.1
permit ip 192.168.0.0 0.0.0.255 172.16.16.0 0.0.0.255
permit udp any eq bootps any
permit udp any eq bootpc any
ip access-list extended WAN
permit ip 192.168.0.0 0.0.0.7 any
!
no cdp run
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end

GhostMaster · 8 декабря 2010

Если не все порты заняты, то можно искоренить проблему просто выкидыванием приставки в один вилан с билайном.

Я когда кошку ковырял тоже на эти подвисания натыкался. На первый взгляд ничего путного не нашел, а сидеть и со снифером вылавливать какие именно пакетики и когда кошка пропускает было лень.

Филин_69 · 10 декабря 2010

Всем привет.

дома на компе стояла XP. через cisco подключался к удаленному столу.

взял новый нетбук с win7. установил cisco - через GSM-модем к удаленке подключаюсь, а ч/з кабель выделенки нет.

Подскажите, в чем проблема.

fastclick · 17 декабря 2010

Если не все порты заняты, то можно искоренить проблему просто выкидыванием приставки в один вилан с билайном.

Я когда кошку ковырял тоже на эти подвисания натыкался. На первый взгляд ничего путного не нашел, а сидеть и со снифером вылавливать какие именно пакетики и когда кошка пропускает было лень.

Уважаемый, подскажите что нужно прописать ? Допустим приставку я буду подключать к fe0.

Спс.

roug · 18 декабря 2010

Уважаемые знатоки, помогите, пожалуйста поднастроить мою кису..

Имеется 871-я циска, конфиг настраивал сам, без всяких знаний (основываясь на конфигах других участников). Многие параметры вводил методом подбора. В итоге добился стабильно поднятого l2tp туннеля и работы IPTv через приставку (Cisco 430).

IPTv показывает, только имеются периодические подвисания, секунд на 30 и более. Если переключить на другой канал, все работает, но потом вновь зависает. Если подключаю приставку через switch, все работает хорошо (ну если не брать во внимания россыпь экрана в какие-то интервалы времени).

Задача от циски у меня простая:

1. Виртуальная сеть (желательно защищенная от ВНЕ, т.к. нет желания использовать программный firewall).

2. Стабильный L2tp туннель.

3. Стабильная работа IPTv (без всяких подвисаний и россыпей).

4. Минимальная загрузка CPU циски.

В моём конфиге наверняка есть какие-то недочеты, на которые вы надеюсь мне укажете.

(Если какие-то строчки вам покажутся лишними или неправильными, пожалуйста дайте свой комментарий, буду очень признателен).

p.s. Готов предоставить вам любой debug который вы запросите.
Конфиг:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$t/2z$1sa4SuE7ONSIwsafNbII5.
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization network default none
!
aaa session-id common
!
resource policy
!
clock timezone moscow 3
clock summer-time Moscow recurring last Sun Mar 2:00 last Sun Oct 2:00
clock save interval 8
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool HOME
  import all
  network 192.168.0.0 255.255.255.248
  default-router 192.168.0.1
  dns-server 195.14.50.1
  lease infinite
!
!
ip tftp source-interface Vlan1
ip domain lookup source-interface Virtual-PPP1
ip domain name corbina.net
ip multicast-routing
ip multicast cache-headers
l2tp-class corbina
!
!
!
crypto pki trustpoint TP-self-signed-2086397154
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2086397154
revocation-check none
rsakeypair TP-self-signed-2086397154
!
!
crypto pki certificate chain TP-self-signed-2086397154
certificate self-signed 01 nvram:IOS-Self-Sig#3402.cer
!
no spanning-tree vlan 1
username XXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXX
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet4
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip pim dense-mode
ip nat outside
ip virtual-reassembly
ip igmp version 3
duplex auto
speed auto
no cdp enable
!
interface Virtual-PPP1
ip address negotiated
ip access-group 111 in
ip nat outside
ip virtual-reassembly
no peer neighbor-route
no keepalive
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXXXX
ppp chap password 7 XXXXXXXXXXXX
pseudowire 85.21.0.243 10 pw-class class1
!
interface Vlan1
description Home Net
ip address 192.168.0.1 255.255.255.248
ip pim dense-mode
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
ip igmp helper-address 10.57.24.1
!
ip route 172.16.16.0 255.255.255.0 10.57.24.1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.29.242 255.255.255.255 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 85.21.17.253 255.255.255.255 dhcp
ip route 217.118.84.167 255.255.255.255 dhcp
ip route 85.21.78.0 255.255.255.0 dhcp
ip route 85.21.138.208 255.255.255.240 dhcp
ip route 85.21.52.254 255.255.255.255 dhcp
ip route 85.21.88.130 255.255.255.255 dhcp
ip route 83.102.146.96 255.255.255.255 dhcp
!
!
no ip http server
no ip http secure-server
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
!
ip access-list extended LAN
permit ip 192.168.0.0 0.0.0.255 195.14.50.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.0.0 0.0.0.255 85.21.151.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 83.102.146.96 0.0.0.31
permit ip 192.168.0.0 0.0.0.255 host 85.21.52.254
permit ip 192.168.0.0 0.0.0.255 host 85.21.88.130
permit ip 192.168.0.0 0.0.0.255 85.21.90.0 0.0.1.255
permit ip 192.168.0.0 0.0.0.255 host 85.21.138.211
permit ip 192.168.0.0 0.0.0.255 host 85.21.138.212
permit ip 192.168.0.0 0.0.0.255 217.118.84.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 85.21.78.0 0.0.1.255
permit ip 192.168.0.0 0.0.0.255 host 85.21.0.0
permit ip 192.168.0.0 0.0.0.255 83.102.146.0 0.0.0.224
permit ip 192.168.0.0 0.0.0.255 85.21.138.0 0.0.0.240
permit ip 192.168.0.0 0.0.0.255 0.0.0.0 255.255.255.0
permit ip 192.168.0.0 0.0.0.255 172.16.16.0 0.0.0.240
permit ip 192.168.0.0 0.0.0.255 172.16.16.0 0.0.0.1
permit ip 192.168.0.0 0.0.0.255 172.16.16.0 0.0.0.255
permit udp any eq bootps any
permit udp any eq bootpc any
ip access-list extended WAN
permit ip 192.168.0.0 0.0.0.7 any
!
no cdp run
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end

