877 qos

Tutto ciò che ha a che fare con la configurazione di apparati Cisco (e non rientra nelle altre categorie)

Moderatore: Federico.Lagni

Rispondi
Avatar utente
anburg
Cisco fan
Messaggi: 63
Iscritto il: lun 21 apr , 2008 8:44 am

ciao a tutti
ho da poco aquistato un 877, ADSL alice 7 mega ip dinamico PPPoE. ora la conf. poi le domande

Cisco877#sh run
Building configuration...

Current configuration : 6715 bytes
!
! Last configuration change at 09:30:01 MET Thu Nov 6 2008
! NVRAM config last updated at 09:31:34 MET Thu Nov 6 2008
!
version 12.4
service nagle
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$0dyt$EmedFZXJRKxhjraNBfF.Y.
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.11 192.168.1.254
!
ip dhcp pool Pool1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.11
dns-server 212.216.112.112 212.216.172.162
lease infinite
!
!
ip cef
ip ips name IPS-IN
!
ip ips signature-category
category all
retired true
event-action reset-tcp-connection deny-packet-inline produce-alert
category ddos
retired false
category dos
retired false
category viruses/worms/trojans
retired false
category adware/spyware
retired false
category attack
retired false
!
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect one-minute high 500
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name BgWll cuseeme
ip inspect name BgWll ftp
ip inspect name BgWll h323
ip inspect name BgWll icmp
ip inspect name BgWll netshow
ip inspect name BgWll rcmd
ip inspect name BgWll realaudio
ip inspect name BgWll rtsp
ip inspect name BgWll esmtp
ip inspect name BgWll sqlnet
ip inspect name BgWll streamworks
ip inspect name BgWll tftp
ip inspect name BgWll tcp
ip inspect name BgWll udp
ip inspect name BgWll vdolive
login block-for 300 attempts 3 within 30
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
!
!
interface ATM0
description ***** INTERFACCIA INTERNET *****
no ip address
ip access-group 131 in
ip ips IPS-IN in
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description ***** LAN *****
ip address 192.168.1.11 255.255.255.0
ip accounting output-packets
ip flow ingress
ip nat inside
ip inspect BgWll in
ip virtual-reassembly
no ip mroute-cache
hold-queue 100 out
!
interface Dialer0
description ***** CONNESSIONE INTERNET *****
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname xxxx
ppp chap password 0 xxxcx
ppp pap sent-username xxxxxx password 0 xxxxx
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.3 6893 interface Dialer0 6893
ip nat inside source static udp 192.168.1.3 36728 interface Dialer0 36728
ip nat inside source static tcp 192.168.1.3 16401 interface Dialer0 16401
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark *** ACL PER PAT E NAT ***
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 131 remark *** ACL ANTI-SPOOFING ***
access-list 131 deny ip host 0.0.0.0 any log
access-list 131 deny ip 127.0.0.0 0.255.255.255 any log
access-list 131 deny ip 192.0.2.0 0.0.0.255 any log
access-list 131 deny ip 224.0.0.0 31.255.255.255 any log
access-list 131 deny ip 10.0.0.0 0.255.255.255 any log
access-list 131 deny ip 172.16.0.0 0.15.255.255 any log
access-list 131 deny ip 192.168.0.0 0.0.255.255 any log
access-list 131 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 permit icmp any any time-exceeded
access-list 131 permit icmp any any unreachable
access-list 131 permit icmp any any administratively-prohibited
access-list 131 permit icmp any any packet-too-big
access-list 131 permit icmp any any traceroute
access-list 131 deny icmp any any
access-list 131 remark *** ACL PER BLOCCARE WORM ***
access-list 131 deny tcp any any eq 135
access-list 131 deny udp any any eq 135
access-list 131 deny udp any any eq netbios-ns
access-list 131 deny udp any any eq netbios-dgm
access-list 131 deny tcp any any eq 139
access-list 131 deny udp any any eq netbios-ss
access-list 131 deny tcp any any eq 445
access-list 131 deny tcp any any eq 8888
access-list 131 deny tcp any any eq 8594
access-list 131 deny tcp any any eq 8563
access-list 131 deny tcp any any eq 7778
access-list 131 deny tcp any any eq 593
access-list 131 deny tcp any any eq 2049
access-list 131 deny udp any any eq 2049
access-list 131 deny tcp any any eq 2000
access-list 131 deny tcp any any range 6000 6010
access-list 131 deny udp any any eq 1433
access-list 131 deny udp any any eq 1434
access-list 131 deny udp any any eq 5554
access-list 131 deny udp any any eq 9996
access-list 131 deny udp any any eq 113
access-list 131 deny udp any any eq 3067
access-list 131 remark *** ACL PER BLOCCARE ACCESSI NON AUTORIZZATI ***
access-list 131 deny ip any any log
access-list 131 remark *** ACL PER BLOCCARE ATTACCO EXTREME UDP FLOODING **
access-list 131 deny udp any any eq 5000
access-list 131 deny udp any eq 5000 any eq 5000
access-list 131 deny udp any eq 5000 any
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
banner motd ^CC
*********************************************************
----------------------------------------------------------------
* *** * *** * *** ROUTER PERIMETRALE *** * *** * *** *
----------------------------------------------------------------
* WARNING: *

* If you are NOT authorized to use this system, LOG OFF NOW! *
* *
*********************************************************
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxxx
login
!
scheduler max-task-time 5000
sntp server 192.43.244.18
sntp server 207.46.197.32
end

vorrei fare in modo che usando prog p2p e navigando, venga data priorita' al browser internet (porta 80) so che si chiama qos ed è supportata dalla mia IOS 124-22.T ma non so come applicarla.
preciso che attualmente tutto funziona, ma vi prego di controllare se ci sono degli sbagli, o elle mancanze, nella conf. che ho copiato spudoratamente da molti 3d, pero' adattata alle mie esigenze :roll:


GRAZIE A TUTTI CIAO
Top
Rispondi

Torna a “Configurazioni”