تكوين تكرار IPSec عبر ISDN باستخدام مراقبة المتصل
المحتويات
المقدمة
يزود هذا وثيقة عينة تشكيل كيف أن يشفر حركة مرور من الشبكة خلف مسحاج تخديد 1 إلى الشبكة خلف مسحاج تخديد 2 (ال loopback 0s استعملت كشبكات في هذا مثال). إذا تعطل الارتباط الأساسي (Ethernet) بين الموجه 1 والموجه 2، تستمر حركة مرور أمان IP (IPSec) في التدفق من خلال الارتباط الثانوي (ISDN). هناك عدة طرق لتحقيق هذا الهدف، يمكنك إستخدام مراقبة المتصل وواجهة النسخ الاحتياطي ودائرة الطلب والثابت العائم. يوضح هذا التكوين نموذج آلية مراقبة المتصل. لمزيد من المعلومات حول الميزات الأخرى، ارجع إلى تقييم واجهات النسخ الاحتياطي والمسارات الثابتة العائمة وساعة المتصل لإجراء نسخ إحتياطي ل DDR.
المتطلبات الأساسية
المتطلبات
لا توجد متطلبات خاصة لهذا المستند.
المكونات المستخدمة
تستند المعلومات الواردة في هذا المستند إلى إصدارات البرامج والمكونات المادية التالية:
-
الموجهات Cisco 2621 و 3640
-
برنامج IOS® الإصدار 12.3(3) من Cisco
تم إنشاء المعلومات المُقدمة في هذا المستند من الأجهزة الموجودة في بيئة معملية خاصة. بدأت جميع الأجهزة المُستخدمة في هذا المستند بتكوين ممسوح (افتراضي). إذا كانت شبكتك مباشرة، فتأكد من فهمك للتأثير المحتمل لأي أمر.
الاصطلاحات
للحصول على مزيد من المعلومات حول اصطلاحات المستندات، ارجع إلى اصطلاحات تلميحات Cisco التقنية.
التكوين
في هذا القسم، تُقدّم لك معلومات تكوين الميزات الموضحة في هذا المستند.
ملاحظة: للعثور على معلومات إضافية حول الأوامر المستخدمة في هذا المستند، أستخدم أداة بحث الأوامر (للعملاء المسجلين فقط).
الرسم التخطيطي للشبكة
يستخدم هذا المستند إعداد الشبكة الموضح في الرسم التخطيطي هنا:
التكوينات
يستخدم هذا المستند التكوينات الموضحة هنا:
| الموجه 1 (2621) |
|---|
r1#show running-config Building configuration... Current configuration : 2244 bytes ! version 12.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r1 ! boot-start-marker boot-end-marker ! ! username r2 password 0 cisco !--- This is the username for remote router (Router 2) !--- and shared secret. Shared secret (used for Challenge Handshake !--- Authentication Protocol [CHAP]) must be the same on both sides. no aaa new-model ip subnet-zero ip tcp synwait-time 5 ! ! no ip domain lookup ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key cisco address 222.222.222.222 ! ! crypto ipsec transform-set abc esp-des esp-md5-hmac ! crypto map cisco local-address Loopback1 crypto map cisco 10 ipsec-isakmp set peer 222.222.222.222 !--- Peer address, Loopback 1 of Router 2 set transform-set abc match address 101 !--- Networks to encrypt (Loopback 0 on both ends) ! isdn switch-type basic-ts013 ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! ! ! ! ! interface Loopback0 !--- Network to encrypt ip address 11.11.11.11 255.255.255.0 ! interface Loopback1 !--- Used for peer address for IPSec ip address 111.111.111.111 255.255.255.0 ! interface FastEthernet0/0 !--- Primary link ip address 10.1.1.1 255.255.255.0 no ip route-cache !--- Enable process switching no ip mroute-cache duplex auto speed auto crypto map cisco !--- Apply crypto map on primary interface ! interface BRI0/0 no ip address encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 isdn switch-type basic-ts013 no cdp enable ! interface Dialer1 !--- Backup link ip address 20.1.1.1 255.255.255.0 encapsulation ppp no ip route-cache !--- Enable process switching ip ospf cost 9999 !--- Increase the cost so that when primary comes up again, !--- Open Shortest Path First (OSPF) routes are !--- preferred using the primary link (due to better cost). no ip mroute-cache dialer idle-timeout 180 dialer pool 1 dialer string 94134028 dialer watch-group 1 !--- Enable dialer watch on this backup interface. !--- Watch the route specified with the dialer watch-list 1 command. dialer-group 1 !--- Apply interesting traffic defined in dialer list 1. no peer neighbor-route ppp authentication chap crypto map cisco !--- Apply crypto map on backup interface. ! router ospf 1 !