>>>Здравствуйте.
>>>
>>>
>>>Имеется Cisco 1760, c WIC-ADSL и WIC-4ESW.
>>>IOS: c1700-advsecurityk9-mz.124-10.bin
>>>Интернет провайдер дает блок из 8 статических адресов.
>>>На маршрутизаторе создано 2 vlan.
>>>Vlan1 10.10.10.1-10.10.10.14 subnet 255.255.255.240
>>>Vlan2 91.84.xx.xx-91.84.xx.xx subnet 255.255.255.248
>>>
>>>Проблема: Vlan1 не имеет выхода в интернет, vlan2 имеет.
>>>Вопрос: Помогите настроить выход в интернет на Vlan1.
>>>
>>>Вот конфигурационный файл:
>>>
>>>
>>>User Access Verification
>>>
>>>Username: andriy
>>>Password:
>>>Router#sh running-config
>>>Building configuration...
>>>
>>>Current configuration : 1885 bytes
>>>!
>>>version 12.4
>>>service timestamps debug datetime msec
>>>service timestamps log datetime msec
>>>no service password-encryption
>>>!
>>>hostname Router
>>>!
>>>boot-start-marker
>>>boot-end-marker
>>>!
>>>!
>>>no aaa new-model
>>>ip cef
>>>!
>>>!
>>>!
>>>!
>>>ip name-server 212.104.xxx.xxx
>>>ip name-server 212.104.xxx.xxx
>>>!
>>>!
>>>!
>>>!
>>>username andriy privilege 15 password xxxxxxxx
>>>!
>>>!
>>>!
>>>!
>>>!
>>>interface ATM0/0
>>>no ip address
>>>no ip redirects
>>>no ip unreachables
>>>no ip proxy-arp
>>>ip route-cache flow
>>>no atm ilmi-keepalive
>>>dsl operating-mode auto
>>>!
>>>interface ATM0/0.1 point-to-point
>>>no snmp trap link-status
>>>pvc 0/38
>>>encapsulation aal5mux ppp dialer
>>>dialer pool-member 1
>>>!
>>>!
>>>interface FastEthernet0/0
>>>no ip address
>>>shutdown
>>>speed auto
>>>!
>>>interface FastEthernet1/1
>>>!
>>>interface FastEthernet1/2
>>>switchport access vlan 2
>>>!
>>>interface FastEthernet1/3
>>>!
>>>interface FastEthernet1/4
>>>!
>>>interface Vlan1
>>>ip address 10.10.10.1 255.255.255.240
>>>ip access-group vlan1_in in
>>>no ip redirects
>>>no ip unreachables
>>>no ip proxy-arp
>>>ip nat inside
>>>ip virtual-reassembly
>>>ip route-cache flow
>>>ip tcp adjust-mss 1452
>>>!
>>>interface Vlan2
>>>ip address 91.84.xxx.xxx 255.255.255.248
>>>ip access-group vlan2_in in
>>>no ip redirects
>>>no ip unreachables
>>>no ip proxy-arp
>>>ip nat outside
>>>ip virtual-reassembly
>>>ip route-cache flow
>>>ip tcp adjust-mss 1452
>>>!
>>>interface Dialer0
>>>ip address negotiated
>>>ip access-group dialer0_in in
>>>no ip redirects
>>>no ip unreachables
>>>no ip proxy-arp
>>>ip virtual-reassembly
>>>encapsulation ppp
>>>ip route-cache flow
>>>dialer pool 1
>>>dialer-group 1
>>>no cdp enable
>>>ppp authentication chap pap callin
>>>ppp chap hostname xxxxxxxx@xxxx.xx
>>>ppp chap password xxxxxxxxxxx
>>>ppp pap sent-username xxxxxxxx@xxxx.xx password xxxxxxxx
>>>!
>>>ip route 0.0.0.0 0.0.0.0 Dialer0
>>>!
>>>no ip http server
>>>no ip http secure-server
>>>!
>>>!
>>>control-plane
>>>!
>>>!
>>>line con 0
>>>login local
>>>transport output telnet
>>>line aux 0
>>>line vty 0 4
>>>privilege level 15
>>>login local
>>>!
>>>end
>>>
>>>Router#
>>>----------------
>>>При возможности выложите пожалуйста кусок реального конфига.
>>>Пытался делать по мануалам с Cisco, ничего не вышло.
>>>Спасибо.
>>>
>>>Спасибо.
>>
>>нужно прописать нат для влан1
>>
>>!