Как вам уже посоветовали, проще (при наличии свободных портов) поместить приставку в один vlan с подключением провайдера. Примерно как-то так:

!
no spanning-tree vlan 2
!
interface Vlan2
description Public LAN; Corbina intranet
ip address dhcp client-id FastEthernet0 hostname beeliner
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0
switchport access vlan 2
no cdp enable
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 2
no cdp enable
spanning-tree portfast
!
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface Vlan2
!
no ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list LAN interface Vlan2 overload

Кабель провайдера в порт Fe0, приставку в Fe1.

platenspiller · 5 марта 2011

Добрый вечер, совсем недавно подключился к интернету от Билайн, так что упустил немного время. Некоторое время назад тут в наглядном виде была пошаговая инструкция по настройке Cisco 871 для работы в сети Билайн, но к сожалению, этот файл уже не доступен. Поискал по форумам похожие темы, нашел готовый конфигурационный файл, но при его заливке выдает ошибку.

Если у кого-то осталась пошаговая инструкция что бы из гипертерминала или телнетом настроить роутер, будте добры, поделитесь.

А то SDM от Cisco очень урезаный.

Заранее спасибо!

alexvelitsky · 9 сентября 2011

Добрый вечер, совсем недавно подключился к интернету от Билайн, так что упустил немного время. Некоторое время назад тут в наглядном виде была пошаговая инструкция по настройке Cisco 871 для работы в сети Билайн, но к сожалению, этот файл уже не доступен. Поискал по форумам похожие темы, нашел готовый конфигурационный файл, но при его заливке выдает ошибку.

Если у кого-то осталась пошаговая инструкция что бы из гипертерминала или телнетом настроить роутер, будте добры, поделитесь.

А то SDM от Cisco очень урезаный.

Заранее спасибо!

Актуальное еще?

zander82 · 2 октября 2011

Более чем!

Point of Failure · 24 января 2012

Доброго времени суток всем!

Случайно стал обладателем сего прекрасного аппарата.

С циской на "Вы", поэтому прошу вашего совета.

Залил следующий конфиг:

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname cisco871

!

boot-start-marker

boot system flash c870-advipservicesk9-mz.124-15.T7.bin

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

!

username admin privilege 15 password xxx

clock timezone PCTime 3

aaa new-model

!

aaa authentication ppp default local

aaa authorization network default none

aaa session-id common

no ip subnet-zero

ip cef

ip dhcp excluded-address 172.16.33.1 172.16.33.5

!

ip dhcp pool sdm-pool1

network 172.16.33.0 255.255.255.0

dns-server 85.21.192.3 213.234.192.8

default-router 172.16.33.1

!

ip tftp source-interface Vlan1

no ip bootp server

ip domain name beeline.ru

ip multicast-routing

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

l2tp-class beeline

receive-window 128

!

pseudowire-class class1

encapsulation l2tpv2

protocol l2tpv2 beeline

ip local interface FastEthernet4

!

no virtual-template snmp

!

archive

log config

hidekeys

!

interface FastEthernet0

no ip address

no cdp enable

!

interface FastEthernet1

no ip address

no cdp enable

!

interface FastEthernet2

no ip address

no cdp enable

!

interface FastEthernet3

no ip address

no cdp enable

!

interface FastEthernet4

description CorbinaBeeline

ip address dhcp

ip nat outside

ip virtual-reassembly

speed 100

half-duplex

no cdp enable

!

interface Virtual-PPP1

ip address negotiated

ip access-group 111 in

ip verify unicast reverse-path allow-self-ping

ip mtu 1460

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

no peer neighbor-route

no cdp enable

ppp authentication chap callin

ppp chap hostname xxx

ppp chap password 0 xxx

ppp ipcp route default

pseudowire 85.21.0.239 10 pw-class class1

!

interface Vlan1

description Vlan_LAN

ip address 172.16.33.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip classless

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 10.0.0.0 255.0.0.0 dhcp

ip route 78.107.23.0 255.255.255.0 dhcp

ip route 83.102.231.32 255.255.255.240 dhcp

ip route 83.102.233.204 255.255.255.255 dhcp

ip route 85.21.0.0 255.255.255.0 dhcp

ip route 85.21.52.254 255.255.255.255 dhcp

ip route 85.21.72.83 255.255.255.255 dhcp

ip route 85.21.78.93 255.255.255.255 dhcp

ip route 85.21.79.0 255.255.255.0 dhcp

ip route 85.21.88.130 255.255.255.255 dhcp

ip route 85.21.90.0 255.255.255.0 dhcp

ip route 85.21.108.16 255.255.255.240 dhcp

ip route 85.21.138.208 255.255.255.240 dhcp

ip route 85.21.192.0 255.255.255.0 dhcp

ip route 89.179.135.67 255.255.255.255 dhcp

ip route 195.14.40.141 255.255.255.255 dhcp

ip route 195.14.50.16 255.255.255.255 dhcp

ip route 195.14.50.21 255.255.255.255 dhcp

ip route 195.14.50.26 255.255.255.255 dhcp

ip route 195.14.50.93 255.255.255.255 dhcp

ip route 213.234.192.0 255.255.255.0 dhcp

!

no ip http server

no ip http secure-server

ip nat inside source list LAN interface FastEthernet4 overload

ip nat inside source list WAN interface Virtual-PPP1 overload

!

ip access-list extended LAN

permit ip 172.16.33.0 0.0.0.255 10.0.0.0 0.255.255.255

permit ip 172.16.33.0 0.0.0.255 host 78.107.235.6

permit ip 172.16.33.0 0.0.0.255 host 85.21.0.239

permit ip 172.16.33.0 0.0.0.255 host 85.21.52.254

permit ip 172.16.33.0 0.0.0.255 host 85.21.78.93

permit ip 172.16.33.0 0.0.0.255 host 85.21.88.130

permit ip 172.16.33.0 0.0.0.255 host 89.179.135.67

permit ip 172.16.33.0 0.0.0.255 host 195.14.50.16

permit ip 172.16.33.0 0.0.0.255 host 195.14.50.26

permit ip 172.16.33.0 0.0.0.255 host 195.14.50.93

permit ip 172.16.33.0 0.0.0.255 78.107.23.0 0.0.0.255

permit ip 172.16.33.0 0.0.0.255 83.102.146.96 0.0.0.31

permit ip 172.16.33.0 0.0.0.255 85.21.72.80 0.0.0.15

permit ip 172.16.33.0 0.0.0.255 85.21.138.208 0.0.0.15

permit ip 172.16.33.0 0.0.0.255 85.21.79.0 0.0.0.255

permit ip 172.16.33.0 0.0.0.255 85.21.90.0 0.0.0.255

permit ip 172.16.33.0 0.0.0.255 85.21.192.0 0.0.0.255

permit ip 172.16.33.0 0.0.0.255 213.234.192.0 0.0.0.255

ip access-list extended WAN

permit ip 172.16.33.0 0.0.0.255 any

!

logging trap debugging

access-list 111 deny tcp any eq 139 any

access-list 111 deny udp any eq netbios-ns any eq netbios-ns

access-list 111 deny udp any eq netbios-dgm any eq netbios-dgm

access-list 111 deny udp any eq netbios-ss any eq netbios-ss

access-list 111 deny udp any any range snmp snmptrap

access-list 111 deny tcp any any eq 3128

access-list 111 deny ip 192.168.0.0 0.0.255.255 any

access-list 111 deny ip 172.16.0.0 0.15.255.255 any

access-list 111 deny ip 127.0.0.0 0.0.0.255 any

access-list 111 deny udp any any range 130 140

access-list 111 deny tcp any any range 130 140

access-list 111 deny tcp any any eq 8080

access-list 111 permit ip any any

access-list 111 permit udp any any

access-list 111 permit gre any any

access-list 111 permit tcp any any

access-list 111 permit icmp any any

access-list 111 permit pcp any any

access-list 111 permit esp any any

access-list 111 permit igmp any any

access-list 111 permit ipinip any any

access-list 111 permit nos any any

no cdp run

!

control-plane

!

banner login

________________________________________

Authorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!

________________________________________

!

line con 0

no modem enable

transport preferred all

transport output telnet

line aux 0

transport preferred all

transport output telnet

line vty 0 4

privilege level 15

transport preferred all

transport input telnet ssh

transport output all

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

Всё вроде бы прекрасно, туннель устанавливается:

cisco871#sh l2tun

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/

Count VPDN Group

17215 54791 bras251 est 85.21.0.251 1 beeline

LocID RemID TunID Username, Intf/ State Last Chg Uniq ID

Vcid, Circuit

4 9393 17215 10, Vp1 est 00:05:02 1

Пингуются сайты с самой циски и компов внутри сети:

ping beeline.ru

Translating "beeline.ru"...domain server (85.21.192.3) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 217.118.84.167, timeout is 2 seconds:

!!!!!

cisco871#ping ya.ru

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 87.250.250.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

НО! На компах внутри сети нормально работают и открываются только основные сайты типа ya.ru, google.ru и т.п.

Все остальные, включая beeline.ru не открываются.

Прошу помочь разобраться с проблемой.

Заранее благодарен.

roug · 25 января 2012

На компах внутри сети нормально работают и открываются только основные сайты типа ya.ru, google.ru и т.п.
Все остальные, включая beeline.ru не открываются.

Прошу помочь разобраться с проблемой.

Заранее благодарен.

Проблема называется - MTU, лечится так:

interface Virtual-PPP1 
ip tcp adjust-mss 1420

Point of Failure · 25 января 2012

roug, премного благодарен!!! Всё заработало.

Point of Failure · 26 января 2012

Возникла следующая проблема...

Внутри сети живет приставка PS3. В интернет она ходит и может весело качать игры.

Но при тесте соединения с Интернетом приставка выдает следующее:

"Возможно маршрутизатор не поддерживает IP-фрагменты и поэтому в некоторых играх функции связи могут быть ограничены"

Играть по сети не получается. Коннект сбрасывается на этапе подключения к игровым серверам.

Настройки MTU на приставке выставлены автоматом.

На форумах Сони нашёл инфу:

Для нормальной работы Playstation Network вам необходимо открыть следующие порты:

Протокол TCP, все исходящие:

TCP 80 — Стандартный HTTP, для закачки файлов.

TCP 443 — Стандартный HTTPs, для закачки файлов с шифрованием.

TCP 5223 — Чат с применением шифрования (Secure jabber).

Протокол UDP, все исходящие и входящие:

UDP 3478 — Для простого обмена UDP пакетами через NAT.

UDP 3479 — Для простого обмена UDP пакетами через NAT.

UDP 3658 — Используется для работы Playstation Network.

Также для игры онлайн, возможно, потребуется открыть дополнительные порты: TCP 9293, 10070-10080 и UDP 10070.

Загвоздка в этом?

P.S.: при использовании старого роутера Dlink, где по умолчанию был включени uPnP всё работало без проблем...

roug · 27 января 2012

UDP 3478 — Для простого обмена UDP пакетами через NAT.

UDP 3479 — Для простого обмена UDP пакетами через NAT.

UDP 3658 — Используется для работы Playstation Network.

ip nat inside source static udp <ip-address-SPS> 3478 <ip-address-from-Virtual-PPP1> 3478 extendable
ip nat inside source static udp <ip-address-SPS> 3479 <ip-address-from-Virtual-PPP1> 3479 extendable
ip nat inside source static udp <ip-address-SPS> 3658 <ip-address-from-Virtual-PPP1> 3658 extendable

Munsera · 12 февраля 2012

Здравствуйте, коллеги!

Все сделал по образцу - не получается:

Munsera#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 23-Aug-11 06:56 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

Munsera uptime is 17 minutes
System returned to ROM by reload
System image file is "flash:c870-advipservicesk9-mz.124-24.T6.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FCZ1148624B
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102



Munsera#sh run
Building configuration...

