Garri писал(а):Ну и хорошо.
Не могли бы снять ещё дамп с gre при данной настройки как в предыдущий раз?
Сниму.
Но обрадовался рано. На ESR-100 добавил второй тунель, на второй HUB. Теперь логи засыпает сообщениями:
2014-02-07T18:46:49+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:49+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:50+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 1, src 10.1.102.1
2014-02-07T18:46:52+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:54+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
2014-02-07T18:46:54+00:00 %OSPF-W-ERR: OSPF 1: Non-HELLO packet received from unknown nbr on gre 2, src 10.1.103.1
При этом OSPF работает, соседи не отваливаются.
И следующая проблема - при настройки Destination NAT нет возможности указать "
from interface gre 1" , вариантов такого интерфейса нет в настройках.
ESR100-Cesovskaya-main(config)# nat destination
ESR100-Cesovskaya-main(config-dnat)# ruleset DNAT
ESR100-Cesovskaya-main(config-dnat-ruleset)# from interface
bridge Specific bridge interface
e1 Specific e1 interface
gigabitethernet Specific gigabitethernet interface
modem Specific modem interface
multilink Specific multilink interface
port-channel Specific port-channel interface
=========================================================================================================
SPOKE:
interface gigabitethernet 1/0/1.854
description "-=TM.Dot1Q.854.QES=-"
ip firewall disable
ip address 10.10.5.56/24
exit
tunnel gre 1
description "#To.ISR4431-R1.Tunnel2#"
remote checksum
key 333333
mtu 1300
multipoint
ip firewall disable
local address 10.10.5.56
ip address 10.1.102.4/24
ip ospf instance 1
ip ospf hello-interval 30
ip ospf dead-interval 120
ip ospf network point-to-multipoint
ip ospf neighbor 10.1.102.1
ip ospf
no ip redirects
ip tcp adjust-mss 1300
ip nhrp authentication encrypted AEE54D35E55B
ip nhrp holding-time 300
ip nhrp map 10.1.102.1 10.10.5.100
ip nhrp nhs 10.1.102.1/24
ip nhrp multicast nhs
ip nhrp enable
enable
exit
tunnel gre 2
description "#To.ISR4431-R2.Tunnel2#"
remote checksum
key 444444
mtu 1360
multipoint
ip firewall disable
local address 10.10.5.56
ip address 10.1.103.4/24
ip ospf instance 1
ip ospf hello-interval 30
ip ospf dead-interval 120
ip ospf network point-to-multipoint
ip ospf neighbor 10.1.103.1
ip ospf
no ip redirects
ip tcp adjust-mss 1300
ip nhrp authentication encrypted AEE64D35E55B
ip nhrp holding-time 300
ip nhrp map 10.1.103.1 10.10.5.102
ip nhrp nhs 10.1.103.1/24
ip nhrp multicast nhs
ip nhrp enable
enable
exit
router ospf 1
router-id 100.100.100.98
area 0.0.0.0
network 10.10.20.0/30
network 10.0.100.8/32
network 10.0.200.4/32
enable
exit
enable
exit
===============================================================
HUB1:
interface GigabitEthernet0/0/1.854
description -= IESV dot1Q.854 TM QES =-
encapsulation dot1Q 854
ip address 10.10.5.100 255.255.255.0
interface Tunnel2
description # TM.Dot1Q.854#
bandwidth 100000
bandwidth inherit
ip address 10.1.102.1 255.255.255.0
no ip redirects
ip mtu 1300
no ip split-horizon eigrp 1
ip nhrp authentication R1.854
ip nhrp network-id 3
ip nhrp holdtime 300
ip tcp adjust-mss 1300
ip ospf network point-to-multipoint
cdp enable
tunnel source GigabitEthernet0/0/1.854
tunnel mode gre multipoint
tunnel key 333333
tunnel checksum
router ospf 1
router-id 100.100.100.100
redistribute eigrp 1 metric-type 1 subnets
redistribute eigrp 65001 metric-type 1 subnets
passive-interface default
no passive-interface GigabitEthernet0/0/1.1931
no passive-interface Tunnel2
network 10.1.102.0 0.0.0.255 area 0
network 192.168.205.16 0.0.0.3 area 0
distribute-list ACL-OSPF-IN in GigabitEthernet0/0/1.1931
===============================================================
HUB2:
interface GigabitEthernet0/0/1.854
description -= IESV dot1Q.854 TM QES =-
encapsulation dot1Q 854
ip address 10.10.5.102 255.255.255.0
interface Tunnel2
description # TM.Dot1Q.854#
bandwidth 100000
bandwidth inherit
ip address 10.1.103.1 255.255.255.0
no ip redirects
ip mtu 1360
no ip split-horizon eigrp 1
ip nhrp authentication R2.854
ip nhrp network-id 4
ip nhrp holdtime 300
ip ospf network point-to-multipoint
cdp enable
tunnel source GigabitEthernet0/0/1.854
tunnel mode gre multipoint
tunnel key 444444
tunnel checksum
router ospf 1
router-id 100.100.100.99
redistribute eigrp 1 metric-type 1 subnets
redistribute eigrp 65001 metric-type 1 subnets
passive-interface default
no passive-interface GigabitEthernet0/0/1.1932
no passive-interface Tunnel2
network 10.1.103.0 0.0.0.255 area 0
network 192.168.205.12 0.0.0.3 area 0
distribute-list ACL-OSPF-IN in GigabitEthernet0/0/1.1932
==================================================================