Задать вопрос
  • Есть ли стабильный IOS для sup2t?

    @rdntw Автор вопроса
    Благодарю :)
  • Есть ли стабильный IOS для sup2t?

    @rdntw Автор вопроса
    пруф плс ))
  • Как побороть в p2p сети?

    @rdntw Автор вопроса
    всё абсолютно одинаково..нашли еще одну странность)
    что с аплинка в каждом влане светится один и тот же мак. при том что на аплинке этот мак не показывается. как будто в разрезе стоит какая-то железка..
  • Как побороть в p2p сети?

    @rdntw Автор вопроса
    просто есть другие пары таких же железок и всё идеально..
    в транзите L2 всё хорошо. проблемы возникают именно при касающемся роутинге этой железки.
  • Два адаптера сети. Ограничение на передачу данных

    @rdntw
    да. вариант такой подходит.
    НО только если у провайдера технология IPoE, а не какая-нибудь L2TP, PPTP, 3Poe.
    тупо запоминаешь настройки которые выдал провайдер и вместо его шлюза пишешь свой. ДНС заменять я думаю необязательно.
  • Падение шлюза заббикса

    @rdntw Автор вопроса
    как-то не очень круто… если у меня уже сотни созданных триггеров, то придется в каждом прописывать зависимости?
  • Написать простой скрипт?

    @rdntw Автор вопроса
    ну да… написал же.
  • Схема для микрорайона?

    @rdntw Автор вопроса
    шейпинг на отдельном серваке подключенным через 65
  • настройка VLAN на Extreme Summit x460

    @rdntw Автор вопроса
    либо тупо сделать порт который будет пропускать все вланы.
  • настройка VLAN на Extreme Summit x460

    @rdntw Автор вопроса
    у длинка похожая схема.
  • Remote-access VPN с сертификатами

    @rdntw Автор вопроса
    на стороне клиента тупее некуда… указал сертификат и IP и коннектишься…
  • Remote-access VPN с сертификатами

    @rdntw Автор вопроса
    debug
    #show crypto isakmp policy

    Global IKE policy

    Protection suite of priority 20

    encryption algorithm: Three key triple DES

    hash algorithm: Secure Hash Standard

    authentication method: Rivest-Shamir-Adleman Signature

    Diffie-Hellman group: #2 (1024 bit)

    lifetime: 86400 seconds, no volume limit
    *May 7 05:55:51: ISAKMP:(0):deleting SA reason «Phase1 SA policy proposal not accepted» state ® MM_NO_STATE (peer 195.128.57.86)

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID is DPD

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 201 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 192 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 174 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

    *May 7 05:55:51: ISAKMP:(0): vendor ID is NAT-T v2

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

    *May 7 05:55:51: ISAKMP:(0): vendor ID is NAT-T v3

    *May 7 05:55:51: ISAKMP (0): FSM action returned error: 2

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1

    *May 7 05:55:51: ISAKMP:(0):deleting SA reason «Phase1 SA policy proposal not accepted» state ® MM_NO_STATE (peer 195.128.57.86)

    *May 7 05:55:51: ISAKMP: Unlocking peer struct 0x4A5C63B0 for isadb_mark_sa_deleted(), count 0

    *May 7 05:55:51: ISAKMP: Deleting peer node by peer_reap for 195.128.57.86: 4A5C63B0

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_DEST_SA

    *May 7 05:55:51: IPSEC(key_engine): got a queue event with 1 KMI message(s)

    *May 7 05:55:51: ISAKMP:(0):deleting SA reason «No reason» state ® MM_NO_STATE (peer 195.128.57.86)

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_DEST_SA New State = IKE_DEST_SA

    *May 7 05:55:51: ISAKMP (0): received packet from 94.159.0.74 dport 500 sport 500 Global (N) NEW SA

    *May 7 05:55:51: ISAKMP: Created a peer struct for 94.159.0.74, peer port 500

    *May 7 05:55:51: ISAKMP: New peer created peer = 0x4A9489EC peer_handle = 0x80005FF6

    *May 7 05:55:51: ISAKMP: Locking peer struct 0x4A9489EC, refcount 1 for crypto_isakmp_process_block

