version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco-2801
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 aaa
!
username cisco privilege 15 secret 5 aa
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
no ip bootp server
no ftp-server write-enable
!
!
!
class-map match-all office
match access-group 100
!
!
policy-map office-speed
class office
police 800000
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
description
encapsulation dot1Q 1 native
ip address 192.168.0.254 255.255.255.0
ip access-group acl-port in
ip verify unicast reverse-path
ip nat inside
service-policy output office-speed
no cdp enable
!
interface FastEthernet0/0.2
description
encapsulation dot1Q 2
ip address 172.16.2.254 255.255.255.0
ip access-group acl-port in
ip verify unicast reverse-path
ip nat inside
no cdp enable
!
interface FastEthernet0/1
description
ip address 218.25.163.210 255.255.255.248
ip access-group acl-port in
ip verify unicast reverse-path
ip nat outside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 218.25.163.209
no ip http server
ip http authentication local
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source static 172.16.2.41 218.25.163.211
ip nat inside source static 172.16.2.42 218.25.163.212
ip nat inside source static 172.16.2.43 218.25.163.213
ip nat inside source static 172.16.2.44 218.25.163.214
!
ip access-list extended acl-port
deny udp any any eq 1434
deny tcp any any eq 135
deny udp any any eq 135
deny udp any any eq netbios-ns
deny tcp any any eq 139
deny tcp any any eq 445
deny tcp any any eq 4444
deny tcp any any eq 27665 log
deny udp any any eq 31335 log
deny udp any any eq 27444 log
deny tcp any any eq 16660 log
deny tcp any any eq 65000 log
deny tcp any any eq 33270 log
deny tcp any any eq 39168 log
deny tcp any any range 6711 6712 log
deny tcp any any eq 6776 log
deny tcp any any eq 6669 log
deny tcp any any eq 2222 log
deny tcp any any eq 7000 log
permit ip any any
permit tcp any any
permit udp any any
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 100 deny ip any 172.16.2.0 0.0.0.255
access-list 100 permit ip any 192.168.0.0 0.0.0.255
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
password 7 120D101801025D527B7A
login
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
end
阅读(2084) | 评论(1) | 转发(0) |