Chinaunix首页 | 论坛 | 博客
  • 博客访问: 479412
  • 博文数量: 132
  • 博客积分: 2995
  • 博客等级: 少校
  • 技术积分: 1412
  • 用 户 组: 普通用户
  • 注册时间: 2007-03-06 20:14
文章分类

全部博文(132)

文章存档

2010年(2)

2008年(21)

2007年(109)

我的朋友

分类:

2007-03-11 10:20:03

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco-2801
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 aaa
!
username cisco privilege 15 secret 5 aa
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
no ip bootp server
no ftp-server write-enable
!
!
!
class-map match-all office
 match access-group 100
!
!
policy-map office-speed
 class office
   police 800000
!
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 description
 encapsulation dot1Q 1 native
 ip address 192.168.0.254 255.255.255.0
 ip access-group acl-port in
 ip verify unicast reverse-path
 ip nat inside
 service-policy output office-speed
 no cdp enable
!
interface FastEthernet0/0.2
 description
 encapsulation dot1Q 2
 ip address 172.16.2.254 255.255.255.0
 ip access-group acl-port in
 ip verify unicast reverse-path
 ip nat inside
 no cdp enable
!
interface FastEthernet0/1
 description
 ip address 218.25.163.210 255.255.255.248
 ip access-group acl-port in
 ip verify unicast reverse-path
 ip nat outside
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 218.25.163.209
no ip http server
ip http authentication local
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static 172.16.2.41 218.25.163.211
ip nat inside source static 172.16.2.42 218.25.163.212
ip nat inside source static 172.16.2.43 218.25.163.213
ip nat inside source static 172.16.2.44 218.25.163.214
!
ip access-list extended acl-port
 deny   udp any any eq 1434
 deny   tcp any any eq 135
 deny   udp any any eq 135
 deny   udp any any eq netbios-ns
 deny   tcp any any eq 139
 deny   tcp any any eq 445
 deny   tcp any any eq 4444
 deny   tcp any any eq 27665 log
 deny   udp any any eq 31335 log
 deny   udp any any eq 27444 log
 deny   tcp any any eq 16660 log
 deny   tcp any any eq 65000 log
 deny   tcp any any eq 33270 log
 deny   tcp any any eq 39168 log
 deny   tcp any any range 6711 6712 log
 deny   tcp any any eq 6776 log
 deny   tcp any any eq 6669 log
 deny   tcp any any eq 2222 log
 deny   tcp any any eq 7000 log
 permit ip any any
 permit tcp any any
 permit udp any any
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 100 deny   ip any 172.16.2.0 0.0.0.255
access-list 100 permit ip any 192.168.0.0 0.0.0.255
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 password 7 120D101801025D527B7A
 login
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
end
 
阅读(2084) | 评论(1) | 转发(0) |
0

上一篇:华为3062

下一篇:PIX 515 工程实例

给主人留下些什么吧!~~