--- OSPF advertising Loopback 0, Loopback 1, !--- primary, and secondary links. log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 11.11.11.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 network 111.111.111.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ip classless ! ! access-list 101 permit ip host 11.11.11.11 host 22.22.22.22 !--- Access control list (ACL) 101 is the !--- IPSec traffic used in match address. access-list 110 deny ip any any !--- ACL 110 is for the dialer list to mark !--- all IP traffic uninteresting. The dialer watch will !--- trigger the ISDN backup when the route is lost. dialer watch-list 1 ip 222.222.222.222 255.255.255.255 !--- This defines the route(s) to be watched. !--- This exact route (including subnet mask) !--- must exist in the routing table. !--- Use the dialer watch-group 1 command to apply this !--- list to the backup interface. dialer watch-list 1 delay route-check initial 10 dialer-list 1 protocol ip list 110 !--- Interesting traffic is defined by ACL 110. !--- This is applied to Dialer1 using dialer group 1. ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous escape-character 27 line aux 0 line vty 0 4 login ! end |
| الموجه 2 (3640) |
|---|
r2#show running-config Building configuration... Current configuration : 2311 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r2 ! boot-start-marker boot-end-marker ! username r1 password 0 cisco !--- This is the username for remote router (Router 1) !--- and shared secret. Shared secret (used for CHAP) !--- must be the same on both sides. no aaa new-model ip subnet-zero ip tcp synwait-time 5 ! ! no ip domain lookup ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key cisco address 111.111.111.111 ! ! crypto ipsec transform-set abc esp-des esp-md5-hmac ! ! crypto map cisco local-address Loopback1 crypto map cisco 10 ipsec-isakmp set peer 111.111.111.111 !--- Peer address, Loopback 1 of Router 1 set transform-set abc match address 101 !--- Networks to encrypt (Loopback 0 on both ends) ! isdn switch-type basic-ts013 ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 !--- Network to encrypt ! interface Loopback1 ip address 222.222.222.222 255.255.255.0 !--- Used for peer address for IPSec. ! interface BRI0/0 no ip address encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 isdn switch-type basic-ts013 ! interface Ethernet0/0 !--- Primary link ip address 10.1.1.2 255.255.255.0 no ip route-cache !--- Enable process switching. no ip mroute-cache half-duplex crypto map cisco !--- Apply crypto map on primary interface. ! interface Dialer1 ip address 20.1.1.2 255.255.255.0 encapsulation ppp no ip route-cache ip ospf cost 9999 no ip mroute-cache dialer pool 1 dialer idle-timeout 600 dialer remote-name r1 !--- Dialer for the BRI interface of the remote router !--- without a dial string. dialer-group 1 !--- Apply interesting traffic defined in dialer list 1. ppp authentication chap crypto map cisco !--- Apply crypto map on backup interface. ! router ospf 1 log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 network 22.22.22.0 0.0.0.255 area 0 network 222.222.222.0 0.0.0.255 area 0 ! no ip http server no ip http secure-server ip classless ! ! access-list 101 permit ip host 22.22.22.22 host 11.11.11.11 access-list 110 deny ospf any any !--- Mark OSPF as uninteresting. !--- This will not allow OSPF hellos !--- to try to bring the link up. access-list 110 permit ip any any dialer-list 1 protocol ip list 110 !--- Interesting traffic is defined by ACL 110. !--- This is applied to Dialer1 using dialer group 1. ! line con 0 exec-timeout 0 0 logging synchronous escape-character 27 line aux 0 line vty 0 4 login ! end |
التحقق من الصحة
يوفر هذا القسم معلومات يمكنك إستخدامها للتأكد مما إذا كان التكوين لديك يعمل بشكل صحيح.
