forum.opennet.ru

Составление сообщения

Исходное сообщение

"Сильная загрузка CPU"
Отправлено Monty, 15-Окт-06 22:10

Вот конфиг маршрутизатора.

Building configuration...
Current configuration : 12035 bytes
!
! Last configuration change at 18:22:32 MSD Sun Oct 15 2006 by monty
! NVRAM config last updated at 18:22:35 MSD Sun Oct 15 2006 by monty
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname rtr1-len1
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
enable secret 5 [cut]
!
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default local
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting update newinfo periodic 1
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero
no ip source-route
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd rsh-enable
ip rcmd remote-host cwuser 192.168.111.45 cwuser enable
ip rcmd remote-host cwuser 192.168.111.45 Ed enable
ip rcmd remote-host vpnkill 62.33.232.205 root enable
ip rcmd remote-username cwuser
ip tcp selective-ack
ip tcp timestamp
ip cef
!
!
ip domain name mannet.lan
ip name-server [cut]
no ip dhcp conflict logging
ip dhcp excluded-address 10.30.0.1 10.30.0.255
!
ip dhcp pool Net-31
   network 10.31.0.0 255.255.0.0
   domain-name mannet.lan
   netbios-name-server 10.31.0.2
   netbios-node-type h-node
   default-router 10.31.0.2
   lease 0 0 1
!
ip dhcp pool Net-32
   network 10.32.0.0 255.255.0.0
   domain-name mannet.lan
   netbios-name-server 10.31.0.2
   netbios-node-type h-node
   default-router 10.32.0.2
   lease 0 0 1
!
ip dhcp pool Net-37
   network 10.37.0.0 255.255.0.0
   domain-name mannet.lan
   netbios-name-server 10.37.0.2
   netbios-node-type h-node
   default-router 10.37.0.2
   dns-server 10.37.0.251
!
ip dhcp pool Net-33
   network 10.33.0.0 255.255.0.0
   netbios-name-server 10.33.0.2
   default-router 10.33.0.2
   dns-server 10.33.0.251
   netbios-node-type h-node
   lease 0 23 59
!
ip dhcp pool Net-34
   network 10.34.0.0 255.255.0.0
   netbios-name-server 10.34.0.2
   default-router 10.34.0.2
   dns-server 10.34.0.251
   netbios-node-type h-node
   lease 0 23 59
!
ip dhcp pool Net-38
   network 10.38.0.0 255.255.0.0
   domain-name mannet.lan
   dns-server 10.38.0.251
   lease 0 23 59
!
no ip bootp server
ip audit po max-events 100
vpdn enable
vpdn logging
vpdn logging remote
vpdn session-limit 100
vpdn ip udp ignore checksum
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
session-limit 32767
!
!
!
!
!
!
!
!
!
!
!
!
!
username vpnkill privilege 15 secret 5 [cut]
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.200.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
tunnel source [cut]
tunnel destination [cut]
!
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation isl 10
ip address 192.168.111.6 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
no snmp trap link-status
!
interface FastEthernet0/0.2
encapsulation isl 20
ip address 10.100.111.6 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.3
description satellite
encapsulation isl 7
ip address 10.100.0.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/0.4
encapsulation isl 38
ip address 10.38.0.2 255.255.0.0
ip access-group 138 in
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/0.5
description Net-2
encapsulation isl 40
ip address 10.30.0.2 255.255.0.0
ip access-group 120 in
ip helper-address 10.30.0.8
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip accounting precedence input
ip accounting access-violations
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/0.6
encapsulation isl 5
ip address 10.0.99.26 255.255.255.252 secondary
ip address [cut] 255.255.255.248
ip access-group 100 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting precedence input
ip accounting access-violations
ip nat outside
no snmp trap link-status
traffic-shape group 101 1000000 125000 125000 1000
no cdp enable
!
interface FastEthernet0/0.7
encapsulation isl 37
ip address 10.37.0.2 255.255.0.0
ip access-group 135 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/0.8
encapsulation isl 33
ip address 10.33.0.2 255.255.0.0
ip access-group 121 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/0.9
encapsulation isl 22
ip address 10.22.0.2 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/0.10
encapsulation isl 34
ip address 10.34.0.2 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/0.11
encapsulation isl 31
ip address 10.31.0.2 255.255.0.0
ip access-group 136 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no snmp trap link-status
no cdp enable
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0.6
ip access-group 150 in
no ip proxy-arp
ip accounting access-violations
ip nat inside
ip tcp header-compression
ip mroute-cache
no peer default ip address
no keepalive
ppp authentication pap chap ms-chap ms-chap-v2
ppp ipcp dns 80.237.8.251
!
ip nat inside source list 3 interface FastEthernet0/0.6 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 [cut]
ip route 10.10.0.0 255.255.0.0 Tunnel0
ip route 10.20.0.0 255.255.0.0 10.30.0.5
ip route 10.36.0.0 255.255.0.0 [cut]
!
!
logging trap debugging
logging facility local0
logging source-interface FastEthernet0/0.6
logging [cut]
access-list 3 permit 192.168.30.0 0.0.0.255
access-list 3 permit 192.168.37.0 0.0.0.255
access-list 3 permit 192.168.33.0 0.0.0.255
access-list 3 permit 192.168.20.0 0.0.0.255
access-list 100 deny   icmp any any redirect
access-list 100 permit ip any any
access-list 101 permit udp any any
access-list 110 permit tcp 10.31.0.0 0.0.255.255 10.30.0.0 0.0.255.255
access-list 110 permit tcp 10.31.0.0 0.0.255.255 10.32.0.0 0.0.255.255
access-list 110 permit udp 10.31.0.0 0.0.255.255 10.30.0.0 0.0.255.255
access-list 110 permit udp 10.31.0.0 0.0.255.255 10.32.0.0 0.0.255.255
access-list 110 permit tcp 10.31.0.0 0.0.255.255 [cut]
access-list 110 permit tcp host 10.31.0.4 host 10.31.0.2 eq telnet
access-list 110 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq 1723
access-list 110 permit gre 10.31.0.0 0.0.255.255 host 10.31.0.2
access-list 110 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain
access-list 110 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain
access-list 110 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq bootps
access-list 120 permit gre 10.30.0.0 0.0.255.255 host 10.30.0.2
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host 10.30.0.2 eq 1723
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq www
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq www
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq 443
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq smtp
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq pop3
access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq 6667
access-list 120 permit tcp host 10.30.0.3 eq telnet [cut] log
access-list 120 permit icmp any any
access-list 120 permit ip host 10.30.0.5 [cut]
access-list 120 permit tcp 10.20.0.0 0.0.255.255 [cut]
access-list 120 permit ip host 10.30.0.5 any
access-list 120 permit ip host 10.30.0.7 any
access-list 121 permit tcp 10.33.0.0 0.0.255.255 [cut]
access-list 121 permit tcp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq 1723
access-list 121 permit gre 10.33.0.0 0.0.255.255 host 10.33.0.2
access-list 121 permit tcp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq domain
access-list 121 permit udp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq domain
access-list 121 permit icmp any any
access-list 121 permit udp any any eq bootpc
access-list 121 permit udp any any eq bootps
access-list 135 permit tcp 10.37.0.0 0.0.255.255 10.36.0.0 0.0.255.255
access-list 135 permit udp 10.37.0.0 0.0.255.255 10.36.0.0 0.0.255.255
access-list 135 permit tcp 10.37.0.0 0.0.255.255 [cut]
access-list 135 permit tcp host 10.37.0.4 host 10.37.0.2 eq telnet
access-list 135 permit tcp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq 1723
access-list 135 permit gre 10.37.0.0 0.0.255.255 host 10.37.0.2
access-list 135 permit tcp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq domain
access-list 135 permit udp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq domain
access-list 135 permit icmp any any
access-list 135 permit udp any any eq bootpc
access-list 135 permit udp any any eq bootps
access-list 136 permit tcp 10.31.0.0 0.0.255.255 [cut]
access-list 136 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq 1723
access-list 136 permit gre 10.31.0.0 0.0.255.255 host 10.31.0.2
access-list 136 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain
access-list 136 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain
access-list 136 permit icmp any any
access-list 136 permit udp any any eq bootpc
access-list 136 permit udp any any eq bootps
access-list 136 permit tcp host 10.31.0.3 host 10.31.0.2 eq telnet
access-list 138 permit tcp 10.38.0.0 0.0.255.255 [cut]
access-list 138 permit tcp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq 1723
access-list 138 permit gre 10.38.0.0 0.0.255.255 host 10.38.0.2
access-list 138 permit tcp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq domain
access-list 138 permit udp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq domain
access-list 138 permit icmp any any
access-list 138 permit udp any any eq bootpc
access-list 138 permit udp any any eq bootps
access-list 150 deny   tcp any any range 135 139
access-list 150 deny   tcp any any eq 445
access-list 150 deny   udp any any range 135 netbios-ss
access-list 150 deny   udp any any eq tftp
access-list 150 deny   udp any any eq snmp
access-list 150 permit tcp any any
access-list 150 permit udp any any
access-list 150 permit icmp any any
access-list 150 permit ip any any
!
