Salve a tutti, anch'io sono nuovo dell'ambiente cisco (purtroppo).
Brevemente:
1-In azienda c'è una connessione HDSL
2-E' configurata con TelecomItalia attraverso un router a noleggio.
3-Abbiamo acquistato un cisco 1841.
Le mie domande sono queste:
1-Una configurazione tramite lan SDM è limitata rispetto ad una telnet ma per me più complicata in quanto non conosco i comandi. Ma sul Router entrambi i metodi producono lo stesso risultato oppure no?
2-A parte le svariate configurazioni che continuamente mi spediscono quelli dell'help desk Telecom (tutte diverse) la mia procedura è questa:
a>mi collego tramite lan
b>entro nel menù configurazione e creo una nuova
connessione con il wizard sulla "SERIAL 0/0/0", dove
inserisco IP WAN (punto punto).
c>creo una nuova connessione Ethernet PPP in questa
inserisco il range di IP che mi dovrebbero essere stati
assegnati come pubblici per la navigazione.
d>Frame Relay/DLCI/ etc vengono inseriti dove richiesto.
e>I test di connessione sulla Serial sono OK ma sulla
ethernet mi dice di verificare l'encapsulation ed i PC
non escono.
Sicuramente sbaglio qualcosa ma non capisco dove e come.
Questo è uno stralcio della configurazione:
"!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxx.
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name Mandara.local
ip name-server 151.99.125.1
ip name-server 151.99.0.100
!
username admin privilege 15 secret 5
xxxxxxxxxxxxxxx
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 192.xxx.xxx.xxx xxx.xxx.xxx.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation frame-relay
ip route-cache flow
!
interface Serial0/0/0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
ip address "ci ho messo i WAN IP"
no ip redirects
no ip unreachables
no ip proxy-arp
frame-relay interface-dlci 249 IETF
!
interface Serial0/0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
clockrate 2000000
!
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Dialer0
ip address "ci ho messo l'IP GATEWAY"
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
!
ip classless
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit "IP LAN INTERNA"
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end"
GRAZIE A QUALUNQUE ESPERTO DEL SETTORE CHE VOGLIA AIUTARMI.
1841 con Telecom.
Moderatore: Federico.Lagni
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Configurazione estrapolata da un 1841 con connessione hdsl telecom funzionante:
Codice: Seleziona tutto
service nagle
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ***
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 5 log
security passwords min-length 6
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000 informational
logging console critical
enable secret ****
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
ip cef
!
!
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect one-minute high 500
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name INSPECTION-OUT tcp
ip inspect name INSPECTION-OUT udp
!
!
ip ips sdf location flash:ips-store retries 5 wait-time 10
ip ips signature 2004 0 disable
ip ips signature 2001 0 disable
ip ips signature 2005 0 disable
ip ips signature 2000 0 disable
ip ips signature 6053 0 disable
ip ips name IPS-IN
no ip bootp server
ip name-server 208.67.222.222
login block-for 1 attempts 3 within 30
login on-failure
login on-success
!
!
!
!
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
key-string
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16
17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128
B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35
FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85
50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36
006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE
2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3
F3020301 0001
quit
username admin privilege 15 password ***
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
ip ssh time-out 60
ip scp server enable
!
!
interface Loopback0
description INTERFACCIA PER NAT E VPN
ip address *** ***
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description INTERFACCIA FISICA PER GESTIONE LAN
ip address *** 255.255.255.0
ip accounting output-packets
ip accounting access-violations
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description ALICE IMPRESA HDSL 2Mbps - TGU: ***
bandwidth 2048
no ip address
encapsulation frame-relay IETF
load-interval 30
no fair-queue
frame-relay traffic-shaping
frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
description PUNTO-PUNTO HDSL
bandwidth 2048
ip address **** 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip ips IPS-IN in
ip nat outside
ip virtual-reassembly
no ip mroute-cache
no cdp enable
no arp frame-relay
frame-relay class CIR1024
frame-relay interface-dlci ***
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1
no ip http server
no ip http secure-server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list NAT interface Loopback0 overload
!
ip access-list extended NAT
permit ip *** any
!
!
map-class frame-relay CIR1024
frame-relay cir 1536000
frame-relay mincir 1024000
logging history notifications
line con 0
exec-timeout 0 0
login local
transport output ssh
stopbits 1
line aux 0
login local
transport output ssh
line vty 0 4
access-class 99 in
exec-timeout 0 0
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178119
ntp server 193.204.114.232
ntp server 193.204.114.233
sntp server 193.204.114.232
sntp server 193.204.114.233
sntp server 193.204.114.105
endIl futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
