来源:蜘蛛抓取(WebSpider)
时间:2015-09-21 07:54
标签:
思科交换机 up down
您所在的位置: &
Cisco 6509交换机双引擎热备配置
Cisco 6509交换机双引擎热备配置
Cisco 6509交换机双引擎热备配置手册。
&&& 6509双引擎热备 router-15#sh runBuilding configuration...Current configuration:!version 12.1service timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname router-15!boot system flash bootflash:c6msfc2-isv-mz.121-3a.E4enable secret 5 $1$3QV6$q6vJvcpLFS3Ayzz.cAUWl.enable password 7 032C7E2C392C087F6D26!ip subnet-zeroip cef distributed!redundancyhigh-availabilityconfig-sync!!!interface ATM7/0/0no ip addressatm sonet stm-1no atm ilmi-keepalive!interface ATM7/0/0.10 point-to-pointdescription connect to xxx centermtu 1514ip address 10.x.x.x 255.255.255.252ip access-group 150 inip access-group 150 outatm pvc 2 0 119 aal5snap!interface ATM7/0/0.100 point-to-pointdescription connect to xxxmtu 1514ip address 10.x.x.x 255.255.255.252ip access-group 150 inip ospf cost 65atm pvc 10 0 109 aal5snap!interface Vlan1ip address 10.166.192.10 255.255.255.0 alt ip address 10.166.192.9 255.255.255.0no ip redirectsstandby 1 timers 5 15standby 1 priority 120 preempt alt standby 1 priority 120 preemptstandby 1 authentication ciscostandby 1 ip 10.166.192.8 alt standby 1 ip 10.166.192.8!interface Vlan2ip address 10.166.193.10 255.255.255.0 alt ip address 10.166.193.9 255.255.255.0no ip redirectsstandby 2 timers 5 15standby 2 priority 120 preempt alt standby 2 priority 120 preemptstandby 2 authentication ciscostandby 2 ip 10.166.193.8 alt standby 2 ip 10.166.193.8!interface Vlan3no ip addressshutdown!interface Vlan4ip address 10.166.196.10 255.255.255.0 alt ip address 10.166.196.9 255.255.255.0no ip redirectsstandby 4 timers 5 15standby 4 priority 120 preempt alt standby 4 priority 120 preemptstandby 4 authentication ciscostandby 4 ip 10.166.196.8 alt standby 4 ip 10.166.196.8!interface Vlan7ip address 10.166.194.10 255.255.255.0 alt ip address 10.166.194.9 255.255.255.0no ip redirectsstandby 7 timers 5 15standby 7 priority 120 preempt alt standby 7 priority 120 preemptstandby 7 authentication ciscostandby 7 ip 10.166.194.8 alt standby 7 ip 10.166.194.8!interface Vlan11ip address 10.166.198.10 255.255.255.0 alt ip address 10.166.198.9 255.255.255.0no ip redirectsstandby 11 timers 5 15standby 11 priority 120 preempt alt standby 11 priority 120 preemptstandby 11 au thentication ciscostandby 11 ip 10.166.198.8 alt standby 11 ip 10.166.198.8!interface Vlan14no ip addressshutdown!interface Vlan21ip address 10.166.201.10 255.255.255.0 alt ip address 10.166.201.9 255.255.255.0no