Обещанный конфиг. Стер неработающую часть на второго провайдера.
!
! Last configuration change at 01:55:55 Moscow Mon Aug 7 2017 by admin
! NVRAM config last updated at 01:55:57 Moscow Mon Aug 7 2017 by admin
!
version 15.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname Cisco_3945E
!
boot-start-marker
boot system flash0 c3900e-universalk9-mz.SPA.154-3.M7.bin
warm-reboot
boot-end-marker
!
!
enable secret 5 XXXXXXXXX
enable password 7 XXXXXXXXX
!
no aaa new-model
clock timezone Moscow 3 0
clock calendar-valid
!
!
!
!
!
!
no ip source-route
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.168.1 192.168.168.10
ip dhcp excluded-address 192.168.255.1 192.168.255.10
ip dhcp excluded-address 192.168.0.215 192.168.0.254
ip dhcp excluded-address 192.168.1.215 192.168.1.254
ip dhcp excluded-address 192.168.168.215 192.168.168.254
ip dhcp excluded-address 192.168.255.215 192.168.255.254
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.2.215 192.168.2.254
!
ip dhcp pool $Vlan1$
network 192.168.0.0 255.255.255.0
update dns both override
netbios-node-type h-node
option 42 ip 192.168.0.240
option 4 ip 192.168.0.240
default-router 192.168.0.240
dns-server 192.168.0.240
netbios-name-server 192.168.0.240
lease 0 12
!
ip dhcp pool $Vlan2$
network 192.168.1.0 255.255.255.0
update dns both override
netbios-node-type h-node
netbios-name-server 192.168.1.240
option 42 ip 192.168.0.240
option 4 ip 192.168.0.240
default-router 192.168.1.240
dns-server 192.168.1.240
lease 0 12
!
ip dhcp pool $Vlan169$
network 192.168.168.0 255.255.255.0
update dns both override
netbios-node-type h-node
option 4 ip 192.168.0.240
option 42 ip 192.168.0.240
dns-server 192.168.168.240
netbios-name-server 192.168.168.240
default-router 192.168.168.240
lease 0 12
!
ip dhcp pool $VlanVoice$
network 192.168.255.0 255.255.255.0
update dns both override
netbios-node-type h-node
option 42 ip 192.168.0.240
option 4 ip 192.168.0.240
default-router 192.168.255.240
dns-server 192.168.255.240
netbios-name-server 192.168.255.240
lease 0 12
!
ip dhcp pool $Vlan3$
network 192.168.2.0 255.255.255.0
update dns both override
netbios-node-type h-node
option 42 ip 192.168.0.240
option 4 ip 192.168.0.240
default-router 192.168.2.240
dns-server 192.168.2.240
netbios-name-server 192.168.2.240
lease 0 12
!
!
!
ip domain name home.local
ip name-server 212.188.4.10
ip name-server 195.34.32.116
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
chat-script gsm "" "atdt*98*1#" TIMEOUT 180 "CONNECT"
cts logging verbose
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name
e=sdmtest@sdmtest.com revocation-check crl
!
crypto pki trustpoint TP-self-signed-1068516960
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1068516960
revocation-check none
rsakeypair TP-self-signed-1068516960
!
!
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain TP-self-signed-1068516960
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
voice-card 0
!
!
!
!
!
!
!
!
license udi pid C3900-SPE250/K9 sn FOC1638600F
license boot module c3900e technology-package securityk9
license boot module c3900e technology-package uck9
license boot module c3900e technology-package datak9
license boot module c3900e technology-package NtwkEssSuitek9
license boot module c3900e technology-package CollabProSuitek9
!
!
hw-module sm 1
!
hw-module sm 2
!
hw-module sm 3
!
hw-module sm 4
!
username Admin privilege 15 secret 5 XXXXXXXXX
!
redundancy
!
!
!
!
!
controller Cellular 0/2
!
transceiver type all
monitoring interval 300
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
track 4 ip sla 4 reachability
!
track 5 ip sla 5 reachability
!
track 8 ip sla 8 reachability
delay down 20 up 20
!
track 50 list boolean and
object 1
object 2
!
track 60 list boolean and
object 4
object 5
!
!
!
!
!
!
bridge irb
!
!
!
!
interface GigabitEthernet0/0
description "ISP_MAIN"
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
media-type rj45
no mop enabled
bridge-group 1
!
interface GigabitEthernet0/1
description "ISP_BACK"
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
media-type rj45
no mop enabled
bridge-group 2
!
interface GigabitEthernet0/2
description "SERVER-SM1"
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no mop enabled
bridge-group 1
!
interface GigabitEthernet0/3
description "SERVER-SM3"
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no mop enabled
bridge-group 1
!
interface ucse1/0
description $Internal L3 interface connected to Service Module1"
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
imc ip address 192.168.168.215 255.255.255.0 default-gateway 192.168.168.240
imc access-port dedicated
!
interface ucse1/1
description $Internal L2 interface connected to Service Module1"
switchport mode trunk
no ip address
!
interface GigabitEthernet2/0
description $Internal L3 interface connected to Service Module2$
ip address 2.2.2.1 255.255.255.0
!
interface GigabitEthernet2/1
description $Internal L2 interface connected to Service Module2$
switchport mode trunk
no ip address
!
interface ucse3/0
description $Internal L3 interface connected to Service Module3"
ip address 3.3.3.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
imc ip address 192.168.168.217 255.255.255.0 default-gateway 192.168.168.240
imc access-port dedicated
!
interface ucse3/1
description $Internal L2 interface connected to Service Module3"
switchport mode trunk
no ip address
!
interface ucse4/0
no ip address
service-module heartbeat-reset disable
!
interface ucse4/1
no ip address
!
interface Cellular0/2/0
no ip address
encapsulation slip
dialer in-band
dialer string gsm
!
interface Cellular0/2/1
no ip address
encapsulation slip
shutdown
!
interface Vlan1
ip address 192.168.0.240 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 192.168.1.240 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan3
ip address 192.168.2.240 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan169
ip address 192.168.168.240 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan256
ip address 192.168.255.240 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface BVI1
ip address 100.100.100.240 255.255.255.0
!
interface BVI2
ip address 200.200.200.240 255.255.255.0
!
!
ip local policy route-map echo
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map srv1_nat interface ucse1/0 overload
ip nat inside source route-map srv3_nat interface ucse3/0 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.2 track 50
ip route 0.0.0.0 0.0.0.0 3.3.3.2 128
ip route 100.100.100.250 255.255.255.255 1.1.1.2
ip route 100.100.100.252 255.255.255.255 3.3.3.2
ip ssh version 1
!
ip sla 1
icmp-echo 1.1.1.2 source-interface ucse1/0
threshold 1000
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 100.100.100.250 source-interface ucse1/0
threshold 1000
timeout 1000
frequency 5
ip sla schedule 2 life forever start-time now
ip sla 4
icmp-echo 3.3.3.2 source-interface ucse3/0
threshold 1000
timeout 1000
frequency 5
ip sla schedule 4 life forever start-time now
ip sla 5
icmp-echo 100.100.100.252 source-interface ucse3/0
threshold 1000
timeout 1000
frequency 5
ip sla schedule 5 life forever start-time now
ip sla 7
icmp-echo 2.2.2.2 source-interface GigabitEthernet2/0
threshold 1000
timeout 1000
frequency 5
ip sla schedule 7 life forever start-time now
ip sla 8
icmp-echo 8.8.4.4 source-interface BVI1
frequency 5
ip sla schedule 8 life forever start-time now
ip sla 11
icmp-echo 8.8.8.8 source-interface BVI2
frequency 5
ip sla schedule 11 life forever start-time now
dialer-list 1 protocol ip permit
!
nls resp-timeout 1
cpd cr-id 1
route-map echo permit 10
match ip address 101
set ip next-hop 100.100.100.254
!
route-map srv3_nat permit 10
match ip address 1
match interface ucse3/0
!
route-map srv1_nat permit 10
match ip address 1
match interface ucse1/0
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.168.0 0.0.0.255
access-list 1 permit 192.168.255.0 0.0.0.255
access-list 1 deny any
access-list 101 permit icmp any host 8.8.8.8 echo
access-list 101 permit icmp any host 8.8.4.4 echo
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
exec-timeout 60 0
password 7 XXXXXXXXX
login local
line aux 0
line 0/2/0
script dialer gsm
no exec
line 0/2/1
no exec
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
speed 9600
flowcontrol software
line 130
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line 194
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
speed 9600
flowcontrol software
line 258
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
speed 9600
flowcontrol software
line vty 0 4
exec-timeout 60 0
password 7 XXXXXXXXX
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp logging
ntp master 2
ntp update-calendar
ntp server 88.147.254.234 source Vlan1
ntp server 88.147.254.227 prefer source Vlan1
event manager applet SERVER_SM1_UP
event track 50 state up
action 1.0 cli command "enable"
action 1.1 cli command "cellular 0/2/0 gsm sms send 89266293154 SERVER_SM1_UP"
action 1.2 cli command "clear ip nat trans forced"
action 1.3 cli command "end"
event manager applet SERVER_SM1_DOWN
event track 50 state down
action 1.0 cli command "enable"
action 1.1 cli command "cellular 0/2/0 gsm sms send 89266293154 SERVER_SM1_DOWN"
action 1.2 cli command "clear ip nat trans forced"
action 1.3 cli command "end"
event manager applet SERVER_SM3_UP
event track 60 state up
action 1.0 cli command "enable"
action 1.1 cli command "cellular 0/2/0 gsm sms send 89266293154 SERVER_SM3_UP"
action 1.2 cli command "end"
event manager applet SERVER_SM3_DOWN
event track 60 state down
action 1.0 cli command "enable"
action 1.1 cli command "cellular 0/2/0 gsm sms send 89266293154 SERVER_SM3_DOWN"
action 1.2 cli command "end"
event manager applet ISP_MAIN_UP
event track 8 state up
action 1.0 cli command "enable"
action 1.1 cli command "cellular 0/0/0 gsm sms send 89266293154 MAIN_IPS_UP"
action 1.2 cli command "end"
event manager applet ISP_MAIN_DOWN
event track 8 state down
action 1.0 cli command "enable"
action 1.1 cli command "cellular 0/0/0 gsm sms send 89266293154 MAIN_IPS_DOWN"
action 1.2 cli command "end"
!
end