[ KPredrag @ 29.09.2009. 14:07 ] @
|
| Situacija je sledeća: Imam Cisco router 1841 sa 2 kartice , 1:ADSL, 2: 3GHWIC (GSM).
ADSL kartica radi bez problema tj. podešena je kao primarni WAN interface.
3GHWIC kartica je planirana da se koristi kao veza sa drugim mobilnim uređajima u zasebnoj mreži (koju smo dobili od mobinog provajdera), bez ikakvog dodira sa internetom. Uređaji bi preko nje trebalo da komuniciraju sa serverom u lokalnoj mreži.
U dosadašnjim pokušajima da osposobim 3GHWIC da radi u ovom režimu, nisam imao uspeha.
Da li je neko možda imao iskustva sa ovime?
Hvala unapred |
[ markom @ 29.09.2009. 14:11 ] @
Sa čim tačno?
[ KPredrag @ 29.09.2009. 18:23 ] @
Da li mogu da rade nezavisno 3GHWIC kartica i ADSL. Jedno na jednoj mrezi, drugo na drugoj.
Ja nisam uspeo da to napravim.
Znam da 3GHWIC moze da radi kao backup varijanta, ali to mi ne treba.
[ markom @ 29.09.2009. 22:02 ] @
Da, naravno da mogu. Potraži „vrf-lite“. Možeš da pogledaš
ovde. Slobodno ignoriši priču oko MPLS-a, to ti ne treba... :-)
[ KPredrag @ 30.09.2009. 12:13 ] @
Problem mi se javlja jer ne mogu da se povezem sa mrezom od mobilnog provajdera prego 3GHWIC kartice, kada je aktivan ADSL interface.
Samim time nisam siguran da li bi VRF pomogao, jedino ako bi mogao nekako da omoguci da se 3GHWIC poveze sa mrezom od provajdera.
Iz ovog sto sam do sada video za VRFuglavnom se koristi za "konstantne" veze tj za fe i serial interfejse, nisam nasao nigde primer za upotrebu sa cellular interfejsom.
[ markom @ 30.09.2009. 12:22 ] @
Pa 3G interfejs valjda isto može da se konfigurište kao „always-on“?
[ KPredrag @ 30.09.2009. 13:02 ] @
Može, ali problem je taj što ne mogu da ga inicijalno pokrenem, tj. da se nakačim na mrežu.
Ne znam u čemu je problem (nije hardwarske prirode sigurno).
[ markom @ 30.09.2009. 14:17 ] @
A da nam pošalješ „show run“?
[ KPredrag @ 01.10.2009. 09:06 ] @
Evo konfiguracije routera:
Code:
no ip bootp server
ip domain name sterling.co.rs
ip name-server 77.105.0.18
ip name-server 77.105.0.19
multilink bundle-name authenticated
chat-script gsm " " "ATDT*98*1#" TIMEOUT 60 "CONNECT"
!
!
username xyz privilege 15 secret 5 xyx
username wyz privilege 15 secret 5 zyz
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.248
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-LAN$$ES_LAN$$FW_INSIDE$
ip address 192.168.10.15 255.255.255.0
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Cellular0/1/0
ip address 172.27.149.193 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer in-band
dialer idle-timeout 0
dialer string gsm
dialer-group 2
async mode interactive
!
interface Dialer0
description $FW_OUTSIDE$
ip address 77.105.x.x 255.0.0.0
ip access-group sdm_dialer0_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username xxx password yyy
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip flow-top-talkers
top 100
sort-by bytes
cache-timeout 1000
!
ip http server
ip http access-class 4
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source static tcp 192.168.10.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.10.9 3389 interface Dialer0 3389
!
