|
蓝森林 http://www.lslnet.com 2006年7月28日 20:08
 求助!!!! 2621XM 每24小时就断线!
10M动态地址宽带,接FA0/0口,内网划分VLAN,24小时内就断线一次,FA0/0口配置:
ip address dhcp
ip nat outside
duplex auto
speed auto
全局模式
ip nat inside source list 1 int fa0/0 overload
IOS版本,12.2(9)T8
请问如何解决?谢谢!
下面是断线后和SHUT/NO SHUT之后FA0/0口的信息
User Access Verification
Password:
Router>en
Password:
Router#show int fa 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000d.bddb.1177 (bia 000d.bddb.1177)
Internet address is 218.94.95.69/27
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:15:17, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/58/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 31000 bits/sec, 15 packets/sec
28179367 packets input, 1612256777 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
2 input errors, 0 CRC, 0 frame, 0 overrun, 2 ignored
0 watchdog
0 input packets with dribble condition detected
26049766 packets output, 2162358495 bytes, 0 underruns
0 output errors, 0 collisions, 17 interface resets
0 babbles, 0 late collision, 4 deferred
150 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router#
Router#show int fa 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 000d.bddb.1177 (bia 000d.bddb.1177)
Internet address is 218.94.95.93/27
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 7/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 3/75/58/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 287000 bits/sec, 49 packets/sec
5 minute output rate 34000 bits/sec, 42 packets/sec
28194087 packets input, 1623706984 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
4 input errors, 0 CRC, 0 frame, 0 overrun, 4 ignored
0 watchdog
0 input packets with dribble condition detected
26060935 packets output, 2163665239 bytes, 0 underruns
0 output errors, 0 collisions, 18 interface resets
0 babbles, 0 late collision, 4 deferred
198 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router# |
配置信息,比较乱:em11::em11::em11:
Building configuration...
Current configuration : 11162 bytes
!
! Last configuration change at 03:08:38 GMT Sun Dec 11 2005
! NVRAM config last updated at 00:30:53 GMT Sun Dec 11 2005
!
version 12.2
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname sh_router
!
no logging buffered
enable secret 5 $1$Q8to$xl8rSdeg9kUU5u8iiVFVR1
!
clock timezone GMT 8
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
!
!
crypto ipsec transform-set aa esp-3des esp-md5-hmac
!
crypto identity aa
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
ip address dhcp client-id FastEthernet0/0 hostname senhao
ip nat outside
speed 10
full-duplex
!
interface FastEthernet0/0.1
no ip redirects
!
interface FastEthernet0/0.2
no ip redirects
!
interface FastEthernet0/0.10
!
interface FastEthernet0/0.11
!
interface FastEthernet0/0.12
ip access-group shangwang in
!
interface FastEthernet0/0.13
!
interface FastEthernet0/0.14
ip access-group shangwang in
!
interface FastEthernet0/0.15
ip access-group shangwang in
!
interface FastEthernet0/0.16
ip access-group shangwang in
!
interface FastEthernet0/0.17
ip access-group shangwang in
!
interface FastEthernet0/0.18
!
interface FastEthernet0/0.19
!
interface FastEthernet0/0.20
!
interface FastEthernet0/0.21
no ip redirects
ip nat inside
!
interface FastEthernet0/0.516
!
interface FastEthernet0/1
no ip address
speed auto
full-duplex
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.11
encapsulation dot1Q 11
ip address 192.168.11.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.12
encapsulation dot1Q 12
ip address 192.168.12.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.13
encapsulation dot1Q 13
ip address 192.168.13.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.14
encapsulation dot1Q 14
ip address 192.168.14.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.15
encapsulation dot1Q 15
ip address 192.168.15.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.16
encapsulation dot1Q 16
ip address 192.168.16.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.17
encapsulation dot1Q 17
ip address 192.168.17.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.18
encapsulation dot1Q 18
ip address 192.168.18.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.19
encapsulation dot1Q 19
ip address 192.168.19.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.21
encapsulation dot1Q 21
ip address 192.168.21.254 255.255.255.0
ip nat inside
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.13.1 13131 interface FastEthernet0/0 13131
ip nat inside source static tcp 192.168.10.1 12345 interface FastEthernet0/0 12345
ip nat inside source static tcp 192.168.10.1 4662 interface FastEthernet0/0 4662
ip nat inside source static udp 192.168.10.1 4672 interface FastEthernet0/0 4672
ip classless
ip http server
ip pim bidir-enable
!
