Este documento fornece uma configuração de exemplo como cifrar o tráfego da rede atrás do roteador1 à rede atrás do roteador2 (o laço de retorno 0s é usado como redes neste exemplo). Se o link principal (Ethernet) entre o roteador1 e o roteador2 vai para baixo, o tráfego da Segurança IP (IPsec) continua a correr através do enlace secundário (ISDN). Há diversas maneiras de conseguir este objetivo; você pode usar o Dialer Watch, a Interface de backup, o circuito da procura, e a estática flutuante. Esse exemplo de configuração demonstra o mecanismo do relógio do discador. Para obter informações sobre outros recursos, consulte Avaliando interfaces de backup, rotas estáticas flutuantes e relógio de discador para backup de DDR.
Não existem requisitos específicos para este documento.
As informações neste documento são baseadas nestas versões de software e hardware:
Cisco 2621 e 3640 Routers
Software Release 12.3(3) de Cisco IOS®
As informações neste documento foram criadas a partir de dispositivos em um ambiente de laboratório específico. Todos os dispositivos utilizados neste documento foram iniciados com uma configuração (padrão) inicial. Se sua rede está viva, certifique-se de que você compreende o impacto potencial do comando any antes que você o use.
Para obter mais informações sobre convenções de documento, consulte as Convenções de dicas técnicas Cisco.
Nesta seção, você encontrará informações para configurar os recursos descritos neste documento.
Note: Para localizar informações adicionais sobre os comandos usados neste documento, utilize a Ferramenta Command Lookup (somente clientes registrados).
Este documento usa a instalação de rede mostrada no diagrama aqui:
Este documento usa as configurações mostradas aqui:
Roteador 1 (2621) |
---|
r1#show running-config Building configuration... Current configuration : 2244 bytes ! version 12.3 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r1 ! boot-start-marker boot-end-marker ! ! username r2 password 0 cisco !--- This is the username for remote router (Router 2) !--- and shared secret. Shared secret (used for Challenge Handshake !--- Authentication Protocol [CHAP]) must be the same on both sides. no aaa new-model ip subnet-zero ip tcp synwait-time 5 ! ! no ip domain lookup ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key cisco address 222.222.222.222 ! ! crypto ipsec transform-set abc esp-des esp-md5-hmac ! crypto map cisco local-address Loopback1 crypto map cisco 10 ipsec-isakmp set peer 222.222.222.222 !--- Peer address, Loopback 1 of Router 2 set transform-set abc match address 101 !--- Networks to encrypt (Loopback 0 on both ends) ! isdn switch-type basic-ts013 ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! ! ! ! ! interface Loopback0 !--- Network to encrypt ip address 11.11.11.11 255.255.255.0 ! interface Loopback1 !--- Used for peer address for IPSec ip address 111.111.111.111 255.255.255.0 ! interface FastEthernet0/0 !--- Primary link ip address 10.1.1.1 255.255.255.0 no ip route-cache !--- Enable process switching no ip mroute-cache duplex auto speed auto crypto map cisco !--- Apply crypto map on primary interface ! interface BRI0/0 no ip address encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 isdn switch-type basic-ts013 no cdp enable ! interface Dialer1 !--- Backup link ip address 20.1.1.1 255.255.255.0 encapsulation ppp no ip route-cache !--- Enable process switching ip ospf cost 9999 !--- Increase the cost so that when primary comes up again, !--- Open Shortest Path First (OSPF) routes are !--- preferred using the primary link (due to better cost). no ip mroute-cache dialer idle-timeout 180 dialer pool 1 dialer string 94134028 dialer watch-group 1 !--- Enable dialer watch on this backup interface. !--- Watch the route specified with the dialer watch-list 1 command. dialer-group 1 !--- Apply interesting traffic defined in dialer list 1. no peer neighbor-route ppp authentication chap crypto map cisco !--- Apply crypto map on backup interface. ! router ospf 1 !--- OSPF advertising Loopback 0, Loopback 1, !