ip redirectsstandby 21 timers 5 15standby 21 priority 120 preempt alt standby 21 priority 120 preemptstandby 21 authentication ciscostandby 21 ip 10.166.201.8 alt standby 21 ip 10.166.201.8!interface Vlan31ip address 10.166.202.10 255.255.255.0 alt ip address 10.166.202.9 255.255.255.0no ip redirectsstandby 31 timers 5 15standby 31 priority 120 preempt alt standby 31 priority 120 preemptstandby 31 authentication ciscostandby 31 ip 10.166.202.8 alt standby 31 ip 10.166.202.8!interface Vlan78no ip addressshutdown!router ospf 100log-adjacency-changesarea 19 range 10.166.192.0 255.255.240.0network 10.166.192.0 0.0.15.255 area 19network 10.166.254.0 0.0.0.127 area 0network 10.166.255.0 0.0.0.127 area 0!no ip classlessip route 0.0.0.0 0.0.0.0 10.166.255.33ip route 10.0.0.0 255.0.0.0 10.166.192.50 220ip route 10.166.206.0 255.255.255.0 10.166.192.40ip route 193.1.1.0 255.255.255.0 10.166.192.39no ip http server!!map-list atmip 10.166.254.1 atm-vc 1access-list 1 permit anyaccess-list 150 permit ospf any anyaccess-list 150 permit tcp any any eq wwwaccess-list 150 permit tcp any any eq 81access-list 150 permit tcp any any eq 8080access-list 150 permit tcp any any eq 8888access-list 150 permit udp any any eq 8888access-list 150 permit tcp any any eq ftp-dataaccess-list 150 permit tcp any any eq ftpaccess-list 150 permit tcp any any eq telnetaccess-list 150 permit tcp any any eq domainaccess-list 150 permit tcp any any eq pop3access-list 150 permit tcp any any eq smtpaccess-list 150 permit tcp any any eq 1521access-list 150 permit tcp any any eq 5000access-list 150 permit tcp any any eq 5678access-list 150 permit tcp any any eq 143access-list 150 permit udp any any eq 38293access-list 150 permit udp any any eq 2967access-list 150 permit udp any any eq domainaccess-list 150 permit tcp any any eq 1503access-list 150 permit tcp any any eq 1720access-list 150 permit tcp any any gt 1023 establishedaccess-list 150 permit icmp any 10.166.254.0 0.0.0.255 echo-replyaccess-list 150 permit tcp any any eq 60000access-list 150 permit tcp any host 10.166.1.56access-list 150 permit tcp any host 10.166.1.55!line con 0password 7 070C285F4D06logintransport input nonelinevty 0 4password 7 login!
关于&&&&的更多文章
Ubuntu是一个以桌面应用为主的Linux操作系统,其名称来自非洲南
网友评论TOP5
锐捷Newton18000核心交换机具备支持170,000个终端的超强接入能力。
流量监测系统实时监控NetFlow和IPFIX数据,用以洞察网
思科董事会主席兼首席执行官约翰?钱伯斯先生周三将在
【导读】电信封堵ADSL宽带共享已经不是新闻了,但经51
全书分为基础篇、高级篇和应用篇3个部分,共18章,有重点、分层次地讲解SQL Server 2005的基础知识、高级使用技巧和项目应用方法
51CTO旗下网站cisco 的问题_百度知道
cisco 的问题
ws-sup720-3b的引擎放在6509-e是好的,放在6504就进不了ios是什么问题???? ios版本号s72033-adventerprisek9
提问者采纳
你应该回原厂官网查的= =你的6504,并不支持我帮你查了...原厂有公告ws-sup720-3b仅兼容於这几种机箱• Cisco -E, 6404-E, -E, -E, 6509-NEB, 6509-NEB-A, 6513• Cisco , OSR-, 7613
提问者评价
其他类似问题
为您推荐:
您可能关注的推广回答者:
cisco的相关知识
其他2条回答
进不了就是不支持呗
720是不支持非-E的机框的。
这个和我灌ios 没什么区别的吧
等待您来回答
下载知道APP
随时随地咨询
出门在外也不愁后使用快捷导航没有帐号?
只需一步,快速开始
查看: 684|回复: 0
金币22 金收听数性别保密居住地广东 深圳听众数买家信用卖家信用相册帖子日志记录好友主题分享最后登录注册时间积分22精华0UID
布衣平民[1级], 积分 22, 距离下一级还需 278 积分
当前用户组为 布衣平民[1级]当前积分为 22, 升到下一级还需要 278 点。
参加活动: 0
组织活动: 0
居住地广东 深圳性别保密精华0积分22听众数好友
思科 WS-SUP720-3B 引擎报错&&出售全新思科 二手备件 租赁 维修 维保业务。
深圳长宇网络有限公司
公司电话: 6&&转郑先生
联系人:& &郑先生
手机:& && && & & &
商务QQ:& &
公司地址: 深圳福田区第一世界广场A座8F
专业二手思科CISCO网络设备专卖
CISCO 模块和各系列引擎
一、思科(Cisco)路由器
Cisco Router 1721 (16M FLASH 64M MEM)
Cisco Router 1751 (16M FLASH 64M MEM)
Cisco Router 1841 (32fM FLASH 128M MEM)
Cisco Router 2501 (16M FLASH 16M MEM)
Cisco Router 2503 (16M FLASH 16M MEM)
Cisco Router 2509 (16M FLASH 16M MEM)
Cisco Router 2511 (16M FLASH 16M MEM)
Cisco Router 2514 (16M FLASH 64M MEM)
Cisco Router 2610 (16M FLASH 64M MEM)
Cisco Router 2611 (16M FLASH 64M MEM)
Cisco Router 2620 (16M FLASH 64M MEM)
Cisco Router 2621 (16M FLASH 64M MEM)
Cisco Router 2611XM (32M FLASH 128M MEM)
Cisco Router 2621XM (32M FLASH 128M MEM)
Cisco Router 2651XM (32M FLASH 128M MEM)
Cisco Router 2801 (64M FLASH 256M MEM)
Cisco Router 2811 (64M FLASH 256M MEM)
Cisco Router 2821 (64M FLASH 256M MEM)
Cisco Router 2851 (64M FLASH 256M MEM)
Cisco Router 3620 (32M FLASH 64M MEM)
Cisco Router 3640 (32M FLASH 128M MEM)
Cisco Router 3661 (32M FLASH 64M MEM)
Cisco Router 3662 (32M FLASH 64M MEM)
Cisco Router 3725&&(标配)
Cisco Router 3745&&(标配)
Cisco Router 3825&&(标配)
Cisco Router 3845&&(标配)
Cisco Router 7204 (标配)
Cisco Router 7206 (标配)
Cisco Router 7204VXR (标配)
Cisco Router 7206VXR (标配)
二、思科(Cisco)交换机
Cisco WS-C2924-XL-EN (24*100M)
Cisco WS-C2948G& && &(48*100M+2GBIC)
Cisco WS-C29248G-L3&&(48*100M+2GBIC带三层交换)
Cisco WS-C2940-8TF-S (8*10/100M+1*100BASE-FX)
Cisco WS-C2940-8TF-S
Cisco WS-C*10/100)
Cisco WS-C*10/100)
Cisco WS-C2950SX-24 (24*10/100+2*1000BASE-SX)
Cisco WS-C2950SX-48 (48*10/100+2*1000BASE-SX)
Cisco WS-C*10/100+2*10/100/1000BASE-T)
Cisco WS-C*10/100+2*10/100/1000BASE-T)
Cisco WS-C (12*10/100+2GBIC)
Cisco WS-C (24*10/100+2GBIC)
Cisco WS-C (48*10/100+2GBIC)
Cisco WS-C2970G-24T-E (24*10/100/1000T)
Cisco WS-C2970G-24TS-E (24*10/100/1000T+4SFP)
Cisco WS-C3524-XL-EN& &(24*100M+2GBIC)
Cisco WS-C3548-XL-EN& &(48*100M+2GBIC)
Cisco WS-C3550-12G& &(10GBIC+2*10/100/1000BASE-T)
Cisco WS-C3550-12T& &(2GBIC+10*10/100/1000BASE-T)
