Skip to content
This repository has been archived by the owner on Jul 16, 2021. It is now read-only.

君のことだけみていたい #8

Open
Noiri opened this issue Mar 2, 2019 · 2 comments
Open

君のことだけみていたい #8

Noiri opened this issue Mar 2, 2019 · 2 comments

Comments

@Noiri
Copy link
Collaborator

Noiri commented Mar 2, 2019

No description provided.

@Noiri Noiri added the SNMP label Mar 2, 2019
@arsley arsley changed the title 問題G 君のことだけみていたい Mar 2, 2019
@fono09
Copy link
Member

fono09 commented Mar 2, 2019

1841-B

!
! Last configuration change at 12:09:07 UTC Thu Feb 28 2019
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 1841-B
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 .qe5G5VYpTYYfafDBOh/XVn4a8gIiQxeyctXUHeg37M
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip vrf mgmt
!
ip cef
no ip domain lookup
ip domain name icttoracon.net
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FGL150823VW
username admin password 7 0452205E2C2B5E1D2B
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.2.1 255.255.255.192
 ip access-group 100 in
 duplex auto
 speed auto
!
interface FastEthernet0/0.95
 description mgmt
 encapsulation dot1Q 95
 ip vrf forwarding mgmt
 ip address 192.168.127.7 255.255.255.0
!
interface FastEthernet0/1
 ip address 192.168.2.65 255.255.255.192
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 125000
!
interface Serial0/0/1
 no ip address
 shutdown
 clock rate 125000
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route vrf mgmt 0.0.0.0 0.0.0.0 192.168.127.254
!
access-list 100 permit tcp any eq 22 any
access-list 100 permit tcp any eq telnet any
access-list 100 deny   udp any eq snmp any
access-list 100 deny   udp any eq snmptrap any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
 exec prompt timestamp
line aux 0
line vty 0 4
 exec-timeout 0 0
 login local
 exec prompt timestamp
 transport input telnet ssh
line vty 5 15
 exec-timeout 0 0
 login local
 exec prompt timestamp
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

@fono09
Copy link
Member

fono09 commented Mar 2, 2019

一次回答になります。

1841-BFa0/0に対して、access-group 100in側に適用しているが、
当該のaccess-groupは全てのsnmp,snmp-trapのトラフィックを遮断している。
加えて、標準でdropとなるため、ping要求もdropされている。

よって、1814-Bにおて当該のアクセスリストの編集を行って解決した。

# conf t
# ip access-list extended 100
(config-ext-nacl)# 26 permit icmp host 192.168.2.10 host 192.168.2.100 echo

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants