Next message: pasabakac: "[cisco-ttl] Re: ATM - Cozuldu..."
Merhaba
7200'e nat tanimlayarak sorun cozuldu. Boylece MYO'lar firewall uzerinden
degil, routerdaki nat tanimlamalari uzerinden cikiyorlar, intraneti de
fastethernet0/1 uzerinden goruyorlar....
Saygilar...
> Daha once de acikladigim gibi, switch uzerinde iki vlan olusturun
> (Vlan X & Y). VlanX'e PIX'in internal interface'ini VlanY'ye
> external interface'ini koyun. 7200 uzerinde her iki vlan icin
> subinterface tanimlayip switch ile aralarinda trunk olusturun.
>
> MYO'lardan gelen paketleri PBR ile VlanX uzerinden PIX'e
> yonlendirin, PIX bu paketleri firewall kurallarindan gecirip,
> VlanY'den 7200'e geri gonderecektir. Oradan da Internet'e cikisi
saglarsiniz.
>
> Ihtiyac duyacaginiz tum konfigurasyon orneklerini, www.cisco.com'da
> ilgili anahtar kelimelerle arattiginizda bulabilirsiniz.
>
> Ilker
>
> A.Murat BAYRAM wrote:
> > Merhaba,
> >
> > Merkezimizden uzak birimlere 7200 router ile ATM
> > baglanti mevcut. ayni hat uzerinden ayni zamanda ULAKNET'e bagliyiz. Pix
> > Firewall kullaniyoruz. Ancak diger birimleri iceri yonlendirdikten sonra
> > disariya cikamiyorlar. Birimlerin routerindan ulaknetin bagli oldugu
> > 193.140.0.134
> > bacagina ping atilabiliyor, ancak bu routerlardan disariya trace
> > yapildiginda mesela;
> > MUS_SAGLIK_MYO#trace 212.156.4.4
> >
> > Type escape sequence to abort.
> > Tracing the route to 212.156.4.4
> >
> > 1 10.200.30.1 64 msec 68 msec 64 msec
> > 2 * * *
> > seklinde devam ediyor. Buradaki kullancilarin disari erisebilmeleri icin
> > iceriye proxy server kurmak zorunda kaldik, proxyde sorun cikinca
> > baglantilari da kesilmis oluyor.
> > İlker Temir Bey dot1q destegi olan bir switch kullaniyorsak,
> > fastethernet0/0da iki subinterface tanimlayip bunlardan birini switchte
> > firewall internal, digerini de externala koymamizi onermisti. 6006 core
> > switch kullaniyoruz. sh ver asagidaki sekilde.. Boylece birimlerden
(yani
> > Meslek Yuksek Okullarindan -MYO-) gelen trafigi 7200 uzerinde PBR (ip
policy
> > route-map) kullanarak firewall'in internal ayagina yonlendirirsiniz. Bu
> > yontemle MYO'lari bir anlamda internal networkunuzun parcasi haline
getirmis
> > olursunuz demisti.
> >
> > VYY_6506 sh ver
> > WS-C6006 Software, Version NmpSW: 5.5(1)
> > Copyright (c) 1995-2000 by Cisco Systems
> > NMP S/W compiled on Jun 8 2000, 21:09:45
> >
> > System Bootstrap Version: 5.3(1)
> >
> > Hardware Version: 2.0 Model: WS-C6006 Serial #: TBA04510859
> >
> > Mod Port Model Serial # Versions
> > --- ---- ------------------- ----------- --------------------------------
-----
> > -
> > 1 2 WS-X6K-SUP1A-2GE SAD05020DAT Hw : 7.0
> > Fw : 5.3(1)
> > Fw1: 5.4(2)
> > Sw : 5.5(1)
> > Sw1: 5.5(1)
> > L3 Switching Engine SAD05020F26 Hw : 1.1
> > 3 16 WS-X6416-GBIC SAD043609TJ Hw : 1.2
> > Fw : 5.4(2)
> > Sw : 5.5(1)
> > 4 48 WS-X6348-RJ-45 SAL044111CT Hw : 1.4
> > Fw : 5.4(2)
> > Sw : 5.5(1)
> > 15 1 WS-F6K-MSFC2 SAD05020HPZ Hw : 1.1
> > Fw : 12.1(2)E,
> > Sw : 12.1(2)E,
> >
> > DRAM FLASH NVRAM
> > Module Total Used Free Total Used Free Total Used Free
> > ------ ------- ------- ------- ------- ------- ------- ----- ----- -----
> > 1 65408K 38689K 26719K 16384K 6925K 9459K 512K 230K 282K
> >
> > Uptime is 237 days, 21 hours, 7 minutes
> > ---------------------------------------------------------
> >
> > Peki bunun icin, hem 7200'e hem switche uygulayabilecegimiz bir
konfigurasyon
> > ornegi yardiminda bulunabilir misiniz?
