Перейти к содержимому
Калькуляторы

nikulich

Новичок
  • Публикации

    9
  • Зарегистрирован

  • Посещение

О nikulich

  • Звание
    Абитуриент
  1. настройка SNR-S2990G-24T

    да собственно вот от сюда ))) Коммутаторы SNR-S2900 на доступе там как раз и есть пример конфига ))
  2. день добрый, как то не понятно с 2990G, сток конфиг из коробки, меняю IP всё норм. При попытке прописать шлюз посылает лесом... SNR-S2990G-24T#conf SNR-S2990G-24T(config)#ip default-gateway 192.168.60.1 ^ % Invalid input detected at '^' marker. SNR-S2990G-24T(config)# SNR-S2990G-24T#sh ver SNR-S2990G-24T Device, Compiled on Aug 28 09:47:05 2014 sysLocation Building 57/2,Predelnaya st, Ekaterinburg, Russia CPU Mac f8:f0:82:73:64:a2 Vlan MAC f8:f0:82:73:64:a1 SoftWare Version 7.0.3.5(R0102.0089) BootRom Version 7.1.37 HardWare Version R01 CPLD Version N/A Serial No.:SW041410EA22001054 Copyright © 2014 NAG LLC All rights reserved Last reboot is cold reset. Uptime is 0 weeks, 2 days, 9 hours, 22 minutes
  3. день добрый, как то не понятно с 2990G, сток конфиг из коробки, меняю IP всё норм. При попытке прописать шлюз посылает лесом... SNR-S2990G-24T#conf SNR-S2990G-24T(config)#ip default-gateway 192.168.60.1 ^ % Invalid input detected at '^' marker. SNR-S2990G-24T(config)# SNR-S2990G-24T#sh ver SNR-S2990G-24T Device, Compiled on Aug 28 09:47:05 2014 sysLocation Building 57/2,Predelnaya st, Ekaterinburg, Russia CPU Mac f8:f0:82:73:64:a2 Vlan MAC f8:f0:82:73:64:a1 SoftWare Version 7.0.3.5(R0102.0089) BootRom Version 7.1.37 HardWare Version R01 CPLD Version N/A Serial No.:SW041410EA22001054 Copyright © 2014 NAG LLC All rights reserved Last reboot is cold reset. Uptime is 0 weeks, 2 days, 9 hours, 22 minutes
  4. Опубликована Процедура блокировки некошерной инфо

    это ответ к моему посту ? если да , то каай нагрузка идёт (трафик и % какой загрузки CPU). блочите 7layer?
  5. Опубликована Процедура блокировки некошерной инфо