snmp-server community mysnmp RO
radius-server configure-nas
radius-server host [cut] auth-port 1812 acct-port 1813
radius-server retransmit 0
radius-server timeout 3
radius-server key 7 [cut]
!
!
!
!
!
line con 0
password 7 [cut]
line aux 0
line vty 0 4
password 7 [cut]
transport input ssh
!
ntp clock-period 17179721
ntp peer [cut]
!
end

Исходное сообщение
"Сильная загрузка CPU" Отправлено Monty, 15-Окт-06 22:10
Вот конфиг маршрутизатора. Building configuration... Current configuration : 12035 bytes ! ! Last configuration change at 18:22:32 MSD Sun Oct 15 2006 by monty ! NVRAM config last updated at 18:22:35 MSD Sun Oct 15 2006 by monty ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname rtr1-len1 ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging no logging console enable secret 5 [cut] ! clock timezone MSK 3 clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00 aaa new-model ! ! aaa authentication login default local aaa authentication ppp default group radius aaa authorization exec default local aaa authorization network default group radius aaa accounting delay-start aaa accounting update newinfo periodic 1 aaa accounting network default start-stop group radius aaa session-id common ip subnet-zero no ip source-route no ip rcmd domain-lookup ip rcmd rcp-enable ip rcmd rsh-enable ip rcmd remote-host cwuser 192.168.111.45 cwuser enable ip rcmd remote-host cwuser 192.168.111.45 Ed enable ip rcmd remote-host vpnkill 62.33.232.205 root enable ip rcmd remote-username cwuser ip tcp selective-ack ip tcp timestamp ip cef ! ! ip domain name mannet.lan ip name-server [cut] no ip dhcp conflict logging ip dhcp excluded-address 10.30.0.1 10.30.0.255 ! ip dhcp pool Net-31 network 10.31.0.0 255.255.0.0 domain-name mannet.lan netbios-name-server 10.31.0.2 netbios-node-type h-node default-router 10.31.0.2 lease 0 0 1 ! ip dhcp pool Net-32 network 10.32.0.0 255.255.0.0 domain-name mannet.lan netbios-name-server 10.31.0.2 netbios-node-type h-node default-router 10.32.0.2 lease 0 0 1 ! ip dhcp pool Net-37 network 10.37.0.0 255.255.0.0 domain-name mannet.lan netbios-name-server 10.37.0.2 netbios-node-type h-node default-router 10.37.0.2 dns-server 10.37.0.251 ! ip dhcp pool Net-33 network 10.33.0.0 255.255.0.0 netbios-name-server 10.33.0.2 default-router 10.33.0.2 dns-server 10.33.0.251 netbios-node-type h-node lease 0 23 59 ! ip dhcp pool Net-34 network 10.34.0.0 255.255.0.0 netbios-name-server 10.34.0.2 default-router 10.34.0.2 dns-server 10.34.0.251 netbios-node-type h-node lease 0 23 59 ! ip dhcp pool Net-38 network 10.38.0.0 255.255.0.0 domain-name mannet.lan dns-server 10.38.0.251 lease 0 23 59 ! no ip bootp server ip audit po max-events 100 vpdn enable vpdn logging vpdn logging remote vpdn session-limit 100 vpdn ip udp ignore checksum ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 session-limit 32767 ! ! ! ! ! ! ! ! ! ! ! ! ! username vpnkill privilege 15 secret 5 [cut] ! ! ! ! ! ! interface Tunnel0 ip address 192.168.200.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations tunnel source [cut] tunnel destination [cut] ! interface FastEthernet0/0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation isl 10 ip address 192.168.111.6 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nat outside no snmp trap link-status ! interface FastEthernet0/0.2 encapsulation isl 20 ip address 10.100.111.6 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations ip nat inside no snmp trap link-status ! interface FastEthernet0/0.3 description satellite encapsulation isl 7 ip address 10.100.0.2 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations no snmp trap link-status no cdp enable ! interface FastEthernet0/0.4 encapsulation isl 38 ip address 10.38.0.2 255.255.0.0 ip access-group 138 in no ip redirects no ip unreachables no ip proxy-arp no snmp trap link-status no cdp enable ! interface FastEthernet0/0.5 description Net-2 encapsulation isl 40 ip address 10.30.0.2 255.255.0.0 ip access-group 120 in ip helper-address 10.30.0.8 no ip redirects no ip unreachables no ip proxy-arp ip accounting output-packets ip accounting precedence input ip accounting access-violations ip nat inside no snmp trap link-status ! interface FastEthernet0/0.6 encapsulation isl 5 ip address 10.0.99.26 255.255.255.252 secondary ip address [cut] 255.255.255.248 ip access-group 100 in ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip accounting precedence input ip accounting access-violations ip nat outside no snmp trap link-status traffic-shape group 101 1000000 125000 125000 1000 no cdp enable ! interface FastEthernet0/0.7 encapsulation isl 37 ip address 10.37.0.2 255.255.0.0 ip access-group 135 in no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations no snmp trap link-status no cdp enable ! interface FastEthernet0/0.8 encapsulation isl 33 ip address 10.33.0.2 255.255.0.0 ip access-group 121 in no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations no snmp trap link-status no cdp enable ! interface FastEthernet0/0.9 encapsulation isl 22 ip address 10.22.0.2 255.255.0.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations no snmp trap link-status no cdp enable ! interface FastEthernet0/0.10 encapsulation isl 34 ip address 10.34.0.2 255.255.0.0 no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations no snmp trap link-status no cdp enable ! interface FastEthernet0/0.11 encapsulation isl 31 ip address 10.31.0.2 255.255.0.0 ip access-group 136 in no ip redirects no ip unreachables no ip proxy-arp ip accounting access-violations no snmp trap link-status no cdp enable ! interface Virtual-Template1 ip unnumbered FastEthernet0/0.6 ip access-group 150 in no ip proxy-arp ip accounting access-violations ip nat inside ip tcp header-compression ip mroute-cache no peer default ip address no keepalive ppp authentication pap chap ms-chap ms-chap-v2 ppp ipcp dns 80.237.8.251 ! ip nat inside source list 3 interface FastEthernet0/0.6 overload no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 [cut] ip route 10.10.0.0 255.255.0.0 Tunnel0 ip route 10.20.0.0 255.255.0.0 10.30.0.5 ip route 10.36.0.0 255.255.0.0 [cut] ! ! logging trap debugging logging facility local0 logging source-interface FastEthernet0/0.6 logging [cut] access-list 3 permit 192.168.30.0 0.0.0.255 access-list 3 permit 192.168.37.0 0.0.0.255 access-list 3 permit 192.168.33.0 0.0.0.255 access-list 3 permit 192.168.20.0 0.0.0.255 access-list 100 deny icmp any any redirect access-list 100 permit ip any any access-list 101 permit udp any any access-list 110 permit tcp 10.31.0.0 0.0.255.255 10.30.0.0 0.0.255.255 access-list 110 permit tcp 10.31.0.0 0.0.255.255 10.32.0.0 0.0.255.255 access-list 110 permit udp 10.31.0.0 0.0.255.255 10.30.0.0 0.0.255.255 access-list 110 permit udp 10.31.0.0 0.0.255.255 10.32.0.0 0.0.255.255 access-list 110 permit tcp 10.31.0.0 0.0.255.255 [cut] access-list 110 permit tcp host 10.31.0.4 host 10.31.0.2 eq telnet access-list 110 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq 1723 access-list 110 permit gre 10.31.0.0 0.0.255.255 host 10.31.0.2 access-list 110 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain access-list 110 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain access-list 110 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq bootps access-list 120 permit gre 10.30.0.0 0.0.255.255 host 10.30.0.2 access-list 120 permit tcp 10.30.0.0 0.0.255.255 host 10.30.0.2 eq 1723 access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq www access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq www access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq 443 access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq smtp access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq pop3 access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq 6667 access-list 120 permit tcp host 10.30.0.3 eq telnet [cut] log access-list 120 permit icmp any any access-list 120 permit ip host 10.30.0.5 [cut] access-list 120 permit tcp 10.20.0.0 0.0.255.255 [cut] access-list 120 permit ip host 10.30.0.5 any access-list 120 permit ip host 10.30.0.7 any access-list 121 permit tcp 10.33.0.0 0.0.255.255 [cut] access-list 121 permit tcp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq 1723 access-list 121 permit gre 10.33.0.0 0.0.255.255 host 10.33.0.2 access-list 121 permit tcp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq domain access-list 121 permit udp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq domain access-list 121 permit icmp any any access-list 121 permit udp any any eq bootpc access-list 121 permit udp any any eq bootps access-list 135 permit tcp 10.37.0.0 0.0.255.255 10.36.0.0 0.0.255.255 access-list 135 permit udp 10.37.0.0 0.0.255.255 10.36.0.0 0.0.255.255 access-list 135 permit tcp 10.37.0.0 0.0.255.255 [cut] access-list 135 permit tcp host 10.37.0.4 host 10.37.0.2 eq telnet access-list 135 permit tcp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq 1723 access-list 135 permit gre 10.37.0.0 0.0.255.255 host 10.37.0.2 access-list 135 permit tcp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq domain access-list 135 permit udp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq domain access-list 135 permit icmp any any access-list 135 permit udp any any eq bootpc access-list 135 permit udp any any eq bootps access-list 136 permit tcp 10.31.0.0 0.0.255.255 [cut] access-list 136 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq 1723 access-list 136 permit gre 10.31.0.0 0.0.255.255 host 10.31.0.2 access-list 136 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain access-list 136 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain access-list 136 permit icmp any any access-list 136 permit udp any any eq bootpc access-list 136 permit udp any any eq bootps access-list 136 permit tcp host 10.31.0.3 host 10.31.0.2 eq telnet access-list 138 permit tcp 10.38.0.0 0.0.255.255 [cut] access-list 138 permit tcp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq 1723 access-list 138 permit gre 10.38.0.0 0.0.255.255 host 10.38.0.2 access-list 138 permit tcp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq domain access-list 138 permit udp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq domain access-list 138 permit icmp any any access-list 138 permit udp any any eq bootpc access-list 138 permit udp any any eq bootps access-list 150 deny tcp any any range 135 139 access-list 150 deny tcp any any eq 445 access-list 150 deny udp any any range 135 netbios-ss access-list 150 deny udp any any eq tftp access-list 150 deny udp any any eq snmp access-list 150 permit tcp any any access-list 150 permit udp any any access-list 150 permit icmp any any access-list 150 permit ip any any ! snmp-server community mysnmp RO radius-server configure-nas radius-server host [cut] auth-port 1812 acct-port 1813 radius-server retransmit 0 radius-server timeout 3 radius-server key 7 [cut] ! ! ! ! ! line con 0 password 7 [cut] line aux 0 line vty 0 4 password 7 [cut] transport input ssh ! ntp clock-period 17179721 ntp peer [cut] ! end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

> Вот конфиг маршрутизатора.

> Building configuration...

> Current configuration : 12035 bytes 
> !
> ! Last configuration change at 18:22:32 MSD Sun Oct 15 2006 by 
> monty 
> ! NVRAM config last updated at 18:22:35 MSD Sun Oct 15 2006 
> by monty 
> !
> version 12.3 
> no service pad 
> service tcp-keepalives-in 
> service tcp-keepalives-out 
> service timestamps debug datetime localtime 
> service timestamps log datetime localtime 
> service password-encryption 
> !
