有冇cisco人? - 鬧市冰室

» 鬧市冰室 » Other Discussion◇其他討論◇ 顯示適合列印的版本寄給朋友

作者

有冇cisco人?

iczfirz

"challenge"

文章: 14186
來自: 我回來了

16 于 2003-10-03 00:23

你比我兩兩句我都之前試過... 都係唔work... 其實你覺得我應點去砌呢壇野好呀 ?

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

iczfirz

"challenge"

文章: 14186
來自: 我回來了

17 于 2003-10-03 00:27

好似買左六合彩咁... 想中都難 ...

 
 BACK#show ip access-lists  
 Standard IP access list 1 
     permit 1.0.0.0, wildcard bits 0.0.0.255 check=13 
 Extended IP access list 199 
     permit tcp host 202.123.165.29 eq telnet any eq telnet

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

franng

文章: 1633

18 于 2003-10-03 00:39

iczfirz wrote:
其實我最大既難題係...

我有..
1* ip
1* 2514 dual ethernet
4* server (4* web, 1* ftp, 1* sendmail, 4* imap)

如果係NAT load distribution... 咁我1*ip round robin呢4* server就好頭痕... 因為router會下下都RR呢4*server.. 但我又唔係部部server都行晒sendmail同ftp..

所以我諗住開4* RR pool.. 睇下咩port黎就行邊個邊個pool... 但最後就做到上面段config就行唔到...

但其實我手頭有2*2514... 兩隻serial 0 cross埋再加下面段野就做到我要做既野... 但用兩隻實在太笨... 但上面個post果段又唔work..我功力又未夠... 唯手咁頂住先..

近public果隻... (先nat去另一set ip... 會係 1.0."public last octal"."port")

interface Ethernet0
ip address 202.123.165.30 255.255.255.248
ip nat outside
!
interface Serial0
ip address 1.0.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
clockrate 4000000
dce-terminal-timing-enable
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 1.0.29.21 21 202.123.165.29 21 extendable
ip nat inside source static tcp 1.0.29.23 23 202.123.165.29 23 extendable
ip nat inside source static tcp 1.0.29.25 25 202.123.165.29 25 extendable
ip nat inside source static tcp 1.0.29.21 20 202.123.165.29 20 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 202.123.165.25
ip route 1.0.0.0 255.255.0.0 Serial0
ip http server
ip pim bidir-enable
!
access-list 1 permit 1.0.0.0 0.0.255.255

近private 果隻.. (基於上面既nat去入自己個RR pool)

!
interface Ethernet1
ip address 1.0.0.1 255.255.255.0
ip nat inside
!
interface Serial0
ip address 1.0.1.2 255.255.255.0
ip nat outside
no ip mroute-cache
no fair-queue
compress stac
!
interface Serial1
no ip address
shutdown
!
ip nat pool service-29-23 1.0.0.11 1.0.0.11 prefix-length 28 type rotary
ip nat pool service-29-25 1.0.0.11 1.0.0.12 prefix-length 28 type rotary
ip nat pool service-29-21 1.0.0.11 1.0.0.12 prefix-length 28 type rotary
ip nat inside source list 1 interface Serial0 overload
ip nat inside destination list 2 pool service-29-23
ip nat inside destination list 3 pool service-29-25
ip nat inside destination list 4 pool service-29-21
ip classless
ip route 0.0.0.0 0.0.0.0 1.0.1.1
ip http server
ip pim bidir-enable
!
access-list 1 permit 1.0.0.0 0.0.0.255
access-list 2 permit 1.0.29.23
access-list 3 permit 1.0.29.25
access-list 4 permit 1.0.29.21

其實... 有冇計仔可以一個2514自己loop自己個serial 行兩次nat呢?

等你救命... 記得屈番franng請你食飯喎

嘩...........咁我米要請KK, 同ELLIS 食飯????
我頂.................

iczfirz

"challenge"

文章: 14186
來自: 我回來了

19 于 2003-10-03 02:27

ellis wrote:
try sh access-list or show ip access-list to check is there any match
entries for access list 199.
anyway, there is some error of the access-list 199, is it should be look like this:

access-list 199 permit tcp host 202.123.165.29 eq telnet any eq telnet
or
access-list 199 permit tcp host 202.123.165.29 eq telnet host 1.0.0.11 eq telnet

捉晒蟲... 呢幾日對住個router多過對魚... 最後原來係...
access-list 199 permit tcp any host 202.123.165.29 eq telnet
先至岩... 終於收得工

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

ellis

文章: 13

20 于 2003-10-03 10:50

iczfirz wrote:

ellis wrote:
try sh access-list or show ip access-list to check is there any match
entries for access list 199.
anyway, there is some error of the access-list 199, is it should be look like this:

access-list 199 permit tcp host 202.123.165.29 eq telnet any eq telnet
or
access-list 199 permit tcp host 202.123.165.29 eq telnet host 1.0.0.11 eq telnet

捉晒蟲... 呢幾日對住個router多過對魚... 最後原來係...
access-list 199 permit tcp any host 202.123.165.29 eq telnet
先至岩... 終於收得工

oh..yes. 202.123.165.29 is inside of your NAT router.

ellis

文章: 13

21 于 2003-10-03 17:25

iczfirz wrote:
其實我最大既難題係...