> > 7200 routerin sh ver ciktisi ve confu ile bir Yuksek Okulun confu
asagidaki
> > sekilde...
> >
> >
> >> >
> >> > VanYYU#sh ver
> >> > Cisco Internetwork Operating System Software
> >> > IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(9)E3, EARLY
DEPLOYMENT
> >> > RELEASE SOFTWARE (fc1)
> >> > TAC Support: http://www.cisco.com/tac
> >> > Copyright (c) 1986-2002 by cisco Systems, Inc.
> >> > Compiled Mon 11-Feb-02 20:39 by eaarmas
> >> > Image text-base: 0x60008950, data-base: 0x61178000
> >> >
> >> > ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE (fc2)
> >> > BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.1(8a)E, EARLY
> >
> > DEPLOYMENT
> >
> >> > RELEASE SOFTWARE (fc1)
> >> >
> >> > VanYYU uptime is 2 weeks, 2 hours, 35 minutes
> >> > System returned to ROM by reload
> >> > System restarted at 10:43:52 UTC Sun Aug 31 2003
> >> > System image file is "disk0:c7200-is-mz.121-9.E3.bin"
> >> >
> >> > cisco 7206VXR (NPE400) processor (revision A) with 114688K/16384K
bytes
> >
> > of
> >
> >> > memory.
> >> > Processor board ID 26807173
> >> > R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3
> >
> > Cache
> >
> >> > 6 slot VXR midplane, Version 2.6
> >> >
> >> > Last reset from power-on
> >> > G.703/E1 software, Version 1.0.
> >> > G.703/JT2 software, Version 1.0.
> >> > Bridging software.
> >> > X.25 software, Version 3.0.0.
> >> > 2 FastEthernet/IEEE 802.3 interface(s)
> >> > 4 Serial network interface(s)
> >> > 1 ATM network interface(s)
> >> > 125K bytes of non-volatile configuration memory.
> >> >
> >> > 47040K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
> >> > 8192K bytes of Flash internal SIMM (Sector size 256K).
> >> > Configuration register is 0x2102
> >> > ------------------------------------------------------
> >> > VanYYU# sh run
> >> >
> >> > Building configuration...
> >> >
> >> > Current configuration : 2238 bytes
> >> > !
> >> > ! Last configuration change at 12:37:19 UTC Sun Sep 14 2003
> >> > ! NVRAM config last updated at 11:46:27 UTC Sun Sep 14 2003
> >> > !
> >> > version 12.1
> >> > service timestamps debug uptime
> >> > service timestamps log uptime
> >> > service password-encryption
> >> > !
> >> > hostname VanYYU
> >> > !
> >> > enable password 7 *********
> >> > !
> >> > ip subnet-zero
> >> > ip cef
> >> > !
> >> > !
> >> > !
> >> > !
> >> > !
> >> > !
> >> >
> >> > !
> >> > interface FastEthernet0/0
> >> > description connected to FIREWALL OUTSIDE
> >> > ip address 193.255.143.254 255.255.255.0
> >> > duplex auto
> >> > speed auto
> >> > !
> >> > interface FastEthernet0/1
> >> > description buradan core switche bir baglanti yaptik
> >> > ip address 10.100.0.200 255.255.255.0
> >> > duplex auto
> >> > speed auto
> >> > !
> >> > interface Serial2/0
> >> > no ip address
> >> > encapsulation atm-dxi
> >> > no keepalive
> >> > serial restart-delay 0
> >> > !
> >> > interface Serial2/1
> >> > no ip address
> >> > shutdown
> >> > serial restart-delay 0
> >> > !
> >> > interface Serial2/2
> >> > no ip address
> >> > shutdown
> >> > serial restart-delay 0
> >> > !
> >> > interface Serial2/3
> >> > no ip address
> >> > shutdown
> >> > serial restart-delay 0
> >> > !
> >> > interface ATM3/0
> >> > bandwidth 8129
> >> > ip address 193.140.0.134 255.255.255.252
> >> > no atm sonet ilmi-keepalive
> >> > no atm ilmi-keepalive
> >> > pvc 0/34
> >> > protocol ip 193.140.0.133
> >> > encapsulation aal5snap
> >> > !
> >> > !