> hostname rtr1-len1 
> !
> boot-start-marker 
> boot-end-marker 
> !
> logging buffered 4096 debugging 
> no logging console 
> enable secret 5 [cut] 
> !
> clock timezone MSK 3 
> clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00 
 
> aaa new-model 
> !
> !
> aaa authentication login default local 
> aaa authentication ppp default group radius 
> aaa authorization exec default local 
> aaa authorization network default group radius 
> aaa accounting delay-start 
> aaa accounting update newinfo periodic 1 
> aaa accounting network default start-stop group radius 
> aaa session-id common 
> ip subnet-zero 
> no ip source-route 
> no ip rcmd domain-lookup 
> ip rcmd rcp-enable 
> ip rcmd rsh-enable 
> ip rcmd remote-host cwuser 192.168.111.45 cwuser enable 
> ip rcmd remote-host cwuser 192.168.111.45 Ed enable 
> ip rcmd remote-host vpnkill 62.33.232.205 root enable 
> ip rcmd remote-username cwuser 
> ip tcp selective-ack 
> ip tcp timestamp 
> ip cef 
> !
> !
> ip domain name mannet.lan 
> ip name-server [cut] 
> no ip dhcp conflict logging 
> ip dhcp excluded-address 10.30.0.1 10.30.0.255 
> !
> ip dhcp pool Net-31 
>    network 10.31.0.0 255.255.0.0 
>    domain-name mannet.lan 
>    netbios-name-server 10.31.0.2 
>    netbios-node-type h-node 
>    default-router 10.31.0.2 
>    lease 0 0 1 
> !
> ip dhcp pool Net-32 
>    network 10.32.0.0 255.255.0.0 
>    domain-name mannet.lan 
>    netbios-name-server 10.31.0.2 
>    netbios-node-type h-node 
>    default-router 10.32.0.2 
>    lease 0 0 1 
> !
> ip dhcp pool Net-37 
>    network 10.37.0.0 255.255.0.0 
>    domain-name mannet.lan 
>    netbios-name-server 10.37.0.2 
>    netbios-node-type h-node 
>    default-router 10.37.0.2 
>    dns-server 10.37.0.251 
> !
> ip dhcp pool Net-33 
>    network 10.33.0.0 255.255.0.0 
>    netbios-name-server 10.33.0.2 
>    default-router 10.33.0.2 
>    dns-server 10.33.0.251 
>    netbios-node-type h-node 
>    lease 0 23 59 
> !
> ip dhcp pool Net-34 
>    network 10.34.0.0 255.255.0.0 
>    netbios-name-server 10.34.0.2 
>    default-router 10.34.0.2 
>    dns-server 10.34.0.251 
>    netbios-node-type h-node 
>    lease 0 23 59 
> !
> ip dhcp pool Net-38 
>    network 10.38.0.0 255.255.0.0 
>    domain-name mannet.lan 
>    dns-server 10.38.0.251 
>    lease 0 23 59 
> !
> no ip bootp server 
> ip audit po max-events 100 
> vpdn enable 
> vpdn logging 
> vpdn logging remote 
> vpdn session-limit 100 
> vpdn ip udp ignore checksum 
> !
> vpdn-group 1 
> ! Default PPTP VPDN group 
>  accept-dialin 
>   protocol pptp 
>   virtual-template 1 
>  session-limit 32767 
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> username vpnkill privilege 15 secret 5 [cut] 
> !
> !
> !
> !
> !
> !
> interface Tunnel0 
>  ip address 192.168.200.1 255.255.255.252 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  tunnel source [cut] 
>  tunnel destination [cut] 
> !
> interface FastEthernet0/0 
>  no ip address 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  duplex auto 
>  speed auto 
> !
> interface FastEthernet0/0.1 
>  encapsulation isl 10 
>  ip address 192.168.111.6 255.255.255.0 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  ip nat outside 
>  no snmp trap link-status 
> !
> interface FastEthernet0/0.2 
>  encapsulation isl 20 
>  ip address 10.100.111.6 255.255.255.0 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  ip nat inside 
>  no snmp trap link-status 
> !