Current configuration : 5649 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Munsera
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
!
aaa new-model
!
!         
aaa authentication ppp default local
aaa authorization network default none 
!
!
aaa session-id common
clock timezone PCTime 3
!
!
dot11 syslog
no ip subnet-zero
ip source-route
!
!
ip dhcp excluded-address 172.16.33.1 172.16.33.5
!
ip dhcp pool sdm-pool1
  network 172.16.33.0 255.255.255.0
  dns-server 85.21.192.3 213.234.192.8 
  default-router 172.16.33.1 
!
!
ip cef
no ip bootp server
ip domain name beeline.ru
ip multicast-routing 
no ipv6 cef
l2tp-class beeline
receive-window 128
!
!
multilink bundle-name authenticated
!
no virtual-template snmp
!
username Munsera privilege 15 password 7 xxx
!
archive
log config
 hidekeys
!
ip tftp source-interface Vlan1
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 beeline
ip local interface FastEthernet4
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface FastEthernet4
description CorbinaBeeline
ip address dhcp
ip nat outside
ip virtual-reassembly
speed 100
half-duplex
no cdp enable
!
interface Virtual-PPP1
ip address negotiated
ip access-group 111 in
ip verify unicast reverse-path allow-self-ping
ip mtu 1460
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
no peer neighbor-route
no cdp enable
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password 7 xxx
ppp ipcp route default
pseudowire 85.21.0.134 10 pw-class class1
!
interface Vlan1
description Vlan_LAN
ip address 172.16.33.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 78.107.23.0 255.255.255.0 dhcp
ip route 83.102.231.32 255.255.255.240 dhcp
ip route 83.102.233.204 255.255.255.255 dhcp
ip route 85.21.0.0 255.255.255.0 dhcp
ip route 85.21.52.254 255.255.255.255 dhcp
ip route 85.21.72.83 255.255.255.255 dhcp
ip route 85.21.78.93 255.255.255.255 dhcp
ip route 85.21.79.0 255.255.255.0 dhcp
ip route 85.21.88.130 255.255.255.255 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 85.21.108.16 255.255.255.240 dhcp
ip route 85.21.138.208 255.255.255.240 dhcp
ip route 85.21.192.0 255.255.255.0 dhcp
ip route 89.179.135.67 255.255.255.255 dhcp
ip route 195.14.40.141 255.255.255.255 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 195.14.50.21 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 195.14.50.93 255.255.255.255 dhcp
ip route 213.234.192.0 255.255.255.0 dhcp
no ip http server
no ip http secure-server
!
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
!
ip access-list extended LAN
permit ip 172.16.33.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 172.16.33.0 0.0.0.255 host 78.107.235.6
permit ip 172.16.33.0 0.0.0.255 host 85.21.0.239
permit ip 172.16.33.0 0.0.0.255 host 85.21.52.254
permit ip 172.16.33.0 0.0.0.255 host 85.21.78.93
permit ip 172.16.33.0 0.0.0.255 host 85.21.88.130
permit ip 172.16.33.0 0.0.0.255 host 89.179.135.67
permit ip 172.16.33.0 0.0.0.255 host 195.14.50.16
permit ip 172.16.33.0 0.0.0.255 host 195.14.50.26
permit ip 172.16.33.0 0.0.0.255 host 195.14.50.93
permit ip 172.16.33.0 0.0.0.255 78.107.23.0 0.0.0.255
permit ip 172.16.33.0 0.0.0.255 83.102.146.96 0.0.0.31
permit ip 172.16.33.0 0.0.0.255 85.21.72.80 0.0.0.15
permit ip 172.16.33.0 0.0.0.255 85.21.138.208 0.0.0.15
permit ip 172.16.33.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 172.16.33.0 0.0.0.255 85.21.90.0 0.0.0.255
permit ip 172.16.33.0 0.0.0.255 85.21.192.0 0.0.0.255
permit ip 172.16.33.0 0.0.0.255 213.234.192.0 0.0.0.255
permit ip 172.16.33.0 0.0.0.255 host 85.21.0.134
ip access-list extended WAN
permit ip 172.16.33.0 0.0.0.255 any
!
logging trap debugging
access-list 111 deny   tcp any eq 139 any
access-list 111 deny   udp any eq netbios-ns any eq netbios-ns
access-list 111 deny   udp any eq netbios-dgm any eq netbios-dgm
access-list 111 deny   udp any eq netbios-ss any eq netbios-ss
access-list 111 deny   udp any any range snmp snmptrap
access-list 111 deny   tcp any any eq 3128
access-list 111 deny   ip 192.168.0.0 0.0.255.255 any
access-list 111 deny   ip 172.16.0.0 0.15.255.255 any
access-list 111 deny   ip 127.0.0.0 0.0.0.255 any
access-list 111 deny   udp any any range 130 140
access-list 111 deny   tcp any any range 130 140
access-list 111 deny   tcp any any eq 8080
access-list 111 permit ip any any
access-list 111 permit udp any any
access-list 111 permit gre any any
access-list 111 permit tcp any any
access-list 111 permit icmp any any
access-list 111 permit pcp any any
access-list 111 permit esp any any
access-list 111 permit igmp any any
access-list 111 permit ipinip any any
access-list 111 permit nos any any
no cdp run

control-plane      
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end



Munsera#sh logging  
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited,
               0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


   Console logging: level critical, 23 messages logged, xml disabled,
                    filtering disabled
   Monitor logging: level debugging, 0 messages logged, xml disabled,
                    filtering disabled
   Buffer logging:  level debugging, 1129 messages logged, xml disabled,
                    filtering disabled
   Logging Exception size (4096 bytes)
   Count and timestamp logging messages: disabled
   Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