نموذج لمخرجات الأمر
يتم دعم بعض أوامر العرض بواسطة أداة مترجم الإخراج (العملاء المسجلون فقط)، والتي تتيح لك عرض تحليل إخراج أمر العرض.
-
جدول التوجيه للموجه 1 (2621)—يتم رفع الارتباط الأساسي
r1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set 222.222.222.0/32 is subnetted, 1 subnets O 222.222.222.222 [110/2] via 10.1.1.2, 00:00:25, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, Dialer1 22.0.0.0/32 is subnetted, 1 subnets O 22.22.22.22 [110/2] via 10.1.1.2, 00:00:25, FastEthernet0/0 111.0.0.0/24 is subnetted, 1 subnets C 111.111.111.0 is directly connected, Loopback1 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, FastEthernet0/0 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback0 -
جدول التوجيه للموجه 2 (3640)—يتم رفع الارتباط الأساسي
r2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set. C 222.222.222.0/24 is directly connected, Loopback1 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, Dialer1 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 111.0.0.0/32 is subnetted, 1 subnets O 111.111.111.111 [110/11] via 10.1.1.1, 00:06:22, Ethernet0/0 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Ethernet0/0 11.0.0.0/32 is subnetted, 1 subnets O 11.11.11.11 [110/11] via 10.1.1.1, 00:06:23, Ethernet0/0 -
منفذ OSPF المجاور للموجه 1 (2621)—إرتباط أساسي مع
r1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 222.222.222.222 1 FULL/DR 00:00:33 10.1.1.2 FastEthernet0/0
-
منفذ OSPF المجاور للموجه 2 (3640)—إرتباط أساسي مع
r2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 111.111.111.111 1 FULL/BDR 00:00:31 10.1.1.1 Ethernet0/0
-
جدول التوجيه للموجه 1 (2621) - تم إيقاف الارتباط الأساسي
r1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set. 222.222.222.0/32 is subnetted, 1 subnets O 222.222.222.222 [110/10000] via 20.1.1.2, 00:00:09, Dialer1 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, BRI0/0 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, Dialer1 22.0.0.0/32 is subnetted, 1 subnets O 22.22.22.22 [110/10000] via 20.1.1.2, 00:00:09, Dialer1 111.0.0.0/24 is subnetted, 1 subnets C 111.111.111.0 is directly connected, Loopback1 10.0.0.0/24 is subnetted, 1 subnets O 10.1.1.0 [110/10009] via 20.1.1.2, 00:00:09, Dialer1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback0 -
جدول التوجيه للموجه 2 (3640) - تم إيقاف الارتباط الأساسي
r2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set. C 222.222.222.0/24 is directly connected, Loopback1 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 20.1.1.0/24 is directly connected, Dialer1 C 20.1.1.1/32 is directly connected, Dialer1 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 111.0.0.0/32 is subnetted, 1 subnets O 111.111.111.111 [110/10000] via 20.1.1.1, 00:00:07, Dialer1 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Ethernet0/0 11.0.0.0/32 is subnetted, 1 subnets O 11.11.11.11 [110/10000] via 20.1.1.1, 00:00:08, Dialer1 -
مجاور OSPF للموجه 1 (2621)—تم إيقاف الارتباط الأساسي
r1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 222.222.222.222 0 FULL/ - 00:00:32 20.1.1.2 Dialer1
-
مجاور OSPF للموجه 2 (3640)—تم إيقاف الارتباط الرئيسي
r2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 111.111.111.111 0 FULL/ - 00:00:31 20.1.1.1 Dialer1
يعرض كل من متصل تصحيح الأخطاء والعديد من مخرجات الأمر show المعروضة هنا الارتباط الأساسي كمعطل، وتعرف مراقبة المتصل على المسار المفقود. بعد ذلك يقوم الموجه بتهيئة إرتباط النسخ الاحتياطي وتجميع OSPF من خلال الارتباط الثانوي. في كل مرة تنتهي فيها مهلة الخمول، يتحقق الموجه من تعطل الارتباط الأساسي. إذا تم العثور على الارتباط الأساسي قيد التشغيل، تقوم خدمة مراقبة المتصل بقطع إرتباط النسخ الاحتياطي بعد انتهاء صلاحية مؤقت تعطيل المكالمة وتراجع OSPF عن طريق الارتباط الأساسي كالمعتاد.
