[cisco-ttl] Re: ATM - Cozuldu...

From: pasabakac (pasa.bakac_at_kaynet.net)
Date: Thu Oct 23 2003 - 09:49:54 GMT

  • Next message: gokhans_at_koc.net: "RE: [cisco-ttl] jitter"

    mMurat hocam sorunun, myo larını firewall kurallarından geçirmek
    olduğunu sanıyorduk.

     ilker bey in söylediği şekilde olmadı mı?

    --- In cisco-ttl_at_yahoogroups.com, "A.Murat BAYRAM" <mbayram_at_y...>
    wrote:
    > Merhaba
    > 7200'e nat tanimlayarak sorun cozuldu. Boylece MYO'lar firewall
    uzerinden
    > degil, routerdaki nat tanimlamalari uzerinden cikiyorlar, intraneti
    de
    > fastethernet0/1 uzerinden goruyorlar....
    > Saygilar...
    >
    > > Daha once de acikladigim gibi, switch uzerinde iki vlan olusturun
    > > (Vlan X & Y). VlanX'e PIX'in internal interface'ini VlanY'ye
    > > external interface'ini koyun. 7200 uzerinde her iki vlan icin
    > > subinterface tanimlayip switch ile aralarinda trunk olusturun.
    > >
    > > MYO'lardan gelen paketleri PBR ile VlanX uzerinden PIX'e
    > > yonlendirin, PIX bu paketleri firewall kurallarindan gecirip,
    > > VlanY'den 7200'e geri gonderecektir. Oradan da Internet'e cikisi
    > saglarsiniz.
    > >
    > > Ihtiyac duyacaginiz tum konfigurasyon orneklerini,
    www.cisco.com'da
    > > ilgili anahtar kelimelerle arattiginizda bulabilirsiniz.
    > >
    > > Ilker
    > >
    > > A.Murat BAYRAM wrote:
    > > > Merhaba,
    > > >
    > > > Merkezimizden uzak birimlere 7200 router ile ATM
    > > > baglanti mevcut. ayni hat uzerinden ayni zamanda ULAKNET'e
    bagliyiz. Pix
    > > > Firewall kullaniyoruz. Ancak diger birimleri iceri
    yonlendirdikten sonra
    > > > disariya cikamiyorlar. Birimlerin routerindan ulaknetin bagli
    oldugu
    > > > 193.140.0.134
    > > > bacagina ping atilabiliyor, ancak bu routerlardan disariya
    trace
    > > > yapildiginda mesela;
    > > > MUS_SAGLIK_MYO#trace 212.156.4.4
    > > >
    > > > Type escape sequence to abort.
    > > > Tracing the route to 212.156.4.4
    > > >
    > > > 1 10.200.30.1 64 msec 68 msec 64 msec
    > > > 2 * * *
    > > > seklinde devam ediyor. Buradaki kullancilarin disari
    erisebilmeleri icin
    > > > iceriye proxy server kurmak zorunda kaldik, proxyde sorun
    cikinca
    > > > baglantilari da kesilmis oluyor.
    > > > İlker Temir Bey dot1q destegi olan bir switch kullaniyorsak,
    > > > fastethernet0/0da iki subinterface tanimlayip bunlardan birini
    switchte
    > > > firewall internal, digerini de externala koymamizi onermisti.
    6006 core
    > > > switch kullaniyoruz. sh ver asagidaki sekilde.. Boylece
    birimlerden
    > (yani
    > > > Meslek Yuksek Okullarindan -MYO-) gelen trafigi 7200 uzerinde
    PBR (ip
    > policy
    > > > route-map) kullanarak firewall'in internal ayagina
    yonlendirirsiniz. Bu
    > > > yontemle MYO'lari bir anlamda internal networkunuzun parcasi
    haline
    > getirmis
    > > > olursunuz demisti.
    > > >
    > > > VYY_6506 sh ver
    > > > WS-C6006 Software, Version NmpSW: 5.5(1)
    > > > Copyright (c) 1995-2000 by Cisco Systems
    > > > NMP S/W compiled on Jun 8 2000, 21:09:45
    > > >
    > > > System Bootstrap Version: 5.3(1)
    > > >
    > > > Hardware Version: 2.0 Model: WS-C6006 Serial #: TBA04510859
    > > >
    > > > Mod Port Model Serial # Versions
    > > > --- ---- ------------------- ----------- -----------------------
