1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer

DIAS is a portal that can help you get your work done

Αυτή η υπηρεσία μπορεί να σας βοηθήσει να γίνετε πιο αποτελεσματικοί στην τάξη και στο μάθημα σας γενικότερα...

CISCO Router Sample Config

lykneopaf#sh run
Building configuration...

Current configuration : 10896 bytes
!
! Last configuration change at 09:47:56 PCTime Mon Feb 18 2013
! NVRAM config last updated at 10:59:56 PCTime Mon Feb 18 2013
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname lykneopaf
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 51200
logging console critical
enable secret 5 ====this has been deleted by Elias====
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-3457610622
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3457610622
 revocation-check none
 rsakeypair TP-self-signed-3457610622
!
!
crypto pki certificate chain TP-self-signed-3457610622
 certificate self-signed 01
  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33343537 36313036 3232301E 170D3132 31303039 31353138
  32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34353736
  31303632 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BC09 9E2E9641 3554E34E 6ACE5B11 C033314B 79661872 34BF31EB 1A665786
  28E7B41D 24661B90 8EEFAB76 CB4CE7AE 2D2271DD D64A9783 6C1BCE5D 5CB840D9
  C085E1CD 24E12265 84E7AF54 E983EFE4 93BB6DB7 B19D646C 89ED2809 760B9FBB
  78B68984 28025D9D 64E3C55B 1B197BE2 FA8BD4BD DE9FFB97 6CDC07FE AEBFB7E1
  69410203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
  551D1104 1F301D82 1B4C594B 4E454F50 4859544F 552E796F 7572646F 6D61696E
  2E636F6D 301F0603 551D2304 18301680 144D9DF6 A1C91739 37EDD087 89F13B39
  EC682CB1 46301D06 03551D0E 04160414 4D9DF6A1 C9173937 EDD08789 F13B39EC
  682CB146 300D0609 2A864886 F70D0101 04050003 8181002E 36AA84B6 40CA4F80
  945959E8 F7503FB5 173A0AAA 3CE2EEB5 B6BC632A 72D089C5 BC0C6DD9 2F84D614
  9E23973A BDA42CD8 FCE8C2B1 869D24B5 8918D072 2C7507E8 80C27BFE 199332D2
  CD27B01D 2EB83AEA E717555D 0D2FC2FD 63169A5E 54FFCD96 B72EF382 D066F856
  72CC7256 6F80FF7A 08A52BF6 5D749EB9 559D6E5B D083ED
        quit
no ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.20    ====You can exlude any range of IP address from your DHCP here====
ip dhcp excluded-address 192.168.0.220 192.168.0.254    ====You can exlude any range of IP address from your DHCP here====
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.0.0 255.255.255.0    ===This is your network===
   dns-server 192.168.0.254    ===This is so your student PCs get the ip of your router as their DNS Server===
   default-router 192.168.0.254    ===This is so your student PCs get the ip of your router as their gateway===
   domain-name cypruschools.com    ===This is only necessary when hosting a Server in your school and you have a domain pointing to your Public IP address===
!
!
ip cef
no ip bootp server
ip domain retry 0
ip domain timeout 1
ip domain name www.cypruschools.com    ===This is only necessary when hosting a Server in your school and you have a domain pointing to your Public IP address===
ip host srv001 192.168.0.5    ===This is needed so you can browse your Server from your local LAN by its name===
ip host www.facebook.com 127.0.0.1  ===Block access to this web address===
ip host www.cypruschools.com 192.168.0.5    ===This is only necessary when hosting a Server in your school and you have a domain pointing to your Public IP address===
ip name-server 195.14.130.170    ===This is the DNS Server of CYTA===
ip name-server 195.14.130.220    ===This is the DNS Server of CYTA===
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ1630C30Y
!
!
username admin privilege 15 password ===this has been deleted by Elias===
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_BOOTPC    ===Make sure you have the same class-maps in your router as I have in this section===
 match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 102
 match protocol tcp
class-map type inspect match-any SDM_DHCP_CLIENT_PT
 match class-map SDM_BOOTPC
class-map type inspect match-any sdm-cls-bootps
 match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply    ===Make sure you have the same policy-maps in your router as I have in this section===
 class type inspect ccp-icmp-access
  inspect
 class type inspect sdm-cls-bootps
  pass
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class class-default
  drop
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class class-default
  drop
policy-map type inspect ccp-permit
 class type inspect SDM_DHCP_CLIENT_PT
  pass
 class class-default
  drop
!
zone security out-zone    ===Make sure you have the same zones in your router as I have in this section===
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4    ===Make sure you delete the security zone (zone-member security out-zone) from your FastEthernet4 Interface, if you want to be able to telnet to your router from the outside===
 description $FW_OUTSIDE$$ES_WAN$
 ip address 81.4.168.218 255.255.255.248    ===This is your CYTA IP address and Subnet Mask===
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Vlan1    ===Make sure you delete the security zone (zone-member security in-zone) from your FastEthernet4 Interface, if you want to be able to telnet to your router from the outside===