هذه هي مخرجات الأمر debug وshow للموجه الأول (2621)، عند انخفاض الارتباط الأساسي وترقيته مرة أخرى.
r1#show debug
Dial on demand:
Dial on demand events debugging is on
r1#
03:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to down
!--- Primary link was brought down manually when you disable the switch ports.
03:00:21: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/0
from FULL to DOWN, Neighbor Down: Interface down or detached
!--- Primary link goes down. !--- OSPF loses neighbor adjacency.
r1#
!--- Dialer watch kicks in.
03:00:21: DDR: Dialer Watch: watch-group = 1
03:00:21: DDR: network 222.222.222.222/255.255.255.255 DOWN,
03:00:21: DDR: primary DOWN
03:00:21: DDR: Dialer Watch: Dial Reason: Primary of group 1 DOWN
03:00:21: DDR: Dialer Watch: watch-group = 1,
03:00:21: BR0/0 DDR: rotor dialout [best]
least recent failure is also most recent failure
03:00:21: BR0/0 DDR: rotor dialout [best] also has most recent failure
03:00:21: BR0/0 DDR: rotor dialout [best]
03:00:21: DDR: dialing secondary by dialer string 94134028 on Di1
03:00:21: BR0/0 DDR: Attempting to dial 94134028
03:00:21: DDR: Dialer Watch: watch-group = 1
r1#
03:00:21: DDR: network 222.222.222.222/255.255.255.255 DOWN,
03:00:21: DDR: primary DOWN
03:00:21: DDR: Dialer Watch: Dial Reason: Secondary of group 1 AVAILABLE
03:00:21: DDR: Dialer Watch: watch-group = 1,
03:00:21: DDR: Dialer Watch: watch-group = 1
03:00:21: DDR: network 222.222.222.222/255.255.255.255 DOWN,
03:00:21: DDR: primary DOWN
03:00:21: DDR: Dialer Watch: Dial Reason: Secondary of group 1 AVAILABLE
03:00:21: DDR: Dialer Watch: watch-group = 1,
03:00:21: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 82 changed to up
03:00:94489280514: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up
03:00:94489280516: BR0/0:1 DDR: Dialer Watch: resetting call in progress
03:00:94489280512: BR0/0:1: interface must be fifo queue, force fifo
03:00:94489280512: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1
r1#
03:00:22: BR0/0:1 DDR: Remote name for r2
03:00:22: BR0/0:1 DDR: dialer protocol up
03:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,
changed state to up
r1#
03:00:28: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 94134028 r2
!--- Backup link is now connected to Router 2.
r1#
03:00:31: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on Dialer1
from LOADING to FULL, Loading Done
!--- OSPF converges over the backup link.
r1#
r1#show dialer
BRI0/0 - dialer type = ISDN
Dial String Successes Failures Last DNIS Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
!--- Dial reason is the lost route.
