martedì, Dicembre 10, 2024

Configurazione Cisco 837

Alessandro Pensato
Alessandro Pensatohttp://www.alessandro-pensato.it
Ciao a tutti, sono Alessandro, sono nato a Palermo il 24/01/1983 e vivo a qualche chilometro dalla città. Da anni coltivo la passione per i computer e tutto quello che ci sta attorno, con un occhio di riguardo per il mondo delle reti. Nel 2000 mi avvicino al mondo di Linux e ne resto impressionato da ciò che consente di fare, nonchè alla filosofia dell’opensource. Nel Aprile 2005 ho conseguito la certificazione Cisco CCNA. Da Novembre 2006 sono membro del CUG. Ho completato il corso HP IT Essential I e II e Cisco Network Security. Ho svolto uno stage presso Jump2Future dove mi sono occupato di redigere una ralazione per la realizzazione di un cluster basato su RedHat GFS (Global File System). Lavoro per l’IBIM-CNR di Palermo dal 2002 come tecnico informatico e gestione rete. Sto cominciando ad acquisire conoscenze nel campo del VoIP con software quali Trixbox e Elastix, realizzazione e uso di macchine virtuali basate su VMWare.


Current configuration : 15406 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname hell
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered critical
enable secret 5 xxx.
!
aaa new-model
!
aaa user profile admin_user
!
!
aaa session-id common
!
resource policy
!
clock timezone Rome 1
ip subnet-zero
no ip source-route
!
!
ip nbar port-map custom-02 tcp 8888 7777 6666 1111 3000 4242 4232 3333 3432 4321 4444 3456 4661 5000 5555
ip nbar port-map custom-01 udp 8888 7777 6666 1111 3000 4242 4232 3333 3432 4321 4444 3456 4661 5000 5555
!
!
ip tcp synwait-time 10
ip cef
ip domain name mynet
ip name-server 208.67.222.222
ip name-server 208.67.220.220
no ip bootp server
ip inspect name internet-out icmp
ip ips notify SDEE
ip ssh time-out 60
ip ssh authentication-retries 2
ip ddns update method dyndns2
HTTP
add http://user:[email protected]/nic/update?system=dyndns&hostname=&myip=
interval maximum 28 0 0 0
!
!
!
crypto pki trustpoint TP-self-signed-4103904623
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4103904623
revocation-check none
rsakeypair TP-self-signed-4103904623
!
!
crypto pki certificate chain TP-self-signed-4103904623
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
..............
quit
username admin_user privilege 15 password 7 xxx
!
!
class-map match-any SDMVoice-Dialer0
match protocol rtp audio
match protocol skype
class-map match-any SDMTrans-Dialer0
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
class-map match-any SDMAll-Dialer0
match any
class-map type port-filter match-any p2p
match port tcp 6890 6900
match port udp 6890 6900
class-map match-any SDMScave-Dialer0
match protocol napster
match protocol fasttrack
match protocol gnutella
match protocol edonkey
match protocol kazaa2
match protocol directconnect
match protocol winmx
match class-map p2p
class-map match-any SDMBulk-Dialer0
match protocol exchange
match protocol ftp
match protocol http
match protocol irc
match protocol pop3
match protocol secure-ftp
match protocol secure-irc
match protocol secure-nntp
match protocol secure-pop3
match protocol smtp
match protocol tftp
class-map match-any SDMRout-Dialer0
match protocol bgp
match protocol eigrp
match protocol ospf
match protocol rip
match protocol rsvp
class-map match-any SDMSignal-Dialer0
match protocol h323
match protocol rtcp
class-map match-any SDMManage-Dialer0
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any SDMIVideo-Dialer0
match protocol rtp video
class-map match-any SDMSVideo-Dialer0
match protocol cuseeme
match protocol netshow
match protocol rtsp
match protocol streamwork
match protocol vdolive
!
!
policy-map SDM-Pol-Dialer0
class SDMManage-Dialer0
bandwidth remaining percent 3
set dscp cs2
class SDMSignal-Dialer0
bandwidth remaining percent 35
set dscp cs3
class SDMRout-Dialer0
bandwidth remaining percent 3
set dscp cs6
class SDMBulk-Dialer0
priority percent 10
set dscp ef
class SDMTrans-Dialer0
bandwidth remaining percent 33
set dscp af21
class SDMVoice-Dialer0
priority percent 60
set dscp ef
class SDMScave-Dialer0
bandwidth remaining percent 5
set dscp default
class SDMAll-Dialer0
bandwidth remaining percent 5
set dscp default
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description LocalLAN
ip address 192.168.5.1 255.255.255.0
ip access-group ethernet0_in in
ip access-group ethernet0_out out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
rate-limit input access-group 2000 496000 50000 100000 conform-action transmit exceed-action drop
rate-limit input access-group 2001 144000 20000 50000 conform-action transmit exceed-action drop
rate-limit input access-group 2002 80000 10000 30000 conform-action transmit exceed-action drop
rate-limit input access-group 2003 24000 10000 15000 conform-action transmit exceed-action drop
rate-limit output access-group 2020 3000000 500000 1000000 conform-action transmit exceed-action drop
rate-limit output access-group 2021 2496000 500000 800000 conform-action transmit exceed-action drop
rate-limit output access-group 2022 1000000 100000 500000 conform-action transmit exceed-action drop
rate-limit output access-group 2023 200000 100000 200000 conform-action transmit exceed-action drop
ip route-cache flow
ip tcp adjust-mss 1460
no ip mroute-cache
no cdp enable
hold-queue 200 out
!

interface ATM0
no ip address
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
speed auto
full-duplex
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!