ip access-list extended sdm_cellular0/1/0_in
remark SDM_ACL Category=1
permit ip any any
permit tcp any any
permit icmp any any
permit udp any any
ip access-list extended sdm_dialer0_in
remark SDM_ACL Category=1
permit udp host 77.105.0.19 eq domain any
permit udp host 77.105.0.18 eq domain any
remark Ne moze 53
deny tcp any host 77.105.x.x eq domain log
remark Ne moze 80
deny tcp any host 77.105.x.x eq www log
permit udp any eq domain host 77.105.x.x
permit tcp any host 77.105.x.x
permit icmp any host 77.105.x.x
permit ip any host 77.105.x.x
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 3 remark HTTP Access-class list
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.10.0 0.0.0.255
access-list 3 permit 10.10.10.0 0.0.0.7
access-list 3 deny any
access-list 4 remark SDM_ACL Category=1
access-list 4 permit 192.168.10.90
access-list 4 remark HTTP Access-class list
access-list 4 permit 192.168.10.9
access-list 4 permit 10.10.10.0 0.0.0.7
access-list 4 permit 192.168.10.0 0.0.0.255
access-list 4 deny any
access-list 23 remark SDM_ACL Category=16
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq smtp
access-list 100 deny tcp any host 10.10.10.1 eq telnet
access-list 100 deny tcp any host 10.10.10.1 eq www
access-list 100 deny tcp any host 10.10.10.1 eq smtp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq telnet
access-list 101 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq www
access-list 101 permit tcp 10.10.10.0 0.0.0.7 host 10.10.10.1 eq cmd
access-list 101 deny tcp any host 10.10.10.1 eq telnet
access-list 101 deny tcp any host 10.10.10.1 eq 22
access-list 101 deny tcp any host 10.10.10.1 eq www
access-list 101 deny tcp any host 10.10.10.1 eq 443
access-list 101 deny tcp any host 10.10.10.1 eq cmd
access-list 101 deny udp any host 10.10.10.1 eq snmp
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 192.168.10.2 eq 1645 host 192.168.10.15
access-list 102 permit udp host 192.168.10.2 eq 1646 host 192.168.10.15
access-list 102 permit tcp host 192.168.10.9 host 192.168.10.15 eq telnet
access-list 102 permit tcp host 192.168.10.90 host 192.168.10.15 eq telnet
access-list 102 permit tcp host 192.168.10.95 host 192.168.10.15 eq telnet
access-list 102 permit tcp host 192.168.10.9 host 192.168.10.15 eq www
access-list 102 permit tcp host 192.168.10.90 host 192.168.10.15 eq www
access-list 102 permit tcp host 192.168.10.95 host 192.168.10.15 eq www
access-list 102 permit tcp host 192.168.10.9 host 192.168.10.15 eq cmd
access-list 102 permit tcp host 192.168.10.95 host 192.168.10.15 eq cmd
access-list 102 permit tcp host 192.168.10.90 host 192.168.10.15 eq cmd
access-list 102 permit tcp host 192.168.10.9 any
access-list 102 deny tcp any host 192.168.10.15 eq telnet
access-list 102 deny tcp any host 192.168.10.15 eq 22
access-list 102 deny tcp any host 192.168.10.15 eq www
access-list 102 deny tcp any host 192.168.10.15 eq 443
access-list 102 deny tcp any host 192.168.10.15 eq cmd
access-list 102 deny udp any host 192.168.10.15 eq snmp
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip host 192.168.10.9 any
access-list 103 permit ip 10.10.10.0 0.0.0.7 any
access-list 103 permit ip host 192.168.10.90 any
access-list 103 permit ip host 192.168.10.95 any
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip host 192.168.10.9 any
access-list 104 permit ip 10.10.10.0 0.0.0.7 any
access-list 104 permit ip host 192.168.10.90 any
dialer-list 1 protocol ip list 1
no cdp run
!
radius-server host 192.168.10.2 auth-port 1645 acct-port 1646 timeout 60 key 7 0355481F145C334D4A000C16
!
control-plane
!
!
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 0/1/0
exec-timeout 0 0
script dialer gsm
modem InOut
no exec
speed 384000
line vty 0 4
access-class 103 in
privilege level 15
authorization exec local_author
login authentication local_authen
transport input telnet
line vty 5 15
access-class 104 in
privilege level 15
authorization exec local_author
login authentication local_authen
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17177137
ntp update-calendar
ntp server 192.168.10.2 source FastEthernet0/1 prefer
end
[Ovu poruku je menjao optix dana 01.10.2009. u 22:46 GMT+1]Copyright (C) 2001-2024 by www.elitesecurity.org. All rights reserved.