2011年3月18日 / 最終更新日 : 2011年3月18日 Gene Cisco(シスコ)

Telnetのトラブル 【CCNP/CCIEレベル】

ネットワーク構成

次の図のようなネットワークを構成しています。

telnet_trouble01.jpg
図 Telnetのトラブル ネットワーク構成

設定概要

R1、R2の設定概要は以下の通りです。

R1

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
aaa new-model
!
class-map match-all Telnet
match access-group 100
!
policy-map Telnet
class Telnet
police 8000 conform-action drop
!
interface Loopback0
ip address 192.168.0.1 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.12.1 255.255.255.0
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 192.168.1.1 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
!
access-list 100 permit tcp any any eq telnet
!
control-plane
service-policy input Telnet
!
line con 0
line aux 0
line vty 0 4
transport input none
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

R2

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
interface Loopback0
ip address 192.168.0.2 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
!
interface Ethernet0/1
ip address 192.168.2.2 255.255.255.0
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 192.168.1.2 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

トラブルの症状

R2からR1へTelnetしようとするとできません。

R2

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R2#telnet 192.168.0.1
Trying 192.168.0.1 ...
% Connection timed out; remote host not responding
R2#ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/36 ms
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

R2からR1へTelnetした際のログを見ると、Telnetパケットにまったく応答がないようです。Pingの応答は正常に返ってきているので、ルーティングには問題がないと考えられます。
R1でアクセスリストなどの影響でTelnetパケットがフィルタされていることが考えられるので、以下のshowコマンドを使って切り分けしました。

  • show access-list
  • show ip interface
  • show policy-map
  • show policy-map control-plane

R1

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R1#show access-list
Extended IP access list 100
10 permit tcp any any eq telnet (8 matches)
R1#show ip interface
Ethernet0/0 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound  access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Ethernet0/1 is up, line protocol is up
Internet address is 192.168.12.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound  access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
~省略~
Loopback0 is up, line protocol is up
Internet address is 192.168.0.1/32
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound  access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
R1#show policy-map
Policy Map Telnet
Class Telnet
police cir 8000 bc 1500
conform-action drop
exceed-action drop
R1#show policy-map control-plane
Control Plane
Service-policy input: Telnet
Class-map: Telnet (match-all)
8 packets, 480 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 100
police:
cir 8000 bps, bc 1500 bytes
conformed 8 packets, 480 bytes; actions:
drop
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
302 packets, 33856 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

問題

  • R1にTelnetできない理由は何ですか。
  • R1にTelnetできるようにするためには、どのように設定を修正すればよいですか。
カテゴリー
Cisco(シスコ)