koledy
bardzo zalezy mi na waszej pomocy.
od kilku dni nie mam internetu. kurcze w dzisiejszych czasach to uciazliwe
ale od poczatku.
1. mam router 1941,
2. moj router laczy sie ze swiatem przy pomocy modemu (de facto routera) dostarczonego przez mojego ISP.
3. ten ISP modem jest zestawiony w trybie "bridge", tak abym mogl na swoim interfejsie gi0/0 zestawic sesje PPPOE
4. do tej moj ISP dawal mi "sygnal" w VDSL2, jednak poniewaz jest to LLU (kable tepsy) polaczenie czasami sie zrywalo ...
5. postanowilem dokonac downgrade na ADSL2+
i teraz najlepsze:
konfig mojego routera 1941 pozostal BEZ ZMIAN, zas majac teraz po drugiej stronie ADSL nie mam juz mozliwosci zestawienia PPPOE.
oczywiscie mozna powiedziec, ze modem dostarczony przez mojego ISP jest niewlasciwy, badz niewlasciwie jest tam skonfigurowana usluga "bridge" dla ADSL-a.
jednak, nie. dlaczego ?
jesli podlacze swoj laptop bezposrednio do tego ISP modemu (przez port LAN) to moge bez problemu zestawic sesje PPPOE i mam internet. wniosek: modem pracuje poprwaeni w trybie bridge.
zupelnie brak mi pomyslu.
ponizej debug. wyglada na to ze sesja PPPOE jest inicjowana, o ile dobrze odczytuje to wywalam sie na PADR
Kod: Zaznacz cały
Jul 6 13:09:18.171: OUT PADR from PPPoE Session
Jul 6 13:09:18.171: PPPOE : Resending PADR
Jul 6 13:09:28.411: OUT PADR from PPPoE Session
Jul 6 13:09:28.411: PPPOE : Resending PADR
Jul 6 13:09:38.651: OUT PADR from PPPoE Session
Jul 6 13:09:38.651: PPPOE : Resending PADR
Jul 6 13:09:48.891: OUT PADR from PPPoE Session
Jul 6 13:09:48.891: PPPOE : Resending PADR
Jul 6 13:09:59.143: PPPoE : Shutting down client session
Jul 6 13:09:59.143: [0]PPPoE 0: O PADT R:0000.0000.0000 L:0000.0000.0000 Gi0/0
Jul 6 13:09:59.143: PPPOE : Resending PADR
Jul 6 13:10:19.367: Sending PADI: Interface = GigabitEthernet0/0
Jul 6 13:10:19.379: PPPoE 0: I PADO R:d4ca.6dae.b1c7 L:44d3.caa0.0e60 Gi0/0
Jul 6 13:10:21.483: PPPOE: we've got our pado and the pado timer went off
Jul 6 13:10:21.483: OUT PADR from PPPoE Session
Jul 6 13:10:31.723: OUT PADR from PPPoE Session
Jul 6 13:10:31.723: PPPOE : Resending PADR
Jul 6 13:10:41.963: OUT PADR from PPPoE Session
Jul 6 13:10:41.963: PPPOE : Resending PADR
Jul 6 13:10:52.203: OUT PADR from PPPoE Session
Jul 6 13:10:52.203: PPPOE : Resending PADR
Jul 6 13:11:02.443: OUT PADR from PPPoE Session
Jul 6 13:11:02.443: PPPOE : Resending PADR
Jul 6 13:11:12.683: OUT PADR from PPPoE Session
Jul 6 13:11:12.683: PPPOE : Resending PADR
Jul 6 13:11:22.923: PPPoE : Shutting down client session
Jul 6 13:11:22.923: [0]PPPoE 0: O PADT R:0000.0000.0000 L:0000.0000.0000 Gi0/0
Jul 6 13:11:22.923: PPPOE : Resending PADR
Jul 6 13:11:43.147: Sending PADI: Interface = GigabitEthernet0/0
Jul 6 13:11:43.159: PPPoE 0: I PADO R:d4ca.6dae.b1c7 L:44d3.caa0.0e60 Gi0/0
Jul 6 13:11:45.195: PPPOE: we've got our pado and the pado timer went off
Jul 6 13:11:45.195: OUT PADR from PPPoE Session
Jul 6 13:11:55.451: OUT PADR from PPPoE Session
Jul 6 13:11:55.451: PPPOE : Resending PADR
Jul 6 13:12:05.691: OUT PADR from PPPoE Session
Jul 6 13:12:05.691: PPPOE : Resending PADR
Jul 6 13:12:15.931: OUT PADR from PPPoE Session
Jul 6 13:12:15.931: PPPOE : Resending PADR
moj soft to:
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M1, RELEASE SOFTWARE (fc1)
moj config to:
Kod: Zaznacz cały
building configuration...
