Salve ho da poco acquistato il router cisco di cui sopra,utilizzando il CP express ho cercato di configurarlo per navigare su Internet con una normalissima alice casa 7M con ip dinamico.Ho solo riconfigurato il pool di indirizzi Lan(sono passato da 10.10.10.1 a 192.168.13.1) nulla di che,per il resto ho inserito i parametri di Alice che ho sempre usato con il precedente modem nell'interfaccia WAN.Se vi posto la mia attuale configurazione potreste darmi una dritta sul fatto che non riesco a navigare,qualsiasi browser non riesce a risolvere gli indirizzi quindi ho un problema sui DNS di Alice.Li devo per caso impostare manualmente nella configuraione DHCP della LAN?
Ringrazio anticipatamente tutti coloro che vi volessero dare qualche dritta.
Ecco la mia attuale configurazione (salvata però con CP non express):
Building configuration...
Current configuration : 5530 bytes
!
! Last configuration change at 09:31:25 PCTime Wed Jan 26 2011 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO887
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$5oPK$qyixGHj9eEdZxMAKOgHYu0
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2943808617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2943808617
revocation-check none
rsakeypair TP-self-signed-2943808617
!
!
crypto pki certificate chain TP-self-signed-2943808617
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393433 38303836 3137301E 170D3131 30313236 30383132
31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343338
30383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC59 5330ABA2 2CAFA3BD 197CE9C0 80FD9059 60E7549B 4FC79CA6 7809A1EA
C73EC696 FB49A00C C1170329 72C6A344 E1818912 B3BF452B 2953DDCD C2DBA2CD
AEF0ECD2 F7080AAC 842DE35C 1E7530AA 3BC28F31 DD7282E4 8A494E8B 57A16178
CF29DEA3 EF349D5E 656CA755 3594C11E FC868CDE 7B6F827C 67E53FA8 4AD0F97C
38ED0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08434953 434F3838 37301F06 03551D23 04183016 801496E0
9A241F87 91962332 D30B6AA7 499C8EA8 D9AF301D 0603551D 0E041604 1496E09A
241F8791 962332D3 0B6AA749 9C8EA8D9 AF300D06 092A8648 86F70D01 01040500
03818100 8573A7F6 4E82CF00 F1E5FFE8 A09320B0 576C0DC3 2EF8EECA 117C753B
5BBF4DA6 1FCFD911 7B329734 2162AECB 89D3FA5D F9891EF1 1D047FDE 2ADCABE4
07F8F84A 1D9ED91D 705E5F9E 0CEE4072 4219EC4A 4DF29361 30C8136F 60A46937
154BACCA 23EF6902 B9BD540E 6BAA60E3 8F6C607A 9A24D26A B248A864 4EA7AB9B 2FF83E06
quit
no ip source-route
!
!
ip dhcp excluded-address 192.168.13.1
!
ip dhcp pool ccp-pool1
import all
network 192.168.13.0 255.255.255.0
default-router 192.168.13.1
!
!
ip cef
no ip bootp server
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ145390L9
!
!
username admin privilege 15 secret 5 $1$OW1t$yovmrYMnF63SVakcPy1MT1
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
!
interface ATM0.2 point-to-point
description $ES_WAN$
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.13.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname (la mia user name)
ppp chap password 7 00071C050B5704
ppp pap sent-username (la mia user name) password 714141D08030825
no cdp enable
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 100 interface Dialer1 overload
!
logging trap debugging
access-list 100 remark CCP_ACL Category=2
access-list 100 permit ip 192.168.13.0 0.0.0.255 any
dialer-list 2 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
CISCO887-sec-K9 e Alice casa 7M
Moderatore: Federico.Lagni
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Si metti nel pool dhcp
Ciao
Codice: Seleziona tutto
dns-server IP_SERVER_DNS-
pierpox
- n00b
- Messaggi: 7
- Iscritto il: gio 20 gen , 2011 6:40 pm
Grazia innanzitutto per la risposta,come correttamente mi avevi confermato era un problema di DNS.Allora sono andato con CP express nei settaggi del DHCP e ho inserito manualmente i DNS di alice così come li recepiva il mio vecchio modem.Ora tutto è ok navigo tranquillamente senza nessun problema.Scusami se abuso della tua pazienza ma volevo chiederti a questo punto se vi è un modo per far recepire anche al 887 gli indirizzi dei DNS in modo automatico.Il comando che mi suggerisci di inserire serve appunto a questo?E se si vi è un modo per poter fare la stessa cosa utilizzando il CP (non express)?
