Ciao a tutti, vorrei capire come impostare le ACL sul mio 837 configurato con Eutelia.
Navigo e si pinga tranquillamente tutto. Vorrei capire come intervenire per limitare la risposta al Ping geografico senza però limitarne l'accesso telnet. Appena provo a mettere una qualsiasi ACL smetto di navigare.. non capisco proprio..
837spc#sh run
Building configuration...
Current configuration : 2593 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 837spc
!
boot-start-marker
boot-end-marker
!
logging monitor notifications
enable secret ***
enable password ***
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip name-server 62.94.0.1
ip name-server 62.94.0.2
ip ips po max-events 100
no ftp-server write-enable
!
!
partition flash 2 10 2
!
username *** password 7 ***
!
!
no crypto isakmp ccm
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
description connessione ad internet ( PPPoA Eutelia )
ip address 81.200.***.*** 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname *****
ppp chap password 7 ****
ppp pap sent-username *****
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 5000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static 192.168.0.9 interface Dialer0
!
access-list 1 permit 192.168.0.0 0.0.0.255
snmp-server community visiospc RO
snmp-server trap-source Ethernet0
snmp-server host 192.168.1.253 visiospc
!
!
control-plane
!
!
line con 0
no modem enable
stopbits 1
speed 115200
line aux 0
line vty 0 4
exec-timeout 120 0
password 7 ******
login
length 0
!
scheduler max-task-time 5000
end