!
ip access-list standard tel
permit 192.168.10.1
!
ip access-list extended fibwk
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
permit ip any any
ip access-list extended ficws
evaluate fi-zjb
evaluate fi-lxs
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended fihys
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended fijhk
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended firsk
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended fisjs
evaluate fi-zjb
evaluate fi-sjs
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended fizgb
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended fizjb
evaluate fi-zjb
ip access-list extended fizsj
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
permit ip any 192.168.0.0 0.0.255.255
permit ip any any
ip access-list extended fizzb
evaluate fi-zjb
evaluate fi-sjs
deny ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
permit ip any any
ip access-list extended lxs
permit tcp any 192.168.18.0 0.0.0.255 reflect fi-lxs timeout 120
permit udp any 192.168.18.0 0.0.0.255 reflect fi-lxs timeout 200
permit icmp any 192.168.18.0 0.0.0.255 reflect fi-lxs timeout 10
deny ip any 192.168.11.0 0.0.0.255
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.15.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
permit ip any 192.168.0.0 0.0.255.255
permit ip any any |
ip access-list extended sjs
permit tcp any 192.168.19.0 0.0.0.255 reflect fi-sjs timeout 120
permit tcp any 192.168.20.0 0.0.0.255 reflect fi-sjs timeout 120
permit udp any 192.168.20.0 0.0.0.255 reflect fi-sjs timeout 200
permit udp any 192.168.19.0 0.0.0.255 reflect fi-sjs timeout 200
permit icmp any 192.168.19.0 0.0.0.255 reflect fi-sjs timeout 10
permit icmp any 192.168.20.0 0.0.0.255 reflect fi-sjs timeout 10
deny ip any 192.168.12.0 0.0.0.255
deny ip any 192.168.13.0 0.0.0.255
deny ip any 192.168.14.0 0.0.0.255
deny ip any 192.168.16.0 0.0.0.255
deny ip any 192.168.17.0 0.0.0.255
deny ip any 192.168.18.0 0.0.0.255
deny ip any 192.168.19.0 0.0.0.255
deny ip any 192.168.20.0 0.0.0.255
deny ip any 192.168.21.0 0.0.0.255
evaluate fi-zjb
deny ip any 192.168.10.0 0.0.0.255
permit ip any 192.168.0.0 0.0.255.255
permit ip any any
ip access-list extended zjb
permit tcp any 192.168.0.0 0.0.255.255 reflect fi-zjb timeout 120
permit udp any 192.168.0.0 0.0.255.255 reflect fi-zjb timeout 200
permit icmp any 192.168.0.0 0.0.255.255 reflect fi-zjb timeout 10
permit ip 192.168.10.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.0.255 any
permit ip any any
!
no logging trap
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 10 permit 192.168.10.1
access-list 101 deny udp any any eq 4000
access-list 101 deny udp any any eq 8000
access-list 101 deny ip any 61.135.157.0 0.0.0.255
access-list 101 deny ip any 61.144.238.0 0.0.0.255
access-list 101 deny ip any 61.141.194.0 0.0.0.255
access-list 101 deny ip any 61.172.249.0 0.0.0.255
access-list 101 deny ip any 202.96.170.0 0.0.0.255
access-list 101 deny ip any 202.104.129.0 0.0.0.255
access-list 101 deny ip any 202.104.193.0 0.0.0.255
access-list 101 deny ip any 218.17.209.0 0.0.0.255
access-list 101 deny ip any 218.18.95.0 0.0.0.255
access-list 101 deny ip any 219.133.40.0 0.0.0.255
access-list 101 deny ip any 219.133.45.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 permit tcp any any eq www
access-list 102 permit udp any any eq domain
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq domain
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any gt 1023 established
access-list 102 deny ip any any
!
snmp-server community public RW
snmp ifmib ifalias long
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
password 84521965
line aux 0
line vty 0 4
access-class 10 in
password
login
line vty 5 15
login
!
ntp peer 137.189.6.18
!
end |
| 期待ing |
| 再顶................ |
试试用ip dhcp client lease days [hours] [minutes] 命令指定client的lease time
参考http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a008022ad08.html#wp1027195 |
| 在DHCP服务器上看看ip地址的租借时间。 |
-->
偶试过了,没这条命令,估计是IOS版本问题 |
-->
断线时输入SHOW IP DHCP
是3天,
电信的DHCP服务器 |
非常准时24小时掉线,还是大约24小时?
一般都是几点掉线? |
150 lost carrier, 0 no carrier
...
198 lost carrier, 0 no carrier
可能线路质量不好
看看show logging |
| 会不会是nat的timeout时间太长,导致连接堆积,引起的断线 |
回复 4楼 性感小肥猪 的帖子
你用你的26和我的LINUXBOX换吧 |
-->
还是大约24小时!!!!!!!!!
第一天什么时候对FA0/0口,shut/no shut之后,第二天大约在这个时间就断线了! |
修改nat的timeout参数试试,默认timeout就是24小时,可能是translation累积太多造成的
试下:ip nat translation timeout 3600 |
-->
多谢多谢,偶现在用c2600-ik9o3s3-mz.123-15.bin 一天了,没掉线,正在试试!
多谢 |
| |