Ecco cmq la mia nova configurazione e grazie ancora per la tua disponibilità:
Building configuration...
Current configuration : 5706 bytes
!
! Last configuration change at 10:41:45 PCTime Wed Jan 26 2011 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO887
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$5oPK$qyixGHj9eEdZxMAKOgHYu0
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2943808617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2943808617
revocation-check none
rsakeypair TP-self-signed-2943808617
!
!
crypto pki certificate chain TP-self-signed-2943808617
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393433 38303836 3137301E 170D3131 30313236 30393237
33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343338
30383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC59 5330ABA2 2CAFA3BD 197CE9C0 80FD9059 60E7549B 4FC79CA6 7809A1EA
C73EC696 FB49A00C C1170329 72C6A344 E1818912 B3BF452B 2953DDCD C2DBA2CD
AEF0ECD2 F7080AAC 842DE35C 1E7530AA 3BC28F31 DD7282E4 8A494E8B 57A16178
CF29DEA3 EF349D5E 656CA755 3594C11E FC868CDE 7B6F827C 67E53FA8 4AD0F97C
38ED0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08434953 434F3838 37301F06 03551D23 04183016 801496E0
9A241F87 91962332 D30B6AA7 499C8EA8 D9AF301D 0603551D 0E041604 1496E09A
241F8791 962332D3 0B6AA749 9C8EA8D9 AF300D06 092A8648 86F70D01 01040500
03818100 70057090 D5D0D0A8 E20B5BC9 D251B317 1829F081 7E5C688A 7D62C215
A01D0FD3 DD70336A 9CA741E0 69E42E03 96BD69B3 D6304092 7357BAF2 C0E4BE4F
A8A1152A ED0728AA 8AE88A92 3A4613DC 6DC2BE5C 37635728 1675125A 1FC59C7F
5CC2D141 0EF5A84A E498FB4E C3BD74EB 229B0C82 D42F7156 4A245605 6F85529B 97C15936
quit
no ip source-route
!
!
ip dhcp excluded-address 192.168.13.1
!
ip dhcp pool ccp-pool1
import all
network 192.168.13.0 255.255.255.0
default-router 192.168.13.1
dns-server 85.37.17.51 85.38.28.97
!
!
ip cef
no ip bootp server
ip name-server 85.37.17.51
ip name-server 85.38.28.97
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ145390L9
!
!
username admin privilege 15 secret 5 $1$OW1t$yovmrYMnF63SVakcPy1MT1
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.13.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username (mia username) password 7 01100907540709
no cdp enable
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.13.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Ecco cmq la mia nova configurazione e grazie ancora per la tua disponibilità:
Building configuration...
Current configuration : 5706 bytes
!
! Last configuration change at 10:41:45 PCTime Wed Jan 26 2011 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO887
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$5oPK$qyixGHj9eEdZxMAKOgHYu0
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2943808617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2943808617
revocation-check none
rsakeypair TP-self-signed-2943808617
!
!
crypto pki certificate chain TP-self-signed-2943808617
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393433 38303836 3137301E 170D3131 30313236 30393237
33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343338
30383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC59 5330ABA2 2CAFA3BD 197CE9C0 80FD9059 60E7549B 4FC79CA6 7809A1EA
C73EC696 FB49A00C C1170329 72C6A344 E1818912 B3BF452B 2953DDCD C2DBA2CD
AEF0ECD2 F7080AAC 842DE35C 1E7530AA 3BC28F31 DD7282E4 8A494E8B 57A16178
CF29DEA3 EF349D5E 656CA755 3594C11E FC868CDE 7B6F827C 67E53FA8 4AD0F97C
38ED0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08434953 434F3838 37301F06 03551D23 04183016 801496E0
9A241F87 91962332 D30B6AA7 499C8EA8 D9AF301D 0603551D 0E041604 1496E09A
241F8791 962332D3 0B6AA749 9C8EA8D9 AF300D06 092A8648 86F70D01 01040500
03818100 70057090 D5D0D0A8 E20B5BC9 D251B317 1829F081 7E5C688A 7D62C215
A01D0FD3 DD70336A 9CA741E0 69E42E03 96BD69B3 D6304092 7357BAF2 C0E4BE4F
A8A1152A ED0728AA 8AE88A92 3A4613DC 6DC2BE5C 37635728 1675125A 1FC59C7F
5CC2D141 0EF5A84A E498FB4E C3BD74EB 229B0C82 D42F7156 4A245605 6F85529B 97C15936
quit
no ip source-route
!
