Дублируется локальный траффик

Технические вопросы по UTM 5.0
Ответить
phrozen
Сообщения: 98
Зарегистрирован: Пн апр 18, 2011 11:29

Дублируется локальный траффик

Сообщение phrozen »

Собственно вот такая ерунда, глобал считается нормально, вот в деталке по локалу 2 записи одинаковые, в классах трафик выставлен на получателся, конфиг циски следующий

Код: Выделить всё

!
! NVRAM config last updated at 13:02:02 UTC Wed Nov 30 2011 by phrozen
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot system disk0:c7400-ik9o3s-mz.124-15.T7.bin
boot-end-marker
!
no logging console
!
aaa new-model
aaa session-mib disconnect
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default group radius 
aaa accounting delay-start 
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
!
!
aaa session-id common
!
!
ip cef
ip name-server 217.9.147.42
ip name-server 217.9.148.4
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.0 192.168.0.100
!
ip dhcp pool LOCAL
   network 192.168.0.0 255.255.252.0
   dns-server 192.168.0.1 
   default-router 192.168.0.1 
!
!
no ip pxf
!
multilink bundle-name authenticated
!
virtual-template 1 pre-clone 500
!
!
!
!
!
!
!
!
!
!
!
!
!
username phrozen privilege 15 secret 5 $1$dLo1$Lu049LyWt9iafVsAqX4z2/
archive
 log config
  logging enable
  hidekeys
! 
!
!
!
!
!
!
bba-group pppoe global
 virtual-template 1
 sessions max limit 8000
 ac name nas1
 sessions per-mac limit 1
 sessions per-vlan limit 500
 sessions auto cleanup
!
!
interface GigabitEthernet0/0
 description BILLING
 ip address 10.0.0.2 255.255.255.0
 duplex full
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description LOCAL
 ip address 192.168.0.1 255.255.252.0
 duplex full
 speed auto
 media-type rj45
 vlan-range dot1q 1 4048
  pppoe enable group global
  exit-vlan-config
 !
 pppoe enable group global
 no cdp enable
!
interface FastEthernet1/0
 description INTERNET
 ip address 172.29.1.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex full
!
interface Virtual-Template1 
 mtu 1492
 ip unnumbered GigabitEthernet0/0
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 autodetect encapsulation ppp
 peer default ip address pool PPPoE
 ppp max-bad-auth 3
 ppp authentication chap
 ppp timeout retry 3
 ppp timeout authentication 45
 ppp timeout idle 3600
!
ip local pool PPPoE 10.10.0.100 10.10.2.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.29.1.1
ip route 10.10.0.0 255.255.252.0 GigabitEthernet0/0
ip flow-export source Virtual-Template1
ip flow-export version 5
ip flow-export destination 10.0.0.1 9996
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface FastEthernet1/0 overload
!
!
ip access-list standard RW3
access-list 3 permit 10.0.0.1
access-list 3 deny   any log
access-list 100 remark ** Internet ACL
access-list 100 permit ip 10.10.0.0 0.0.3.255 any
access-list 110 remark ** Local In ACL
access-list 110 permit ip 10.10.0.0 0.0.3.255 10.10.0.0 0.0.3.255
access-list 110 permit ip 10.10.0.0 0.0.3.255 10.0.0.0 0.0.0.255
access-list 110 deny   ip any any
access-list 111 remark ** Local Out ACL
access-list 111 permit ip 10.10.0.0 0.0.3.255 10.10.0.0 0.0.3.255
access-list 111 permit ip 10.0.0.0 0.0.0.255 10.10.0.0 0.0.3.255
access-list 111 deny   ip any any
access-list 114 remark ** Remix DAY-Time ACL
access-list 114 permit ip any any time-range DAY-REMIX
access-list 115 remark ** Remix NIGHT-Time ACL
access-list 115 permit ip any any time-range NIGHT-REMIX
snmp-server community public RO
snmp-server community private RW
!
!
!
radius-server attribute 8 include-in-access-req
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format unformatted
radius-server host 10.0.0.1 auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 30
radius-server deadtime 1
radius-server key 7 03175E08140A35
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
!
time-range DAY-REMIX
 periodic daily 8:00 to 23:59
!
time-range NIGHT-REMIX
 periodic daily 0:00 to 7:59
!
!
end  
в чем грабли, подскажите, всю голову сломал

Ответить