
viv#sh run
1 N- M$ D4 D% K2 [, K3 y/ WBuilding configuration...
! r: }6 @ M1 e7 d
) D6 q6 o3 ^: f& m* YCurrent configuration : 1676 bytes
" z) C, p6 u& }+ b) Y5 h4 J!, V# J* T" o( A7 ]% d8 ^" c3 R
version 12.4
: d& n4 V+ D" o+ K) h! R0 Wservice timestamps debug datetime msec1 |& P4 c( w4 a
service timestamps log datetime msec
+ I' K t5 O$ `3 Yservice password-encryption
5 R' t4 \9 e1 x% p!* ], o+ f3 K3 x- j9 E! [
hostname viv5 c& C/ w x, x: `1 X& {
!9 C) x2 F, e8 v# ^0 P" r
boot-start-marker
5 Q% Z! l2 G6 w iboot-end-marker( h5 d* G! g) B4 f0 o
!$ d- Z4 T5 _/ y% }6 T+ w( T( m6 l/ ?
enable password 7 020706585A545C6D
1 O' P; h( n3 V!% P' D2 i/ t7 z( ^5 H* S
no aaa new-model/ n% [4 V$ f6 ?& z8 G
!6 N/ i* S' I% b/ c" t/ v* v; G" W
resource policy6 D* B: d- _7 j- C" w" r4 L" `
!$ E; H% o4 J# h; ]* |( V
!
- [/ |* t. b. V2 v!
8 ?& `2 G( ^7 h) W; hip cef7 z% K z' g, [! G8 ]: z+ w
!
, x8 f* i/ k% W2 Z!) @- R& o: g# b, {
!
! a3 U# A' M5 k" o$ F% G$ ]( zvoice-card 0
5 y% V' _" H; G8 ?- k no dspfarm% w' `5 C) }* r% j* m9 V/ M' S
!# H- R7 s; Y' d
!
0 M2 y( v4 W0 C% k: f# ~8 r$ x w2 D8 O!) H# [1 G2 F( y% ?0 p# x G$ _
!6 U \4 q% d7 i# x
!+ n1 g* R/ x0 }
!5 w8 h4 a, d& r/ W. \( L
!4 L6 C- T; D) P6 ^' V% ?% W
!
* Z& _3 C* P" d0 I; f: A7 Z!
$ S' X, m/ o" ?/ N: M' i' x!6 l7 P- Q* c1 m J% J
!
5 x' o! J! j7 E5 M3 V( K' M!
a! Q. X" e- i0 _" f5 W5 y!
! `' _0 W% f3 E# c5 R, X+ n!
8 n: H7 A1 U9 g0 z- X, X5 n!+ h( N7 o6 E8 D8 ?! P. D3 O. k& q# c. U1 I
!1 Z2 \5 a2 H% y$ |" D& W
!. J% D$ d/ N& k3 e* y
!
/ r2 o8 \. d& H* p" B!. Z: Z& L: i9 U$ B4 n
!% |7 Z# t# m# C5 B
interface GigabitEthernet0/0
4 F! m( X# ]8 P ip address 172.30.30.18 255.255.255.2529 y" P3 K% V8 F- z1 X$ U
ip nat outside
+ u1 V5 P z6 n, u, a# M: M8 Q duplex auto# ^( t- w( A Z3 h/ S8 |! W7 @1 L
speed auto
x( l0 P2 @. W5 \' G2 I!+ L$ r, a6 f6 e/ M% K; |1 C: Y% `
interface GigabitEthernet0/1
- Z9 h2 S- |* t2 m9 S5 b3 R ip address 211.111.226.145 255.255.255.248 secondary$ k4 _9 [% U* I
ip address 124.190.155.113 255.255.255.248 secondary( {6 C) S! U8 s6 d+ Y E
ip address 192.168.1.1 255.255.255.0; v: R0 B4 w' @# v0 E9 D" E
ip helper-address 192.168.1.70
; Z8 m6 L; s2 D6 i3 U0 @ ip accounting output-packets
5 ^4 X% v5 |1 A4 D9 d8 A2 ] ip nat inside
) s8 A( @1 i- e0 r duplex auto5 c" y& \ C: g
speed auto0 t3 t2 h+ ~$ Q6 g$ \+ u; r
!/ O- h/ ?1 ^7 M. h8 }5 D5 s
ip route 0.0.0.0 0.0.0.0 172.30.30.17
+ t0 F3 b% f+ j2 W; T!
2 e1 Z5 { K5 q2 p- A# y!