Current configuration : 12004 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c1941
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.10.10.3 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authorization network default local
!
!
!
!
!
aaa session-id common
!
clock timezone Warsaw 1 0
clock summer-time Warsaw date Mar 30 2003 2:00 Oct 26 2003 3:00
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool GUEST
import all
network 10.10.13.0 255.255.255.0
dns-server 213.172.186.4 8.8.8.8
default-router 10.10.13.1
lease infinite
!
ip dhcp pool service
import all
network 10.10.15.0 255.255.255.0
dns-server 10.10.10.1
default-router 10.10.15.254
lease infinite
!
ip dhcp pool STATIC-HOME
import all
origin file static_dhcp_11.txt
dns-server 213.172.186.4 8.8.8.8
default-router 10.10.11.1
lease infinite
!
ip dhcp pool STATIC-DMZ
origin file static_dhcp_12.txt
dns-server 213.172.186.4 8.8.8.8
default-router 10.10.12.1
!
ip dhcp pool INTERNAL
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.1 208.67.222.222
lease infinite
!
ip dhcp pool Q870-GUEST
host 10.10.13.2 255.255.255.0
client-identifier 0100.xxx
dns-server 10.10.10.1 208.67.222.222 85.128.128.10
default-router 10.10.13.1
lease infinite
!
!
ip host xx.pl 10.10.12.2
ip host xx.pl 10.10.12.2
ip name-server 213.172.186.4
ip name-server 213.172.186.5
ip name-server 8.8.8.8
ip port-map user-3389 port tcp 3389 description windows remote desktop
!
multilink bundle-name authenticated
!
parameter-map type inspect global
WAAS enable
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-416xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-41693xxx
revocation-check none
rsakeypair TP-self-signed-416xxx
!
!
crypto pki certificate chain TP-self-signed-416xxxx
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
x
E3B02983 319B2C3C FFB56AB9 30D300
quit
license udi pid CISCO1941/K9 sn FCZ1534C1P9
license boot module c1900 technology-package securityk9
license agent notify http://127.0.0.1:80/clm/servlet/HttpListenServlet dummy dummy 1.0
!
!
username admin privilege 15 secret 5 xxx
!
redundancy
!
!
!
!
ip tcp synwait-time 10
no ip ftp passive
!
class-map type inspect match-any ftp
description ftp
match protocol ftp
match protocol ftps
class-map type inspect match-any email
description email through
match protocol smtp
match protocol imap
match protocol imaps
match protocol pop3
match protocol pop3s
match protocol imap3
class-map type inspect match-any all-ports-through
description all ports through
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any windows-file-transfer
description windows-file-transfer
match protocol microsoft-ds
match protocol netbios-dgm
match protocol netbios-ssn
match protocol netbios-ns
match protocol user-3389
!
!
policy-map type inspect IN-DMZ_policy
class type inspect windows-file-transfer
inspect
class type inspect ftp
inspect
class type inspect email
pass
class class-default
drop
policy-map type inspect DMZ-IN_policy
class type inspect email
inspect
class class-default
drop
policy-map type inspect all-through
class type inspect all-ports-through
inspect
class class-default
pass
policy-map type inspect none-through
class type inspect all-ports-through
class class-default
drop
policy-map type inspect OUT-DMZ_policy
class type inspect email
inspect
class class-default
drop
!
