Ho due router in lan tra loro. Uno gestisce una rete privata che fa overload.
Uno gestisce una rete con ip pubblici.
Affinchè io possa comunicare localmente tra uno e l'altro (ad esempio, se cade la linea A, vorrei entrare sul router B e dal router B entrare sul router A)
Poichè però hanno indirizzamenti IP non comunicanti, ciò non mi è possibile.
Ho quindi pensato in modo semplice semplice di aggiungere dei secondary su entrambe le vlan 1 e collegare i due router tra loro
Si vedono correttamente a livello ARP, ma ping o telnet non funzionano
Ecco la conf router 1
Codice: Seleziona tutto
hostname ADSL
!
dot11 syslog
ip cef
!
!
!
!
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
multilink bundle-name authenticated
!
!
username 0000
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface ATM0
no ip address
load-interval 30
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.21.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip inspect myfw in
ip virtual-reassembly
hold-queue 100 out
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no ppp chap wait
ppp pap sent-username 0000 password 7 0000
no ppp pap wait
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer1 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 deny ip host 255.255.255.255 any
access-list 111 deny ip 127.0.0.0 0.255.255.255 any log
access-list 111 deny ip 10.0.0.0 0.255.255.255 any log
access-list 111 deny ip 172.16.0.0 0.15.255.255 any log
access-list 111 deny ip 224.0.0.0 15.255.255.255 any log
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any any eq telnet
access-list 111 deny ip any any
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
!
Codice: Seleziona tutto
!
hostname HDSL
!
!
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ip domain lookup
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username 000 password 7 0000
!
interface FastEthernet0
description Collegare a ETH1 Aethra Telecom
no ip address
load-interval 30
speed 100
full-duplex
!
interface FastEthernet0.100
description PPPoE CLIENT HDSL ETH 4 Mbps
encapsulation dot1Q 100
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
!
interface Vlan1
ip address 192.168.21.3 255.255.255.0 secondary
ip address 1.1.1.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
no autostate
hold-queue 100 out
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
no ppp chap wait
ppp pap sent-username 0000 password 7 0000
no ppp pap wait
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.21.3 23 interface Dialer1 233
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 102 permit ip 192.168.21.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
line con 0
exec-timeout 120 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
transport input all
!
Da router A (192.168.21.1) vedo il router B (192.168.21.3) a livello arp
Codice: Seleziona tutto
ADSL# sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.21.3 28 0006.f61f.732e ARPA Vlan1
Codice: Seleziona tutto
ping 192.168.21.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ADSL#192.168.21.3
Trying 192.168.21.3 ...
% Connection timed out; remote host not responding
Se su entrambi i router inverto gli ip (i seconday diventano primary) allora funziona
Ho anche notato che sul router A se pingo B specificando il source funziona
Codice: Seleziona tutto
ping 192.168.21.3 source 192.168.21.1
C'è qualcosa da definire specificare affinchè riesca a farlo funzionare ?
Spero di essere stato esaustivo e ringrazio anticipatamente.
Grazie