Cisco WS-C3550-24-SMI&&(24*10/100M+2GBIC)
Cisco WS-C3550-24-EMI&&(24*10/100M+2GBIC)
Cisco WS-C3550-48-SMI&&(48*10/100M+2GBIC)
Cisco WS-C3550-24-EMI&&(24*10/100M+2GBIC)
Cisco WS-C3560-24TS-S&&(24*10/100M+2SFP)
Cisco WS-C3560-24TS-E&&(24*10/100M+2SFP)
Cisco WS-C3560-48TS-S&&(48*10/100M+4SFP)
Cisco WS-C3560-48TS-E&&(48*10/100M+4SFP)
Cisco WS-C3560G-24TS-S (24*10/100/1000T + 4SFP)
Cisco WS-C3560G-24TS-E (24*10/100/1000T + 4SFP)
Cisco WS-C3560G-48TS-S (48*10/100/1000T + 4SFP)
Cisco WS-C3560G-48TS-E (24*10/100/1000T + 4SFP)&&
Cisco WS-C3560-24PS-S (24*10/100带POE+ 2SFP)
Cisco WS-C3560-24PS-E (24*10/100带POE+ 2SFP)
Cisco WS-C3560-48PS-S (48*10/100带POE+ 4SFP)
Cisco WS-C3560-48PS-E (48*10/100带POE+ 4SFP)
Cisco WS-C3560G-24PS-S (24*10/100/1000T带POE+ 4SFP)
Cisco WS-C3560G-24PS-E (24*10/100/1000T带POE+ 4SFP)
Cisco WS-C3560G-48PS-S (48*10/100/1000T带POE+ 4SFP)
Cisco WS-C3560G-48PS-E (48*10/100/1000T带POE+ 4SFP)
Cisco WS-C3750-24TS-S (24*10/100+ 2SFP)
Cisco WS-C3750-24TS-E (24*10/100+ 2SFP)
Cisco WS-C3750G-24FS-S (24*100BASEFX+2SFP)
Cisco WS-C3750-24PS-S (24*10/100带POE+ 2SFP)
Cisco WS-C3750-24PS-E (24*10/100带POE+ 2SFP)
Cisco WS-C3750-48PS-S (48*10/100带POE+ 4SFP)
Cisco WS-C3750-48PS-E (48*10/100带POE+ 4SFP)
Cisco WS-C/100/1000+ 4SFP)
Cisco WS-C4003 (3-Slot)
Cisco WS-C4006 (6-slot)
Cisco WS-C4503 (3-slot)
Cisco WS-C4506 (6-slot)
Cisco WS-C4507R (7-slot)
Cisco WS-C4510R (10-slot)
Cisco WS-C6506 (6-slot)
Cisco WS-C6509 (9-slot)
Cisco WS-C6513 (13-slot)
三、思科(Cisco)防火墙
Cisco PIX-501-BUN-K9 (10用户)
Cisco PIX-501-50-BUN-K9 (50用户)
Cisco PIX-506E (2FE)
Cisco PIX-515E-R-BUN (2FE+Restricted)
Cisco PIX-515E-R-BUN (2FE+Unrestricted)
Cisco PIX-515E-R-DMZ-BUN (3FE+Restricted)
Cisco PIX-525-R-BUN (2FE+Restricted)
Cisco PIX-525-R-BUN (2FE+Unrestricted)
Cisco PIX-535-R-BUN
Cisco PIX-535-UR-BUN
四、思科(Cisco)NM模块
Cisco NM-2W 2WIC插槽
Cisco NM-1FE2W 1端口10/100端口 2个WIC
Cisco NM-1FE2W-V2 1端口10/100端口 2个WIC 网络模块插槽
CiSCO NM-2FE2W 2端口100bTX快速以太网端口,2个WIC插槽网络
Cisco NM-2FE2W-V2
Cisco NM-4B-S/T 4端口ISDN BRI(S/T)网络模块
Cisco NM-8B-S/T 8端口ISDN BRI(S/T)网络模块
Cisco NM-4A/S 4端口异步/同步串行网络模块
Cisco NM-8A/S 8端口异步/同步串行网络模块
Cisco NM-8AM 8端口模拟调制解调器网络模块
Cisco NM-16AM 16端口模拟调制解调器网络模块
Cisco NM-4T 4端口高速串行同步专线网络模块
Cisco NM-16A 16端口异步线路网络模块
Cisco NM-32A 32端口异步线路网络模块
Cisco NM-1E 1端口10bT以太网网络模块
Cisco NM-4E 4端口10bT以太网网络模块
Cisco NM-16ESW 16端口10/100快速以太网交换机网络模块
Cisco NM-1FE-TX 1端口100bTX快速以太网网络模块
Cisco NM-1FE-FX 1端口100bFX光纤以太网网络模块
Cisco NM-1CE1U 1端口信道化E1/ISDN-PRI(非平衡)网络模块
Cisco NM-1CE1T1-PRI 1端口信道化 E1/T1/ISDN-PRI 网络模块
Cisco NM-2CE1U 2端口信道化E1/ISDN-PRI(非平衡)网络模块
Cisco NM-2CE1T1-PRI 2端口信道化E1/T1/ISDN-PRI网络模块
Cisco NM-1FE1CE1U 1端口100bTX,1端口信道化E1/ISDN-PR
Cisco NM-1V 1插槽语音/传真网络模块
Cisco NM-2V 2插槽语音/传真网络模块
Cisco NM-1GE 1端口GE网络模块
Cisco HWIC-4ESW 4端口单宽10/100BASE-T 以太网交换 HWIC
Cisco HWIC-D-9ESW (8+1) 端口双宽 10/100BASE-T以太网交换
Cisco HWIC-D-9ESW-POE (8+1)端口双宽10/100BASE-T以太网交
Cisco HWIC-4A/S 4端口异步/同步串行HWIC网络模块
Cisco HWIC-8A/S-232 8端口异步/同步串行HWIC网络模
Cisco HWIC-8A 8端口异步 HWIC网络模块
Cisco HWIC-16A 16端口异步HWIC网络模块
Cisco NM-HDV-1E1-30 1端口30通道语音传真模块
PVDM2-16 16路话音和传真DSP模块
PVDM2-32 32路话音和传真DSP模块
PVDM2-8 8路话音和传真DSP模块
PVDM2-64 64路话音和传真DSP模块
四、思科(Cisco)PA模块
Cisco PA-2FE-TX 2端口快速以太网100bTX端口适配器
Cisco PA-2FE-FX 2端口快速光纤以太网100bFX端口适配器
Cisco PA-GE 1端口千兆以太网端口适配器
Cisco PA-4E 4端口10BaseT 端口适配器
Cisco PA-8E 8端口10BaseT 端口适配器
Cisco PA-4T+ 4端口串行端口适配器,增强版&&
Cisco PA-8T-V35 8端口串行, V.35 端口适配器
Cisco PA-A3-OC3MM 1端口ATM Enhanced OC3c/STM1 多模光纤
Cisco PA-A3-OC3SMI 1端口ATM Enhanced OC3c/STM1 单模光
Cisco PA-A3-OC3SML 1端口ATM Enhanced OC3c/STM1 单模
Cisco PA-A6-OC3MM 1端口Enh ATM OC3c/STM1 多模光纤适配器
Cisco PA-A6-OC3SMI 1端口Enh ATM OC3c/STM1 单模(IR)光纤
Cisco PA-A6-OC3SML 1端口Enh ATM OC3c/STM1 单模(LR)光纤
五、思科(Cisco)WIC模块
Cisco WIC-1T 1端口10bt串行广域网接口卡
Cisco WIC-2T 2端口10bt串行广域网接口卡
Cisco WIC-1ADSL 1端口ADSL广域网接口卡
Cisco WIC-1AM 1端口模拟调制解调器广域网接口卡
Cisco WIC-2AM 2端口模拟调制解调器广域网接口卡
Cisco WIC-2A/S 2端口异步/同步串行广域网接口卡
Cisco WIC-1B-S/T 1端口ISDN BRI(S/T)广域网接口卡
Cisco WIC-4ESW 4端口以太网交换模块
六、思科(Cisco)VWIC模块
Cisco VIC-2E/M 2端口语音接口卡-E&M
Cisco VIC-2FXO 2端口语音接口卡-FXO
Cisco VIC-2FXS 2端口语音接口卡-FXS
Cisco VWIC-1MFT-E1 1端口E1/分离 弹性Trunk语音/广域网接口卡(含有DSU)
Cisco VWIC-2MFT-E1 2端口E1/分离 弹性Trunk语音/广域网接口
Cisco VWIC-1MFT-G703 1端口G.703弹性 Trunk语音/广域网接
Cisco VWIC-2MFT-G703 1端口G.703弹性 Trunk语音/广域网接
Cisco WS-X4013+ Catalyst 4000系列 引擎 II,2 GE Plus
七、思科(Cisco)00引擎
Cisco WS-X系列 I
Cisco WS-X系列 II,
Cisco WS-X系列引擎 II, 2GE
Cisco WS-X4013+TS 4503 引擎 II-Plus-TS, 12G
Cisco WS-X4014 Catalyst 4000系列 引擎 III ,2 GE
Cisco WS-X4515 Catalyst 4000系列 引擎 IV ,2 GE
Cisco WS-X4516 Catalyst 4500 系列 引擎 V ,2 GE
Cisco WS-X4516-10GE 4500 引擎 V-10GE, 2x10GE
Cisco WS-X6K-SUP1-2GE Catalyst 6500 Supervisor 引擎-1
Cisco WS-X6K-S1A-MSFC2 Catalyst 6500 Supervisor 引擎1
Cisco WS-X6K-S2-MSFC2 Catalyst 6500 Supervisor 引擎-2
Cisco WS-SUP720-3B 6500/Cisco7600 引擎720 Fabric
Cisco WS-SUP720-3BXL 6500/Cisco7600 引擎720&&
八、思科(Cisco)00模块
Cisco WS-X4124-RJ45 24端口10/100(自适应)
Cisco WS-X4148-RJ 48端口10/100(自适应)
Cisco WS-X4424-GB-RJ45 24端口10/100/1000(自适应)
Cisco WS-X4448-GB-RJ45 48端口10/100/1000(自适应)
Cisco WS-X4232-GB-RJ 32端口10/100和2端口千兆位以太网(GBIC)
Cisco WS-X4306-GB 6端口千兆位以太网口模块(GBIC)
Cisco WS-X4418-GB 18端口千兆位以太网口模块(GBIC)
Cisco WS-X4232-L3
Cisco WS-X6348-RJ-45 Catalyst 6000 48端口10/100bTX
Cisco WS-X6408A-GBIC Catalyst 6000 8端口千兆位GBIC光纤
Cisco WS-X6416-GBIC Catalyst 6000 16端口千兆位GBIC光纤
Cisco WS-X6516-GE-TX 6500 16端口10/100/1000 GE Module,
Cisco WS-X6148V-GE-TX 6500 48端口10/100/1000 Inline
九、思科(Cisco)路由引擎与接口卡
Cisco NPE-225 网络处理引擎 NPE-225
Cisco NPE-300 网络处理引擎 NPE-300
Cisco NPE-400 网络处理引擎 NPE-400
Cisco VIP4-50 4代50型多功能处理器
Cisco VIP4-80 4代80型多功能处理器
Cisco VIP6-80 6代80型多功能处理器
Cisco RSP4+= 7500 系列路由 交换处理器4+
Cisco RSP8= 7500 系列路由 交换处理器8
Cisco RSP16= 7500 系列路由 交换处理器16
十、思科(Cisco)电源
Cisco PWR-C2811-AC&&2811AC电源
Cisco PWR-C3845-AC&&3845AC电源
Cisco PWR-7200-AC&&7200AC电源
Cisco PWR-7200-DC& & 7200AC电源
Cisco WS-X电源
Cisco PWR-C45-1000AC Catalyst W 交流电源
Cisco PWR-C45-1300ACV Catalyst W 交流电
Cisco PWR-C45-1400AC Catalyst W 交流电源
Cisco WS-CAC-1300W Catalyst W交流电源
Cisco WS-CAC-2500W Catalyst W交流电源
十一、思科(Cisco)风扇
Cisco WS-C6K-13SLOT-FAN2& & 6513高速风扇
Cisco WS-C6K-9SLOT-FAN2=& &&&6509高速风扇
Cisco WS-C6K-6SLOT-FAN2=& &&&6506高速风扇
Cisco WS-C6509-E-FAN& && && &6509-E风扇
Cisco WS-C6506-E-FAN& && && &6506-E风扇
Cisco WS-C6503-E-FAN& && && &6503-E风扇
Cisco WS-C6509-NEB-FAN& && & 6509-NEB风扇
Cisco WS-C6509-NEB-FAN2& && &6509-NEB 高速风扇
十二、思科(Cisco)千兆模块
WS-GBASE-T GBIC
WS-GBase 短波,多模式光纤
WS-GBase 长波/长途,单或多模式光纤
WS-GBase 单模式光纤
GLC-SX-MM GE SFP, 多模1000Base
GLC-LH-SM GE SFP,单或多模1000Base
GLC-ZX-SM 1000BASE-ZX SFP
GLC-T 1000BASE-T 铜缆SFP
快速回复主题
为使我市公共交通更加关注民生、贴近民意、服务市民,在全市开展此次问卷调查。调查大约只会耽误您十分钟的时间!
Powered by查看:1813|回复:7
大家好,我就直接了当的请教一个问题
R1------ASA-----R2
R1在inside口,R2在outside口
R1pingR2:
(10.59 KB)
可以看见有一条session,但是不通,然后我们clear conn。敲入fixup protocol icmp。我们看到配置里多了:
然后就ping通了,但是在sh conn 中没有了session。
那问题来了,这个inspect icmp 到底怎么去理解? inspect是检查的意思。
貌似 inspect 是做标志的,出去防火墙的ICMP上做标志,然后防火墙才允许他回来
思科技术狂热分子
inspect icmp添加ICMP到ASA检测引擎
ASA默认的检测引擎的配置如下所示。
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
默认情况下,不对ICMP进行检测,所以从低安全级别到高安全级别的ICMP echo reply将被拒绝,即使它是ICMP echo request的回应也是如此。
ICMP检测引擎允许ICMP流量象TCP和UDP流量一样被检测。确保每一个ICMP echo request都只能有一个回应,同时保证序列号是正确的。
如果没有ICMP检测引擎,通常不推荐使用ACL来允许ICMP穿越ASA,因为这样会存在网络攻击的风险。
以下配置将ICMP添加到检测引擎。
policy-map global_policy
class inspection_default
inspect icmp
& & 配置完成后,从高安全级别接口就可以ping通低安全级别接口,同时对ICMP进行状态化检测。
厉害厉害厉害
ASA对TCP和UDP进行监视是比较简单的,因为都有端口号,我转发出去能够记住对应关系。但是ICMP这类协议是属于特殊的协议,没有端口号,不属于TCP或UDP,所以需要inspect。
Valar Morghulis
引用:原帖由 独钩寒江雪 于
22:58 发表
inspect icmp添加ICMP到ASA检测引擎
ASA默认的检测引擎的配置如下所示。
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length&&... 感谢版主的回答,那我接下来的问题是:
&&show conn中显示的条目是不是就是你所说的&检测引擎检测&后留下的会话session
&&用来为回流的流量&匹配序列号&?
引用:原帖由 windcharger 于
17:25 发表
貌似 inspect 是做标志的,出去防火墙的ICMP上做标志,然后防火墙才允许他回来 兄弟 这个我认为不太对 设备并没有对icmp的报头进行修改
引用:原帖由 菠萝味咖啡 于
11:26 发表
ASA对TCP和UDP进行监视是比较简单的,因为都有端口号,我转发出去能够记住对应关系。但是ICMP这类协议是属于特殊的协议,没有端口号,不属于TCP或UDP,所以需要inspect。 ... 您的回答很耐人寻味。
是不是我这样理解 默认情况下tcp udp都有其端口号 所以asa会将会话储存在sh conn表中
用来匹配回流的流量
而icmp这种协议是无法用sh conn来匹配回流流量的 即使sh conn中可以看到有这个表项 回流流量也不会被匹配到、不会被放行。
那么 只有加入inspect列表中 该流量才可以通过?
那 问题就来了 inspect列表的判断机制是什么?为什么加入到这个深度包检测表中之后icmp就会被放行? 这种方式和acl直接入向放行icmp有什么区别?查看:596|回复:5
Firmware compiled 03-Apr-13 08:30 by integ Build [25856]
*Dec 16 03:27:40.747: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch
*Dec 16 03:27:59.567: SP: Currently running ROMMON from S (Gold) region
*Dec 16 03:28:02.883: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan. The Bridge IDs of all active STP instances have been updated, which might change the spanning tree topology
*Dec 16 03:28:04.559: %SYS-5-CONFIG_I: Configured from memory by console
*Dec 16 03:28:04.755: %SYS-5-RESTART: System restarted --
Cisco IOS Software, s2t54 Software (s2t54-IPSERVICESK9-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
Technical Support:
Copyright (c)
by Cisco Systems, Inc.
Compiled Wed 01-May-13 12:43 by prod_rel_team
*Dec 16 03:28:04.759: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Dec 16 03:28:04.767: %SYS-6-BOOTTIME: Time taken to reboot after reload =& &94 seconds
*Dec 16 03:28:06.331: %OIR-6-INSPS: Power supply inserted in slot 2
*Dec 16 03:28:06.403: %C6KPWR-4-PSOK: power supply 2 turned on.
*Dec 16 03:28:07.731: %C6KENV-4-FANHPMODE: Fan-tray 1 is operating in high power mode
*Dec 16 03:28:12.879: %FABRIC-5-FABRIC_MODULE_ACTIVE: The Switch Fabric Module in slot 6 became active.
*Dec 16 03:28:17.819: %DIAG-6-RUN_MINIMUM: Module 6: Running Minimal Diagnostics...
*Dec 16 03:28:40.515: %DIAG-6-DIAG_OK: Module 6: Passed Online Diagnostics
*Dec 16 03:28:40.999: %C6KENV-4-LOWER_SLOT_EMPTY: The lower adjacent slot of module 6 might be empty. Airdam must be installed in that slot to be NEBS compliant
*Dec 16 03:28:45.679: %OIR-6-SP_INSCARD: Card inserted in slot 6, interfaces are now online
*Mar&&1 00:00:02.835: DaughterBoard (Centralized Forwarding Card)
Firmware compiled 03-Apr-13 08:00 by integ Build [25856]
Dec 16 03:29:22.443: %SYS-CFC4-5-RESTART: System restarted --
Cisco IOS Software, c6lc2e8 Software (c6lc2e8-SP-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
Technical Support:
Copyright (c)
by Cisco Systems, Inc.
Compiled Wed 01-May-13 12:32 by prod_rel_team
Dec 16 03:29:22.447: CFC4: Currently running ROMMON from S (Gold) region
*Dec 16 03:29:29.115: %DIAG-6-RUN_MINIMUM: Module 4: Running Minimal Diagnostics...
*Mar&&1 00:00:02.811: DaughterBoard (Centralized Forwarding Card)
Firmware compiled 03-Apr-13 08:00 by integ Build [25856]
Dec 16 03:29:30.043: %SYS-CFC2-5-RESTART: System restarted --
Cisco IOS Software, c6lc2e8 Software (c6lc2e8-SP-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
Technical Support:
Copyright (c)
by Cisco Systems, Inc.
Compiled Wed 01-May-13 12:32 by prod_rel_team
Dec 16 03:29:30.283: CFC2: Currently running ROMMON from S (Gold) region
*Dec 16 03:29:35.735: %DIAG-6-RUN_MINIMUM: Module 2: Running Minimal Diagnostics...
*Mar&&1 00:00:02.787: DaughterBoard (Centralized Forwarding Card)
Firmware compiled 03-Apr-13 08:00 by integ Build [25856]
Dec 16 03:29:26.919: %C6K_PLATFORM-CFC7-5-LESS_SPACE: May not have enough space to save the crash info. on flash of&&CFC on module: 7
Dec 16 03:29:35.911: %SYS-CFC7-5-RESTART: System restarted --
Cisco IOS Software, c6lc2e8 Software (c6lc2e8-SP-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
Technical Support:
Copyright (c)
by Cisco Systems, Inc.
Compiled Wed 01-May-13 12:32 by prod_rel_team
Dec 16 03:29:35.915: CFC7: Currently running ROMMON from S (Gold) region
*Dec 16 03:29:39.195: %DIAG-6-RUN_MINIMUM: Module 7: Running Minimal Diagnostics...
*Dec 16 03:29:40.359: %DIAG-6-DIAG_OK: Module 4: Passed Online Diagnostics
*Dec 16 03:29:41.251: %OIR-6-SP_INSCARD: Card inserted in slot 4, interfaces are now online
*Dec 16 03:29:48.655: %DIAG-6-DIAG_OK: Module 7: Passed Online Diagnostics
*Dec 16 03:29:49.211: %OIR-6-SP_INSCARD: Card inserted in slot 7, interfaces are now online
*Dec 16 03:29:53.451: %PM-4-LIMITS: The number of vlan-port instances on switch exceeded the recommended limit of 12000
*Dec 16 03:30:06.483: %DIAG-6-DIAG_OK: Module 2: Passed Online Diagnostics
*Dec 16 03:30:07.043: %OIR-6-SP_INSCARD: Card inserted in slot 2, interfaces are now online
*Dec 16 03:30:30.931: %DHCPD-4-PING_CONFLICT: DHCP address conflict:&&server pinged 192.168.80.4.
中级工程师
是不是flash空间不够了 dir看看 还剩下多少
引用:原帖由
22:39 发表
是不是flash空间不够了 dir看看 还剩下多少 Router#dir
Directory of bootdisk:/
& & 2&&-rw-& & & &Jul 5 :02 +00:00&&sea_console.dat
& & 3&&-rw-& & & &Jul 5 :46 +00:00&&s2t54-ipservicesk9-mz.SPA.151-1.SY1.bin
& & 4&&-rw-& & & &Jul 5 :04 +00:00&&sea_log.dat
& & 5&&drw-& && && &&&0& &Jul 5 :20 +00:00&&call-home
& & 6&&-rw-& && &&&1730&&Dec 17 :16 +00:00&&diaginfo_mod7_417
bytes total ( bytes free)
空间足够啊
引用:原帖由 汉诺鸡鸭 于
12:09 发表
Router#dir
Directory of bootdisk:/
& & 2&&-rw-& & & &Jul 5 :02 +00:00&&sea_console.dat
& & 3&&-rw-& & & &Jul 5 :46 +00:00&&s2t54-ipservicesk9-mz.SPA.151-1.SY1.bin ... 今天上午连引擎都宕了,无语了
从日志看6509的电源模块好像有点问题,是不是因为这个原因供电不够导致板卡掉线呢?
初级工程师
Router#more bootdisk:diaginfo_mod7_417
看下自检日志信息是否有异常
还有sh ver看下重启原因
Cisco H3C Quidway Juniper 维修
