а нет ли у нас тут гениев от cisco?

[voykov]

не работает простейшая функция ...

[Василий]

Нууу, доводилось и cisco админить Чего не работает?

[И.К.С.]

и?

[Василий]

Видать циска совсем умерла :)

[voykov]

version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname cisco-home
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 XXXXXXXXXXXXX
enable password XXXXXXXXXXXXX
!
aaa new-model
!
!
!
!
aaa session-id common
clock timezone MSK 3
!
!
dot11 syslog
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.10.1 10.0.10.100
!
ip dhcp pool LOCAL
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1
dns-server 81.200.0.1 81.200.2.222
option 42 ip 10.0.10.1
update arp
!
ip dhcp pool 3w
host 10.0.10.97 255.255.255.0
client-identifier 01d0.5099.1aad.6f
client-name 3w.voykov.ru
!
ip dhcp pool VPN
host 10.0.10.90 255.255.255.0
client-identifier 0100.241d.c2c7.09
client-name 1s
!
!
ip cef
ip domain list voykov.ru
ip domain name voykov.ru
ip inspect name Internet http timeout 3600
ip inspect name Internet icmp
ip inspect name Internet ftp timeout 3600
ip inspect name Internet tcp timeout 3600
ip inspect name Internet h323 timeout 3600
ip inspect name Internet smtp timeout 3600
ip inspect name Internet udp timeout 15
no ipv6 cef
ntp logging
ntp access-group peer ntp_servers
ntp access-group serve ntp_clients kod
ntp master
ntp server 195.2.64.6 prefer
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 1
!
!
!
username voykov privilege 15 secret 5 XXXXXXXXXXXXXXXXX
username mom privilege 0 password 0 XXXXXXXXXXXXXXXX
!
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip inspect Internet out
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Vlan1
no ip redirects
ip local-proxy-arp
ip mtu 1492
ip nat inside
ip virtual-reassembly
autodetect encapsulation ppp
peer ip address forced
peer default ip address dhcp-pool LOCAL
ppp encrypt mppe auto
ppp authentication pap
!
interface Vlan1
ip address 10.0.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat pool local-net 10.0.10.2 10.0.10.254 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source list local-net interface FastEthernet4 overload
ip nat inside source static tcp 10.0.10.97 80 81.200.31.199 80 extendable
ip nat inside source static tcp 10.0.10.99 3389 81.200.31.199 3389 extendable
!
ip access-list extended VPN
permit gre any host 81.200.31.199
ip access-list extended ntp_clients
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.0.10.97 80 81.200.31.199 80 extendable
ip nat inside source static tcp 10.0.10.99 3389 81.200.31.199 3389 extendable
!
ip access-list extended VPN
permit gre any host 81.200.31.199
ip access-list extended ntp_clients
permit udp host 10.0.10.1 any
permit udp any host 10.0.10.1
permit ip any any
ip access-list extended ntp_servers
permit udp host 195.2.64.6 any
permit udp host 81.95.131.132 any
!
access-list 1 permit 10.0.10.0 0.0.0.255
access-list 23 permit any
access-list 145 remark RDP2server
access-list 145 permit tcp host 10.0.10.99 eq 3389 any
access-list 146 permit tcp host 10.0.10.97 eq www any
access-list 146 remark WWW
!
!
!
!
!
control-plane
!
privilege exec level 1 enable
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 60 0
privilege level 15
password XXXXXXXX
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
end

выделенное красным работает частично:
cisco-home#sh ntp s
Clock is synchronized, stratum 3, reference is 195.2.64.6

cisco-home#sh ntp a

address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 3 - 16 0 0.000 0.000 16000.
*~195.2.64.6 195.2.64.5 2 3 64 377 0.000 -139.71 4.598

но! имеем следующее:
cisco-home#
Jan 19 23:53:38.727: NTP message received from 10.0.10.97 on interface 'Vlan1' (10.0.10.1).
Jan 19 23:53:38.731: NTP Core(DEBUG): ntp_receive: message received
Jan 19 23:53:38.731: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
Jan 19 23:53:38.731: NTP Core(DEBUG): ntp_receive: doing fast answer to client.
Jan 19 23:53:39.735: NTP message received from 10.0.10.97 on interface 'Vlan1' (10.0.10.1).
Jan 19 23:53:39.735: NTP Core(DEBUG): ntp_receive: message received
Jan 19 23:53:39.735: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
Jan 19 23:53:39.735: NTP Core(DEBUG): ntp_receive: doing fast answer to client.

на клиенте:
root@3w:/usr/home/voykov # ntpdate -d 10.0.10.1
19 Jan 23:49:39 ntpdate[3033]: ntpdate 4.2.4p5-a (1)
transmit(10.0.10.1)
transmit(10.0.10.1)
transmit(10.0.10.1)
transmit(10.0.10.1)
transmit(10.0.10.1)
10.0.10.1: Server dropped: no data
server 10.0.10.1, port 123
stratum 0, precision 0, leap 00, trust 000
refid [10.0.10.1], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 9:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 9:28:16.000
transmit timestamp: d867ec66.b10be35e Mon, Jan 19 2015 23:49:42.691
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000

о больном:
cisco-home#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Thu 26-Feb-09 07:56 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

cisco-home uptime is 6 hours, 30 minutes
System returned to ROM by power-on
System restarted at 17:24:46 MSK Mon Jan 19 2015
System image file is "flash:c870-advipservicesk9-mz.124-24.T.bin"

[Василий]

show ntp status

для начала

[voykov]

show ntp status

для начала

а это что?

cisco-home#sh ntp s
Clock is synchronized, stratum 3, reference is 195.2.64.6

[Василий]

А что тогда не работает? Клиентам не отдает время?

[voykov]

А что тогда не работает? Клиентам не отдает время?

ну да .. я даже логи показал с 2 сторон...

[И.К.С.]

show ip access-lists – просмотр использования наших списков доступа


акксесс листы по два раза (!!?) в конфигурации причем первый пустой

для начала убери ограничение на клиентов, проверь работу потом накати обратно.

ntp access-group serve ntp_clients kod
---------------------
ip access-list extended VPN
permit gre any host 81.200.31.199
ip access-list extended ntp_clients
no ip http server
ip http authentication local
no ip http secure-server
------------------------------
ip access-list extended VPN
permit gre any host 81.200.31.199
ip access-list extended ntp_clients
permit udp host 10.0.10.1 any
permit udp any host 10.0.10.1


добавить
vlan 1
ntp broadcast