!
ip dhcp excluded-address 192.168.13.1
!
ip dhcp pool ccp-pool1
import all
network 192.168.13.0 255.255.255.0
default-router 192.168.13.1
dns-server 85.37.17.51 85.38.28.97
!
!
ip cef
no ip bootp server
ip name-server 85.37.17.51
ip name-server 85.38.28.97
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ145390L9
!
!
username admin privilege 15 secret 5 $1$OW1t$yovmrYMnF63SVakcPy1MT1
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.13.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username (mia username) password 7 01100907540709
no cdp enable
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.13.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Ci mancherebbe.
Per i server DNS in automatico, non l'ho provato, ma basterebbe usare pppoe https://learningnetwork.cisco.com/message/105304
Per il CP non l'ho mai usato. Mi dispiace.
Ciao
Paolo
Per i server DNS in automatico, non l'ho provato, ma basterebbe usare pppoe https://learningnetwork.cisco.com/message/105304
Per il CP non l'ho mai usato. Mi dispiace.
Ciao
Paolo
-
pierpox
- n00b
- Messaggi: 7
- Iscritto il: gio 20 gen , 2011 6:40 pm
Ciao,grazie per il link,farò delle prove come li suggeritomi!Potresti darmi anche qualche link dove recuperare qualche manuale del CLI(e sul router 887 o i router in generale della cisco) vorrei capire bene la sintassi,i comandi e come caricare una configurazione sul router senza passare dal CP ma utilizzando solo una finestra dos e telnet,grazie ancora!
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Ciao,
guarda per i manuali in internet ne trovi a bizzeffe.
Cerca qualcosa di introduttivo o CCNA.
Buona giornata
guarda per i manuali in internet ne trovi a bizzeffe.
Cerca qualcosa di introduttivo o CCNA.
Buona giornata
-
pierpox
- n00b
- Messaggi: 7
- Iscritto il: gio 20 gen , 2011 6:40 pm
Grazie Paolo per il suggerimento,potresti dirmi se questo testo può fare al caso mio:"640-802 640-816 Ccent Ccna Icnd1 Certification Guide 2 Ed Safari 2007 Cisco Press"?
Un altra curiosità,premetto che il firewall è ancora disbilitato,ho solo configurato il qos,tuttavia utilizzando un software P2P come emule ho dovuto nettare staticamente l'idirizzo del pc(192.168.13.2) dove era emule verso l'interfaccia dialer0 configurando le relative porte altrimenti dall'esterno non si "vedevano",mi chiedo e ti chiedo devo fare sempre così per ogni applicazione che utilizza porte TCP e UDP come ad esempio Messenger?Non vi è un modo per poter "nettare" da quel PC(192.168.13.2) tutte le porte ? Ti ringrazio ancora per la pazienza accordatami,ciao.
Ecco la mia nuova configurazione:
Building configuration...
Current configuration : 5705 bytes
!
! Last configuration change at 10:24:31 PCTime Sun Jan 30 2011 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco887
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$ygHq$xhkIWx1tUf.QqDN50hAde1
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2943808617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2943808617
revocation-check none
rsakeypair TP-self-signed-2943808617
!
!
crypto pki certificate chain TP-self-signed-2943808617
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393433 38303836 3137301E 170D3131 30313330 30373032
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343338
30383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC59 5330ABA2 2CAFA3BD 197CE9C0 80FD9059 60E7549B 4FC79CA6 7809A1EA
C73EC696 FB49A00C C1170329 72C6A344 E1818912 B3BF452B 2953DDCD C2DBA2CD
AEF0ECD2 F7080AAC 842DE35C 1E7530AA 3BC28F31 DD7282E4 8A494E8B 57A16178
CF29DEA3 EF349D5E 656CA755 3594C11E FC868CDE 7B6F827C 67E53FA8 4AD0F97C
38ED0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08636973 636F3838 37301F06 03551D23 04183016 801496E0
9A241F87 91962332 D30B6AA7 499C8EA8 D9AF301D 0603551D 0E041604 1496E09A
241F8791 962332D3 0B6AA749 9C8EA8D9 AF300D06 092A8648 86F70D01 01040500
03818100 79192E18 F677DC71 C4AC0589 2770DF1C CEA9A609 BB390E59 51980153
39D850EC E70E25DF DBF56BEB 6D89C467 E9BF195E 357652FC 5BADF920 C2DB6C17
CA7E7258 861A8A4C 409F8163 8CF89A82 6F88715D B3A1EB05 215C53B2 0036542B
307493BD A006E6F9 6D75286E 26580BC5 E774A774 76BF1564 B202B389 4F788A0E 950A2880
quit
ip source-route
!
