06年在2821xm上做的一個配置,包括封BT、策略路由、基於時間的訪問控制列表和adsl撥號的配置。硬件配置是:
2821路由器+wic-1adsl模塊
配置如下:
Current configuration : 3738 bytes
!
! Last configuration change at 16:13:07 GMT Sat Oct 7 2006 by cisco
! NVRAM config last updated at 16:18:28 GMT Sat Oct 7 2006 by cisco
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname jaclc2821
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone GMT 8
ip subnet-zero
!
ip nbar pdlm bittorrent.pdlm
!
ip cef
!
!
no ip domain lookup
vpdn enable
!
!
username cisco privilege 15 secret 5 $1$WCn.$ZQyT7iyAsnJw5cIIBXHZV.
!
!
class-map match-any denybt
match protocol bittorrent
match protocol edonkey
match protocol kazaa2
!
!
policy-map denybtpolicy
class denybt
police cir 1048500
conform-action transmit
exceed-action drop
violate-action drop
!
!
!
interface GigabitEthernet0/0
ip address 192.168.240.10 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip policy route-map fastmap
duplex auto
speed auto
service-policy input denybtpolicy
service-policy output denybtpolicy
!
interface GigabitEthernet0/1
ip address 192.168.254.253 255.255.255.0
duplex auto
speed auto
!
interface ATM0/0/0
bandwidth 2048
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 0/32
pppoe-client dial-pool-number 1
!
!
interface Dialer1
bandwidth 2048
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username car8 password 0 def45thghh
!
router ospf 100
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
ip default-gateway 192.168.240.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat translation timeout 100
ip nat translation tcp-timeout 100
ip nat translation max-entries all-host 20
ip nat inside source list permitip interface Dialer1 overload
!
ip access-list standard permitip
permit any
!
ip access-list extended accessncoa
permit ip any 172.17.0.0 0.0.255.255
ip access-list extended fastaccess
permit icmp any any
permit tcp any any eq domain
permit udp any any eq domain
permit tcp any any eq smtp
permit tcp any any eq pop3
permit tcp any any eq 443
permit tcp any any eq www
permit ip host 10.254.254.10 any
permit ip host 10.254.254.20 any
permit ip host 192.168.24.73 any
permit ip host 192.168.24.55 any
permit ip host 192.168.24.241 any
permit ip host 192.168.24.52 any
permit ip host 192.168.24.86 any
permit ip host 192.168.24.222 any
permit ip host 192.168.24.240 any
permit ip host 192.168.24.242 any
permit ip host 192.168.24.243 any
permit ip host 192.168.24.108 any
permit ip host 192.168.24.11 any
permit ip host 192.168.24.17 any
permit ip host 192.168.24.14 any
permit ip host 192.168.24.10 any
permit ip any any time-range jaclc
!
route-map fastmap permit 9
match ip address accessncoa
set ip next-hop 192.168.254.254
!
route-map fastmap permit 10
match ip address fastaccess
set ip next-hop 192.168.254.254
!
route-map fastmap permit 20
!
!
control-plane
!
banner login ^C
WARNING:This is CSR Wuhan Jiangan Rolling Stock Works equipment.You are atte
ng to enter the Wuhan Jiangna Rolling Stock Works network.Unauthorized acces
d use of this network will be vigorously prosecuted.
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180149
ntp server 10.254.254.20
time-range jaclc
periodic daily 0:00 to 7:50
!
!
end
!
! Last configuration change at 16:13:07 GMT Sat Oct 7 2006 by cisco
! NVRAM config last updated at 16:18:28 GMT Sat Oct 7 2006 by cisco
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname jaclc2821
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone GMT 8
ip subnet-zero
!
ip nbar pdlm bittorrent.pdlm
!
ip cef
!
!
no ip domain lookup
vpdn enable
!
!
username cisco privilege 15 secret 5 $1$WCn.$ZQyT7iyAsnJw5cIIBXHZV.
!
!
class-map match-any denybt
match protocol bittorrent
match protocol edonkey
match protocol kazaa2
!
!
policy-map denybtpolicy
class denybt
police cir 1048500
conform-action transmit
exceed-action drop
violate-action drop
!
!
!
interface GigabitEthernet0/0
ip address 192.168.240.10 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip policy route-map fastmap
duplex auto
speed auto
service-policy input denybtpolicy
service-policy output denybtpolicy
!
interface GigabitEthernet0/1
ip address 192.168.254.253 255.255.255.0
duplex auto
speed auto
!
interface ATM0/0/0
bandwidth 2048
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 0/32
pppoe-client dial-pool-number 1
!
!
interface Dialer1
bandwidth 2048
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username car8 password 0 def45thghh
!
router ospf 100
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
ip default-gateway 192.168.240.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat translation timeout 100
ip nat translation tcp-timeout 100
ip nat translation max-entries all-host 20
ip nat inside source list permitip interface Dialer1 overload
!
ip access-list standard permitip
permit any
!
ip access-list extended accessncoa
permit ip any 172.17.0.0 0.0.255.255
ip access-list extended fastaccess
permit icmp any any
permit tcp any any eq domain
permit udp any any eq domain
permit tcp any any eq smtp
permit tcp any any eq pop3
permit tcp any any eq 443
permit tcp any any eq www
permit ip host 10.254.254.10 any
permit ip host 10.254.254.20 any
permit ip host 192.168.24.73 any
permit ip host 192.168.24.55 any
permit ip host 192.168.24.241 any
permit ip host 192.168.24.52 any
permit ip host 192.168.24.86 any
permit ip host 192.168.24.222 any
permit ip host 192.168.24.240 any
permit ip host 192.168.24.242 any
permit ip host 192.168.24.243 any
permit ip host 192.168.24.108 any
permit ip host 192.168.24.11 any
permit ip host 192.168.24.17 any
permit ip host 192.168.24.14 any
permit ip host 192.168.24.10 any
permit ip any any time-range jaclc
!
route-map fastmap permit 9
match ip address accessncoa
set ip next-hop 192.168.254.254
!
route-map fastmap permit 10
match ip address fastaccess
set ip next-hop 192.168.254.254
!
route-map fastmap permit 20
!
!
control-plane
!
banner login ^C
WARNING:This is CSR Wuhan Jiangan Rolling Stock Works equipment.You are atte
ng to enter the Wuhan Jiangna Rolling Stock Works network.Unauthorized acces
d use of this network will be vigorously prosecuted.
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180149
ntp server 10.254.254.20
time-range jaclc
periodic daily 0:00 to 7:50
!
!
end