>а чтобы это понять нужно тот конфиг видеть. а вот он, конфиг. немного сокращенный, кучу интерфейсов одинаковых просто не написал.
c2801#sh run
Building configuration...
Current configuration : 50515 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname c2801
!
boot-start-marker
boot system flash:c2801++++.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 ++++
enable password 7 ++++
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication ppp default local
aaa authorization exec local_author local
!
aaa session-id common
clock timezone PCTime 6
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool ADSL-1
network 192.168.++++ 255.255.255.252
dns-server 91.185.++++ 91.185.++++
default-router 192.168.++++
!
.
.
.
.
!
ip dhcp pool ADSL-2
network 192.168.++++ 255.255.255.248
default-router 192.168.26.17
dns-server 91.185.2.10 91.185.6.10
!
!
ip flow-cache timeout active 1
no ip bootp server
ip domain name MTS.yourdomain.com
!
!
voice-card 0
!
ip tcp synwait-time 10
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
description ++++
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.1
description ++++
bandwidth 256
encapsulation dot1Q 1 native
ip address 192.168.++++ 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/0.2
description ++++
bandwidth 1024
encapsulation dot1Q 2
ip address 212.++++ 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
rate-limit input 1000000 120000 150000 conform-action transmit exceed-action drop
rate-limit output 1000000 120000 150000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/0.3
description
bandwidth 128
encapsulation dot1Q 3
ip address 192.168.++++ 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip policy route-map ISP
shutdown
traffic-shape rate 128000 7936 7936 1000
no cdp enable
!
!
interface FastEthernet0/0.6
description
bandwidth 1024
encapsulation dot1Q 6
ip address 95.56.++++ 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
rate-limit input 1000000 48000 60000 conform-action transmit exceed-action drop
rate-limit output 1000000 48000 60000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
.
.
!
interface FastEthernet0/0.320
description ADSL-1
bandwidth 512
encapsulation dot1Q 320
ip address 192.168.++++ 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
rate-limit input 512000 12000 15000 conform-action transmit exceed-action drop
rate-limit output 512000 12000 15000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/0.347
description ADSL-2
bandwidth 512
encapsulation dot1Q 347
ip address 192.168.++++ 255.255.255.252 вот эти адреса на интерфейсе с самой cisco и не пингуются
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
rate-limit input 512000 48000 60000 conform-action transmit exceed-action drop
rate-limit output 512000 48000 60000 conform-action transmit exceed-action drop
ip policy route-map ISP
no cdp enable
!
interface FastEthernet0/1
no ip address
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
!
ip local pool dialup 192.168.10.200 192.168.10.202
ip route ++++
.
.
.
ip route ++++
!
ip flow-export version 9
ip flow-export destination 192.168.++++ 9996
!
ip http server
ip http access-class 99
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool ++++-pool 92.46.++++ 92.46.++++ prefix-length 30
ip nat pool ++-pool 94.247.++++ 94.247.++++ prefix-length 30
ip nat inside source route-map DKP-NAT pool DKP-pool overload
ip nat inside source route-map Kris-NAT pool Kris-pool overload
!
logging trap debugging
access-list 10 permit 192.168.++++
access-list 10 permit 192.168.++++
access-list 20 permit 192.168.10.0 0.0.0.255
.
. -куча акцеслистов
.
.
snmp-server community public RO
snmp-server host 192.168.++++ public
snmp-server host 192.168.++++ public
no cdp run
!
route-map ++++-NAT permit 10
match ip address 30
!
route-map ++++-NAT permit 10
match ip address 10
!
route-map ISP deny 10
match ip address 101
!
route-map ISP permit 20
match ip address 10
set ip next-hop 82.++++.++++
!
route-map ISP permit 30
match ip address 20
set ip next-hop 94.++++.++++
!
route-map ISP permit 40
match ip address 30
set ip next-hop 89.21++++ 95.14.++++
!
route-map ++++-NAT permit 10
match ip address 20
!
!
!
!
control-plane
!
!
!
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
modem InOut
modem autoconfigure type default
transport input all
transport output telnet
autoselect during-login
autoselect ppp
speed 2400
line vty 0 4
access-class 100 in
authorization exec local_author
login authentication local_authen
transport input telnet
transport output telnet
line vty 5 15
access-class 100 in
authorization exec local_author
login authentication local_authen
transport input telnet
transport output telnet
!
scheduler allocate 20000 1000
end