    день добрый, вопрос потянет ли Mikrotik CCR1036-8G-2S+EM блокировки сайтов через layer7 фильтр ? трафик не большой около 100 мб/с ?
  6. полиси мап применен на интерфейсе, я конфиг разместил в первом посте. в оригинале то что касалось именно 2027 класса policy-map policer class 2027 police cir 2048000 bc 64000 be 64000 conform-action transmit exceed-action transmit violate-action drop class-map match-all 2027 match access-group 2027 match not protocol rtp audio match not protocol rtcp access-list 2027 permit ip any host x.x.x.63 access-list 2027 permit ip any host x.x.x.64 access-list 2027 permit ip any host x.x.x.65 access-list 2027 permit ip any host x.x.x.66 access-list 2027 permit ip any host x.x.x.67 перед тем как class-map удалить естественно чистится policy-map policy-map policer no class 2027 no class-map match-all 2027 вот именно после удаления class-map прыгает загруз CPU 96% после методом вычисления выяснилось что если в классмапе 2027 убрать именно условие не совпадения match not protocol rtp audio начинаются проблемы с загрузкой CPU. это как раз нужно было чтоб сип не входил в эту полосу битрэйта. Дабы телефония не квакала. Закончились отведённых на сегодня 3 сообщения в день ( смогу только в личку ответить. Завтра счётчик обнулиться.
  7. class-map match-all 2027 match access-group 2027 match not protocol rtp audio match not protocol rtcp
  8. Есть железка Маршрутизатор Cisco 7206VXR-NPE-G1 Bundlе в конфиге делал class-map для сипа для одного человека, через некоторое время нужда в этом отпала. решил удалить этот класс мап за ненадобностью. после комманды no class-map match-all 2027 происходит нагрузка на проц до 96% 86 662180 654595 1011 45.56% 45.74% 35.86% 0 IP Input после возвращения этого классмапа всё нормализуется нагрузка на CPU приходит в норму 50-60% пример конфига за вычетом выреза множества class-map и policy-map но 2027 оставлен как есть сейчас в работающем конфиге: ! ! Last configuration change at 05:33:28 NOVST Wed Feb 11 2015 by user1 ! version 12.2 no service pad service telnet-zeroidle service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service dhcp ! hostname gateway ! boot-start-marker boot system flash disk2:/c7200-advipservicesk9-mz.122-33.SRE6.bin boot system flash disk2:/c7200-advipservicesk9-mz.151-4.M4.bin boot-end-marker ! security passwords min-length 1 logging buffered 51200 no logging console no logging monitor enable secret 5 $111111 ! aaa new-model ! ! aaa group server tacacs+ tac_plus server 1.2.3.4 ! aaa authentication login default local aaa authentication login no_auth none aaa authentication login tac group tac_plus local aaa authentication enable default group tac_plus enable aaa accounting update newinfo aaa accounting exec default action-type start-stop group tac_plus ! ! aaa nas port extended aaa nas redirected-station ! ! ! ! aaa session-id common clock timezone NOVST 7 no ip source-route ! ! ! ! no ip bootp server no ip domain lookup ip domain name 1111.ru ip cef no ipv6 cef rlogin trusted-remoteuser-source local ! ! multilink bundle-name authenticated ! ! archive log config hidekeys username user1 secret 5 $111111111 username user2 secret 5 $111111111 ! ! ip tcp path-mtu-discovery ip ssh version 2 ! class-map match-any 2030 match access-group 2030 class-map match-any 2000 match access-group 2000 ... class-map match-all 2027 match access-group 2027 match not protocol rtp audio match not protocol rtcp class-map match-any 2028 match access-group 2028 ..... class-map match-any 187 match access-group 187 class-map match-any 168 match access-group 168 ! policy-map policer class 101 police cir 4096000 bc 128000 be 128000 conform-action transmit exceed-action transmit violate-action drop ..... ..... class 199 police cir 2048000 bc 64000 be 64000 conform-action transmit exceed-action transmit violate-action drop ....... class 2060 police cir 4096000 bc 128000 be 128000 conform-action transmit exceed-action transmit violate-action drop class 2054 police cir 1536000 bc 48000 be 48000 conform-action transmit exceed-action transmit violate-action drop policy-map policer_out class 2000 police cir 10240000 bc 320000 be 320000 conform-action transmit exceed-action transmit violate-action drop class 2028 police cir 2048000 bc 64000 be 64000 conform-action transmit exceed-action transmit violate-action drop ! ! ! ! ! ! ! interface GigabitEthernet0/1 description "Interface to Internal Net - c2950" no ip address media-type rj45 speed auto duplex auto no negotiation auto ! interface GigabitEthernet0/1.10 description DMZ encapsulation dot1Q 10 ip address x.x.x.x 255.255.255.248 no ip proxy-arp ip verify unicast source reachable-via rx allow-self-ping ip flow ingress ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip address x.x.x.y 255.255.255.240 secondary ip address x.x.x.a 255.255.255.224 secondary ip address x.x.x.b 255.255.255.192 ip access-group vlan20_in in no ip proxy-arp ip verify unicast source reachable-via rx allow-self-ping ip flow ingress no cdp enable ! interface GigabitEthernet0/1.30 encapsulation dot1Q 30 ip address x.x.x.c 255.255.255.240 secondary ip address x.x.x.d 255.255.255.240 secondary ip address x.x.x.e 255.255.255.224 ip access-group vlan30_in in no ip proxy-arp ip verify unicast source reachable-via rx allow-self-ping ip flow ingress no cdp enable ! interface GigabitEthernet0/1.40 encapsulation dot1Q 40 ip address x.x.x.f 255.255.255.224 ip access-group vlan40_in in no ip proxy-arp ip verify unicast source reachable-via rx allow-self-ping ip flow ingress no cdp enable ! interface GigabitEthernet0/1.50 encapsulation dot1Q 50 ip address x.x.x.n 255.255.255.128 ip access-group vlan50_in in no ip proxy-arp ip verify unicast source reachable-via rx allow-self-ping ip flow ingress no cdp enable ! interface GigabitEthernet0/1.60 encapsulation dot1Q 60 ip access-group vlan60_in in ip verify unicast source reachable-via rx allow-self-ping ip flow ingress no cdp enable ! interface GigabitEthernet0/1.500 description "Temporary Link to FreeBSD" encapsulation dot1Q 500 ip address c.c.c.c 255.255.255.240 no ip proxy-arp ip flow ingress ip policy route-map TTK_IP ! interface GigabitEthernet0/2 no ip address media-type rj45 speed auto duplex auto no negotiation auto ! interface GigabitEthernet0/2.2 description "ISP TTK" encapsulation dot1Q 2 ip address a.a.a.a 255.255.255.252 ip access-group block_out out no ip proxy-arp ip flow ingress no cdp enable service-policy input policer service-policy output policer_out ! ! interface GigabitEthernet0/2.4 description ==ISP RosTK== encapsulation dot1Q 4 ip address d.d.d.d 255.255.255.252 ip access-group block_out out no ip proxy-arp ip flow ingress no cdp enable service-policy input policer service-policy output policer_out ! interface GigabitEthernet0/3 no ip address shutdown media-type rj45 speed auto duplex auto no negotiation auto ! router bgp 1111 no synchronization bgp router-id a.a.a.a bgp log-neighbor-changes network x.x.x.0 mask 255.255.254.0 neighbor a.b.c.d remote-as xxxx neighbor a.b.c.d description ZS-TTK neighbor a.b.c.d prefix-list drop_24 in neighbor a.b.c.d route-map Primary_ISP_IN in neighbor a.b.c.d filter-list 10 out neighbor d.b.c.a remote-as yyyy neighbor d.b.c.a description RTCOMM neighbor d.b.c.a prefix-list route_filter in neighbor d.b.c.a route-map BackUP_ISP_OUT out neighbor d.b.c.a filter-list 10 out no auto-summary ! ! ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit ^1111$ ip flow-export source GigabitEthernet0/1.10 ip flow-export version 5 ip flow-export destination a.a.b.b 7223 ip flow-top-talkers top 30 sort-by bytes ! no ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 a.b.c.d ip tacacs source-interface GigabitEthernet0/1.10 ! ip access-list standard nms_list permit x.x.x.2 permit x.x.x.3 permit x.x.x.4 permit y.y.y.174 permit a.a.b.b permit x.x.x.244 ! ip access-list extended TTK_IP deny ip y.y.y.y 0.0.0.127 x.x.x.0 0.0.1.255 deny ip y.y.y.128 0.0.0.63 x.x.x.0 0.0.1.255 permit ip y.y.y.128 0.0.0.127 any permit ip y.c.y.128 0.0.0.63 any ip access-list extended block_out deny ip any host 97.74.141.1 . . . . . около 1000 ip . deny ip any host 97.74.244.111 permit ip any any ip access-list extended vlan10_in permit ip host x.x.y.244 any ip access-list extended vlan20_in permit ip any host a.a.b.b permit icmp any host x.x.x.129 permit ip x.x.y.224 0.0.0.15 any permit ip host x.x.x.130 any . . permit ip host x.x.x.62 any deny ip any any ip access-list extended vlan30_in permit ip any host a.a.b.b permit icmp any host x.x.x.193 permit ip host x.x.x.194 any . . permit ip host x.x.y.174 any deny ip any any ip access-list extended vlan40_in permit ip any host a.a.b.b permit icmp any host x.x.x.225 permit ip host x.x.x.227 any . . permit ip host x.x.x.238 any deny ip any any ip access-list extended vlan50_in permit ip any host a.a.b.b permit icmp any host x.x.y.1 permit ip host x.x.y.2 any . . permit ip host x.x.y.70 any deny ip any any ip access-list extended vlan60_in permit ip any host a.a.b.b permit icmp any host x.x.y.225 permit ip x.x.y.224 0.0.0.15 any deny ip any any ip access-list extended vlan_30 ! ! ip prefix-list RFC1918 seq 10 permit 192.168.0.0/16 le 32 ip prefix-list RFC1918 seq 20 permit 172.16.0.0/12 le 32 ip prefix-list RFC1918 seq 30 permit 10.0.0.0/8 le 32 ! ip prefix-list default seq 10 deny 0.0.0.0/0 ip prefix-list default seq 20 permit 0.0.0.0/0 le 24 ! ip prefix-list drop_24 seq 10 permit 0.0.0.0/0 le 24 ! ip prefix-list route_filter seq 10 deny 0.0.0.0/0 ip prefix-list route_filter seq 11 deny 192.168.0.0/16 le 32 ip prefix-list route_filter seq 12 deny 172.16.0.0/12 le 32 ip prefix-list route_filter seq 13 deny 10.0.0.0/8 le 32 ip prefix-list route_filter seq 20 permit 0.0.0.0/0 le 24 ! ip prefix-list test seq 5 permit 0.0.0.0/0 ge 25 no logging trap access-list 11 permit 1.1.1.1 access-list 11 permit x.x.y.1 access-list 11 permit x.x.y.2 access-list 11 permit x.x.y.3 access-list 11 permit x.x.y.4 access-list 11 permit a.a.b.b access-list 101 permit ip any host x.x.x.131 . access-list 183 permit ip any host x.x.y.34 . access-list 2027 permit ip any host x.x.y.63 access-list 2027 permit ip any host x.x.y.64 access-list 2027 permit ip any host x.x.y.65 access-list 2027 permit ip any host x.x.y.66 access-list 2027 permit ip any host x.x.y.67 access-list 2028 permit ip any host x.x.x.13 . access-list 2071 permit ip any host x.x.x.234 no cdp run arp x.x.y.171 0022.1548.8569 ARPA arp x.x.y.174 2828.5d6a.6e8b ARPA arp x.x.y.16 ec43.f6d5.504d ARPA ! route-map Primary_ISP_IN permit 10 set local-preference 150 ! route-map TTK_IP permit 10 match ip address TTK_IP set ip next-hop a.b.c.d ! route-map BackUP_ISP_OUT permit 10 set as-path prepend 1111 1111 1111 1111 1111 1111 1111 ! route-map BackUP_ISP_IN permit 10 match as-path 20 set local-preference 100 ! route-map BackUP_ISP_IN permit 20 set local-preference 100 ! snmp-server community 111111111 RO nms_list snmp-server chassis-id none snmp ifmib ifindex persist ! tacacs-server host a.a.b.b single-connection key 11111111 ! control-plane ! alias exec save copy running-config tftp://x.x.y.4/gateway.conf ! line con 0 privilege level 15 stopbits 1 line aux 0 access-class 11 in login authentication no_auth no exec transport input telnet stopbits 1 line vty 0 4 access-class 11 in exec-timeout 0 0 privilege level 15 password cisc0 login authentication tac transport input telnet ssh line vty 5 15 access-class 11 in exec-timeout 0 0 login authentication tac transport input telnet ssh ! ntp source GigabitEthernet0/2.2 ntp update-calendar ntp server 193.125.143.140 ntp server 209.67.219.106 ntp server 89.111.168.177 ntp server 64.202.112.75 ntp server 83.222.4.154 end