5 H/ i4 h* l% R4 Ino ip http server
9 E+ a' H: s1 [) ano ip http secure-server
. Z, S) r& M r/ ]ip nat pool viv 211.111.226.150 211.111.226.150 netmask 255.255.255.252
. U: U( s4 \" P* X3 Sip nat inside source list 1 pool viv overload
' {/ a* |' b$ M/ _, ^6 J6 b# mip nat inside source static tcp 192.168.1.76 443 124.190.155.114 443 extendable
" W4 O) J3 B" h$ a0 J* Dip nat inside source static tcp 192.168.1.70 3389 124.190.155.115 3389 extendabl9 v( M. G7 n5 h- F( k% D
e
0 W$ n4 ?# ^) T0 `" p4 v4 ^5 r+ lip nat inside source static tcp 192.168.1.77 5756 124.190.155.116 5756 extendabl9 c( N0 t/ L+ X/ C4 `5 O# ^
e- u1 U; G: g( q
ip nat inside source static tcp 192.168.1.74 25 124.190.155.117 25 extendable( E" K( `4 R* @2 M0 p% y% P
ip nat inside source static tcp 192.168.1.74 110 124.190.155.117 110 extendable
/ j3 t- x4 \; j9 iip nat inside source static tcp 192.168.1.74 443 124.190.155.117 443 extendable6 R8 C) c; z8 s3 C
ip nat inside source static tcp 192.168.1.75 80 124.190.155.118 80 extendable+ A) T3 v+ M# Y
!0 n5 A+ x8 M# K/ y- F, P, y
access-list 1 permit 192.168.1.0 0.0.0.2555 t% V3 Z5 O3 R
!
7 V) ]3 H+ a% d!
' C/ E% m5 ?& D, D& g!
! M2 o2 ^8 _5 Z+ { X6 econtrol-plane. G' [8 p/ t5 `4 r. Y' h
!4 R# O# ?" E5 l: l' S
!( m, m2 P* m$ [
!: ~& ^+ W& b5 i5 k
!% v. O) m% z m* \( ], O8 W
!9 s( e. n+ b. E; R
!
/ O8 u5 o7 G7 y# k!5 V1 I2 ^, O, m( A+ {
!
" Y' x& S0 u [ v0 p; B8 x/ C' v!
. \2 v$ ]/ j. M4 T8 |6 K; Tline con 0) I8 q; z- {2 i( G. q
line aux 0
: t" s5 d9 [7 Pline vty 0 4
! ?, {( N2 Q( \' }* D+ {+ t: I password 7 08204E4D584B565B
+ }$ k* B% F7 Y# E) T, P login
" U, u r7 e3 m!
+ \$ s7 i( H1 s3 n# g( Xscheduler allocate 20000 1000* J) w7 w7 s; i5 Z" o
!
% n; q b& P& q$ Eend& t$ M( J' L8 B8 y5 a' n5 l
3 E/ P- A- b+ `3 p4 C0 Aviv#
" v# c3 d6 y f$ U: }8 p2 ]8 n6 i
6 u4 k6 b1 q! d1 C) B( V/ ]事情是这样的,用户有几台服务器需要外网访问,上边是用户的路由器配置,G0/0为外口,G0/1为内口,用户有两段各8个公网IP地址,与ISP用的4个私网地址互联,上联ISP端为华为5700三层交换机,路由设置为
, s$ q4 c, ~0 V! `# Cip route-static 124.190.155.112 255.255.255.248 172.30.30.186 O9 O7 D4 Q4 |8 p3 v
ip route-static 211.111.226.144 255.255.255.248 172.30.30.18
# o5 D/ {9 X* r# F% ?( Q8 K目前用户内网有两台可用服务器,IP地址分别为192.168.1.70和192.168.1.77,开启远程桌面连接服务,192.168.1.70用的124.190.155.115作的TCP3389端口映射,而192.168.1.77用的124.190.155.116作的TCP5756端口映射,都可以正常连接,后边的几个地址作好了映射但是服务器没有到位,现在发现一个问题,我在外网(与用户的ISP不是同一个ISP)测试这些地址,发现只有124.190.155.113到116可以ping通,而ping124.190.155.117丢包非常严重,124.190.155.118则根本不通,ping211.111.226.145和当前地址池里的211.111.226.150也可以ping通,如果把124.190.155.118作一地址池则124.190.155.118也可以ping通,本以为没接服务器不能ping通,但是发现124.190.155.114也没有接服务器则可以ping通,不知此问题出在什么地方.把上边远程桌面的124.190.155.116改为124.190.155.118让此服务器通过124.190.155.118则无法打开远程连接.ISP方面也查过上端路由指向及是否存在垃圾路由但均显示是正常的.# R5 h" D2 o: @- L
用户物理结构从ISP华为5700通过一对单模双芯光转换器接到一台H3C的两层交换机再到一台锐捷两层交换机,交换机间使用trunk加VLAN方式连接,在锐捷两层交换机端口上作的限速(用户10M带宽),锐捷设备端对应用户端口接了一点对点微波设备无线打到用户端15楼,再背对背接另一套无线策波设备打到用户端.2 M# p0 `5 T( n3 X
这个问题困扰了用户和ISP很久一直未能解决,开始时包括用户网关的所有地址外网均无法ping通,路由器远程也无法telnet,但后来不知怎么这些好了,但是124.190.155.118还是不行,但用户普通上网一直是正常的.上传下载速率也够,ping外网也不丢包....好奇怪....... |
|