我有..
1* ip
1* 2514 dual ethernet
4* server (4* web, 1* ftp, 1* sendmail, 4* imap)

如果係NAT load distribution... 咁我1*ip round robin呢4* server就好頭痕... 因為router會下下都RR呢4*server.. 但我又唔係部部server都行晒sendmail同ftp..

所以我諗住開4* RR pool.. 睇下咩port黎就行邊個邊個pool... 但最後就做到上面段config就行唔到...

但其實我手頭有2*2514... 兩隻serial 0 cross埋再加下面段野就做到我要做既野... 但用兩隻實在太笨... 但上面個post果段又唔work..我功力又未夠... 唯手咁頂住先..

近public果隻... (先nat去另一set ip... 會係 1.0."public last octal"."port")

interface Ethernet0
ip address 202.123.165.30 255.255.255.248
ip nat outside
!
interface Serial0
ip address 1.0.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
clockrate 4000000
dce-terminal-timing-enable
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 1.0.29.21 21 202.123.165.29 21 extendable
ip nat inside source static tcp 1.0.29.23 23 202.123.165.29 23 extendable
ip nat inside source static tcp 1.0.29.25 25 202.123.165.29 25 extendable
ip nat inside source static tcp 1.0.29.21 20 202.123.165.29 20 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 202.123.165.25
ip route 1.0.0.0 255.255.0.0 Serial0
ip http server
ip pim bidir-enable
!
access-list 1 permit 1.0.0.0 0.0.255.255

近private 果隻.. (基於上面既nat去入自己個RR pool)

!
interface Ethernet1
ip address 1.0.0.1 255.255.255.0
ip nat inside
!
interface Serial0
ip address 1.0.1.2 255.255.255.0
ip nat outside
no ip mroute-cache
no fair-queue
compress stac
!
interface Serial1
no ip address
shutdown
!
ip nat pool service-29-23 1.0.0.11 1.0.0.11 prefix-length 28 type rotary
ip nat pool service-29-25 1.0.0.11 1.0.0.12 prefix-length 28 type rotary
ip nat pool service-29-21 1.0.0.11 1.0.0.12 prefix-length 28 type rotary
ip nat inside source list 1 interface Serial0 overload
ip nat inside destination list 2 pool service-29-23
ip nat inside destination list 3 pool service-29-25
ip nat inside destination list 4 pool service-29-21
ip classless
ip route 0.0.0.0 0.0.0.0 1.0.1.1
ip http server
ip pim bidir-enable
!
access-list 1 permit 1.0.0.0 0.0.0.255
access-list 2 permit 1.0.29.23
access-list 3 permit 1.0.29.25
access-list 4 permit 1.0.29.21

其實... 有冇計仔可以一個2514自己loop自己個serial 行兩次nat呢?

等你救命... 記得屈番franng請你食飯喎

did you try to create a virual interface, it use for single interface NAT

iczfirz

"challenge"

文章: 14186
來自: 我回來了

22 于 2003-10-03 17:47

偉哥 ... 我玩unix出身... cisco野我好好好好小小小小掂... 所以 ... 起到隻野行都叫做過到自己架啦... 我諗我做完成壇野先會正正式式去學...

virtual interface.. 同 loopback.. 我都未知有乜作用 ...

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

ellis

文章: 13

23 于 2003-10-04 00:38

iczfirz wrote:
偉哥 ... 我玩unix出身... cisco野我好好好好小小小小掂... 所以 ... 起到隻野行都叫做過到自己架啦... 我諗我做完成壇野先會正正式式去學...

virtual interface.. 同 loopback.. 我都未知有乜作用 ...

This is a good practice la..
in generic name call virtual interface, more specific name is loopback interface. It is a non-exist interface and always up.
Its function may vary, depends on how do you use it. In switch, it can use as
Vlan interface to route traffic. In router it can provide load balance/resilient link by specific loopback as next hop address instead of serial/ethernet interface. In protocol, it use as router ID..etc.

In your previous example, you also lose HSRP. Why don't get a load balancer such as foundry serveriron, it just cost around 6k for 8 ports in ebay.

iczfirz

"challenge"

文章: 14186
來自: 我回來了

24 于 2003-10-04 01:16

冇睇其它load balancer呀.. 因為呢...一隻就話六千姐... 依家兩隻都係四千有找喎... hsrp仲未做... 搞清左個config先...唔係費是佢係咁switch黎switch 去..

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

文章: 63

25 于 2003-10-05 16:43

u guys are so good in cisco and better teach me more!!!!
I want to get CCIP and do u guys have past exam papers and notes?

KK did u find a job yet? i think u can apply for the position of network engineer~~ u can replace me~~~

iczfirz

"challenge"

文章: 14186
來自: 我回來了

26 于 2003-10-05 17:27

我係六年前掂過下公司部2511比自己dial上網... 之後五年都冇再掂過... 我都想搵下d paper黎睇...

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

ellis

文章: 13

27 于 2003-10-06 16:45

LP wrote:
u guys are so good in cisco and better teach me more!!!!
I want to get CCIP and do u guys have past exam papers and notes?

KK did u find a job yet? i think u can apply for the position of network engineer~~ u can replace me~~~

I will suggest you to get some book for CCIP, there has some
chinese copy version books for CCIP in SSP.

iczfirz

"challenge"

文章: 14186
來自: 我回來了

28 于 2003-10-13 11:04

 
 ip nat translation timeout 600 
 ip nat translation tcp-timeout 600 
 ip nat translation udp-timeout 15 
 ip nat translation dns-timeout 600 
 ip nat translation port-timeout tcp 22 86400 
 ip nat translation port-timeout tcp 23 3600 
 ip nat translation port-timeout tcp 3223 3600 
 ip nat translation max-entries 1000 
 ip nat pool RR-1 1.0.0.31 1.0.0.31 netmask 255.255.255.0 type rotary 
 ip nat pool IP-30 202.123.165.30 202.123.165.30 netmask 255.255.255.248 
 ip nat inside source list 5 pool IP-30 overload 
 ip nat inside destination list 111 pool RR-1 
 ! 
 ip classless 
 ip route 0.0.0.0 0.0.0.0 202.123.165.25 
 ! 
 access-list 5 permit 1.0.0.0 0.0.0.255 
 access-list 111 permit tcp any host 202.123.165.28 eq www 
 access-list 111 permit tcp any host 202.123.165.28 eq

RR-1暫時只有一部server.
server bootup IP: 1.0.0.10
sevice (alias) IP: 1.0.0.31
古怪左部router行唔多個一日就會自己除時唔曉再做nat load balancing. 但nat overload就仲做到.. 點解? 當做唔到load balancing時我比條 ip nat inside source static 1.0.0.31 202.123.165.28 extendable 佢再即時no番佢佢又會再行番.. 但都係過唔到一日...

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

iczfirz

"challenge"

文章: 14186
來自: 我回來了

29 于 2003-10-13 12:04

仲有...
CPU utilization for five seconds: 25%/4%; one minute: 33%; five minutes: 16%
Total active translations: 139 (0 static, 139 dynamic; 139 extended)
隻router都行得好好地...何解會忽忽地?

^{問題或承受過不相信拋下過最後決定一雙肩膊別太肩膊
三十一畫：此數大吉，名利雙收，漸進向上，大業成就。（吉）}

ellis

文章: 13

30 于 2003-10-13 22:12

iczfirz wrote:

ip nat translation timeout 600
ip nat translation tcp-timeout 600
ip nat translation udp-timeout 15
ip nat translation dns-timeout 600
ip nat translation port-timeout tcp 22 86400
ip nat translation port-timeout tcp 23 3600
ip nat translation port-timeout tcp 3223 3600
ip nat translation max-entries 1000
ip nat pool RR-1 1.0.0.31 1.0.0.31 netmask 255.255.255.0 type rotary
ip nat pool IP-30 202.123.165.30 202.123.165.30 netmask 255.255.255.248
ip nat inside source list 5 pool IP-30 overload
ip nat inside destination list 111 pool RR-1
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.123.165.25
!
access-list 5 permit 1.0.0.0 0.0.0.255
access-list 111 permit tcp any host 202.123.165.28 eq www
access-list 111 permit tcp any host 202.123.165.28 eq

RR-1暫時只有一部server.
server bootup IP: 1.0.0.10
sevice (alias) IP: 1.0.0.31
古怪左部router行唔多個一日就會自己除時唔曉再做nat load balancing. 但nat overload就仲做到.. 點解? 當做唔到load balancing時我比條 ip nat inside source static 1.0.0.31 202.123.165.28 extendable 佢再即時no番佢佢又會再行番.. 但都係過唔到一日...

我諗不如唔好行 ip nat translation o個 d timeout option 先, 因為會影響
dynamic translation.

» 鬧市冰室 » Other Discussion◇其他討論◇ 顯示適合列印的版本寄給朋友

看過的文章

新的文章

被刪除的文章

跳轉到

我地有在新的聊天室
即時聊天廣播.

[Processing Time] User:29.22, System:3.14, Children of user:0.62, Children of system:1.28

請大家技持更換新主機啦, 多謝!