Pagina 1 di 1

Router non si pingano/telnettano sul secondary

Inviato: mar 11 giu , 2019 2:45 pm
da davide0522
Ciao
Ho due router in lan tra loro. Uno gestisce una rete privata che fa overload.
Uno gestisce una rete con ip pubblici.
Affinchè io possa comunicare localmente tra uno e l'altro (ad esempio, se cade la linea A, vorrei entrare sul router B e dal router B entrare sul router A)
Poichè però hanno indirizzamenti IP non comunicanti, ciò non mi è possibile.
Ho quindi pensato in modo semplice semplice di aggiungere dei secondary su entrambe le vlan 1 e collegare i due router tra loro
Si vedono correttamente a livello ARP, ma ping o telnet non funzionano

Ecco la conf router 1

Codice: Seleziona tutto

hostname ADSL
!
dot11 syslog
ip cef
!
!
!
!
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
multilink bundle-name authenticated
!
!
username 0000
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
interface ATM0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
 dsl operating-mode auto
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 pvc 8/35
  encapsulation aal5snap
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 192.168.21.1 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip inspect myfw in
 ip virtual-reassembly
 hold-queue 100 out
!
interface Dialer1
 ip address negotiated
 ip access-group 111 in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 no ppp chap wait
 ppp pap sent-username 0000 password 7 0000
 no ppp pap wait
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer1 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 deny   ip host 255.255.255.255 any
access-list 111 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 111 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 111 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 111 deny   ip 224.0.0.0 15.255.255.255 any log
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any any eq telnet
access-list 111 deny   ip any any
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 login local
 length 0
!
Ed ecco la conf del router 2

Codice: Seleziona tutto

!
hostname HDSL
!
!
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ip domain lookup
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username 000 password 7 0000
!
interface FastEthernet0
 description Collegare a ETH1 Aethra Telecom
 no ip address
 load-interval 30
 speed 100
 full-duplex
!
interface FastEthernet0.100
 description PPPoE CLIENT HDSL ETH 4 Mbps
 encapsulation dot1Q 100
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 no ip address
!
interface FastEthernet5
 no ip address
!
interface FastEthernet6
 no ip address
!
interface FastEthernet7
 no ip address
!
interface FastEthernet8
 no ip address
!
interface Vlan1
 ip address 192.168.21.3 255.255.255.0 secondary
 ip address 1.1.1.1 255.255.255.248
 ip nat inside
 ip virtual-reassembly in
 no autostate
 hold-queue 100 out
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 no ppp chap wait
 ppp pap sent-username 0000 password 7 0000
 no ppp pap wait
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.21.3 23 interface Dialer1 233
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 102 permit ip 192.168.21.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
line con 0
 exec-timeout 120 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 120 0
 login local
 length 0
 transport input all
!



Da router A (192.168.21.1) vedo il router B (192.168.21.3) a livello arp

Codice: Seleziona tutto

ADSL#   sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.21.3           28   0006.f61f.732e  ARPA   Vlan1
Ma ping / telnet non vanno

Codice: Seleziona tutto

ping 192.168.21.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.21.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

ADSL#192.168.21.3
Trying 192.168.21.3 ...
% Connection timed out; remote host not responding
E idem accade sull'altro router, il B, in cui vedo in tabella ARP il router A, ma nè ping nè telnet.


Se su entrambi i router inverto gli ip (i seconday diventano primary) allora funziona

Ho anche notato che sul router A se pingo B specificando il source funziona

Codice: Seleziona tutto

ping 192.168.21.3 source 192.168.21.1
Questo potrebbe essere risolutivo, ma con il telnet non riesco a specificare il source ip

C'è qualcosa da definire specificare affinchè riesca a farlo funzionare ?
Spero di essere stato esaustivo e ringrazio anticipatamente.
Grazie