--- primary, and secondary links. log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 11.11.11.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 network 111.111.111.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ip classless ! ! access-list 101 permit ip host 11.11.11.11 host 22.22.22.22 !--- Access control list (ACL) 101 is the !--- IPSec traffic used in match address. access-list 110 deny ip any any !--- ACL 110 is for the dialer list to mark !--- all IP traffic uninteresting. The dialer watch will !--- trigger the ISDN backup when the route is lost. dialer watch-list 1 ip 222.222.222.222 255.255.255.255 !--- This defines the route(s) to be watched. !--- This exact route (including subnet mask) !--- must exist in the routing table. !--- Use the dialer watch-group 1 command to apply this !--- list to the backup interface. dialer watch-list 1 delay route-check initial 10 dialer-list 1 protocol ip list 110 !--- Interesting traffic is defined by ACL 110. !--- This is applied to Dialer1 using dialer group 1. ! ! ! dial-peer cor custom ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous escape-character 27 line aux 0 line vty 0 4 login ! end |
Roteador 2 (3640) |
---|
r2#show running-config Building configuration... Current configuration : 2311 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r2 ! boot-start-marker boot-end-marker ! username r1 password 0 cisco !--- This is the username for remote router (Router 1) !--- and shared secret. Shared secret (used for CHAP) !--- must be the same on both sides. no aaa new-model ip subnet-zero ip tcp synwait-time 5 ! ! no ip domain lookup ! ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key cisco address 111.111.111.111 ! ! crypto ipsec transform-set abc esp-des esp-md5-hmac ! ! crypto map cisco local-address Loopback1 crypto map cisco 10 ipsec-isakmp set peer 111.111.111.111 !--- Peer address, Loopback 1 of Router 1 set transform-set abc match address 101 !--- Networks to encrypt (Loopback 0 on both ends) ! isdn switch-type basic-ts013 ! ! ! ! ! ! ! ! ! no voice hpi capture buffer no voice hpi capture destination ! ! ! ! ! ! interface Loopback0 ip address 22.22.22.22 255.255.255.0 !--- Network to encrypt ! interface Loopback1 ip address 222.222.222.222 255.255.255.0 !--- Used for peer address for IPSec. ! interface BRI0/0 no ip address encapsulation ppp no ip route-cache no ip mroute-cache dialer pool-member 1 isdn switch-type basic-ts013 ! interface Ethernet0/0 !--- Primary link ip address 10.1.1.2 255.255.255.0 no ip route-cache !--- Enable process switching. no ip mroute-cache half-duplex crypto map cisco !--- Apply crypto map on primary interface. ! interface Dialer1 ip address 20.1.1.2 255.255.255.0 encapsulation ppp no ip route-cache ip ospf cost 9999 no ip mroute-cache dialer pool 1 dialer idle-timeout 600 dialer remote-name r1 !--- Dialer for the BRI interface of the remote router !--- without a dial string. dialer-group 1 !--- Apply interesting traffic defined in dialer list 1. ppp authentication chap crypto map cisco !--- Apply crypto map on backup interface. ! router ospf 1 log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 network 22.22.22.0 0.0.0.255 area 0 network 222.222.222.0 0.0.0.255 area 0 ! no ip http server no ip http secure-server ip classless ! ! access-list 101 permit ip host 22.22.22.22 host 11.11.11.11 access-list 110 deny ospf any any !--- Mark OSPF as uninteresting. !--- This will not allow OSPF hellos !--- to try to bring the link up. access-list 110 permit ip any any dialer-list 1 protocol ip list 110 !--- Interesting traffic is defined by ACL 110. !--- This is applied to Dialer1 using dialer group 1. ! line con 0 exec-timeout 0 0 logging synchronous escape-character 27 line aux 0 line vty 0 4 login ! end |
Esta seção fornece a informação que você pode se usar para confirmar se sua configuração funciona corretamente.
A Output Interpreter Tool (somente clientes registrados) oferece suporte a determinados comandos show, o que permite exibir uma análise da saída do comando show.
Tabela de roteamento do link principal do roteador1 (2621) — acima
r1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set 222.222.222.0/32 is subnetted, 1 subnets O 222.222.222.222 [110/2] via 10.1.1.2, 00:00:25, FastEthernet0/0 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, Dialer1 22.0.0.0/32 is subnetted, 1 subnets O 22.22.22.22 [110/2] via 10.1.1.2, 00:00:25, FastEthernet0/0 111.0.0.0/24 is subnetted, 1 subnets C 111.111.111.0 is directly connected, Loopback1 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, FastEthernet0/0 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback0
Tabela de roteamento do link principal do roteador2 (3640) — acima
r2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set. C 222.222.222.0/24 is directly connected, Loopback1 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, Dialer1 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 111.0.0.0/32 is subnetted, 1 subnets O 111.111.111.111 [110/11] via 10.1.1.1, 00:06:22, Ethernet0/0 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Ethernet0/0 11.0.0.0/32 is subnetted, 1 subnets O 11.11.11.11 [110/11] via 10.1.1.1, 00:06:23, Ethernet0/0
Vizinho de OSPF do link principal do roteador1 (2621) — acima
r1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 222.222.222.222 1 FULL/DR 00:00:33 10.1.1.2 FastEthernet0/0
Vizinho OSPF do Roteador 2 (3640)—link primário ativo
r2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 111.111.111.111 1 FULL/BDR 00:00:31 10.1.1.1 Ethernet0/0
Tabela de roteamento do link principal do roteador1 (2621) — para baixo
r1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set. 222.222.222.0/32 is subnetted, 1 subnets O 222.222.222.222 [110/10000] via 20.1.1.2, 00:00:09, Dialer1 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, BRI0/0 20.0.0.0/24 is subnetted, 1 subnets C 20.1.1.0 is directly connected, Dialer1 22.0.0.0/32 is subnetted, 1 subnets O 22.22.22.22 [110/10000] via 20.1.1.2, 00:00:09, Dialer1 111.0.0.0/24 is subnetted, 1 subnets C 111.111.111.0 is directly connected, Loopback1 10.0.0.0/24 is subnetted, 1 subnets O 10.1.1.0 [110/10009] via 20.1.1.2, 00:00:09, Dialer1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback0
Tabela de roteamento do link principal do roteador2 (3640) — para baixo
r2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP I - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area, * - candidate default, U - per-user static route, o - ODR, P - periodic downloaded static route Gateway of last resort is not set. C 222.222.222.0/24 is directly connected, Loopback1 20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 20.1.1.0/24 is directly connected, Dialer1 C 20.1.1.1/32 is directly connected, Dialer1 22.0.0.0/24 is subnetted, 1 subnets C 22.22.22.0 is directly connected, Loopback0 111.0.0.0/32 is subnetted, 1 subnets O 111.111.111.111 [110/10000] via 20.1.1.1, 00:00:07, Dialer1 10.0.0.0/24 is subnetted, 1 subnets C 10.1.1.0 is directly connected, Ethernet0/0 11.0.0.0/32 is subnetted, 1 subnets O 11.11.11.11 [110/10000] via 20.1.1.1, 00:00:08, Dialer1
Vizinho de OSPF do link principal do roteador1 (2621) — para baixo
r1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 222.222.222.222 0 FULL/ - 00:00:32 20.1.1.2 Dialer1
Vizinho de OSPF do link principal do roteador2 (3640) — para baixo
r2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 111.111.111.111 0 FULL/ - 00:00:31 20.1.1.1 Dialer1
O debug dialer e diversos show command outputs (resultado do comando show) indicados aqui mostram o link principal como a rota perdida recognizesthe falhada, e do Dialer Watch. O roteador inicia então o link de backup e o OSPF convirge através do enlace secundário. Sempre que o timeout de ociosidade expira, o roteador verifica se o enlace principal está inativo. Se o link principal é encontrado para estar acima, o Dialer Watch desliga o link de backup depois que o temporizador do desabilitação expira e rasga para baixo o atendimento, e o OSPF convirge pelo link principal como de costume.
Estas são as saídas do comando debug and show do roteador um (2621), quando o link principal vai para baixo e é trazido acima outra vez.
r1#show debug Dial on demand: Dial on demand events debugging is on r1# 03:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down !--- Primary link was brought down manually when you disable the switch ports. 03:00:21: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached !--- Primary link goes down. !--- OSPF loses neighbor adjacency. r1# !--- Dialer watch kicks in. 03:00:21: DDR: Dialer Watch: watch-group = 1 03:00:21: DDR: network 222.222.222.222/255.255.255.255 DOWN, 03:00:21: DDR: primary DOWN 03:00:21: DDR: Dialer Watch: Dial Reason: Primary of group 1 DOWN 03:00:21: DDR: Dialer Watch: watch-group = 1, 03:00:21: BR0/0 DDR: rotor dialout [best] least recent failure is also most recent failure 03:00:21: BR0/0 DDR: rotor dialout [best] also has most recent failure 03:00:21: BR0/0 DDR: rotor dialout [best] 03:00:21: DDR: dialing secondary by dialer string 94134028 on Di1 03:00:21: BR0/0 DDR: Attempting to dial 94134028 03:00:21: DDR: Dialer Watch: watch-group = 1 r1# 03:00:21: DDR: network 222.222.222.222/255.255.255.255 DOWN, 03:00:21: DDR: primary DOWN 03:00:21: DDR: Dialer Watch: Dial Reason: Secondary of group 1 AVAILABLE 03:00:21: DDR: Dialer Watch: watch-group = 1, 03:00:21: DDR: Dialer Watch: watch-group = 1 03:00:21: DDR: network 222.222.222.222/255.255.255.255 DOWN, 03:00:21: DDR: primary DOWN 03:00:21: DDR: Dialer Watch: Dial Reason: Secondary of group 1 AVAILABLE 03:00:21: DDR: Dialer Watch: watch-group = 1, 03:00:21: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0, TEI 82 changed to up 03:00:94489280514: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up 03:00:94489280516: BR0/0:1 DDR: Dialer Watch: resetting call in progress 03:00:94489280512: BR0/0:1: interface must be fifo queue, force fifo 03:00:94489280512: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 r1# 03:00:22: BR0/0:1 DDR: Remote name for r2 03:00:22: BR0/0:1 DDR: dialer protocol up 03:00:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to up r1# 03:00:28: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to 94134028 r2 !--- Backup link is now connected to Router 2. r1# 03:00:31: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on Dialer1 from LOADING to FULL, Loading Done !--- OSPF converges over the backup link. r1# r1#show dialer BRI0/0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0/0:1 - dialer type = ISDN Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Dial reason: Dialing on watched route loss !--- Dial reason is the lost route. Interface bound to profile Di1 Time until disconnect 154 secs !--- Idle timeout is ticking. Current call connected 00:00:25 Connected to 94134028 (r2) BRI0/0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Di1 - dialer type = DIALER PROFILE Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Number of active calls = 1 Dial String Successes Failures Last DNIS Last status 94134028 45 24 00:00:27 successful Default r1#show isdn active ----------------------------------------------------------------------------- ISDN ACTIVE CALLS ----------------------------------------------------------------------------- Call Calling Called Remote Seconds Seconds Seconds Charges Type Number Number Name Used Left Idle Units/Currency ----------------------------------------------------------------------------- Out ---N/A--- 94134028 r2 37 142 37 0 ----------------------------------------------------------------------------- r1#show dialer BRI0/0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0/0:1 - dialer type = ISDN Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Dial reason: Dialing on watched route loss Interface bound to profile Di1 Time until disconnect 47 secs !--- Idle timeout is ticking. Current call connected 00:02:12 Connected to 94134028 (r2) BRI0/0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Di1 - dialer type = DIALER PROFILE Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Number of active calls = 1 Dial String Successes Failures Last DNIS Last status 94134028 45 24 00:02:14 successful Default r1#show dialer BRI0/0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0/0:1 - dialer type = ISDN Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Dial reason: Dialing on watched route loss Interface bound to profile Di1 Time until disconnect 0 secs !--- Idle timeout is ticking. Current call connected 00:02:59 Connected to 94134028 (r2) BRI0/0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Di1 - dialer type = DIALER PROFILE Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Number of active calls = 1 Dial String Successes Failures Last DNIS Last status 94134028 45 24 00:03:05 successful Default r1# 03:03:22: BR0/0:1 DDR: idle timeout !--- Idle timed out. !--- Dialer watch checks lost routes !--- again and reset the idle time since primary is not up yet. 03:03:22: DDR: Dialer Watch: watch-group = 1 03:03:22: DDR: network 222.222.222.222/255.255.255.255 UP, 03:03:22: DDR: primary DOWN !--- Primary link is still down. r1# r1#show dialer BRI0/0 - dialer type = ISDN Dial String Successes Failures Last DNIS Last status 0 incoming call(s) have been screened. 0 incoming call(s) rejected for callback. BRI0/0:1 - dialer type = ISDN Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Dial reason: Dialing on watched route loss Interface bound to profile Di1 Time until disconnect 154 secs !--- Idle timeout was reset by dialer watch. Current call connected 00:03:25 Connected to 94134028 (r2) BRI0/0:2 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is idle Di1 - dialer type = DIALER PROFILE Idle timer (180 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (15 secs) Dialer state is data link layer up Number of active calls = 1 Dial String Successes Failures Last DNIS Last status 94134028 45 24 00:03:28 successful Default r1# 03:04:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up !--- Primary link was brought up manually when the switch ports are enabled. r1# r1# 03:05:50: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on FastEthernet0/0 from LOADING to FULL, Loading Done r1# r1#show ip ospf neigh Neighbor ID Pri State Dead Time Address Interface 222.222.222.222 0 FULL/ - 00:00:02 20.1.1.2 Dialer1 !--- OSPF over secondary link is still up because !--- the call is not terminated yet, waiting for idle timeout. 222.222.222.222 1 FULL/DR 00:00:38 10.1.1.2 FastEthernet0/0 !--- OSPF is now starts to converge over primary link. r1# r1#show ip route 222.222.222.222 !--- The watched route is now learned through the primary link. !--- Check the cost. Routing entry for 222.222.222.222/32 Known via "ospf 1", distance 110, metric 2, type intra area Last update from 10.1.1.2 on FastEthernet0/0, 00:00:16 ago Routing Descriptor Blocks: * 10.1.1.2, from 222.222.222.222, 00:00:16 ago, via FastEthernet0/0 Route metric is 2, traffic share count is r1# 03:06:22: BR0/0:1 DDR: idle timeout !--- Idle timed out. !--- Dialer watch checks lost routes. Since primary is up, !--- it tears down the call. 03:06:22: DDR: Dialer Watch: watch-group = 1 03:06:22: DDR: network 222.222.222.222/255.255.255.255 UP, 03:06:22: DDR: primary UP 03:06:22: BR0/0:1 DDR: disconnecting call 03:06:22: BR0/0:1 DDR: Dialer Watch: resetting call in progress 03:06:22: DDR: Dialer Watch: watch-group = 1 03:06:22: DDR: network 222.222.222.222/255.255.255.255 UP, 03:06:22: DDR: primary UP 03:06:22: %ISDN-6-DISCONNECT: Interface BRI0/0:1 disconnected from 94134028 r2, call lasted 360 seconds 03:06:96677768412: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down 03:06:94489281195: BR0/0 DDR: has total 0 call(s), dial_out 0, dial_in 0 r1# 03:06:94489280544: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from profile Di1 03:06:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to down r1# 03:06:37: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0/0, TEI 82 changed to down r1# 03:07:01: %OSPF-5-ADJCHG: Process 1, Nbr 222.222.222.222 on Dialer1 from FULL to DOWN, Neighbor Down: Dead timer expired !--- OSPF neighbor is down because the secondary link is down. !--- Dead timer has expired. r1# r1#show ip ospf neigh Neighbor ID Pri State Dead Time Address Interface 222.222.222.222 1 FULL/DR 00:00:38 10.1.1.2 FastEthernet0/0 !--- OSPF neighbor is through the primary link only. r1#u all All possible debugging has been turned off r1#
Esta seção fornece informações que podem ser usadas para o troubleshooting da sua configuração. Para obter informações sobre como solucionar problemas gerais com as Camadas 1, 2 e 3 do ISDN, consulte Using the show isdn status Command for BRI Troubleshooting.
A Output Interpreter Tool (somente clientes registrados) oferece suporte a determinados comandos show, o que permite exibir uma análise da saída do comando show.
Note: Antes de emitir comandos de depuração, consulte Informações Importantes sobre Comandos de Depuração.
Estes comandos debug podem ser executados em ambos os ipsec peer.
debug crypto isakmp — Exibe erros durante a Fase 1.
debug crypto ipsec — Exibe erros durante a Fase 2.
debug crypto engine — Exibe informações a partir do cripto mecanismo.
Estes comandos show podem ser executados em ambos os ipsec peer.
mostre isakmp cripto sa — Indica todas as associações de segurança atuais do Internet Key Exchange (IKE) (SA) em um par.
mostre IPsec cripto sa — Indica os ajustes usados pelo [IPSec] atual SA.
active do show crypto engine connections — Conexões atual e informação dos indicadores em relação aos pacotes criptografado e decriptografado.
Estes comandos clear podem ser usados para cancelar SA.
cancele o isakmp cripto — Cancela as associações de segurança fase um.
cancele o sa cripto — Cancela as associações de segurança da fase dois.