Cosa non va in questa configurazione?
Inviato: dom 22 giu , 2008 5:52 pm
Salve, volevo un vostro parere sulla config a seguire e come posso adattarla alle mie esigenze.
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname homelan
!
logging buffered 10240 debugging
logging console critical
!
clock timezone NZST 12
clock summer-time NZDT recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
!
!
ip subnet-zero
no ip source-route
ip domain-name local
archive
path flash:config
write-memory
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall rtsp
ip inspect name firewall skinny
file verify auto
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid PUNTO
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii .-VgyY~t(czvs)_K
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface bvi1
ip address 192.168.1.1 255.255.255.0
ip access-group 102 in
ip nat inside
no ip directed-broadcast
exit
!
interface ATM0
dsl operating-mode auto
exit
!
interface ATM0.1 point-to-point
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
exit
!
interface Dialer0
ip address negotiated
ip inspect firewall out
ip access-group 101 in
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username xxx password yyy
ppp ipcp dns request
ppp ipcp route default
no cdp enable
exit
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
no ip http server
!
!
line vty 0 4
access-class 2 in
exit
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.1.0 0.0.0.255
!
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.1.0 0.0.0.255
!
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.1.1
access-list 102 deny ip any host 192.168.1.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq 137 log
access-list 102 deny udp any any eq 138 log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
bridge 1 route ip
dialer-list 1 protocol ip permit
banner motd |
Original config (c)IFM Ltd [email protected], prepared by xxx@yyy/a
You require authorisation to connect to this device.
If you are not authorised to connect to this device please disconnect now. If
you fail to disconnect you may be prosecuted under the Crimes Amendment
Act 2003 section 252 under New Zealand law.
|
!
interface FastEthernet0
no shutdown
exit
interface FastEthernet1
no shutdown
exit
interface FastEthernet2
no shutdown
exit
interface FastEthernet3
no shutdown
exit
interface vlan1
no shutdown
exit
interface ATM0
no shutdown
exit
interface Dot11Radio0
no shutdown
exit
interface bvi1
no shutdown
exit
crypto key generate rsa general-keys modulus 2048
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname homelan
!
logging buffered 10240 debugging
logging console critical
!
clock timezone NZST 12
clock summer-time NZDT recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
!
!
ip subnet-zero
no ip source-route
ip domain-name local
archive
path flash:config
write-memory
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall rtsp
ip inspect name firewall skinny
file verify auto
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid PUNTO
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii .-VgyY~t(czvs)_K
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface bvi1
ip address 192.168.1.1 255.255.255.0
ip access-group 102 in
ip nat inside
no ip directed-broadcast
exit
!
interface ATM0
dsl operating-mode auto
exit
!
interface ATM0.1 point-to-point
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
exit
!
interface Dialer0
ip address negotiated
ip inspect firewall out
ip access-group 101 in
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username xxx password yyy
ppp ipcp dns request
ppp ipcp route default
no cdp enable
exit
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
no ip http server
!
!
line vty 0 4
access-class 2 in
exit
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.1.0 0.0.0.255
!
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.1.0 0.0.0.255
!
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.1.1
access-list 102 deny ip any host 192.168.1.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq 137 log
access-list 102 deny udp any any eq 138 log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
bridge 1 route ip
dialer-list 1 protocol ip permit
banner motd |
Original config (c)IFM Ltd [email protected], prepared by xxx@yyy/a
You require authorisation to connect to this device.
If you are not authorised to connect to this device please disconnect now. If
you fail to disconnect you may be prosecuted under the Crimes Amendment
Act 2003 section 252 under New Zealand law.
|
!
interface FastEthernet0
no shutdown
exit
interface FastEthernet1
no shutdown
exit
interface FastEthernet2
no shutdown
exit
interface FastEthernet3
no shutdown
exit
interface vlan1
no shutdown
exit
interface ATM0
no shutdown
exit
interface Dot11Radio0
no shutdown
exit
interface bvi1
no shutdown
exit
crypto key generate rsa general-keys modulus 2048