Telnetのトラブル 【CCNP/CCIEレベル】
目次
ネットワーク構成
次の図のようなネットワークを構成しています。
設定概要
R1、R2の設定概要は以下の通りです。
R1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ aaa new-model ! class-map match-all Telnet match access-group 100 ! policy-map Telnet class Telnet police 8000 conform-action drop ! interface Loopback0 ip address 192.168.0.1 255.255.255.255 ! interface Ethernet0/0 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet0/1 ip address 192.168.12.1 255.255.255.0 ! router ospf 1 router-id 1.1.1.1 log-adjacency-changes network 192.168.1.1 0.0.0.0 area 0 network 192.168.0.0 0.0.255.255 area 0 ! access-list 100 permit tcp any any eq telnet ! control-plane service-policy input Telnet ! line con 0 line aux 0 line vty 0 4 transport input none ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R2
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ interface Loopback0 ip address 192.168.0.2 255.255.255.255 ! interface Ethernet0/0 ip address 192.168.12.2 255.255.255.0 ! interface Ethernet0/1 ip address 192.168.2.2 255.255.255.0 ! router ospf 1 router-id 2.2.2.2 log-adjacency-changes network 192.168.1.2 0.0.0.0 area 0 network 192.168.0.0 0.0.255.255 area 0 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
トラブルの症状
R2からR1へTelnetしようとするとできません。
R2
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ R2#telnet 192.168.0.1 Trying 192.168.0.1 ... % Connection timed out; remote host not responding R2#ping 192.168.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/14/36 ms ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R2からR1へTelnetした際のログを見ると、Telnetパケットにまったく応答がないようです。Pingの応答は正常に返ってきているので、ルーティングには問題がないと考えられます。
R1でアクセスリストなどの影響でTelnetパケットがフィルタされていることが考えられるので、以下のshowコマンドを使って切り分けしました。
- show access-list
- show ip interface
- show policy-map
- show policy-map control-plane
R1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ R1#show access-list Extended IP access list 100 10 permit tcp any any eq telnet (8 matches) R1#show ip interface Ethernet0/0 is up, line protocol is up Internet address is 192.168.1.1/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.5 224.0.0.6 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled Ethernet0/1 is up, line protocol is up Internet address is 192.168.12.1/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.5 224.0.0.6 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled ~省略~ Loopback0 is up, line protocol is up Internet address is 192.168.0.1/32 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1514 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.5 Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP CEF Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled WCCP Redirect outbound is disabled WCCP Redirect inbound is disabled WCCP Redirect exclude is disabled R1#show policy-map Policy Map Telnet Class Telnet police cir 8000 bc 1500 conform-action drop exceed-action drop R1#show policy-map control-plane Control Plane Service-policy input: Telnet Class-map: Telnet (match-all) 8 packets, 480 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes conformed 8 packets, 480 bytes; actions: drop exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any) 302 packets, 33856 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
問題
- R1にTelnetできない理由は何ですか。
- R1にTelnetできるようにするためには、どのように設定を修正すればよいですか。