teratail.com/269487 でもスレッドあげてみました。
teratail に関して初めて使います。。。
結論(23:00 15 Jun. '20)
以下コマンド追加で叩けばおk
adding-config
ip nat inside source list 10 interface GigabitEthernet0/5 overload
access-list 10 remark For NAPT(IP-Masquerade)
access-list 10 permit 192.168.30.0 0.0.0.255
約
NAPT の設定を入れることで改善
物理結線図
物理結線図
論理構成z
現在の running-config
running-config
!
! Last configuration change at 22:48:59 JST Sat Jun 13 2020
! NVRAM config last updated at 22:49:04 JST Sat Jun 13 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname N138-C841M-22XQ
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$v4A6$MsMv2NS5tmj/V938i1yGq.
!
aaa new-model
!
!
aaa authentication login default local-case enable
aaa authentication login noauth none
aaa authentication enable default enable
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone JST 9 0
!
!
call-home
contact-email-addr n138-support-box@googlegroups.com
!
!
!
!
!
!
ip domain retry 1
ip domain timeout 5
ip domain name n138.nws
ip name-server 192.168.30.250
ip cef
no ipv6 cef
!
!
license udi pid C841M-4X-JSEC/K9
!
!
vtp mode transparent
username root privilege 15 secret 5 $1$l85y$xw2Ot6ZFrv7hCH5zqhsnS1
!
redundancy
!
!
!
!
!
vlan 83
name n138.nws
!
track 83 interface GigabitEthernet0/5 line-protocol
delay up 30
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description *** Loopback ***
ip address 172.21.0.254 255.255.0.0
!
interface GigabitEthernet0/0
description TO) **LAN** VLAN 83 (n138.nws)
switchport access vlan 83
no ip address
!
interface GigabitEthernet0/1
description *** OffLine ***
no ip address
shutdown
duplex half
speed 10
!
interface GigabitEthernet0/2
description *** OffLine ***
no ip address
shutdown
duplex half
speed 10
!
interface GigabitEthernet0/3
description *** OffLine ***
no ip address
shutdown
duplex half
speed 10
!
interface GigabitEthernet0/4
description *** OffLine ***
ip address dhcp
ip ospf 1 area 1
shutdown
duplex half
speed 10
!
interface GigabitEthernet0/5
description TO) **WAN** Port 1 - SoftBank Air
ip address dhcp
ip ospf 1 area 1
duplex auto
speed auto
!
interface Vlan1
description *** OffLine ***
no ip address
shutdown
!
interface Vlan83
description TO) **LAN** Port 7 - N138-EG08MN2-02
ip address 192.168.30.240 255.255.255.0
vrrp 83 ip 192.168.30.254
vrrp 83 timers advertise 3
vrrp 83 preempt delay minimum 10
vrrp 83 priority 95
vrrp 83 track 83 decrement 15
!
router ospf 1
router-id 192.168.30.240
network 192.168.30.0 0.0.0.255 area 0
!
router bgp 3038
bgp log-neighbor-changes
network 192.168.30.0
redistribute connected
redistribute ospf 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns view default
domain timeout 5
domain retry 1
ip route 0.0.0.0 0.0.0.0 dhcp
ip ssh version 2
!
logging host 192.168.30.250
!
!
!
!
!
banner motd #
=== System Info ======================================
Hostname ............ N138-C841M-22XQ
Build In ............ 30th May 2020
=== END ==============================================
#
!
line con 0
exec-timeout 5 0
logging synchronous
login authentication noauth
no modem enable
line vty 0 4
exec-timeout 5 0
logging synchronous
transport input all
!
scheduler allocate 20000 1000
ntp server 192.168.30.250 prefer
ntp server ntp.nict.jp
!
end
PING 疎通試験
CoreGW-C841M#ping 8.8.8.8 source gi0/5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.163.2
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 28/28/28 ms
CoreGW-C841M#
CoreGW-C841M#ping 8.8.8.8 source gi0/5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.163.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/34/44 ms
CoreGW-C841M#
最初転けたけど2回目が全部問題無いからOK → ARP 解決
CoreGW-C841M#ping 8.8.8.8 source vlan 83
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.30.240
.....
Success rate is 0 percent (0/5)
CoreGW-C841M#
CoreGW-C841M#ping 8.8.8.8 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 172.21.0.254
.....
Success rate is 0 percent (0/5)
CoreGW-C841M#
LAN(VLAN83) からだけじゃなくて Loopback0 からも疎通通らないんだよなぁ
ちなみに、WAN を Gi0/5 → Gi0/3 (Vlan1) に変えても駄目だったので元に戻した。
VLAN 使ってるのが原因ではなさげ...
VRRP も切ってみたけど変わらず...
CoreGW-C841M#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.163.254 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 10.38.221.254/32 [110/2] via 192.168.30.200, 03:00:31, Vlan83
O 10.65.221.0/24 [110/2] via 192.168.30.200, 03:00:31, Vlan83
172.21.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.21.0.0/16 is directly connected, Loopback0
L 172.21.0.254/32 is directly connected, Loopback0
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Vlan83
L 192.168.30.240/32 is directly connected, Vlan83
O E2 192.168.122.0/24 [110/20] via 192.168.30.250, 03:00:31, Vlan83
192.168.163.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.163.0/24 is directly connected, GigabitEthernet0/5
L 192.168.163.2/32 is directly connected, GigabitEthernet0/5
CoreGW-C841M#