我完全无法解决这个问题。我的 ISP 日志显示我的 Cisco 860 路由器全天每 30 分 18 秒断开和重新连接 - 浏览时很明显,因为站点出现错误然后重新加载。
我还可以在日志中看到接口(GigabitEthernet2)被关闭(不确定这是否相关)。我不确定这可能是什么设置?我的静态 IP 地址正在使用来自 ISP 的 DHCP 租约 - 不确定这是否即将到期和续订,或者这可能是 MTU 问题?还是双工协商问题?或者只是 IOS 的一个已知错误 - 在我签订支持合同之前。
版本:15.6(3)M0a
以下是我对相关端口的配置:
interface GigabitEthernet2
description PrimaryWANDesc_iiNet NBN
ip address dhcp
ip nat outside
ip virtual-reassembly in
zone-member security WAN
duplex auto
speed auto
no cdp enable
我不确定您可能需要哪些其他设置/日志,所以请让我知道我还应该提供什么。
更新:在旧的 Draytek 上连续 3 天没有重新连接后将 860 重新连接,并且可以确认 Cisco 在 30 分钟(初始连接后)重新连接。ISP 日志显示以下内容:
Connected using IPoE
Authenticated with Line Auth
但是,日志不显示在此期间关闭/启动的任何接口。IPoE 是否存在计时器问题或错误?
更新:我提供了一个经过过滤的配置。我找不到显示任何断开连接的日志条目。看来路由器需要每 30 分钟重新验证一次 IPoE 连接。在发生这种情况时,这会导致连接短暂中断。
构建配置...
Current configuration : 16718 bytes
!
! Last configuration change at 06:54:13 UTC Tue May 14 2019 by iinet
!
version 15.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname nbn
!
boot-start-marker
boot system flash c860vaew-advsecurityk9-mz.SPA.156-3.M0a.bin
boot system flash
boot-end-marker
!
aqm-register-fnf
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login local_access local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
wan mode ethernet
no ip source-route
!
!
!
!
!
!
ip inspect max-incomplete high 2000
ip inspect max-incomplete low 1600
ip inspect name Internet-out icmp router-traffic
ip inspect name Internet-out tcp router-traffic
ip inspect name Internet-out udp router-traffic
no ip bootp server
ip domain retry 0
ip domain timeout 1
ip domain name scnet.com.au
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 1600
max-incomplete high 2000
nbar-classify
parameter-map type inspect ddos
tcp synwait-time 15
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3447020667
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3447020667
revocation-check none
rsakeypair TP-self-signed-3447020667
!
!
crypto pki certificate chain TP-self-signed-3447020667
certificate self-signed 01
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network Others_dst_net
any
!
object-group network Others_src_net
any
!
object-group service Others_svc
ip
!
object-group network Web_dst_net
any
!
object-group network Web_src_net
any
!
object-group service Web_svc
ip
!
object-group network allowping_dst_net
any
!
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
!
controller VDSL 0
shutdown
no cdp run
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any Others_app
match protocol https
match protocol smtp
match protocol pop3
match protocol imap
match protocol sip
match protocol ftp
match protocol dns
match protocol icmp
class-map type inspect match-any allowping_app
match protocol icmp
!
policy-map type inspect LAN-WAN-POLICY
class type inspect lan-allow-all
inspect
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security WAN-DMZ source WAN destination DMZ
service-policy type inspect WAN-DMZ-POLICY
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
zone-pair security WAN-LAN source WAN destination LAN
service-policy type inspect WAN-LAN-POLICY
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
!
!
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
!
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
load-interval 30
shutdown
!
interface FastEthernet0
switchport access vlan 2
no ip address
zone-member security LAN
!
interface FastEthernet1
switchport access vlan 2
no ip address
zone-member security LAN
!
interface FastEthernet2
no ip address
zone-member security LAN
!
interface GigabitEthernet0
switchport access vlan 2
no ip address
zone-member security LAN
!
interface GigabitEthernet1
switchport access vlan 2
no ip address
zone-member security LAN
!
interface GigabitEthernet2
description PrimaryWANDesc_iiNet NBN
ip address dhcp
ip nat outside
ip virtual-reassembly in
zone-member security WAN
duplex auto
speed auto
no cdp enable
!
interface Virtual-Template2 type tunnel
ip unnumbered Vlan2
zone-member security VPN
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
zone-member security LAN
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
load-interval 30
!
interface Vlan2
ip address 192.168.0.222 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
load-interval 30
!
ip local pool VPN-Pool 192.168.2.100 192.168.2.105
ip forward-protocol nd
ip http server
ip http upload enable path flash:
ip http upload overwrite
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-top-talkers
top 16
sort-by bytes
!
ip dns view default
domain timeout 1
domain retry 0
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source list nat-list interface GigabitEthernet2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet2
!
ip access-list extended ISAKMP_IPSEC
permit udp any any eq isakmp
permit ahp any any
permit esp any any
permit udp any any eq non500-isakmp
ip access-list extended Internet
.................
deny ip any any log
!
!
!
!
line con 0
login authentication local_access
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
login authentication local_access
transport input telnet ssh
!
scheduler allocate 60000 1000
!
end
ISP 日志
20 Jul 2019 08:53AM 20 Jul 2019 09:24AM 30 minutes, 18 seconds Normal Termination
20 Jul 2019 08:23AM 20 Jul 2019 08:53AM 30 minutes, 18 seconds Normal Termination
20 Jul 2019 07:53AM 20 Jul 2019 08:23AM 30 minutes, 19 seconds Normal Termination
20 Jul 2019 07:22AM 20 Jul 2019 07:53AM 30 minutes, 18 seconds Normal Termination
20 Jul 2019 06:52AM 20 Jul 2019 07:22AM 30 minutes, 18 seconds Normal Termination
................. this continues all day and night
更新:我发现界面正在重新启动?为什么??
*Jul 20 03:24:32.491 UTC: %DHCP-5-RESTART: Interface GigabitEthernet2 is being restarted by DHCP
*Jul 20 03:24:34.491 UTC: %LINK-5-CHANGED: Interface GigabitEthernet2, changed state to administratively down
*Jul 20 03:24:35.491 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down
*Jul 20 03:24:37.527 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to down
*Jul 20 03:24:40.487 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to up
*Jul 20 03:24:41.487 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to up