Re: [cisco-ttl] ATM

From: Ilker Temir (itemir_at_cisco.com)
Date: Wed Oct 22 2003 - 11:30:45 GMT

  • Next message: Ilker Temir: "Re: [cisco-ttl] NAT"

    Daha once de acikladigim gibi, switch uzerinde iki vlan olusturun (Vlan
    X & Y). VlanX'e PIX'in internal interface'ini VlanY'ye external
    interface'ini koyun. 7200 uzerinde her iki vlan icin subinterface
    tanimlayip switch ile aralarinda trunk olusturun.

    MYO'lardan gelen paketleri PBR ile VlanX uzerinden PIX'e yonlendirin,
    PIX bu paketleri firewall kurallarindan gecirip, VlanY'den 7200'e geri
    gonderecektir. Oradan da Internet'e cikisi saglarsiniz.

    Ihtiyac duyacaginiz tum konfigurasyon orneklerini, www.cisco.com'da
    ilgili anahtar kelimelerle arattiginizda bulabilirsiniz.

    Ilker

    A.Murat BAYRAM wrote:
    > Merhaba,
    >
    > Merkezimizden uzak birimlere 7200 router ile ATM
    > baglanti mevcut. ayni hat uzerinden ayni zamanda ULAKNET'e bagliyiz. Pix
    > Firewall kullaniyoruz. Ancak diger birimleri iceri yonlendirdikten sonra
    > disariya cikamiyorlar. Birimlerin routerindan ulaknetin bagli oldugu
    > 193.140.0.134
    > bacagina ping atilabiliyor, ancak bu routerlardan disariya trace
    > yapildiginda mesela;
    > MUS_SAGLIK_MYO#trace 212.156.4.4
    >
    > Type escape sequence to abort.
    > Tracing the route to 212.156.4.4
    >
    > 1 10.200.30.1 64 msec 68 msec 64 msec
    > 2 * * *
    > seklinde devam ediyor. Buradaki kullancilarin disari erisebilmeleri icin
    > iceriye proxy server kurmak zorunda kaldik, proxyde sorun cikinca
    > baglantilari da kesilmis oluyor.
    > İlker Temir Bey dot1q destegi olan bir switch kullaniyorsak,
    > fastethernet0/0da iki subinterface tanimlayip bunlardan birini switchte
    > firewall internal, digerini de externala koymamizi onermisti. 6006 core
    > switch kullaniyoruz. sh ver asagidaki sekilde.. Boylece birimlerden (yani
    > Meslek Yuksek Okullarindan -MYO-) gelen trafigi 7200 uzerinde PBR (ip policy
    > route-map) kullanarak firewall'in internal ayagina yonlendirirsiniz. Bu
    > yontemle MYO'lari bir anlamda internal networkunuzun parcasi haline getirmis
    > olursunuz demisti.
    >
    > VYY_6506 sh ver
    > WS-C6006 Software, Version NmpSW: 5.5(1)
    > Copyright (c) 1995-2000 by Cisco Systems
    > NMP S/W compiled on Jun 8 2000, 21:09:45
    >
    > System Bootstrap Version: 5.3(1)
    >
    > Hardware Version: 2.0 Model: WS-C6006 Serial #: TBA04510859
    >
    > Mod Port Model Serial # Versions
    > --- ---- ------------------- ----------- -------------------------------------
    > -
    > 1 2 WS-X6K-SUP1A-2GE SAD05020DAT Hw : 7.0
    > Fw : 5.3(1)
    > Fw1: 5.4(2)
    > Sw : 5.5(1)
    > Sw1: 5.5(1)
    > L3 Switching Engine SAD05020F26 Hw : 1.1
    > 3 16 WS-X6416-GBIC SAD043609TJ Hw : 1.2
    > Fw : 5.4(2)
    > Sw : 5.5(1)
    > 4 48 WS-X6348-RJ-45 SAL044111CT Hw : 1.4
    > Fw : 5.4(2)
    > Sw : 5.5(1)
    > 15 1 WS-F6K-MSFC2 SAD05020HPZ Hw : 1.1
    > Fw : 12.1(2)E,
    > Sw : 12.1(2)E,
    >
    > DRAM FLASH NVRAM
    > Module Total Used Free Total Used Free Total Used Free
    > ------ ------- ------- ------- ------- ------- ------- ----- ----- -----
    > 1 65408K 38689K 26719K 16384K 6925K 9459K 512K 230K 282K
    >
    > Uptime is 237 days, 21 hours, 7 minutes
    > ---------------------------------------------------------
    >
    > Peki bunun icin, hem 7200'e hem switche uygulayabilecegimiz bir konfigurasyon
    > ornegi yardiminda bulunabilir misiniz?
    > 7200 routerin sh ver ciktisi ve confu ile bir Yuksek Okulun confu asagidaki
    > sekilde...
    >
    >
    >> >
    >> > VanYYU#sh ver
    >> > Cisco Internetwork Operating System Software