   Trap logging: level debugging, 1159 message lines logged

Log Buffer (51200 bytes):
550 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000506: *Jan 22 23:01:10.562 PCTime: Vp1 LCP: Timeout: State REQsent
000507: *Jan 22 23:01:10.562 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 176 len 10
000508: *Jan 22 23:01:10.562 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000509: *Jan 22 23:01:12.579 PCTime: Vp1 LCP: Timeout: State REQsent
000510: *Jan 22 23:01:12.579 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 177 len 10
000511: *Jan 22 23:01:12.579 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000512: *Jan 22 23:01:14.595 PCTime: Vp1 LCP: Timeout: State REQsent
000513: *Jan 22 23:01:14.595 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 178 len 10
000514: *Jan 22 23:01:14.595 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000515: *Jan 22 23:01:16.612 PCTime: Vp1 LCP: Timeout: State REQsent
000516: *Jan 22 23:01:16.612 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 179 len 10
000517: *Jan 22 23:01:16.612 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000518: *Jan 22 23:01:18.628 PCTime: Vp1 LCP: Timeout: State REQsent
000519: *Jan 22 23:01:18.628 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 180 len 10
000520: *Jan 22 23:01:18.628 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000521: *Jan 22 23:01:20.645 PCTime: Vp1 LCP: Timeout: State REQsent
000522: *Jan 22 23:01:20.645 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 181 len 10
000523: *Jan 22 23:01:20.645 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000524: *Jan 22 23:01:22.661 PCTime: Vp1 LCP: Timeout: State REQsent
000525: *Jan 22 23:01:22.661 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 182 len 10
000526: *Jan 22 23:01:22.661 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000527: *Jan 22 23:01:24.677 PCTime: Vp1 LCP: Timeout: State REQsent
000528: *Jan 22 23:01:24.677 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 183 len 10
000529: *Jan 22 23:01:24.677 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000530: *Jan 22 23:01:26.694 PCTime: Vp1 LCP: Timeout: State REQsent
000531: *Jan 22 23:01:26.694 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 184 len 10
000532: *Jan 22 23:01:26.694 PCTime: Vp1 LCP:    MagicNumber 0x1E5B9CF9 (0x05061E5B9CF9)
000533: *Jan 22 23:01:28.706 PCTime: Vp1 LCP: Timeout: State REQsent
000534: *Jan 22 23:01:28.706 PCTime: Vp1 LCP: State is Listen
000535: *Jan 22 23:01:30.583 PCTime: Vp1 LCP: I CONFREQ [Listen] id 1 len 19
000536: *Jan 22 23:01:30.583 PCTime: Vp1 LCP:    MRU 1460 (0x010405B4)
000537: *Jan 22 23:01:30.583 PCTime: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
000538: *Jan 22 23:01:30.583 PCTime: Vp1 LCP:    MagicNumber 0xA27E7124 (0x0506A27E7124)
000539: *Jan 22 23:01:30.583 PCTime: Vp1 PPP: No remote authentication for call-out
000540: *Jan 22 23:01:30.583 PCTime: Vp1 LCP: O CONFREQ [Listen] id 185 len 10
000541: *Jan 22 23:01:30.583 PCTime: Vp1 LCP:    MagicNumber 0x1E5BF30C (0x05061E5BF30C)
000542: *Jan 22 23:01:30.583 PCTime: Vp1 LCP: O CONFNAK [Listen] id 1 len 8
000543: *Jan 22 23:01:30.583 PCTime: Vp1 LCP:    MRU 1500 (0x010405DC)
000544: *Jan 22 23:01:30.587 PCTime: Vp1 LCP: I CONFACK [REQsent] id 185 len 10
000545: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    MagicNumber 0x1E5BF30C (0x05061E5BF30C)
000546: *Jan 22 23:01:30.587 PCTime: Vp1 LCP: I CONFREQ [ACKrcvd] id 2 len 19
000547: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    MRU 1500 (0x010405DC)
000548: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
000549: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    MagicNumber 0xA27E7124 (0x0506A27E7124)
000550: *Jan 22 23:01:30.587 PCTime: Vp1 LCP: O CONFACK [ACKrcvd] id 2 len 19
000551: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    MRU 1500 (0x010405DC)
000552: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    AuthProto CHAP (0x0305C22305)
000553: *Jan 22 23:01:30.587 PCTime: Vp1 LCP:    MagicNumber 0xA27E7124 (0x0506A27E7124)
000554: *Jan 22 23:01:30.587 PCTime: Vp1 LCP: State is Open
000555: *Jan 22 23:01:30.587 PCTime: Vp1 PPP: Phase is AUTHENTICATING, by the peer
000556: *Jan 22 23:01:30.615 PCTime: Vp1 CHAP: I CHALLENGE id 1 len 28 from "bras134"
000557: *Jan 22 23:01:30.615 PCTime: Vp1 CHAP: Using hostname from interface CHAP
000558: *Jan 22 23:01:30.615 PCTime: Vp1 CHAP: Using password from interface CHAP
000559: *Jan 22 23:01:30.615 PCTime: Vp1 CHAP: O RESPONSE id 1 len 31 from "xxx"
000560: *Jan 22 23:01:30.627 PCTime: Vp1 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed"
000561: *Jan 22 23:01:40.581 PCTime: Vp1 AUTH: Timeout 1
000562: *Jan 22 23:01:40.629 PCTime: Vp1 CHAP: I CHALLENGE id 2 len 28 from "bras134"
000563: *Jan 22 23:01:40.633 PCTime: Vp1 CHAP: Using hostname from interface CHAP
000564: *Jan 22 23:01:40.633 PCTime: Vp1 CHAP: Using password from interface CHAP
000565: *Jan 22 23:01:40.633 PCTime: Vp1 CHAP: O RESPONSE id 2 len 31 from "xxx"
000566: *Jan 22 23:01:40.645 PCTime: Vp1 CHAP: I FAILURE id 2 len 25 msg is "Authentication failed"
000567: *Jan 22 23:01:40.645 PCTime: Vp1 LCP: I TERMREQ [Open] id 3 len 4
000568: *Jan 22 23:01:40.645 PCTime: Vp1 LCP: O TERMACK [Open] id 3 len 4
000569: *Jan 22 23:01:40.645 PCTime: Vp1 PPP: Sending Acct Event[Down] id[E]
000570: *Jan 22 23:01:40.645 PCTime: Vp1 PPP: Phase is TERMINATING
000571: *Jan 22 23:01:42.630 PCTime: Vp1 LCP: Timeout: State TERMsent
000572: *Jan 22 23:01:42.630 PCTime: Vp1 LCP: State is Closed
000573: *Jan 22 23:01:42.630 PCTime: Vp1 PPP: Phase is DOWN
000574: *Jan 22 23:01:42.630 PCTime: Vp1 PPP: Phase is ESTABLISHING, Passive Open
000575: *Jan 22 23:01:42.630 PCTime: Vp1 LCP: State is Listen
000576: *Jan 22 23:01:44.642 PCTime: Vp1 LCP: Timeout: State Listen



