|
- 社区积分
- 115
- 技术积分
- 1292
- 阅读权限
- 40
- 注册时间
- 2007-7-21
论坛徽章 1 |
楼主
发表于 2007-8-14 17:43
| 只看该作者
CISCO1841做了NAT后重启问题
CISCO1841路由器做了NAT转换后,路由器会时而出现重启的现象!请教高手!!!
具体网络环境:
电信光纤过来固定IP地址,CISCO1841路由器,下接CISCO C2960-48交换机,再下10多组8口TPLINK交换机再到工作站PC机。
测试步骤如下:
① 现在的情况是部分电脑接到内网中时路由器会出现重启的现象!
② 即分组测试以便查出具体是某一台或几台PC的问题,但是在分组时2、4、7三组电脑接入路由后出现重启频率很高!单独接路由时好时坏,及不稳定!导致无法确定!!郁闷~~~
③ 当所有组电脑接上路由器时,路由器正常运行在半小时到一小时会出现重启现象!
④ 单台电脑测试时,路由器并无掉线、重启现象。当员工上班时就出现此情况。
⑤ 路由器出现重启的时,先第二个信号闪烁灯会常亮而不闪,接着系统灯会闪,最后路由器重启。(由此可以初步确认应是大量数据对路由器造成堵塞引起路由器重启)
⑥ 后因用TPLINK路由器换下CISCO路由器后正常运行.郁闷了~~~
疑:
① 该配置是否有问题?是否会造成路由器重启现象呢??(应该不会是这个原因吧)
② 经查内网中,日方工作人员部分电脑上接受与发送数据包相差有近十倍以上,是否内网中有病毒而导致??(应该有可能的)
③ 咨询相关高手,NAT转换需修改默认的timeout时间,否则路由器里所存储的数据太多导致路由器死机而重启??(按第六步测试来看这个的可能性最大了)
④ 局域网中有三台PC机设置的内网IP地址时网关与本机IP地址相同,但是同样可以上网??(个人感觉没道理,想不通,很郁闷)
另外,这个NAT timeout时间具体需要怎样设置,请高手给出配置实例!!
还有内网中小日本需要与日本总部的VPN连接,说是需要打开10000端口号,这个具体需要做什么设置?请高手给出配置实例!!!
跟贴或发邮件至shareqzone@163.com !!万分感谢!!!
小弟刚学,没有考虑到最后一点,不知大家还有什么其他不同的看法或建议,希望多多指教!!!谢谢!
相关配置如下:
Building configuration...
Current configuration : 2280 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password *****
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
ip domain name yourdomain.com
!
username cisco privilege 15 secret 5 $1$C5sb$a.LhB6OC0IT09rdPp8ymt/
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 58.221.234.*** 255.255.255.252
ip nat outside
ip nat enable
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 58.221.234.***
!
no ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool aaa 58.221.234.*** 58.221.234.*** netmask 255.255.255.252
ip nat source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password *****
login
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
!
end
不好意思,再补充一点,CISCO 1841默认的,有下面这样的访问控制列表的命令吗?
access-list 23 permit 10.10.10.0 0.0.0.7
access-class 23 in
再此谢过各位热心技术支持的朋友!!!
二、现在把路由器恢复原厂后重新设置(相关参数如下):
大家帮帮忙
今天换了另一台CISCO1841路由.相关配置如下:
Building configuration...
Current configuration : 1607 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$p8vl$dnCeBQH24I/GqswZS3yK4.
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
!
!
!
!
interface FastEthernet0/0
ip address 58.221.234.*** 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 58.221.234.***!
no ip http server
ip nat translation tcp-timeout 300
ip nat translation udp-timeout 20
ip nat translation syn-timeout 15
ip nat translation icmp-timeout 10
ip nat translation max-entries 12000
ip nat pool abc 58.221.234.*** 58.221.234.*** netmask 255.255.255.252
ip nat source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny tcp any any eq 445
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 1434
access-list 115 deny udp any any eq 1434
access-list 115 deny tcp any any eq 139
access-list 115 deny tcp any any eq 593
access-list 115 deny udp any any eq 4444
access-list 115 permit ip any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password *****
login
!
end
现在网也连不上了...
但是换了别的BILLION路由器上网没有问题的.怎么回事啊??? 郁闷了!!!
网友1:
配置好像没什么问题,可以看看日志是什么原因提示重启啊.是不是设备有问题.
网友2:
配置应该没问题,建议你留意一下nat的session数量
sh ip nat tra
如果看到那个主机数量多的先去检查一下 |
|