> >> > interface ATM3/0.1 point-to-point
> >> > description Bitlis MYO
> >> > ip address 10.200.50.1 255.255.255.0
> >> > pvc 0/151
> >> > protocol ip 10.200.50.2
> >> > encapsulation aal5snap
> >> > !
> >> > !
> >> > interface ATM3/0.2 point-to-point
> >> > description Mus MYO
> >> > ip address 10.200.30.1 255.255.255.0
> >> > pvc 0/35
> >> > protocol ip 10.200.30.2
> >> > broadcast
> >> > encapsulation aal5snap
> >> > !
> >> > !
> >> > interface ATM3/0.3 point-to-point
> >> > description Hakkari MYO
> >> > ip address 10.200.40.1 255.255.255.0
> >> > pvc 0/36
> >> > protocol ip 10.200.40.2
> >> > broadcast
> >> > encapsulation aal5snap
> >> > !
> >> > !
> >> > interface Virtual-Template2
> >> > no ip address
> >> > !
> >> > router eigrp 100
> >> > network 10.0.0.0
> >> > no auto-summary
> >> > no eigrp log-neighbor-changes
> >> > !
> >> > ip classless
> >> > ip route 0.0.0.0 0.0.0.0 193.140.0.133
> >> > ip route 10.200.0.0 255.255.0.0 10.100.0.254
> >> > no ip http server
> >> > !
> >> > ip access-list logging interval 3
> >> > snmp-server community *** RO
> >> > snmp-server community *** RW
> >> > snmp-server contact webmaster_at_yyu.edu.tr
> >> > snmp-server host 10.140.0.5 ****
> >> > banner login ^CWelcome Van Yuzuncu Yil Universitesi Router^C
> >> > !
> >> > line con 0
> >> > line aux 0
> >> > line vty 0 4
> >> > exec-timeout 0 0
> >> > password 7 ***********
> >> > login
> >> > line vty 5 15
> >> > password 7 ***********
> >> > login
> >> > !
> >> > end
> >> >
> >> > ---------------------------------------------------------------------
> >> > MUS_SAGLIK_MYO#sh run
> >> > Building configuration...
> >> >
> >> > Current configuration : 1894 bytes
> >> > !
> >> > version 12.1
> >> > service timestamps debug uptime
> >> > service timestamps log uptime
> >> > no service password-encryption
> >> > !
> >> > hostname MUS_SAGLIK_MYO
> >> > !
> >> > enable password ****
> >> > !
> >> > !
> >> > !
> >> > !
> >> > !
> >> > memory-size iomem 25
> >> > ip subnet-zero
> >> > no ip finger
> >> > no ip domain-lookup
> >> > !
> >> > !
> >> > !
> >> > interface Serial0
> >> > no ip address
> >> > encapsulation frame-relay IETF
> >> > frame-relay lmi-type ansi
> >> > !
> >> > interface Serial0.1 point-to-point
> >> > ip address 10.200.30.2 255.255.255.0
> >> > frame-relay interface-dlci 35
> >> > !
> >> > interface Serial1
> >> > no ip address
> >> > no keepalive
> >> > shutdown
> >> > !
> >> > interface FastEthernet0
> >> > ip address 10.1.30.254 255.255.255.0
> >> > speed auto
> >> > !
> >> > router eigrp 100
> >> > network 10.0.0.0
> >> > no auto-summary
> >> > no eigrp log-neighbor-changes
> >> > !
> >> > ip classless
> >> > ip route 0.0.0.0 0.0.0.0 10.100.0.5 (bu pix'in ipsi)
> >> > no ip http server
> >> > !
> >> > snmp-server community *** RW
> >> > snmp-server community *** RO
> >> > banner login ^CMUS SAGLiK^C
> >> > !
> >> > line con 0
> >> > transport input none
> >> > line aux 0
> >> > line vty 0 4
> >> > password ***
> >> > login
> >> > !
> >> > end
> >> >
> >
> >
> > Tesekkurler...
> >
> >
> >
> > Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi
bulunmamaktadir.
> >
> > Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
e-posta gönderebilirsiniz.
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
> >
>
>
> Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi
> bulunmamaktadir.
>
> Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine
> bir e-posta gönderebilirsiniz.
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
------- End of Original Message -------
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Rent DVDs Online - Over 14,500 titles.
No Late Fees & Free Shipping.
Try Netflix for FREE!
http://us.click.yahoo.com/Tq9otC/XP.FAA/3jkFAA/26EolB/TM
---------------------------------------------------------------------~->
Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.
Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.5
: Thu Oct 23 2003 - 13:45:43 GMT