Router Cisco 857 problemi access list e dns
Inviato: lun 06 ago , 2007 10:46 am
Salve a tutti, mi ritrovo a chiedere aiuto per il seguente problema:
Ho un router cisco 857 configurato in modo tale da consentire l'accesso ad internet completo ad un solo host e limitato su tutti gli altri della stessa sottorete.
La mia attuale configurazione funziona ma presenta 2 problemi:
1) non riesco a risolvere i dns dal router, in breve se da console tento di fare un ping www.google.it non funziona pur avendo impostato correttamente gli ip name-server
2) per lo stesso motivo, suppongo, non riesco ad inserire nalla accessi list un sito tramite nomesito.com, ma solo mettendo l'ip, cosa che mi crea diversi problemi per un sito che oggi ha un ip e domani ne ha un altro
Ecco il mio show run debitamente censurato:
Current configuration : 4775 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nomehost
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ****************
enable password ****************
!
no aaa new-model
!
resource policy
!
!
!
ip cef
ip domain name yourdomain.com
ip name-server 151.99.125.1
ip name-server 212.216.112.112
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address *.*.*.* 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.187 255.255.255.0 secondary
ip address *.*.*.41 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool mg-net *.*.*.42 *.*.*.42 netmask 255.255.255.248
ip nat inside source list 100 pool mg-net overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.1.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.1.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.1.0 0.0.0.255 host apps.easyjet.com
access-list 100 permit ip 192.168.1.0 0.0.0.255 *.*.*.128 0.0.0.127
access-list 100 permit ip 192.168.12.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.12.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.12.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.12.0 0.0.0.255 host sitomultiip.com
access-list 100 permit ip 192.168.12.0 0.0.0.255 *.*.*.128 0.0.0.127
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use
.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password ***********
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Grazie anticipatamente a chi mi potrĂ anche solo parzialmente illuminare
Ho un router cisco 857 configurato in modo tale da consentire l'accesso ad internet completo ad un solo host e limitato su tutti gli altri della stessa sottorete.
La mia attuale configurazione funziona ma presenta 2 problemi:
1) non riesco a risolvere i dns dal router, in breve se da console tento di fare un ping www.google.it non funziona pur avendo impostato correttamente gli ip name-server
2) per lo stesso motivo, suppongo, non riesco ad inserire nalla accessi list un sito tramite nomesito.com, ma solo mettendo l'ip, cosa che mi crea diversi problemi per un sito che oggi ha un ip e domani ne ha un altro
Ecco il mio show run debitamente censurato:
Current configuration : 4775 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nomehost
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ****************
enable password ****************
!
no aaa new-model
!
resource policy
!
!
!
ip cef
ip domain name yourdomain.com
ip name-server 151.99.125.1
ip name-server 212.216.112.112
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address *.*.*.* 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.187 255.255.255.0 secondary
ip address *.*.*.41 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool mg-net *.*.*.42 *.*.*.42 netmask 255.255.255.248
ip nat inside source list 100 pool mg-net overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.1.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.1.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.1.0 0.0.0.255 host apps.easyjet.com
access-list 100 permit ip 192.168.1.0 0.0.0.255 *.*.*.128 0.0.0.127
access-list 100 permit ip 192.168.12.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.12.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.12.0 0.0.0.255 host *.*.*.*
access-list 100 permit ip 192.168.12.0 0.0.0.255 host sitomultiip.com
access-list 100 permit ip 192.168.12.0 0.0.0.255 *.*.*.128 0.0.0.127
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use
.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password ***********
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Grazie anticipatamente a chi mi potrĂ anche solo parzialmente illuminare