IPv4 settings
IPv6 settings
Router settings
LAN with NAT
DMZ
ADSL Uplink
ISDN Uplink
6in4 Tunnel
Maintenance
Controlling
Logging / Coredumps
Time
!
version 12.3
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname rt-1
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
logging buffered 16384 debugging
no logging console
enable secret 5 $1$xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username foobar secret 5 $1$xxxxxxxxxxxxxxxxxxxxxxxxxxx
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
no aaa new-model
ip subnet-zero
no ip source-route
!
ip domain name 0x1b.ch
ip name-server 212.25.17.162
no ip bootp server
ip ftp username cisco
ip ftp password 7 xxxxxxxxxxxxxxxxxx
ip cef
ip flow-cache feature-accelerate
ip ids po max-events 100
ipv6 unicast-routing
ipv6 cef
no ftp-server write-enable
isdn switch-type basic-net3
!
interface Tunnel2002
description 6to4 tunnel (RFC3068)
no ip address
no ip redirects
ipv6 address 2002:D419:11A1::1/128
tunnel source Ethernet0
tunnel mode ipv6ip 6to4
!
interface Ethernet0
description public LAN
ip address 212.25.17.161 255.255.255.240
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
ipv6 address 2001:8E0:1006::1/64
ipv6 address 2001:8E0:1006::/64 eui-64
ipv6 verify unicast reverse-path
no cdp enable
!
interface Ethernet2
description private LAN
ip address 172.16.0.1 255.255.0.0
ip verify unicast reverse-path
ip helper-address 212.25.17.162
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
ipv6 address 2001:8E0:1006:1::1/64
ipv6 address 2001:8E0:1006:1::/64 eui-64
ipv6 verify unicast reverse-path
no cdp enable
!
interface BRI0
description ISDN interface
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
isdn tei-negotiation first-call
isdn answer1 0123456789
isdn calling-number 0123456789
no cdp enable
!
interface ATM0
description ADSL interface
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode etsi
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface
FastEthernet3
no
ip address
duplex auto
speed auto
!
interface
FastEthernet4
no
ip address
duplex auto
speed auto
!
interface
Virtual-Template1
no
ip address
!
interface
Dialer1
description ADSL
link to Dolphins (212.25.16.173 - 212.25.27.44)
bandwidth 600
ip
address negotiated
ip
access-group frominet in
no
ip redirects
no
ip proxy-arp
ip
nat outside
ip
virtual-reassembly
encapsulation ppp
ip
route-cache flow
no
ip mroute-cache
dialer pool 1
dialer-group 1
ipv6
address autoconfig
ipv6
traffic-filter frominet6 in
ipv6
virtual-reassembly
no
cdp enable
ppp
authentication chap callin
ppp
chap hostname login@example.com
ppp
chap password 7 xxxxxxxxxxxxxxxxxx
!
interface
Dialer2
description ISDN
link to Dolphins (212.25.29.216 - 212.25.28.83)
bandwidth 128
ip
address negotiated
ip
access-group frominet in
no
ip redirects
no
ip proxy-arp
ip
nat outside
ip
virtual-reassembly
encapsulation ppp
ip
route-cache flow
no
ip mroute-cache
load-interval 60
dialer pool 2
dialer string
0840840730
dialer hold-queue 25
timeout 30
dialer
load-threshold 200 either
dialer watch-group 2
dialer-group 2
no
cdp enable
ppp
authentication chap callin
ppp
chap hostname login
ppp
chap password 7 xxxxxxxxxxxxxxxxxx
!
ip
classless
ip
route 0.0.0.0 0.0.0.0 212.25.27.44
ip
route 0.0.0.0 0.0.0.0 Dialer2 80
!
no
ip http server
no
ip http secure-server
ip
nat inside source route-map main interface Dialer1 overload
ip
nat inside source route-map secondary interface Dialer2 overload
!
ip
access-list standard management
remark Remote access
to Router
permit 212.25.17.160
0.0.0.15
deny
any
ip
access-list standard private
remark Private IP
ranges
permit 10.0.0.0
0.255.255.255
permit 172.0.0.0
0.240.255.255
permit 192.168.0.0
0.0.255.255
deny
any
!