interface Dialer0
bandwidth 640
ip ddns update hostname myhost.dyndns.org
ip ddns update dyndns2 host members.dyndns.org
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer idle-timeout 0
dialer persistent
no cdp enable
ppp authentication chap callin
ppp chap hostname
[email protected]
ppp chap password 7 xxxx
ppp pap sent-username [email protected] password 7 xxx
service-policy output SDM-Pol-Dialer0
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.5.0 255.255.255.0 Ethernet0 permanent
!
no ip http server
ip http authentication local
ip http secure-server
!
ip nat translation timeout 180
ip nat translation tcp-timeout 180
ip nat translation dns-timeout 20
ip nat translation icmp-timeout 10
ip nat translation max-entries list low_traffic 100
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.5.5 5900 interface Dialer0 5900

!
!
ip access-list extended low_traffic
deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255
permit tcp 192.168.5.0 0.0.0.255 any gt 1024
ip access-list extended ethernet0_in
remark adminlan_out
permit ip 192.168.5.0 0.0.0.7 any
remark lan_icmp_local
permit icmp 192.168.5.16 0.0.0.15 192.168.5.16 0.0.0.15
remark lan_icmp_openwifi
deny icmp 192.168.5.16 0.0.0.15 192.168.5.128 0.0.0.31
remark lan_ip_openwifi
deny ip 192.168.5.16 0.0.0.15 192.168.5.128 0.0.0.31
remark lan_icmp_closewifi
permit icmp 192.168.5.16 0.0.0.15 192.168.5.32 0.0.0.31
remark lan_icmp_out
deny icmp 192.168.5.16 0.0.0.15 any
remark lan_out_all
permit ip 192.168.5.16 0.0.0.15 any
remark closewifi_icmp_local
permit icmp 192.168.5.32 0.0.0.31 192.168.5.32 0.0.0.31
remark closewifi_ip_openwifi
permit ip 192.168.5.32 0.0.0.31 192.168.5.128 0.0.0.31
remark closewifi_icmp_lan
deny icmp 192.168.5.32 0.0.0.31 192.168.5.16 0.0.0.15
remark closewifi_icmp_lan
deny icmp 192.168.5.32 0.0.0.31 192.168.5.0 0.0.0.7
remark closewifi_icmp_ext
deny icmp 192.168.5.32 0.0.0.31 any
remark closewifi_out_m1024_tcp
permit tcp 192.168.5.32 0.0.0.31 any lt 1024
remark closewifi_out_m1024_udp
permit udp 192.168.5.32 0.0.0.31 any lt 1024
remark closewifi_out_8000
permit tcp 192.168.5.32 0.0.0.31 any eq 8000
remark closewifi_out_9999
permit tcp 192.168.5.32 0.0.0.31 any eq 9999
remark closewifi_out_deny
deny ip 192.168.5.32 0.0.0.31 any
remark openwifi_openwifi_ip_permit
permit ip 192.168.5.128 0.0.0.31 192.168.5.128 0.0.0.31
remark openwifi_icmp_deny
deny icmp 192.168.5.128 0.0.0.31 any
remark openwifi_out_dns_tcp
permit tcp 192.168.5.128 0.0.0.31 any eq domain
remark openwifi_out_dns_udp
permit udp 192.168.5.128 0.0.0.31 any eq domain
remark openwifi_out_http_tcp
permit tcp 192.168.5.128 0.0.0.31 any eq www
remark openwifi_out_https_tcp
permit tcp 192.168.5.128 0.0.0.31 any eq 443
remark openwifi_all_deny
deny ip 192.168.5.128 0.0.0.31 any
remark deny_all
deny ip any any
ip access-list extended ethernet0_out
deny icmp 192.168.5.32 0.0.0.31 192.168.5.0 0.0.0.7
deny icmp 192.168.5.128 0.0.0.31 any
permit tcp any 192.168.5.0 0.0.0.255 gt 1023 established
permit udp any 192.168.5.0 0.0.0.255 gt 1023
permit tcp any eq ftp-data 192.168.5.0 0.0.0.255 gt 1023
permit icmp any 192.168.5.0 0.0.0.255 echo-reply
permit tcp any host 192.168.5.5 eq 5900

deny ip any any
logging trap debugging

access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 deny tcp any host 192.168.5.1 eq telnet
access-list 100 deny tcp any host 192.168.5.1 eq 22
access-list 100 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq www
access-list 100 deny tcp any host 192.168.5.1 eq www
access-list 100 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq 443
access-list 100 deny tcp any host 192.168.5.1 eq 443
access-list 100 deny tcp any host 192.168.5.1 eq cmd
access-list 100 deny udp any host 192.168.5.1 eq snmp
access-list 100 permit ip any any
access-list 101 remark SDM_ACL Category=19
access-list 101 permit ip any any
access-list 2000 remark admin_lan
access-list 2000 deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 2000 permit ip 192.168.5.0 0.0.0.7 any
access-list 2001 remark lan
access-list 2001 deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 2001 permit ip 192.168.5.16 0.0.0.15 any
access-list 2002 remark ap1
access-list 2002 deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 2002 permit ip 192.168.5.32 0.0.0.31 any
access-list 2003 remark ap2
access-list 2003 deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 2003 permit ip 192.168.5.128 0.0.0.31 any
access-list 2020 remark adminlan_ret
access-list 2020 deny ip 192.168.5.0 0.0.0.255 192.168.5.0 0.0.0.255<<<<<<<< dialer-list 1 protocol ip permit

Articoli correlati

Noleggia una Tesla per il tuo evento ICT!

Categorie