zone security IN
zone security DMZ
zone security GUEST
zone security OUT
zone-pair security IN-OUT source IN destination OUT
service-policy type inspect all-through
zone-pair security OUT-IN source OUT destination IN
service-policy type inspect none-through
zone-pair security OUT-DMZ source OUT destination DMZ
service-policy type inspect OUT-DMZ_policy
zone-pair security OUT-self source OUT destination self
service-policy type inspect none-through
zone-pair security DMZ-OUT source DMZ destination OUT
service-policy type inspect all-through
zone-pair security self-OUT source self destination OUT
service-policy type inspect all-through
zone-pair security IN-DMZ source IN destination DMZ
service-policy type inspect all-through
zone-pair security OUT-GUEST source OUT destination GUEST
service-policy type inspect none-through
zone-pair security GUEST-OUT source GUEST destination OUT
service-policy type inspect all-through
zone-pair security IN-GUEST source IN destination GUEST
service-policy type inspect all-through
zone-pair security GUEST-IN source GUEST destination IN
service-policy type inspect none-through
zone-pair security DMZ-IN source DMZ destination IN
service-policy type inspect none-through
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxx
key xxxx
dns 10.10.10.1 208.67.222.222
pool VPN_POOL
save-password
max-users 10
crypto isakmp profile VPN_xxx
match identity group xxx
client authentication list default
isakmp authorization list default
client configuration address initiate
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set VPN_xxx esp-3des esp-sha-hmac
!
crypto ipsec profile VPN_xxx
set transform-set VPN_xxx
set isakmp-profile VPN_xx
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-WAN$
no ip address
zone-member security OUT
ip tcp adjust-mss 1452
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description INTERNAL$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 1 native
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security IN
!
interface GigabitEthernet0/1.11
description HOME$ETH-LAN$$FW_INSIDE$
encapsulation dot1Q 11
ip address 10.10.11.1 255.255.255.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
zone-member security IN
!
interface GigabitEthernet0/1.12
description DMZ$FW_INSIDE$
encapsulation dot1Q 12
ip address 10.10.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security DMZ
!
interface GigabitEthernet0/1.13
description GUEST$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 13
ip address 10.10.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security GUEST
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat inside
ip virtual-reassembly in
zone-member security IN
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN_xxxx
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
zone-member security OUT
encapsulation ppp
dialer pool 1
dialer-group 2
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password 0 xxx
!
ip local pool VPN_POOL 10.10.11.50 10.10.11.60
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source static tcp 10.10.12.2 25 interface Dialer0 25
ip nat inside source static tcp 10.10.12.2 143 interface Dialer0 143
ip nat inside source static tcp 10.10.12.2 993 interface Dialer0 993
ip nat inside source static tcp 10.10.12.2 110 interface Dialer0 110
ip nat inside source static tcp 10.10.12.2 995 interface Dialer0 995
ip nat inside source static tcp 10.10.12.2 465 interface Dialer0 465
ip nat inside source list 10 interface Dialer0 overload
ip nat inside source list 11 interface Dialer0 overload
ip nat inside source list 12 interface Dialer0 overload
ip nat inside source list 13 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 10 remark NAT VLAN 10
access-list 10 remark CCP_ACL Category=2
access-list 10 remark VLAN 10
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 deny any
access-list 11 remark NAT VLAN 11
access-list 11 remark CCP_ACL Category=2
access-list 11 remark VLAN 11
access-list 11 permit 10.10.11.0 0.0.0.255
access-list 11 deny any
access-list 12 remark NAT VLAN 12
access-list 12 remark CCP_ACL Category=2
access-list 12 remark VLAN 12
access-list 12 permit 10.10.12.0 0.0.0.255
access-list 12 deny any
access-list 13 remark NAT VLAN 13
access-list 13 remark CCP_ACL Category=2
access-list 13 remark VLAN 13
access-list 13 permit 10.10.13.0 0.0.0.255
access-list 13 deny any
access-list 23 remark router access
access-list 23 remark CCP_ACL Category=1
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 remark router access
access-list 23 permit 10.10.11.0 0.0.0.255
access-list 23 deny any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
!
!
!
!
tftp-server flash static_dhcp.txt
radius-server host 10.10.10.3 auth-port 1812 acct-port 1813 key xxx
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 35791
access-class 23 in
exec-timeout 0 0
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp server 10.10.10.1
end