> interface FastEthernet0/0.3 
>  description satellite 
>  encapsulation isl 7 
>  ip address 10.100.0.2 255.255.255.0 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface FastEthernet0/0.4 
>  encapsulation isl 38 
>  ip address 10.38.0.2 255.255.0.0 
>  ip access-group 138 in 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface FastEthernet0/0.5 
>  description Net-2 
>  encapsulation isl 40 
>  ip address 10.30.0.2 255.255.0.0 
>  ip access-group 120 in 
>  ip helper-address 10.30.0.8 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting output-packets 
>  ip accounting precedence input 
>  ip accounting access-violations 
>  ip nat inside 
>  no snmp trap link-status 
> !
> interface FastEthernet0/0.6 
>  encapsulation isl 5 
>  ip address 10.0.99.26 255.255.255.252 secondary 
>  ip address [cut] 255.255.255.248 
>  ip access-group 100 in 
>  ip verify unicast reverse-path 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting precedence input 
>  ip accounting access-violations 
>  ip nat outside 
>  no snmp trap link-status 
>  traffic-shape group 101 1000000 125000 125000 1000 
>  no cdp enable 
> !
> interface FastEthernet0/0.7 
>  encapsulation isl 37 
>  ip address 10.37.0.2 255.255.0.0 
>  ip access-group 135 in 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface FastEthernet0/0.8 
>  encapsulation isl 33 
>  ip address 10.33.0.2 255.255.0.0 
>  ip access-group 121 in 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface FastEthernet0/0.9 
>  encapsulation isl 22 
>  ip address 10.22.0.2 255.255.0.0 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface FastEthernet0/0.10 
>  encapsulation isl 34 
>  ip address 10.34.0.2 255.255.0.0 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface FastEthernet0/0.11 
>  encapsulation isl 31 
>  ip address 10.31.0.2 255.255.0.0 
>  ip access-group 136 in 
>  no ip redirects 
>  no ip unreachables 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  no snmp trap link-status 
>  no cdp enable 
> !
> interface Virtual-Template1 
>  ip unnumbered FastEthernet0/0.6 
>  ip access-group 150 in 
>  no ip proxy-arp 
>  ip accounting access-violations 
>  ip nat inside 
>  ip tcp header-compression 
>  ip mroute-cache 
>  no peer default ip address 
>  no keepalive 
>  ppp authentication pap chap ms-chap ms-chap-v2 
>  ppp ipcp dns 80.237.8.251 
> !
> ip nat inside source list 3 interface FastEthernet0/0.6 overload 
> no ip http server 
> no ip http secure-server 
> ip classless 
> ip route 0.0.0.0 0.0.0.0 [cut] 
> ip route 10.10.0.0 255.255.0.0 Tunnel0 
> ip route 10.20.0.0 255.255.0.0 10.30.0.5 
> ip route 10.36.0.0 255.255.0.0 [cut] 
> !
> !
> logging trap debugging 
> logging facility local0 
> logging source-interface FastEthernet0/0.6 
> logging [cut] 
> access-list 3 permit 192.168.30.0 0.0.0.255 
> access-list 3 permit 192.168.37.0 0.0.0.255 
> access-list 3 permit 192.168.33.0 0.0.0.255 
> access-list 3 permit 192.168.20.0 0.0.0.255 
> access-list 100 deny   icmp any any redirect 
> access-list 100 permit ip any any 
> access-list 101 permit udp any any 
> access-list 110 permit tcp 10.31.0.0 0.0.255.255 10.30.0.0 0.0.255.255 
> access-list 110 permit tcp 10.31.0.0 0.0.255.255 10.32.0.0 0.0.255.255 
> access-list 110 permit udp 10.31.0.0 0.0.255.255 10.30.0.0 0.0.255.255 
> access-list 110 permit udp 10.31.0.0 0.0.255.255 10.32.0.0 0.0.255.255 
> access-list 110 permit tcp 10.31.0.0 0.0.255.255 [cut] 
> access-list 110 permit tcp host 10.31.0.4 host 10.31.0.2 eq telnet 
> access-list 110 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq 1723 
> access-list 110 permit gre 10.31.0.0 0.0.255.255 host 10.31.0.2 
> access-list 110 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain 
> access-list 110 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain 
> access-list 110 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq bootps 