ip
access-list extended frominet
remark Filter
traffic from internet
deny
ip host 255.255.255.255 any
deny
ip 0.0.0.0 0.255.255.255 any
deny
ip 10.0.0.0 0.255.255.255 any
deny
ip 127.0.0.0 0.255.255.255 any
deny
ip 169.254.0.0 0.0.255.255 any
deny
ip 172.16.0.0 0.15.255.255 any
deny
ip 204.152.64.0 0.0.1.255 any
deny
ip 192.0.2.0 0.0.0.255 any
deny
ip 192.168.0.0 0.0.255.255 any
deny
ip 224.0.0.0 15.255.255.255 any
deny
ip 240.0.0.0 7.255.255.255 any
deny
ip 248.0.0.0 7.255.255.255 any
deny
ip 212.25.17.160 0.0.0.15 any
permit udp any eq
domain any
permit udp any eq
ntp any
permit udp any eq
isakmp any
permit udp any eq
talk any
permit udp any eq
518 any
deny
udp any range 0 1023 any
deny
udp any eq 2049 any
deny
tcp any range exec cmd any
deny
tcp any eq 2049 any
deny
tcp any range 6000 6099 any
deny
tcp any eq 7100 any
deny
tcp any eq 7101 any
deny
tcp any eq 16001 any
permit ip any any
logging
trap debugging
logging
212.25.17.162
dialer
watch-list 2 ip 212.25.27.44 255.255.255.255
dialer-list
1 protocol ip permit
dialer-list
1 protocol ipv6 permit
dialer-list
2 protocol ip permit
snmp-server
community public RO management
snmp-server
location Obstalden
snmp-server
contact beat@0x1b.ch
snmp-server
enable traps tty
snmp-server
enable traps config
snmp-server
tftp-server-list management
no
cdp run
ipv6
route 2002::/16 Tunnel2002
ipv6
route ::/0 Dialer1
!
route-map
main permit 10
description NAT on
ADSL
match ip address
private
match interface
Dialer1
!
route-map
secondary permit 10
description NAT on
ISDN
match ip address
private
match interface
Dialer2
!
ipv6
access-list frominet6
remark Filter
traffic from internet
permit udp any eq
domain any
permit udp any eq
ntp any
permit udp any eq
isakmp any
permit udp any eq
talk any
permit udp any eq
518 any
deny
udp any range 0 1023 any
deny
udp any eq 2049 any
deny
tcp any range exec cmd any
deny
tcp any eq 2049 any
deny
tcp any range 6000 6099 any
deny
tcp any eq 7100 any
deny
tcp any eq 7101 any
deny
tcp any eq 16001 any
permit ipv6 any any
!
ipv6
access-list management6
remark Remote access
to Router
permit ipv6
2001:8E0:1006::/64 any
deny
ipv6 any any
!
control-plane
!
banner
exec ^C
Hopefully
you know what you are doing ;-)
^C
banner
motd ^C
..............................................................................
:
rt-1.0x1b.ch
:
:
:
:
ADSL / ISDN uplink Obstalden
:
:
Cisco 836 managed by Beat Rubischon <beat@0x1b.ch>
:
:............................................................................:
^C
alias
exec w copy running-config startup-config
alias
exec v show running-config
alias
exec b show ip interface brief
alias
exec c configure terminal
alias
exec n copy running-config ftp
!
line
con 0
exec-timeout 60 0
no
modem enable
history size 256
transport preferred
none
transport output all
stopbits 1
line
aux 0
exec-timeout 60 0
transport preferred
none
transport output all
line
vty 0 4
access-class
management in
exec-timeout 60 0
ipv6
access-class management6 in
login local
history size 256
transport preferred
none
transport input
telnet ssh
transport output all
line
vty 5 61
access-class
management in
exec-timeout 60 0
ipv6
access-class management6 in
login local
history size 256
transport preferred
none
transport input
telnet ssh
transport output all
!
exception
protocol ftp
exception
dump 212.25.17.162
scheduler
max-task-time 5000
ntp
authentication-key 1 md5 xxxxxxxxxxxxxxxx 7
ntp
authentication-key 2 md5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 7
ntp
authenticate
ntp
trusted-key 1
ntp
trusted-key 2
ntp
clock-period 17180036
ntp
master 6
ntp
server 212.25.17.162
no
rcapi server
!
end
|