Interface bound to profile Di1
Time until disconnect 154 secs
!--- Idle timeout is ticking.
Current call connected 00:00:25
Connected to 94134028 (r2)
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
Dial String Successes Failures Last DNIS Last status
94134028 45 24 00:00:27 successful Default
r1#show isdn active
-----------------------------------------------------------------------------
ISDN ACTIVE CALLS
-----------------------------------------------------------------------------
Call Calling Called Remote Seconds Seconds Seconds Charges
Type Number Number Name Used Left Idle Units/Currency
-----------------------------------------------------------------------------
Out ---N/A--- 94134028 r2 37 142 37 0
-----------------------------------------------------------------------------
r1#show dialer
BRI0/0 - dialer type = ISDN
Dial String Successes Failures Last DNIS Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
Interface bound to profile Di1
Time until disconnect 47 secs
!--- Idle timeout is ticking.
Current call connected 00:02:12
Connected to 94134028 (r2)
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
Dial String Successes Failures Last DNIS Last status
94134028 45 24 00:02:14 successful Default
r1#show dialer
BRI0/0 - dialer type = ISDN
Dial String Successes Failures Last DNIS Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
Interface bound to profile Di1
Time until disconnect 0 secs
!--- Idle timeout is ticking.
Current call connected 00:02:59
Connected to 94134028 (r2)
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
Dial String Successes Failures Last DNIS Last status
94134028 45 24 00:03:05 successful Default
r1#
03:03:22: BR0/0:1 DDR: idle timeout
!--- Idle timed out. !--- Dialer watch checks lost routes !--- again and reset the idle time since primary is not up yet.
03:03:22: DDR: Dialer Watch: watch-group = 1
03:03:22: DDR: network 222.222.222.222/255.255.255.255 UP,
03:03:22: DDR: primary DOWN
!--- Primary link is still down.
r1#
r1#show dialer
BRI0/0 - dialer type = ISDN
Dial String Successes Failures Last DNIS Last status
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0/0:1 - dialer type = ISDN
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: Dialing on watched route loss
Interface bound to profile Di1
Time until disconnect 154 secs
!--- Idle timeout was reset by dialer watch.
Current call connected 00:03:25
Connected to 94134028 (r2)
BRI0/0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
Di1 - dialer type = DIALER PROFILE
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Number of active calls = 1
Dial String Successes Failures Last DNIS Last status
94134028 45 24 00:03:28 successful Default
r1#
03:04:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
!--- Primary link was brought up manually when the switch ports are enabled.
r1#
r1#
03:05:50: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/0
from LOADING to FULL, Loading Done
r1#
r1#show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
222.222.222.222 0 FULL/ - 00:00:02 20.1.1.2 Dialer1
!--- OSPF over secondary link is still up because !--- the call is not terminated yet, waiting for idle timeout.
222.222.222.222 1 FULL/DR 00:00:38 10.1.1.2 FastEthernet0/0
!--- OSPF is now starts to converge over primary link.
r1#
r1#show ip route 222.222.222.222
!--- The watched route is now learned through the primary link. !--- Check the cost.
Routing entry for 222.222.222.222/32
Known via "ospf 1", distance 110, metric 2, type intra area
Last update from 10.1.1.2 on FastEthernet0/0, 00:00:16 ago
Routing Descriptor Blocks:
* 10.1.1.2, from 222.222.222.222, 00:00:16 ago, via FastEthernet0/0
Route metric is 2, traffic share count is
r1#
03:06:22: BR0/0:1 DDR: idle timeout
!--- Idle timed out. !--- Dialer watch checks lost routes. Since primary is up, !--- it tears down the call.