    *May 7 05:55:51: ISAKMP:(0):Setting client config settings 4A5C63B0

    *May 7 05:55:51: ISAKMP:(0):(Re)Setting client xauth list and state

    *May 7 05:55:51: ISAKMP/xauth: initializing AAA request

    *May 7 05:55:51: ISAKMP: local port 500, remote port 500

    *May 7 05:55:51: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 4A683BE4

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_MM1

    *May 7 05:55:51: ISAKMP:(0): processing SA payload. message ID = 0

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID is DPD

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 201 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 192 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 174 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

    *May 7 05:55:51: ISAKMP:(0): vendor ID is NAT-T v2

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

    *May 7 05:55:51: ISAKMP:(0): vendor ID is NAT-T v3

    *May 7 05:55:51: ISAKMP:(0): Authentication by xauth preshared

    *May 7 05:55:51: ISAKMP:(0):Checking ISAKMP transform 0 against priority 20 policy

    *May 7 05:55:51: ISAKMP: encryption 3DES-CBC

    *May 7 05:55:51: ISAKMP: hash SHA

    *May 7 05:55:51: ISAKMP: auth pre-share

    *May 7 05:55:51: ISAKMP: default group 2

    *May 7 05:55:51: ISAKMP: life type in seconds

    *May 7 05:55:51: ISAKMP: life duration (basic) of 28800

    *May 7 05:55:51: ISAKMP:(0):Authentication method offered does not match policy!

    *May 7 05:55:51: ISAKMP:(0):atts are not acceptable. Next payload is 0

    *May 7 05:55:51: ISAKMP:(0):no offers accepted!

    *May 7 05:55:51: ISAKMP:(0): phase 1 SA policy not acceptable! (local 91.221.16.26 remote 94.159.0.74)

    *May 7 05:55:51: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init

    *May 7 05:55:51: ISAKMP:(0): Failed to construct AG informational message.

    *May 7 05:55:51: ISAKMP:(0): sending packet to 94.159.0.74 my_port 500 peer_port 500 ® MM_NO_STATE

    *May 7 05:55:51: ISAKMP:(0):Sending an IKE IPv4 Packet.

    *May 7 05:55:51: ISAKMP:(0):peer does not do paranoid keepalives.

    *May 7 05:55:51: ISAKMP:(0):deleting SA reason «Phase1 SA policy proposal not accepted» state ® MM_NO_STATE (peer 94.159.0.74)

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID is DPD

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 201 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 192 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 174 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

    *May 7 05:55:51: ISAKMP:(0): vendor ID is NAT-T v2

    *May 7 05:55:51: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:51: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

    *May 7 05:55:51: ISAKMP:(0): vendor ID is NAT-T v3

    *May 7 05:55:51: ISAKMP (0): FSM action returned error: 2

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1

    *May 7 05:55:51: ISAKMP:(0):deleting SA reason «Phase1 SA policy proposal not accepted» state ® MM_NO_STATE (peer 94.159.0.74)

    *May 7 05:55:51: ISAKMP: Unlocking peer struct 0x4A9489EC for isadb_mark_sa_deleted(), count 0

    *May 7 05:55:51: ISAKMP: Deleting peer node by peer_reap for 94.159.0.74: 4A9489EC

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_DEST_SA

    *May 7 05:55:51: IPSEC(key_engine): got a queue event with 1 KMI message(s)

    *May 7 05:55:51: ISAKMP:(0):deleting SA reason «No reason» state ® MM_NO_STATE (peer 94.159.0.74)

    *May 7 05:55:51: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR

    *May 7 05:55:51: ISAKMP:(0):Old State = IKE_DEST_SA New State = IKE_DEST_SA

    *May 7 05:55:56: ISAKMP (0): received packet from 95.215.103.14 dport 500 sport 500 Global (N) NEW SA

    *May 7 05:55:56: ISAKMP: Created a peer struct for 95.215.103.14, peer port 500

    *May 7 05:55:56: ISAKMP: New peer created peer = 0x4A5C63B0 peer_handle = 0x8000606B

    *May 7 05:55:56: ISAKMP: Locking peer struct 0x4A5C63B0, refcount 1 for crypto_isakmp_process_block

    *May 7 05:55:56: ISAKMP:(0):Setting client config settings 4A9489EC

    *May 7 05:55:56: ISAKMP:(0):(Re)Setting client xauth list and state

    *May 7 05:55:56: ISAKMP/xauth: initializing AAA request

    *May 7 05:55:56: ISAKMP: local port 500, remote port 500

    *May 7 05:55:56: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 4A43BD6C

    *May 7 05:55:56: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

    *May 7 05:55:56: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_MM1

    *May 7 05:55:56: ISAKMP:(0): processing SA payload. message ID = 0

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID is DPD

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 201 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 192 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 174 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

    *May 7 05:55:56: ISAKMP:(0): vendor ID is NAT-T v2

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

    *May 7 05:55:56: ISAKMP:(0): vendor ID is NAT-T v3

    *May 7 05:55:56: ISAKMP:(0): Authentication by xauth preshared

    *May 7 05:55:56: ISAKMP:(0):Checking ISAKMP transform 0 against priority 20 policy

    *May 7 05:55:56: ISAKMP: encryption 3DES-CBC

    *May 7 05:55:56: ISAKMP: hash SHA

    *May 7 05:55:56: ISAKMP: auth pre-share

    *May 7 05:55:56: ISAKMP: default group 2

    *May 7 05:55:56: ISAKMP: life type in seconds

    *May 7 05:55:56: ISAKMP: life duration (basic) of 28800

    *May 7 05:55:56: ISAKMP:(0):Authentication method offered does not match policy!

    *May 7 05:55:56: ISAKMP:(0):atts are not acceptable. Next payload is 0

    *May 7 05:55:56: ISAKMP:(0):no offers accepted!

    *May 7 05:55:56: ISAKMP:(0): phase 1 SA policy not acceptable! (local 91.221.16.26 remote 95.215.103.14)

    *May 7 05:55:56: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init

    *May 7 05:55:56: ISAKMP:(0): Failed to construct AG informational message.

    *May 7 05:55:56: ISAKMP:(0): sending packet to 95.215.103.14 my_port 500 peer_port 500 ® MM_NO_STATE

    *May 7 05:55:56: ISAKMP:(0):Sending an IKE IPv4 Packet.

    *May 7 05:55:56: ISAKMP:(0):peer does not do paranoid keepalives.

    *May 7 05:55:56: ISAKMP:(0):deleting SA reason «Phase1 SA policy proposal not accepted» state ® MM_NO_STATE (peer 95.215.103.14)

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID is DPD

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 201 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 192 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 174 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 221 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 164 mismatch

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch

    *May 7 05:55:56: ISAKMP:(0): vendor ID is NAT-T v2

    *May 7 05:55:56: ISAKMP:(0): processing vendor id payload

    *May 7 05:55:56: ISAKMP:(0): vendor ID seems Unity/DPD but major 157 mismatch

    *May 7 05:55:56: ISAKMP:(0): vendor ID is NAT-T v3

    *May 7 05:55:56: ISAKMP (0): FSM action returned error: 2

    *May 7 05:55:56: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

    *May 7 05:55:56: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1

    *May 7 05:55:56: ISAKMP:(0):deleting SA reason «Phase1 SA policy proposal not accepted» state ® MM_NO_STATE (peer 95.215.103.14)

    *May 7 05:55:56: ISAKMP: Unlocking peer struct 0x4A5C63B0 for isadb_mark_sa_deleted(), count 0

    *May 7 05:55:56: ISAKMP: Deleting peer node by peer_reap for 95.215.103.14: 4A5C63B0

    *May 7 05:55:56: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
  • Remote-access VPN с сертификатами

    @rdntw Автор вопроса
    cisco VPN client с прикрученным сертификатом.
  • Какой ВУЗ выбрать?

    @rdntw Автор вопроса
    моих специальностей там нет…
  • Ipoe в сетях PON — существуют реализации?

    @rdntw
    1) некорректно отрабатывала 82 опция.
    2) когда клиенту нужен белый IP, то ONT должна работать в режиме бриджа, так вот в этом режиме она работала не всегда стабильно с теми профилями которые по дефолту. коллегам из Новосибирска приходилось писать новые.
  • QinQ на 2970 как?

    @rdntw Автор вопроса
    на физическом не хотелось бы, тк нарезано много сабов… могут быть последствия