!
!
ip dhcp pool ccp-pool1
import all
network 192.168.13.0 255.255.255.0
dns-server 85.37.17.51 85.38.28.97
default-router 192.168.13.1
!
!
ip cef
ip name-server 85.37.17.51
ip name-server 85.38.28.97
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ145390L9
!
!
username admin privilege 15 secret 5 $1$DvC3$laI7mkPYhCS/RL3j9Xmwq.
!
!
!
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
!
!
policy-map CCP-QoS-Policy-1
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
ip address 192.168.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname pperri
ppp chap password 0 cocolo
ppp pap sent-username pperri password 0 cocolo
no cdp enable
!
service-policy output CCP-QoS-Policy-1
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.13.2 4843 interface Dialer0 4843
ip nat inside source static udp 192.168.13.2 4675 interface Dialer0 4675
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.13.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Un altra curiosità,premetto che il firewall è ancora disbilitato,ho solo configurato il qos,tuttavia utilizzando un software P2P come emule ho dovuto nettare staticamente l'idirizzo del pc(192.168.13.2) dove era emule verso l'interfaccia dialer0 configurando le relative porte altrimenti dall'esterno non si "vedevano",mi chiedo e ti chiedo devo fare sempre così per ogni applicazione che utilizza porte TCP e UDP come ad esempio Messenger?Non vi è un modo per poter "nettare" da quel PC(192.168.13.2) tutte le porte ? Ti ringrazio ancora per la pazienza accordatami,ciao.
Ecco la mia nuova configurazione:
Building configuration...
Current configuration : 5705 bytes
!
! Last configuration change at 10:24:31 PCTime Sun Jan 30 2011 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco887
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$ygHq$xhkIWx1tUf.QqDN50hAde1
!
no aaa new-model
!
!
!
memory-size iomem 10
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2943808617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2943808617
revocation-check none
rsakeypair TP-self-signed-2943808617
!
!
crypto pki certificate chain TP-self-signed-2943808617
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393433 38303836 3137301E 170D3131 30313330 30373032
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343338
30383631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC59 5330ABA2 2CAFA3BD 197CE9C0 80FD9059 60E7549B 4FC79CA6 7809A1EA
C73EC696 FB49A00C C1170329 72C6A344 E1818912 B3BF452B 2953DDCD C2DBA2CD
AEF0ECD2 F7080AAC 842DE35C 1E7530AA 3BC28F31 DD7282E4 8A494E8B 57A16178
CF29DEA3 EF349D5E 656CA755 3594C11E FC868CDE 7B6F827C 67E53FA8 4AD0F97C
38ED0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08636973 636F3838 37301F06 03551D23 04183016 801496E0
9A241F87 91962332 D30B6AA7 499C8EA8 D9AF301D 0603551D 0E041604 1496E09A
241F8791 962332D3 0B6AA749 9C8EA8D9 AF300D06 092A8648 86F70D01 01040500
03818100 79192E18 F677DC71 C4AC0589 2770DF1C CEA9A609 BB390E59 51980153
39D850EC E70E25DF DBF56BEB 6D89C467 E9BF195E 357652FC 5BADF920 C2DB6C17
CA7E7258 861A8A4C 409F8163 8CF89A82 6F88715D B3A1EB05 215C53B2 0036542B
307493BD A006E6F9 6D75286E 26580BC5 E774A774 76BF1564 B202B389 4F788A0E 950A2880
quit
ip source-route
!
!
!
ip dhcp pool ccp-pool1
import all
network 192.168.13.0 255.255.255.0
dns-server 85.37.17.51 85.38.28.97
default-router 192.168.13.1
!
!
ip cef
ip name-server 85.37.17.51
ip name-server 85.38.28.97
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ145390L9
!
!
username admin privilege 15 secret 5 $1$DvC3$laI7mkPYhCS/RL3j9Xmwq.
!
!
!
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
!
!
policy-map CCP-QoS-Policy-1
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
ip address 192.168.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname pperri
ppp chap password 0 cocolo
ppp pap sent-username pperri password 0 cocolo
no cdp enable
!
service-policy output CCP-QoS-Policy-1
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.13.2 4843 interface Dialer0 4843
ip nat inside source static udp 192.168.13.2 4675 interface Dialer0 4675
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.13.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