>>ip nat pool USERS 91.84.xx.x1 91.84.xx.x1 prefix-length 29
>>ip nat inside source list 1 pool USERS overload
>>!
>>access-list 1 permit 10.10.10.1 0.0.0.15
>------------------
>
>Попробовал, два вот эти варианта, но ничего не вышло.
>
>ip nat pool Local 91.84.xx.xx 91.84.xx.xx netmask 255.255.255.248
>!
>ip nat outside source list 1 pool Local add-route
>!
>access-list 1 permit 10.10.10.0 0.0.0.255
>-----------
>
>ip nat pool Local 91.84.xx.xx 91.84.xx.xx prefix-length 29
>!
>ip nat inside source list 1 pool Local overload
>!
>access-list 1 permit 10.10.10.1 0.0.0.15
>------------
>
>Кто может еще что нибудь посоветовать.
--------------------З дня танцов с бубнами, куча вариантов, и толку никакого.
Начнем все с начала.
И так что где и почему.
От провайдера блок из 8 адресов.
sh ip route:
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
82.0.0.0/32 is subnetted, 1 subnets
C 82.153.1.4 is directly connected, Dialer0
10.0.0.0/28 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Vlan2
91.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 91.84.35.96/29 is directly connected, Vlan1
C 91.84.35.97/32 is directly connected, Dialer0
S* 0.0.0.0/0 is directly connected, Dialer0
Cisco-1760#
91.84.35.96 сеть
91.84.35.97 vlan1
Теперь не-множко о конфигурации.
Dialer0:
interface Dialer0
ip address negotiated
ip access-group dialer0_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxx password xxxxxxxxxxxxx
-----------
interface Vlan1
ip address хххххххххххх 255.255.255.248
ip access-group vlan1_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
-----------
interface Vlan2
ip address 10.10.10.1 255.255.255.240
ip access-group vlan2_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
Bозможно проблема в том что в Dialer0 ip address negotiated, а VLAN1 имеет первый адрес из блока.
Пробовал задать на Dialer0 ip address (первый из блока адресов) а на Vlan2 negotiated.
Также:
ip nat inside source list 1 interface Dialer0 overload
access-list 1 permit 10.10.10.0 0.0.0.255
Не работает и все.
sh ip nat translations, полная пустота.
sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Virtual-Access2, Dialer0
Inside interfaces:
Vlan1, Vlan2
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Dialer0 refcount 0
Queued Packets: 0
-----------
Тоисть ната нет, и не работает он вообще.
Еще раз полный конфиг файл:
----
Cisco-1760#sh running-config
Building configuration...
Current configuration : 3240 bytes
!
! Last configuration change at 22:52:03 london Sat Jul 14 2007
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco-1760
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
!
resource policy
!
clock timezone london 1
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address xxxxxxxxxx
ip dhcp excluded-address 10.10.10.1
ip dhcp ping packets 4
!
ip dhcp pool pool1
network 91.84.35.96 255.255.255.248
default-router xxxxxxxxxx
dns-server xxxxxxxxx
lease infinite
!
ip dhcp pool pool2
network 10.10.10.0 255.255.255.240
default-router xxxxxxxxx
dns-server xxxxxxxxx
lease infinite
!
!
no ip bootp server
ip name-server xxxxxxxxxxxxxx
ip name-server xxxxxxxxxxxxxx
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name voip sip
!
username andriy privilege 15 password xxxxxxxxxxxxxx
!
interface ATM0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0.1 point-to-point
no snmp trap link-status
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
no ip address
shutdown
speed auto
!
interface FastEthernet1/1
!
interface FastEthernet1/2
switchport access vlan 2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface Vlan1
ip address xxxxxxxxxxx 255.255.255.248
ip access-group vlan1_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 10.10.10.1 255.255.255.240
ip access-group vlan2_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip access-group dialer0_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxx password xxxxxxxxxxxxx
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
ntp clock-period 17180206
ntp server 213.170.141.38 prefer
ntp server 194.150.121.14
ntp server 81.187.121.162
end
Cisco-1760#
--------
При поытке задать адрес на интерфейс, вот что получается:
Cisco-1760>enable
Cisco-1760#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco-1760(config)#int fa 1/1
Cisco-1760(config-if)#ip address xxxxxxxxxxx 255.255.255.248
% IP addresses may not be configured on L2 links.
Cisco-1760(config-if)#
Спасибо за внимание.
_________________
С Уважением Андрей.
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on 09-Июл-07, 00:09 