VMunsera#sh ip int Virtual-PPP1 
Virtual-PPP1 is up, line protocol is up
 Internet address will be negotiated using IPCP
 Broadcast address is 255.255.255.255
 MTU is 1460 bytes
 Helper address is not set
 Directed broadcast forwarding is disabled
 Outgoing access list is not set
 Inbound  access list is 111
 Proxy ARP is enabled
 Local Proxy ARP is disabled
 Security level is default
 Split horizon is enabled
 ICMP redirects are always sent
 ICMP unreachables are always sent
 ICMP mask replies are never sent
 IP fast switching is enabled
 IP fast switching on the same interface is enabled
 IP Flow switching is disabled
 IP CEF switching is enabled
 IP CEF switching turbo vector
 IP Null turbo vector
 IP multicast fast switching is enabled
 IP multicast distributed fast switching is disabled
 IP route-cache flags are Fast, CEF
 Router Discovery is disabled
 IP output packet accounting is disabled
 IP access violation accounting is disabled
 TCP/IP header compression is disabled
 RTP/IP header compression is disabled
 Policy routing is disabled
 Network address translation is enabled, interface in domain outside
 BGP Policy Mapping is disabled
 Input features: Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, uRPF, NAT Outside, MCI Check, TCP Adjust MSS
 Output features: Post-routing NAT Outside, Stateful Inspection, TCP Adjust MSS
 WCCP Redirect outbound is disabled
 WCCP Redirect inbound is disabled
 WCCP Redirect exclude is disabled
 IP verify source reachable-via RX, allow default, allow self-ping
  0 verification drops
  0 suppressed verification drops
  0 verification drop-rate











Munsera#sh l2tun

%No active L2TP tunnels
Munsera#sh l2tun

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                          Count VPDN Group 
56656      27546      bras134       est    85.21.0.134     1     beeline        

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID   
                                Vcid, Circuit                                  
37         3160       56656      10, Vp1              est    00:00:10 2  



Munsera#sh int Virtual-PPP1    
Virtual-PPP1 is up, line protocol is down 
 Hardware is Virtual PPP interface
 Internet address will be negotiated using IPCP
 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec, 
    reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation PPP, LCP REQsent, loopback not set
 Keepalive set (10 sec)
 DTR is pulsed for 1 seconds on reset
 Last input 00:00:13, output never, output hang never
 Last clearing of "show interface" counters 00:23:32
 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1
 Queueing strategy: fifo
 Output queue: 0/40 (size/max)
 5 minute input rate 0 bits/sec, 0 packets/sec
 5 minute output rate 0 bits/sec, 0 packets/sec
    200 packets input, 4350 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    459 packets output, 7501 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 unknown protocol drops
    0 output buffer failures, 0 output buffers swapped out
    0 carrier transitions

Тунель и виртуальные интерфейсы периодически поднимаются и падают..

В чем проблема?

Спасибо!

Munsera · 14 февраля 2012

Сегодня вот что вывел sh logging

Munsera#sh logging
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited,
               0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


   Console logging: level critical, 23 messages logged, xml disabled,
                    filtering disabled
   Monitor logging: level debugging, 0 messages logged, xml disabled,
                    filtering disabled
   Buffer logging:  level debugging, 110419 messages logged, xml disabled,
                    filtering disabled
   Logging Exception size (4096 bytes)
   Count and timestamp logging messages: disabled
   Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

   Trap logging: level debugging, 110451 message lines logged

Log Buffer (51200 bytes):
P: Timeout: State REQsent
109860: *Jan 24 10:15:19.289 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 152 len 10
109861: *Jan 24 10:15:19.289 PCTime: Vp1 LCP:    MagicNumber 0x25EB1BC7 (0x050625EB1BC7)
109862: *Jan 24 10:15:21.302 PCTime: Vp1 LCP: Timeout: State REQsent
109863: *Jan 24 10:15:21.302 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 153 len 10
109864: *Jan 24 10:15:21.302 PCTime: Vp1 LCP:    MagicNumber 0x25EB1BC7 (0x050625EB1BC7)
109865: *Jan 24 10:15:21.530 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109866: *Jan 24 10:15:23.318 PCTime: Vp1 LCP: Timeout: State REQsent
109867: *Jan 24 10:15:23.318 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 154 len 10
109868: *Jan 24 10:15:23.318 PCTime: Vp1 LCP:    MagicNumber 0x25EB1BC7 (0x050625EB1BC7)
109869: *Jan 24 10:15:24.531 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109870: *Jan 24 10:15:25.335 PCTime: Vp1 LCP: Timeout: State REQsent
109871: *Jan 24 10:15:25.335 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 155 len 10
109872: *Jan 24 10:15:25.335 PCTime: Vp1 LCP:    MagicNumber 0x25EB1BC7 (0x050625EB1BC7)
109873: *Jan 24 10:15:27.351 PCTime: Vp1 LCP: Timeout: State REQsent
109874: *Jan 24 10:15:27.351 PCTime: Vp1 LCP: State is Listen
109875: *Jan 24 10:15:31.532 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109876: *Jan 24 10:15:34.533 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109877: *Jan 24 10:15:41.534 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109878: *Jan 24 10:15:44.535 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109879: *Jan 24 10:15:51.537 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109880: *Jan 24 10:15:54.537 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109881: *Jan 24 10:15:57.366 PCTime: Vp1 LCP: Timeout: State Listen
109882: *Jan 24 10:15:57.366 PCTime: Vp1 PPP: No remote authentication for call-out
109883: *Jan 24 10:15:57.366 PCTime: Vp1 LCP: O CONFREQ [Listen] id 156 len 10
109884: *Jan 24 10:15:57.366 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109885: *Jan 24 10:15:59.382 PCTime: Vp1 LCP: Timeout: State REQsent
109886: *Jan 24 10:15:59.382 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 157 len 10
109887: *Jan 24 10:15:59.382 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109888: *Jan 24 10:16:01.399 PCTime: Vp1 LCP: Timeout: State REQsent
109889: *Jan 24 10:16:01.399 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 158 len 10
109890: *Jan 24 10:16:01.399 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109891: *Jan 24 10:16:01.539 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109892: *Jan 24 10:16:03.415 PCTime: Vp1 LCP: Timeout: State REQsent
109893: *Jan 24 10:16:03.415 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 159 len 10
109894: *Jan 24 10:16:03.415 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109895: *Jan 24 10:16:04.540 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109896: *Jan 24 10:16:05.432 PCTime: Vp1 LCP: Timeout: State REQsent
109897: *Jan 24 10:16:05.432 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 160 len 10
109898: *Jan 24 10:16:05.432 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109899: *Jan 24 10:16:07.448 PCTime: Vp1 LCP: Timeout: State REQsent
109900: *Jan 24 10:16:07.448 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 161 len 10
109901: *Jan 24 10:16:07.448 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109902: *Jan 24 10:16:09.465 PCTime: Vp1 LCP: Timeout: State REQsent
109903: *Jan 24 10:16:09.465 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 162 len 10
109904: *Jan 24 10:16:09.465 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109905: *Jan 24 10:16:11.481 PCTime: Vp1 LCP: Timeout: State REQsent
109906: *Jan 24 10:16:11.481 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 163 len 10
109907: *Jan 24 10:16:11.481 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109908: *Jan 24 10:16:11.541 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109909: *Jan 24 10:16:13.498 PCTime: Vp1 LCP: Timeout: State REQsent
109910: *Jan 24 10:16:13.498 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 164 len 10
109911: *Jan 24 10:16:13.498 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109912: *Jan 24 10:16:14.542 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109913: *Jan 24 10:16:15.510 PCTime: Vp1 LCP: Timeout: State REQsent
109914: *Jan 24 10:16:15.510 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 165 len 10
109915: *Jan 24 10:16:15.510 PCTime: Vp1 LCP:    MagicNumber 0x25EBDFCA (0x050625EBDFCA)
109916: *Jan 24 10:16:17.527 PCTime: Vp1 LCP: Timeout: State REQsent
109917: *Jan 24 10:16:17.527 PCTime: Vp1 LCP: State is Listen
109918: *Jan 24 10:16:21.543 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109919: *Jan 24 10:16:24.544 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109920: *Jan 24 10:16:31.546 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109921: *Jan 24 10:16:34.546 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109922: *Jan 24 10:16:41.548 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109923: *Jan 24 10:16:44.549 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109924: *Jan 24 10:16:47.545 PCTime: Vp1 LCP: Timeout: State Listen
109925: *Jan 24 10:16:47.545 PCTime: Vp1 PPP: No remote authentication for call-out
109926: *Jan 24 10:16:47.545 PCTime: Vp1 LCP: O CONFREQ [Listen] id 166 len 10
109927: *Jan 24 10:16:47.545 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109928: *Jan 24 10:16:49.558 PCTime: Vp1 LCP: Timeout: State REQsent
109929: *Jan 24 10:16:49.558 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 167 len 10
109930: *Jan 24 10:16:49.558 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109931: *Jan 24 10:16:51.550 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109932: *Jan 24 10:16:51.574 PCTime: Vp1 LCP: Timeout: State REQsent
109933: *Jan 24 10:16:51.574 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 168 len 10
109934: *Jan 24 10:16:51.574 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109935: *Jan 24 10:16:53.591 PCTime: Vp1 LCP: Timeout: State REQsent
109936: *Jan 24 10:16:53.591 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 169 len 10
109937: *Jan 24 10:16:53.591 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109938: *Jan 24 10:16:54.551 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
109939: *Jan 24 10:16:55.607 PCTime: Vp1 LCP: Timeout: State REQsent
109940: *Jan 24 10:16:55.607 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 170 len 10
109941: *Jan 24 10:16:55.607 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109942: *Jan 24 10:16:57.624 PCTime: Vp1 LCP: Timeout: State REQsent
109943: *Jan 24 10:16:57.624 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 171 len 10
109944: *Jan 24 10:16:57.624 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109945: *Jan 24 10:16:59.640 PCTime: Vp1 LCP: Timeout: State REQsent
109946: *Jan 24 10:16:59.640 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 172 len 10
109947: *Jan 24 10:16:59.640 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)
109948: *Jan 24 10:17:01.553 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down
109949: *Jan 24 10:17:01.657 PCTime: Vp1 LCP: Timeout: State REQsent
109950: *Jan 24 10:17:01.657 PCTime: Vp1 LCP: O CONFREQ [REQsent] id 173 len 10
109951: *Jan 24 10:17:01.657 PCTime: Vp1 LCP:    MagicNumber 0x25ECA3CF (0x050625ECA3CF)

Munsera · 19 февраля 2012

Коллеги, есть какие-нибудь варианты решения проблемы?

Заканался уже проводом сидеть((

Или стоит поменять оператора?

melnikov · 23 февраля 2012

Коллеги, есть какие-нибудь варианты решения проблемы?

Заканался уже проводом сидеть((

Или стоит поменять оператора?

Приветствую,

была такая же х..ня (в точности), на той же прошивке,

Версия прошивки:

cisco871#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 23-Aug-11 06:56 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

cisco871 uptime is 4 minutes
System returned to ROM by reload
System image file is "flash:c870-advipservicesk9-mz.124-24.T6.bin"

Вот код (компиляция "рабочих" конфигов):

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco871
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default none 
!
!
aaa session-id common
!
!
no dot11 syslog
no ip source-route
ip gratuitous-arps
!
!
!
!
ip cef
no ip bootp server
ip domain name beeline.ru
ip multicast-routing 
no ipv6 cef
l2tp-class beeline
receive-window 128
!
!
multilink bundle-name authenticated
!
no virtual-template snmp
!
!
username XXXXXX privilege 15 secret 5 XXXXXXXXXXXX
! 
!
!
!
!
ip tftp source-interface Vlan1
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 beeline
ip local interface FastEthernet4
!
!
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface FastEthernet4
description wan
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Virtual-PPP1
ip address negotiated
ip verify unicast reverse-path allow-self-ping
no ip proxy-arp
ip mtu 1460
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1420
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp authentication chap ms-chap ms-chap-v2 callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXXXX
pseudowire 85.21.0.241 10 pw-class class1
!
interface Vlan1
description internal
ip address 192.168.4.4 255.255.255.0
ip nat inside
no ip virtual-reassembly
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 85.21.88.130 255.255.255.255 dhcp
ip route 217.118.84.213 255.255.255.255 dhcp
ip route 195.14.50.16 255.255.255.255 dhcp
ip route 85.21.52.254 255.255.255.255 dhcp
ip route 194.67.1.13 255.255.255.255 dhcp
ip route 194.67.1.14 255.255.255.255 dhcp
ip route 194.67.18.19 255.255.255.255 dhcp
ip route 195.14.50.21 255.255.255.255 dhcp
ip route 194.67.1.115 255.255.255.255 dhcp
ip route 195.14.50.26 255.255.255.255 dhcp
ip route 89.179.135.67 255.255.255.255 dhcp
ip route 195.14.50.93 255.255.255.255 dhcp
ip route 194.67.18.72 255.255.255.255 dhcp
ip route 194.67.1.130 255.255.255.255 dhcp
ip route 217.118.84.249 255.255.255.255 dhcp
ip route 78.107.235.4 255.255.255.252 dhcp
ip route 85.21.72.80 255.255.255.240 dhcp
ip route 78.107.51.0 255.255.255.240 dhcp
ip route 83.102.231.32 255.255.255.240 dhcp
ip route 85.21.108.16 255.255.255.240 dhcp
ip route 85.21.138.208 255.255.255.240 dhcp
ip route 83.102.146.96 255.255.255.224 dhcp
ip route 85.21.90.0 255.255.255.0 dhcp
ip route 78.107.23.0 255.255.255.0 dhcp
ip route 85.21.79.0 255.255.255.0 dhcp
ip route 78.107.196.0 255.255.252.0 dhcp
ip route 10.0.0.0 255.0.0.0 dhcp
ip route 85.21.0.0 255.255.255.0 dhcp
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list LAN interface FastEthernet4 overload
ip nat inside source list WAN interface Virtual-PPP1 overload
!
ip access-list extended LAN
permit ip 192.168.4.0 0.0.0.255 host 85.21.88.130
permit ip 192.168.4.0 0.0.0.255 host 217.118.84.213
permit ip 192.168.4.0 0.0.0.255 host 195.14.50.16
permit ip 192.168.4.0 0.0.0.255 host 194.67.1.13
permit ip 192.168.4.0 0.0.0.255 host 194.67.1.14
permit ip 192.168.4.0 0.0.0.255 host 194.67.18.19
permit ip 192.168.4.0 0.0.0.255 host 195.14.50.21
permit ip 192.168.4.0 0.0.0.255 host 194.67.1.115
permit ip 192.168.4.0 0.0.0.255 host 195.14.50.26
permit ip 192.168.4.0 0.0.0.255 host 89.179.135.67
permit ip 192.168.4.0 0.0.0.255 host 195.14.50.93
permit ip 192.168.4.0 0.0.0.255 host 194.67.18.72
permit ip 192.168.4.0 0.0.0.255 host 194.67.1.130
permit ip 192.168.4.0 0.0.0.255 host 217.118.84.249
permit ip 192.168.4.0 0.0.0.255 78.107.235.4 0.0.0.3
permit ip 192.168.4.0 0.0.0.255 85.21.72.80 0.0.0.15
permit ip 192.168.4.0 0.0.0.255 78.107.51.0 0.0.0.15
permit ip 192.168.4.0 0.0.0.255 83.102.231.32 0.0.0.15
permit ip 192.168.4.0 0.0.0.255 85.21.108.16 0.0.0.15
permit ip 192.168.4.0 0.0.0.255 85.21.138.208 0.0.0.15
permit ip 192.168.4.0 0.0.0.255 83.102.146.96 0.0.0.21
permit ip 192.168.4.0 0.0.0.255 85.21.90.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 78.107.23.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 85.21.79.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 78.107.192.0 0.0.7.255
permit ip 192.168.4.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 192.168.4.0 0.0.0.255 host 85.21.52.254
permit ip 192.168.4.0 0.0.0.255 85.21.0.0 0.0.0.255
ip access-list extended WAN
deny   ip 192.168.4.0 0.0.0.255 85.21.0.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 any
!
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
transport output all
!
scheduler max-task-time 500
end

Попробуй, может поможет.

Маршруты взял с билайновского wifi роутера (D-link).

udp

Вместо:

ppp chap password 7 XXXXXXXXXXXXXXXXXX

в командной строке нужно вводить:

ppp chap password 0 XXXXXXXXXXXXXXXXXX

hoffma · 30 марта 2012

Зависают каналы..(

Просьба помочь..

cis871#sh version

Cisco IOS Software, C870 Software (C870-ADVENTERPRISEK9-M), Version 12.4(6)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 23-Feb-06 04:00 by ccai

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

cis871 uptime is 1 hour, 4 minutes

System returned to ROM by reload

System image file is "flash:c870-adventerprisek9-mz.124-6.t.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com...tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.

Processor board ID FCZ1101239S

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces

128K bytes of non-volatile configuration memory.

24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

cis871#sh running-config

Building configuration...

Current configuration : 2085 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname cis871

!

boot-start-marker

boot config flash:startup-config

boot-end-marker

!

enable secret 5 $1$6J8i$lOz1PwnhftOJmq44pzXUU/

!

no aaa new-model

!

resource policy

!

ip cef

!

no ip dhcp use vrf connected

!

ip dhcp pool lan

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 85.21.192.3 213.234.192.8

!

ip domain name home

ip multicast-routing

l2tp-class beeline

!

pseudowire-class l2tpv2

encapsulation l2tpv2

ip local interface FastEthernet4

!

username hoffma privilege 15 password 7 080658491D32030047

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 10.33.48.33 255.255.248.0

ip mtu 1460

ip pim sparse-dense-mode

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1420

duplex auto

speed auto

no cdp enable

!

interface Virtual-PPP1

ip address negotiated

ip mtu 1460

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1420

no peer neighbor-route

no cdp enable

ppp chap hostname hoffma20

ppp chap password 7 105E060E0005011F1E0D3A2E

pseudowire 85.21.0.253 1 pw-class l2tpv2

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip pim sparse-dense-mode

ip nat inside

ip virtual-reassembly

ip igmp helper-address 10.33.48.1

ip igmp helper-address udl FastEthernet4

!

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 85.21.0.253 255.255.255.255 10.33.48.1

ip route 85.21.192.0 255.255.255.248 10.33.48.1

ip route 213.234.192.0 255.255.255.240 10.33.48.1

!

no ip http server

no ip http secure-server

ip nat inside source list 1 interface Virtual-PPP1 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

control-plane

!

line con 0

password 7 013412034F20001874

login

no modem enable

line aux 0

line vty 0 4

login local

transport input telnet ssh

!

scheduler max-task-time 5000

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

cis871#sh ip mroute

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.255.255.250), 00:55:14/00:02:57, RP 0.0.0.0, flags: DC