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.0.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns view default    ===All this section here is very important for your DNS to work correctly===
 domain timeout 1
 domain retry 0
 domain round-robin
 dns forwarder 195.14.130.170
 dns forwarder 195.14.130.220
ip dns server
!
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.5 1001 interface FastEthernet4 1001
ip nat inside source static tcp 192.168.0.5 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.0.5 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.0.5 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.0.5 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.0.5 110 interface FastEthernet4 110
ip nat inside source static tcp 192.168.0.5 5900 interface FastEthernet4 5900
ip nat inside source static tcp 192.168.0.5 5901 interface FastEthernet4 5901    ===This section here with the below access list 102 controls which ports are open and forwarded to which
ip nat inside source static tcp 192.168.0.5 800 interface FastEthernet4 800       internal ports on your local LAN, 192.168.0.5 is the IP address of my Server===
ip nat inside source static tcp 192.168.0.7 5902 interface FastEthernet4 5902
ip nat inside source static tcp 192.168.0.5 1000 interface FastEthernet4 1000
ip nat inside source static tcp 192.168.0.5 23 interface FastEthernet4 2323
ip nat inside source static tcp 192.168.0.5 8080 interface FastEthernet4 8080
ip nat inside source static tcp 192.168.0.5 5800 interface FastEthernet4 5800
ip nat inside source static tcp 192.168.0.7 5802 interface FastEthernet4 5802
ip nat inside source static tcp 192.168.0.5 21 interface FastEthernet4 21
ip nat inside source static 192.168.0.5 81.4.168.219    ===This is so you can use the other static IPs you have with your CYTA Business Internet Connection in your Local LAN===
ip nat inside source static 192.168.0.7 81.4.168.220    ===This is so you can use the other static IPs you have with your CYTA Business Internet Connection in your Local LAN===
ip route 0.0.0.0 0.0.0.0 81.4.168.217    ===This is your CYTA gateway===
!
ip access-list extended SDM_BOOTPC
 remark CCP_ACL Category=0
 permit udp any any eq bootpc
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 remark CCP_ACL Category=0    ===This access-list 102 controls which ports are open and forwarded to which internal ports on your local LAN===
access-list 102 permit tcp any any eq 3389
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq 5900
access-list 102 permit tcp any any eq 5901
access-list 102 permit tcp any any eq 5902
access-list 102 permit tcp any any eq 5800
access-list 102 permit tcp any any eq 5802
access-list 102 permit tcp any any eq 443
access-list 102 permit tcp any any eq 1000
access-list 102 permit tcp any any eq 8080
access-list 102 permit tcp any any eq 1001
access-list 102 permit tcp any any eq 800
access-list 102 permit tcp any any eq telnet
access-list 102 permit icmp any any administratively-prohibited
access-list 102 permit icmp any any echo
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any packet-too-big
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any traceroute
access-list 102 permit icmp any any unreachable
access-list 102 permit udp any eq bootps any eq bootpc
access-list 102 permit udp any eq bootps any eq bootps
access-list 102 permit udp any eq domain any
access-list 102 permit esp any any
access-list 102 permit udp any any eq isakmp
access-list 102 permit udp any any eq 10000
access-list 102 permit tcp any any eq 1723
access-list 102 permit tcp any any eq 139
access-list 102 permit udp any any eq netbios-ns
access-list 102 permit udp any any eq netbios-dgm
access-list 102 permit gre any any
access-list 102 permit ip any host 81.4.168.219    ===This is so you can use the other static IPs you have with your CYTA Business Internet Connection in your Local LAN===
access-list 102 permit ip any host 81.4.168.220    ===This is so you can use the other static IPs you have with your CYTA Business Internet Connection in your Local LAN===
no cdp run
!
!
!
!
!
control-plane
!
banner login ^============================================================    ===This is just a login banner===
Authorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!
============================================================
All connections are logged and monitored. Any auauthorized
use will be prosecuted to the fullest extent of the law. If
you do not agree to these conditions, disconnect now.
============================================================
Please call Elias S. Theodorou for help @ 99481734
============================================================
^
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 password 7 0828484B08154B1A13060D
 login
 transport input all
 transport output all
line vty 0 4    ===Setup this section so that you can telnet from outside and make sure you setup a password as well===
 password 7 ===this has been deleted by Elias===
 login
 transport input all
 transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

lykneopaf#