> access-list 120 permit gre 10.30.0.0 0.0.255.255 host 10.30.0.2 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host 10.30.0.2 eq 1723 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq www 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq www 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq 443 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq smtp 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq pop3 
> access-list 120 permit tcp 10.30.0.0 0.0.255.255 host [cut] eq 6667 
> access-list 120 permit tcp host 10.30.0.3 eq telnet [cut] log 
> access-list 120 permit icmp any any 
> access-list 120 permit ip host 10.30.0.5 [cut] 
> access-list 120 permit tcp 10.20.0.0 0.0.255.255 [cut] 
> access-list 120 permit ip host 10.30.0.5 any 
> access-list 120 permit ip host 10.30.0.7 any 
> access-list 121 permit tcp 10.33.0.0 0.0.255.255 [cut] 
> access-list 121 permit tcp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq 1723 
> access-list 121 permit gre 10.33.0.0 0.0.255.255 host 10.33.0.2 
> access-list 121 permit tcp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq domain 
> access-list 121 permit udp 10.33.0.0 0.0.255.255 host 10.33.0.2 eq domain 
> access-list 121 permit icmp any any 
> access-list 121 permit udp any any eq bootpc 
> access-list 121 permit udp any any eq bootps 
> access-list 135 permit tcp 10.37.0.0 0.0.255.255 10.36.0.0 0.0.255.255 
> access-list 135 permit udp 10.37.0.0 0.0.255.255 10.36.0.0 0.0.255.255 
> access-list 135 permit tcp 10.37.0.0 0.0.255.255 [cut] 
> access-list 135 permit tcp host 10.37.0.4 host 10.37.0.2 eq telnet 
> access-list 135 permit tcp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq 1723 
> access-list 135 permit gre 10.37.0.0 0.0.255.255 host 10.37.0.2 
> access-list 135 permit tcp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq domain 
> access-list 135 permit udp 10.37.0.0 0.0.255.255 host 10.37.0.2 eq domain 
> access-list 135 permit icmp any any 
> access-list 135 permit udp any any eq bootpc 
> access-list 135 permit udp any any eq bootps 
> access-list 136 permit tcp 10.31.0.0 0.0.255.255 [cut] 
> access-list 136 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq 1723 
> access-list 136 permit gre 10.31.0.0 0.0.255.255 host 10.31.0.2 
> access-list 136 permit tcp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain 
> access-list 136 permit udp 10.31.0.0 0.0.255.255 host 10.31.0.2 eq domain 
> access-list 136 permit icmp any any 
> access-list 136 permit udp any any eq bootpc 
> access-list 136 permit udp any any eq bootps 
> access-list 136 permit tcp host 10.31.0.3 host 10.31.0.2 eq telnet 
> access-list 138 permit tcp 10.38.0.0 0.0.255.255 [cut] 
> access-list 138 permit tcp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq 1723 
> access-list 138 permit gre 10.38.0.0 0.0.255.255 host 10.38.0.2 
> access-list 138 permit tcp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq domain 
> access-list 138 permit udp 10.38.0.0 0.0.255.255 host 10.38.0.2 eq domain 
> access-list 138 permit icmp any any 
> access-list 138 permit udp any any eq bootpc 
> access-list 138 permit udp any any eq bootps 
> access-list 150 deny   tcp any any range 135 139 
> access-list 150 deny   tcp any any eq 445 
> access-list 150 deny   udp any any range 135 netbios-ss 
> access-list 150 deny   udp any any eq tftp 
> access-list 150 deny   udp any any eq snmp 
> access-list 150 permit tcp any any 
> access-list 150 permit udp any any 
> access-list 150 permit icmp any any 
> access-list 150 permit ip any any 
> !
> snmp-server community mysnmp RO 
> radius-server configure-nas 
> radius-server host [cut] auth-port 1812 acct-port 1813 
> radius-server retransmit 0 
> radius-server timeout 3 
> radius-server key 7 [cut] 
> !
> !
> !
> !
> !
> line con 0 
>  password 7 [cut] 
> line aux 0 
> line vty 0 4 
>  password 7 [cut] 
>  transport input ssh 
> !
> ntp clock-period 17179721 
> ntp peer [cut] 
> !
> end

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру