ospf не раздается в тунель

Обсуждение оборудования и его настройки
Ответить
svetogor82
Сообщения: 154
Зарегистрирован: 17 апр 2014, 10:44

Удалено за нарушение Правил, которые расположены выше.


svetogor82
Сообщения: 154
Зарегистрирован: 17 апр 2014, 10:44

1. Суть проблемы - ospf не раздается в туннель

2. Что было предпринято - настроен ospf

3. Конфигурация микротика
 

Код: Выделить всё

 > export compact 
# apr/17/2014 11:41:26 by RouterOS 6.12
# software id = J46A-68XZ
#
/interface gre
add local-address=1.1.1.5 name=gre-tunnel10 remote-address=2.2.2.2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
/port
set 0 name=serial0
set 1 name=serial1
/routing ospf area
set [ find default=yes ] disabled=yes
/routing ospf instance
set [ find default=yes ] disabled=yes redistribute-connected=as-type-2 \
    router-id=10.0.90.25
add disabled=yes name=ospf1 router-id=172.16.0.17
/routing ospf area
add area-id=0.0.0.10 instance=ospf1 name=area1
/ip address
add address=1.1.1.5/24 comment="default configuration" interface=ether1 \
    network=1.1.1.0
add address=172.16.0.17/16 interface=ether2 network=172.16.0.0
add address=10.0.90.25/30 interface=gre-tunnel10 network=10.0.90.24
/ip dns
set servers=172.16.0.5
/ip firewall filter
add action=drop chain=input comment=drop_all disabled=yes in-interface=ether1 \
    protocol=tcp
add action=drop chain=input disabled=yes in-interface=ether1 protocol=udp
add chain=output comment=out protocol=udp
add chain=output protocol=tcp
add chain=input comment="Allow IPSec-esp" protocol=ipsec-esp
add chain=input comment="Allow IKE" dst-port=500 protocol=udp
add chain=input comment="Allow IPSec-ah" protocol=ipsec-ah
add chain=input comment=icp_input protocol=icmp
add chain=input comment=ssh dst-port=22 protocol=tcp
add chain=input comment=www dst-port=80 protocol=tcp
add chain=input dst-port=443 protocol=tcp
add chain=input comment="access to winbox" dst-port=8291 in-interface=ether1 \
    protocol=tcp
add chain=input dst-port=8291 in-interface=ether2 protocol=tcp
add chain=input connection-state=new dst-port=8291,65522 protocol=tcp
add chain=input comment=dns dst-port=53 in-interface=all-ethernet protocol=\
    udp
add chain=input dst-port=53 in-interface=all-ethernet protocol=tcp
add chain=input connection-state=established
add chain=input connection-state=related
add chain=input dst-port=1723 protocol=tcp
add chain=input dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=3h chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=1h chain=output content="530 Login incorrect" \
    protocol=tcp
/ip ipsec peer
add address=2.2.2.2/32 enc-algorithm=3des hash-algorithm=md5 secret=\
    "pass"
/ip route
add distance=1 gateway=91.216.48.1
add distance=1 dst-address=10.0.90.26/32 gateway=gre-tunnel10
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set sfp-sfpplus1 interface=sfp-sfpplus1
set sfp-sfpplus2 interface=sfp-sfpplus2
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
/routing ospf interface
add cost=700 interface=gre-tunnel10 network-type=broadcast priority=0
/routing ospf network
add area=area1 network=172.16.0.0/16
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 0 type=interface-speed
set 2 type=interface-speed
/system ntp client
set enabled=yes mode=unicast primary-ntp=194.149.67.129 secondary-ntp=\

4. С документацией и мануалами ознакомлен, ответа не нашел.


Ответить