ubuntuusers.de

via DuckDuckGo

cisco config

Datum:
18. Dezember 2014 08:49
Code:
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
Router# show running-config
Building configuration...
 
Current configuration : 3781 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname retail
!
boot-start-marker
boot-end-marker
!
enable password cisco123
!
username jsomeone password 0 cg6#107X
aaa new-model
!
aaa group server radius rad_eap
server 10.0.1.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa session-id common
ip subnet-zero
ip cef
!
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
!
interface dialer 1
ip address negotiated
ppp authentication chap
dialer pool 1
dialer-group 1
!
dialer-list 1 protocol ip permit
ip nat inside source list 1 interface dialer 0 overload
ip classless (default)
ip route 10.10.25.2 0.255.255.255 dialer 0
!
ip dhcp excluded-address 10.0.1.1 10.0.1.10
ip dhcp excluded-address 10.0.2.1 10.0.2.10
ip dhcp excluded-address 10.0.3.1 10.0.3.10
!
ip dhcp pool vlan1
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
!
ip dhcp pool vlan2
network 10.0.2.0 255.255.255.0
default-router 10.0.2.1
!
ip dhcp pool vlan3
network 10.0.3.0 255.255.255.0
default-router 10.0.3.1
!
ip ips po max-events 100
no ftp-server write-enable
!
bridge irb
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
!
interface FastEthernet9
switchport mode trunk
no ip address
!
interface FastEthernet0
ip address 192.1.12.2 255.255.255.0
no ip directed-broadcast (default)
ip nat outside
ip access-group 103 in
no cdp enable
crypto ipsec client ezvpn ezvpnclient outside
crypto map static-map
duplex auto
speed auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group rtr-remote
key secret-password
dns 10.50.10.1 10.60.10.1
domain company.com
pool dynpool
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto ipsec security-association lifetime seconds 86400
!
crypto dynamic-map dynmap 1
set transform-set vpn1
reverse-route
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
crypto map dynmap isakmp authorization list rtr-remote
crypto map dynmap client configuration address respond
 
crypto ipsec client ezvpn ezvpnclient
connect auto
group 2 key secret-password
mode client
peer 192.168.100.1
!
interface Dot11Radio0
no ip address
!
broadcast-key vlan 1 change 45
!
encryption vlan 1 mode ciphers tkip
!
ssid cisco
vlan 1
authentication open
authentication network-eap eap_methods
authentication key-management wpa optional
!
ssid ciscowep
vlan 2
authentication open
!
ssid ciscowpa
vlan 3
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
rts threshold 2312
power local cck 50
power local ofdm 30
channel 2462
station-role root
!
interface Dot11Radio0.1
description Cisco Open
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast (default)
crypto ipsec client ezvpn ezvpnclient inside
ip inspect firewall in
no cdp enable
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Vlan3
no ip address
bridge-group 3
bridge-group 3 spanning-disabled
!
interface BVI1
ip address 10.0.1.1 255.255.255.0
ip nat inside
!
interface BVI2
ip address 10.0.2.1 255.255.255.0
!
interface BVI3
ip address 10.0.3.1 255.255.255.0
!
ip classless
!
ip http server
no ip http secure-server
!
radius-server local
nas 10.0.1.1 key 0 cisco123
group rad_eap
!
user jsomeone nthash 7 0529575803696F2C492143375828267C7A760E1113734624452725707C010B065B
user AMER\jsomeone nthash 7 0224550C29232E041C6A5D3C5633305D5D560C09027966167137233026580E0B0D
!
radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 key cisco123
!
control-plane
!
bridge 1 route ip
bridge 2 route ip
bridge 3 route ip
!
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
!
access-list 103 permit udp host 200.1.1.1 any eq isakmp
access-list 103 permit udp host 200.1.1.1 eq isakmp any
access-list 103 permit esp host 200.1.1.1 any
access-list 103 permit icmp any any
access-list 103 deny ip any any
access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run
!
line con 0
password cisco123
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password cisco123
transport preferred all
transport input all
transport output all
!