    ---------
    > -----
    > > > -
    > > > 1 2 WS-X6K-SUP1A-2GE SAD05020DAT Hw : 7.0
    > > > Fw : 5.3(1)
    > > > Fw1: 5.4(2)
    > > > Sw : 5.5(1)
    > > > Sw1: 5.5(1)
    > > > L3 Switching Engine SAD05020F26 Hw : 1.1
    > > > 3 16 WS-X6416-GBIC SAD043609TJ Hw : 1.2
    > > > Fw : 5.4(2)
    > > > Sw : 5.5(1)
    > > > 4 48 WS-X6348-RJ-45 SAL044111CT Hw : 1.4
    > > > Fw : 5.4(2)
    > > > Sw : 5.5(1)
    > > > 15 1 WS-F6K-MSFC2 SAD05020HPZ Hw : 1.1
    > > > Fw : 12.1(2)E,
    > > > Sw : 12.1(2)E,
    > > >
    > > > DRAM FLASH NVRAM
    > > > Module Total Used Free Total Used Free Total
    Used Free
    > > > ------ ------- ------- ------- ------- ------- ------- ----- ---
    -- -----
    > > > 1 65408K 38689K 26719K 16384K 6925K 9459K 512K
    230K 282K
    > > >
    > > > Uptime is 237 days, 21 hours, 7 minutes
    > > > ---------------------------------------------------------
    > > >
    > > > Peki bunun icin, hem 7200'e hem switche uygulayabilecegimiz bir
    > konfigurasyon
    > > > ornegi yardiminda bulunabilir misiniz?
    > > > 7200 routerin sh ver ciktisi ve confu ile bir Yuksek Okulun
    confu
    > asagidaki
    > > > sekilde...
    > > >
    > > >
    > > >> >
    > > >> > VanYYU#sh ver
    > > >> > Cisco Internetwork Operating System Software
    > > >> > IOS (tm) 7200 Software (C7200-IS-M), Version 12.1(9)E3,
    EARLY
    > DEPLOYMENT
    > > >> > RELEASE SOFTWARE (fc1)
    > > >> > TAC Support: http://www.cisco.com/tac
    > > >> > Copyright (c) 1986-2002 by cisco Systems, Inc.
    > > >> > Compiled Mon 11-Feb-02 20:39 by eaarmas
    > > >> > Image text-base: 0x60008950, data-base: 0x61178000
    > > >> >
    > > >> > ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE
    (fc2)
    > > >> > BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.1(8a)E,
    EARLY
    > > >
    > > > DEPLOYMENT
    > > >
    > > >> > RELEASE SOFTWARE (fc1)
    > > >> >
    > > >> > VanYYU uptime is 2 weeks, 2 hours, 35 minutes
    > > >> > System returned to ROM by reload
    > > >> > System restarted at 10:43:52 UTC Sun Aug 31 2003
    > > >> > System image file is "disk0:c7200-is-mz.121-9.E3.bin"
    > > >> >
    > > >> > cisco 7206VXR (NPE400) processor (revision A) with
    114688K/16384K
    > bytes
    > > >
    > > > of
    > > >
    > > >> > memory.
    > > >> > Processor board ID 26807173
    > > >> > R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2,
    4096KB L3
    > > >
    > > > Cache
    > > >
    > > >> > 6 slot VXR midplane, Version 2.6
    > > >> >
    > > >> > Last reset from power-on
    > > >> > G.703/E1 software, Version 1.0.
    > > >> > G.703/JT2 software, Version 1.0.
    > > >> > Bridging software.
    > > >> > X.25 software, Version 3.0.0.
    > > >> > 2 FastEthernet/IEEE 802.3 interface(s)
    > > >> > 4 Serial network interface(s)
    > > >> > 1 ATM network interface(s)
    > > >> > 125K bytes of non-volatile configuration memory.
    > > >> >
    > > >> > 47040K bytes of ATA PCMCIA card at slot 0 (Sector size 512
    bytes).
    > > >> > 8192K bytes of Flash internal SIMM (Sector size 256K).
    > > >> > Configuration register is 0x2102
    > > >> > ------------------------------------------------------
    > > >> > VanYYU# sh run
    > > >> >
    > > >> > Building configuration...
    > > >> >
    > > >> > Current configuration : 2238 bytes
    > > >> > !
    > > >> > ! Last configuration change at 12:37:19 UTC Sun Sep 14 2003
    > > >> > ! NVRAM config last updated at 11:46:27 UTC Sun Sep 14 2003
    > > >> > !
    > > >> > version 12.1
    > > >> > service timestamps debug uptime
    > > >> > service timestamps log uptime
    > > >> > service password-encryption
    > > >> > !
    > > >> > hostname VanYYU
    > > >> > !
    > > >> > enable password 7 *********
    > > >> > !
    > > >> > ip subnet-zero
    > > >> > ip cef
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> >
    > > >> > !
    > > >> > interface FastEthernet0/0
    > > >> > description connected to FIREWALL OUTSIDE
    > > >> > ip address 193.255.143.254 255.255.255.0
    > > >> > duplex auto
    > > >> > speed auto
    > > >> > !
    > > >> > interface FastEthernet0/1
    > > >> > description buradan core switche bir baglanti yaptik
    > > >> > ip address 10.100.0.200 255.255.255.0
    > > >> > duplex auto
    > > >> > speed auto
    > > >> > !
    > > >> > interface Serial2/0
    > > >> > no ip address
    > > >> > encapsulation atm-dxi
    > > >> > no keepalive
    > > >> > serial restart-delay 0
    > > >> > !
    > > >> > interface Serial2/1
    > > >> > no ip address
    > > >> > shutdown
    > > >> > serial restart-delay 0
    > > >> > !
    > > >> > interface Serial2/2
    > > >> > no ip address
    > > >> > shutdown
    > > >> > serial restart-delay 0
    > > >> > !
    > > >> > interface Serial2/3
    > > >> > no ip address
    > > >> > shutdown
    > > >> > serial restart-delay 0
    > > >> > !
    > > >> > interface ATM3/0
    > > >> > bandwidth 8129
    > > >> > ip address 193.140.0.134 255.255.255.252
    > > >> > no atm sonet ilmi-keepalive
    > > >> > no atm ilmi-keepalive
    > > >> > pvc 0/34
    > > >> > protocol ip 193.140.0.133
    > > >> > encapsulation aal5snap
    > > >> > !
    > > >> > !
    > > >> > interface ATM3/0.1 point-to-point
    > > >> > description Bitlis MYO
    > > >> > ip address 10.200.50.1 255.255.255.0
    > > >> > pvc 0/151
    > > >> > protocol ip 10.200.50.2
    > > >> > encapsulation aal5snap
    > > >> > !
    > > >> > !
    > > >> > interface ATM3/0.2 point-to-point
    > > >> > description Mus MYO
    > > >> > ip address 10.200.30.1 255.255.255.0
    > > >> > pvc 0/35
    > > >> > protocol ip 10.200.30.2
    > > >> > broadcast
    > > >> > encapsulation aal5snap
    > > >> > !
    > > >> > !
    > > >> > interface ATM3/0.3 point-to-point
    > > >> > description Hakkari MYO
    > > >> > ip address 10.200.40.1 255.255.255.0
    > > >> > pvc 0/36
    > > >> > protocol ip 10.200.40.2
    > > >> > broadcast
    > > >> > encapsulation aal5snap
    > > >> > !
    > > >> > !
    > > >> > interface Virtual-Template2
    > > >> > no ip address
    > > >> > !
    > > >> > router eigrp 100
    > > >> > network 10.0.0.0
    > > >> > no auto-summary
    > > >> > no eigrp log-neighbor-changes
    > > >> > !
    > > >> > ip classless
    > > >> > ip route 0.0.0.0 0.0.0.0 193.140.0.133
    > > >> > ip route 10.200.0.0 255.255.0.0 10.100.0.254
    > > >> > no ip http server
    > > >> > !
    > > >> > ip access-list logging interval 3
    > > >> > snmp-server community *** RO
    > > >> > snmp-server community *** RW
    > > >> > snmp-server contact webmaster_at_y...
    > > >> > snmp-server host 10.140.0.5 ****
    > > >> > banner login ^CWelcome Van Yuzuncu Yil Universitesi Router^C
    > > >> > !
    > > >> > line con 0
    > > >> > line aux 0
    > > >> > line vty 0 4
    > > >> > exec-timeout 0 0
    > > >> > password 7 ***********
    > > >> > login
    > > >> > line vty 5 15
    > > >> > password 7 ***********
    > > >> > login
    > > >> > !
    > > >> > end
    > > >> >
    > > >> > -------------------------------------------------------------
    --------
    > > >> > MUS_SAGLIK_MYO#sh run
    > > >> > Building configuration...
    > > >> >
    > > >> > Current configuration : 1894 bytes
    > > >> > !
    > > >> > version 12.1
    > > >> > service timestamps debug uptime
    > > >> > service timestamps log uptime
    > > >> > no service password-encryption
    > > >> > !
    > > >> > hostname MUS_SAGLIK_MYO
    > > >> > !
    > > >> > enable password ****
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > memory-size iomem 25
    > > >> > ip subnet-zero
    > > >> > no ip finger
    > > >> > no ip domain-lookup
    > > >> > !
    > > >> > !
    > > >> > !
    > > >> > interface Serial0
    > > >> > no ip address
    > > >> > encapsulation frame-relay IETF
    > > >> > frame-relay lmi-type ansi
    > > >> > !
    > > >> > interface Serial0.1 point-to-point
    > > >> > ip address 10.200.30.2 255.255.255.0
    > > >> > frame-relay interface-dlci 35
    > > >> > !
    > > >> > interface Serial1
    > > >> > no ip address
    > > >> > no keepalive
    > > >> > shutdown
    > > >> > !
    > > >> > interface FastEthernet0
    > > >> > ip address 10.1.30.254 255.255.255.0
    > > >> > speed auto
    > > >> > !
    > > >> > router eigrp 100
    > > >> > network 10.0.0.0
    > > >> > no auto-summary
    > > >> > no eigrp log-neighbor-changes
    > > >> > !
    > > >> > ip classless
    > > >> > ip route 0.0.0.0 0.0.0.0 10.100.0.5 (bu pix'in ipsi)
    > > >> > no ip http server
    > > >> > !
    > > >> > snmp-server community *** RW
    > > >> > snmp-server community *** RO
    > > >> > banner login ^CMUS SAGLiK^C
    > > >> > !
    > > >> > line con 0
    > > >> > transport input none
    > > >> > line aux 0
    > > >> > line vty 0 4
    > > >> > password ***
    > > >> > login
    > > >> > !
    > > >> > end
    > > >> >
    > > >
    > > >
    > > > Tesekkurler...
    > > >
    > > >
    > > >
    > > > Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi
    > bulunmamaktadir.
    > > >
    > > > Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com
    adresine bir
    > e-posta gönderebilirsiniz.
    > > >
    > > > Your use of Yahoo! Groups is subject to
    > http://docs.yahoo.com/info/terms/
    > > >
    > >
    > >
    > > Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi
    > > bulunmamaktadir.
    > >
    > > Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com
    adresine
    > > bir e-posta gönderebilirsiniz.
    > >
    > > Your use of Yahoo! Groups is subject to
    > > http://docs.yahoo.com/info/terms/
    > ------- End of Original Message -------

    ------------------------ Yahoo! Groups Sponsor ---------------------~-->
    Rent DVDs from home.
    Over 14,500 titles. Free Shipping
    & No Late Fees. Try Netflix for FREE!
    http://us.click.yahoo.com/mk9osC/hP.FAA/3jkFAA/26EolB/TM
    ---------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.

    Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Thu Oct 23 2003 - 13:50:40 GMT