Из схемы видно, что в принципе можно исключить шлюзовый компьютер, например в случае его поломки. Шлюзовый компьютер по хорошему здесь лишний.
Переходим к задаче:
Надо "плавно" перейти к схеме при которой шлюзовый компьютер 10.115.12.134 станет рядовым компьютером сети и не будет выполнять роль шлюза.
Почитав доступные мне материалы по cisco, рассудил, что в данной схеме надо внести только небольшие правки. Для контроллера домена 10.115.12.130 модифицируем лист доступа
Код: Выделить всё
access-list 1 permit 10.115.12.130
Кто встречался с данной проблемой, подскажите.
Код: Выделить всё
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.03.28 12:47:44 =~=~=~=~=~=~=~=~=~=~=~=
User Access Verification
Username: cisco
Password:
R1861_elanecka#ter len 0
R1861_elanecka#sh run
Building configuration...
Current configuration : 7595 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1861_elanecka
!
boot-start-marker
boot-end-marker
!
enable secret 5 <пароль>
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa attribute list ar48062
attribute type addr 192.168.5.62 service ppp protocol ip
!
aaa attribute list br48061
attribute type addr 192.168.5.61 service ppp protocol ip
!
!
aaa session-id common
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.115.12.65
!
ip dhcp pool IP_Phones
network 10.115.12.64 255.255.255.192
default-router 10.115.12.65
option 150 ip 10.11.2.20 10.11.2.21
!
!
no ip domain lookup
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
no dspfarm
!
!
!
vtp mode transparent
username cisco privilege 15 secret 5 <пароль>
username br48061 password 7 <пароль>
username br48061 aaa attribute list br48061
username ar48062 password 7 <пароль>
username ar48062 aaa attribute list ar48062
archive
log config
hidekeys
!
!
vlan 100
name Data
!
vlan 200
name Voice
!
vlan 220
name VPN-inside
!
vlan 221
name VPN=outside
!
vlan 222
name Internet
!
vlan 223
name Transit-to-FreeBSD
!
!
class-map match-any AutoQoS-VoIP-Remark
match ip dscp ef
match ip dscp cs3
match ip dscp af31
class-map match-any AutoQoS-VoIP-Control-UnTrust
match access-group name AutoQoS-VoIP-Control
class-map match-any AutoQoS-VoIP-RTP-UnTrust
match protocol rtp audio
match access-group name AutoQoS-VoIP-RTCP
!
!
policy-map AutoQoS-Policy-UnTrust
class AutoQoS-VoIP-RTP-UnTrust
priority percent 70
set dscp ef
class AutoQoS-VoIP-Control-UnTrust
bandwidth percent 5
set dscp af31
class AutoQoS-VoIP-Remark
set dscp default
class class-default
fair-queue
!
!
!
!
!
interface Loopback0
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Tunnel1
description Internet
bandwidth 10000
ip address 172.31.15.50 255.255.255.252
keepalive 5 3
tunnel source 37.53.83.164
tunnel destination ХХХ.ХХХ.ХХХ.ХХХ
!
interface Tunnel2
description MPLS
bandwidth 2000
ip address 172.31.15.54 255.255.255.252
keepalive 5 3
tunnel source 10.115.12.2
tunnel destination 172.17.15.130
!
interface FastEthernet0/0
description To Modem MPLS
ip address 10.115.12.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1/0
switchport access vlan 220
spanning-tree portfast
!
interface FastEthernet0/1/1
switchport access vlan 221
spanning-tree portfast
!
interface FastEthernet0/1/2
switchport access vlan 222
spanning-tree portfast
!
interface FastEthernet0/1/3
switchport access vlan 223
spanning-tree portfast
!
interface FastEthernet0/1/4
switchport access vlan 100
switchport voice vlan 200
auto qos voip
service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/5
switchport access vlan 100
switchport voice vlan 200
auto qos voip
service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/6
switchport access vlan 100
switchport voice vlan 200
auto qos voip
service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/7
switchport access vlan 100
switchport voice vlan 200
auto qos voip
service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/8
!
interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
peer default ip address pool PPTP_Pool
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2
!
interface Vlan1
no ip address
!
interface Vlan100
description Data
ip address 10.115.12.129 255.255.255.128
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Vlan200
description Voice
ip address 10.115.12.65 255.255.255.192
no ip proxy-arp
!
interface Vlan220
ip address 10.115.12.5 255.255.255.252
!
interface Vlan221
ip address 10.115.12.9 255.255.255.252
!
interface Vlan222
ip address 192.168.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan223
ip address 192.168.123.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip nat enable
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname мой_логин
ppp chap password 7 <пароль>
ppp pap sent-username мой_логин password 7 <пароль>
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
router eigrp 1
passive-interface default
no passive-interface Tunnel1
no passive-interface Tunnel2
network 10.115.12.8 0.0.0.3
network 172.31.15.48 0.0.0.3
network 172.31.15.52 0.0.0.3
no auto-summary
eigrp stub connected summary
neighbor 172.31.15.49 Tunnel1
!
ip local pool PPTP_Pool 192.168.5.61 192.168.5.65
ip route 10.0.0.0 255.255.255.0 10.115.12.6
ip route 10.11.0.0 255.255.0.0 10.115.12.6
ip route 10.96.0.0 255.252.0.0 Null0
ip route 10.100.0.0 255.255.0.0 Null0
ip route 10.115.0.0 255.255.255.0 10.115.12.6
ip route 10.115.1.128 255.255.255.128 10.115.12.6
ip route 10.115.10.128 255.255.255.128 10.115.12.6
ip route 10.115.11.128 255.255.255.128 10.115.12.6
ip route 10.115.12.128 255.255.255.128 10.115.12.6
ip route 10.115.12.132 255.255.255.255 10.115.12.130
ip route 10.115.13.128 255.255.255.128 10.115.12.6
ip route 10.115.14.128 255.255.255.128 10.115.12.6
ip route 10.115.16.128 255.255.255.128 10.115.12.6
ip route 172.17.0.0 255.255.0.0 10.115.12.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 2 interface Vlan222 overload
!
ip access-list extended AutoQoS-VoIP-Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
ip access-list extended AutoQoS-VoIP-RTCP
permit udp any any range 16384 32767
!
access-list 1 permit 192.168.123.2
access-list 1 permit 10.115.12.130
access-list 2 permit 10.115.12.0 0.0.0.255
snmp-server community FSSREAD RO
!
!
!
!
!
!
control-plane
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS
rmon alarm 33337 cbQosCMDropBitRate.98.14167905 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33338 cbQosCMDropBitRate.114.12954465 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33339 cbQosCMDropBitRate.130.12928865 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33340 cbQosCMDropBitRate.146.12938593 30 absolute rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control
description Music On Hold Port
!
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 <пароль>
length 0
!
!
webvpn cef
end
R1861_elanecka#exit
[img]http://схема.jpg[/img]