    >> > IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(9)E3, EARLY DEPLOYMENT
    >> > RELEASE SOFTWARE (fc1)
    >> > TAC Support: http://www.cisco.com/tac
    >> > Copyright (c) 1986-2002 by cisco Systems, Inc.
    >> > Compiled Mon 11-Feb-02 20:39 by eaarmas
    >> > Image text-base: 0x60008950, data-base: 0x61178000
    >> >
    >> > ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE (fc2)
    >> > BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.1(8a)E, EARLY
    >
    > DEPLOYMENT
    >
    >> > RELEASE SOFTWARE (fc1)
    >> >
    >> > VanYYU uptime is 2 weeks, 2 hours, 35 minutes
    >> > System returned to ROM by reload
    >> > System restarted at 10:43:52 UTC Sun Aug 31 2003
    >> > System image file is "disk0:c7200-is-mz.121-9.E3.bin"
    >> >
    >> > cisco 7206VXR (NPE400) processor (revision A) with 114688K/16384K bytes
    >
    > of
    >
    >> > memory.
    >> > Processor board ID 26807173
    >> > R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3
    >
    > Cache
    >
    >> > 6 slot VXR midplane, Version 2.6
    >> >
    >> > Last reset from power-on
    >> > G.703/E1 software, Version 1.0.
    >> > G.703/JT2 software, Version 1.0.
    >> > Bridging software.
    >> > X.25 software, Version 3.0.0.
    >> > 2 FastEthernet/IEEE 802.3 interface(s)
    >> > 4 Serial network interface(s)
    >> > 1 ATM network interface(s)
    >> > 125K bytes of non-volatile configuration memory.
    >> >
    >> > 47040K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
    >> > 8192K bytes of Flash internal SIMM (Sector size 256K).
    >> > Configuration register is 0x2102
    >> > ------------------------------------------------------
    >> > VanYYU# sh run
    >> >
    >> > Building configuration...
    >> >
    >> > Current configuration : 2238 bytes
    >> > !
    >> > ! Last configuration change at 12:37:19 UTC Sun Sep 14 2003
    >> > ! NVRAM config last updated at 11:46:27 UTC Sun Sep 14 2003
    >> > !
    >> > version 12.1
    >> > service timestamps debug uptime
    >> > service timestamps log uptime
    >> > service password-encryption
    >> > !
    >> > hostname VanYYU
    >> > !
    >> > enable password 7 *********
    >> > !
    >> > ip subnet-zero
    >> > ip cef
    >> > !
    >> > !
    >> > !
    >> > !
    >> > !
    >> > !
    >> >
    >> > !
    >> > interface FastEthernet0/0
    >> > description connected to FIREWALL OUTSIDE
    >> > ip address 193.255.143.254 255.255.255.0
    >> > duplex auto
    >> > speed auto
    >> > !
    >> > interface FastEthernet0/1
    >> > description buradan core switche bir baglanti yaptik
    >> > ip address 10.100.0.200 255.255.255.0
    >> > duplex auto
    >> > speed auto
    >> > !
    >> > interface Serial2/0
    >> > no ip address
    >> > encapsulation atm-dxi
    >> > no keepalive
    >> > serial restart-delay 0
    >> > !
    >> > interface Serial2/1
    >> > no ip address
    >> > shutdown
    >> > serial restart-delay 0
    >> > !
    >> > interface Serial2/2
    >> > no ip address
    >> > shutdown
    >> > serial restart-delay 0
    >> > !
    >> > interface Serial2/3
    >> > no ip address
    >> > shutdown
    >> > serial restart-delay 0
    >> > !
    >> > interface ATM3/0
    >> > bandwidth 8129
    >> > ip address 193.140.0.134 255.255.255.252
    >> > no atm sonet ilmi-keepalive
    >> > no atm ilmi-keepalive
    >> > pvc 0/34
    >> > protocol ip 193.140.0.133
    >> > encapsulation aal5snap
    >> > !
    >> > !
    >> > interface ATM3/0.1 point-to-point
    >> > description Bitlis MYO
    >> > ip address 10.200.50.1 255.255.255.0
    >> > pvc 0/151
    >> > protocol ip 10.200.50.2
    >> > encapsulation aal5snap
    >> > !
    >> > !
    >> > interface ATM3/0.2 point-to-point
    >> > description Mus MYO
    >> > ip address 10.200.30.1 255.255.255.0
    >> > pvc 0/35
    >> > protocol ip 10.200.30.2
    >> > broadcast
    >> > encapsulation aal5snap
    >> > !
    >> > !
    >> > interface ATM3/0.3 point-to-point
    >> > description Hakkari MYO
    >> > ip address 10.200.40.1 255.255.255.0
    >> > pvc 0/36
    >> > protocol ip 10.200.40.2
    >> > broadcast
    >> > encapsulation aal5snap
    >> > !
    >> > !
    >> > interface Virtual-Template2
    >> > no ip address
    >> > !
    >> > router eigrp 100
    >> > network 10.0.0.0
    >> > no auto-summary
    >> > no eigrp log-neighbor-changes
    >> > !
    >> > ip classless
    >> > ip route 0.0.0.0 0.0.0.0 193.140.0.133
    >> > ip route 10.200.0.0 255.255.0.0 10.100.0.254
    >> > no ip http server
    >> > !
    >> > ip access-list logging interval 3
    >> > snmp-server community *** RO
    >> > snmp-server community *** RW
    >> > snmp-server contact webmaster_at_yyu.edu.tr
    >> > snmp-server host 10.140.0.5 ****
    >> > banner login ^CWelcome Van Yuzuncu Yil Universitesi Router^C
    >> > !
    >> > line con 0
    >> > line aux 0
    >> > line vty 0 4
    >> > exec-timeout 0 0
    >> > password 7 ***********
    >> > login
    >> > line vty 5 15
    >> > password 7 ***********
    >> > login
    >> > !
    >> > end
    >> >
    >> > ---------------------------------------------------------------------
    >> > MUS_SAGLIK_MYO#sh run
    >> > Building configuration...
    >> >
    >> > Current configuration : 1894 bytes
    >> > !
    >> > version 12.1
    >> > service timestamps debug uptime
    >> > service timestamps log uptime
    >> > no service password-encryption
    >> > !
    >> > hostname MUS_SAGLIK_MYO
    >> > !
    >> > enable password ****
    >> > !
    >> > !
    >> > !
    >> > !
    >> > !
    >> > memory-size iomem 25
    >> > ip subnet-zero
    >> > no ip finger
    >> > no ip domain-lookup
    >> > !
    >> > !
    >> > !
    >> > interface Serial0
    >> > no ip address
    >> > encapsulation frame-relay IETF
    >> > frame-relay lmi-type ansi
    >> > !
    >> > interface Serial0.1 point-to-point
    >> > ip address 10.200.30.2 255.255.255.0
    >> > frame-relay interface-dlci 35
    >> > !
    >> > interface Serial1
    >> > no ip address
    >> > no keepalive
    >> > shutdown
    >> > !
    >> > interface FastEthernet0
    >> > ip address 10.1.30.254 255.255.255.0
    >> > speed auto
    >> > !
    >> > router eigrp 100
    >> > network 10.0.0.0
    >> > no auto-summary
    >> > no eigrp log-neighbor-changes
    >> > !
    >> > ip classless
    >> > ip route 0.0.0.0 0.0.0.0 10.100.0.5 (bu pix'in ipsi)
    >> > no ip http server
    >> > !
    >> > snmp-server community *** RW
    >> > snmp-server community *** RO
    >> > banner login ^CMUS SAGLiK^C
    >> > !
    >> > line con 0
    >> > transport input none
    >> > line aux 0
    >> > line vty 0 4
    >> > password ***
    >> > login
    >> > !
    >> > end
    >> >
    >
    >
    > Tesekkurler...
    >
    >
    >
    > Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.
    >
    > Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    >
    > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    >

    ------------------------ Yahoo! Groups Sponsor ---------------------~-->
    Rent DVDs from home.
    Over 14,500 titles. Free Shipping
    & No Late Fees. Try Netflix for FREE!
    http://us.click.yahoo.com/mk9osC/hP.FAA/3jkFAA/26EolB/TM
    ---------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

    Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Wed Oct 22 2003 - 15:31:31 GMT