ASA 5505 inter-vlan routing и eigrp. Проясните.: cisco

smartchecker in cisco_ru

ASA 5505 inter-vlan routing и eigrp. Проясните.

Oct 08, 2015 17:15

Есть ASA 5505, которая одной ногой смотрит в и-нет, а другой (dot1q trunk) в cisco 3560, с которым общается по EIGRP.
Картина мира, в представлении ASA выглядит так

# sh interface ip br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset down down
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset up up
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan6 192.168.6.2 YES CONFIG up up
Vlan7 192.168.7.50 YES CONFIG up up
Vlan10 185.7.xxx.254 YES CONFIG up up
Vlan22 192.168.22.3 YES CONFIG up up
Virtual0 127.0.0.1 YES unset up up

# sh switch vlan
VLAN Name Status Ports
---- -------------------------------- --------- -----------------------------
1 - down Et0/0, Et0/2, Et0/3, Et0/4
Et0/5, Et0/6
6 Test up Et0/1
7 Servers up Et0/1
10 outside up Et0/7
22 transport up Et0/1

d# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 185.7.xxx.249 to network 0.0.0.0

C 185.7.xxx.248 255.255.255.248 is directly connected, outside
D 192.168.25.0 255.255.255.0
[90/28416] via 192.168.22.1, 17:29:13, transport
D 172.19.0.0 255.255.0.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 172.31.2.0 255.255.255.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 172.31.7.0 255.255.255.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 172.31.6.0 255.255.255.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 172.31.11.0 255.255.255.0
[90/28672] via 192.168.22.1, 17:29:13, transport
D 172.31.9.0 255.255.255.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 172.31.8.0 255.255.255.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 172.30.0.0 255.255.0.0 [90/28672] via 192.168.22.1, 17:29:13, transport
D 192.168.20.0 255.255.255.0
[90/28416] via 192.168.22.1, 17:29:13, transport
C 192.168.6.0 255.255.255.0 is directly connected, Test
C 192.168.22.0 255.255.255.0 is directly connected, transport
C 192.168.7.0 255.255.255.0 is directly connected, Servers
D 192.168.1.0 255.255.255.0
[90/28416] via 192.168.22.1, 17:29:14, transport
S 192.168.2.0 255.255.255.0 [1/0] via 185.7.xxx.249, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 185.7.xxx.249, outside

Почему из сети 172.31.8.0/24 я не могу дотянуться до интерфейса 192.168.7.50?
В логе вот это

6|Oct 08 2015 17:09:01|110003: Routing failed to locate next hop for icmp from Servers:192.168.7.50/0 to Servers:172.31.8.18/0