03:06:22: DDR: Dialer Watch: watch-group = 1
03:06:22: DDR: network 222.222.222.222/255.255.255.255 UP,
03:06:22: DDR: primary UP
03:06:22: BR0/0:1 DDR: disconnecting call
03:06:22: BR0/0:1 DDR: Dialer Watch: resetting call in progress
03:06:22: DDR: Dialer Watch: watch-group = 1
03:06:22: DDR: network 222.222.222.222/255.255.255.255 UP,
03:06:22: DDR: primary UP
03:06:22: %ISDN-6-DISCONNECT: Interface BRI0/0:1
disconnected from 94134028 r2,
call lasted 360 seconds
03:06:96677768412: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
03:06:94489281195: BR0/0 DDR: has total 0 call(s), dial_out 0, dial_in 0
r1#
03:06:94489280544: %DIALER-6-UNBIND: Interface BR0/0:1
unbound from profile Di1
03:06:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,
changed state to down
r1#
03:06:37: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0/0,
TEI 82 changed to down
r1#
03:07:01: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on Dialer1
from FULL to DOWN, Neighbor Down: Dead timer expired
!--- OSPF neighbor is down because the secondary link is down. !--- Dead timer has expired.
r1#
r1#show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
222.222.222.222 1 FULL/DR 00:00:38 10.1.1.2 FastEthernet0/0
!--- OSPF neighbor is through the primary link only.
r1#u all
All possible debugging has been turned off
r1#
استكشاف الأخطاء وإصلاحها
يوفر هذا القسم معلومات يمكنك استخدامها لاستكشاف أخطاء التكوين وإصلاحها. أحلت لمعلومة على يتحرى عام إصدار مع ISDN طبقة 1، 2، و 3، يستعمل العرض isdn وضع أمر ل BRI يتحرى.
أوامر استكشاف الأخطاء وإصلاحها
يتم دعم بعض أوامر العرض بواسطة أداة مترجم الإخراج (العملاء المسجلون فقط)، والتي تتيح لك عرض تحليل إخراج أمر العرض.
ملاحظة: قبل إصدار أوامر debug، راجع المعلومات المهمة في أوامر تصحيح الأخطاء.
يمكن تشغيل أوامر تصحيح الأخطاء هذه على كل من نظاري IPSec.
-
debug crypto isakmp—يعرض الأخطاء أثناء المرحلة 1.
-
debug crypto ipSec—يعرض الأخطاء أثناء المرحلة 2.
-
debug crypto engine—يعرض معلومات من محرك التشفير.
يمكن تشغيل أوامر العرض هذه على كل من نظاري IPSec.
-
show crypto isakmp sa— يعرض جميع اقترانات أمان تبادل مفتاح الإنترنت (IKE) الحالية (SAs) في نظير.
-
show crypto ipSec— يعرض الإعدادات المستخدمة من قبل موجهات الخدمات (SAs) الحالية [IPSec].
-
show crypto engine connections active—يعرض الاتصالات والمعلومات الحالية المتعلقة بالحزم المشفرة وغير المشفرة.
يمكن إستخدام هذه الأوامر clear لمسح معرفات فئات الخدمة (SAs).
-
مسح التشفير isakmp—يعمل على مسح اقترانات أمان المرحلة الأولى.
-
مسح التشفير sa—يمحو المرحلة الثانية من اقترانات الأمان.
معلومات ذات صلة
- صفحة دعم IPSec
- تهيئة النسخ الاحتياطي ل DDR واستكشاف أخطائه وإصلاحها
- تقييم واجهات النسخ الاحتياطي والمسارات الثابتة العائمة ومراقبة المتصل للنسخ الاحتياطي الخاص بتوجيه الاتصال عند الطلب (DDR)
- تكوين النسخ الاحتياطي للطلب باستخدام مراقبة المتصل
- إستخدام الأمر show isdn status لاستكشاف أخطاء BRI وإصلاحها
- الدعم الفني - Cisco Systems
محفوظات المراجعة
| المراجعة | تاريخ النشر | التعليقات |
|---|---|---|
1.0 |
14-Jan-2008 |
الإصدار الأولي |
التعليقات