سلام
با اجازه دوستان از امروز مي خام شروع كنم به تحليل كامل دستورات و تنظيمات يك روتر
براي همين تنظيمات يه 3662 رو انتخاب كردم كه در موردش بحث كنيم.اميدوارم دوستان خوب من كاري نكنن كه من از گذاشتن كامل تمام IP ها اينجا شرمنده بشم.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3662
!
aaa new-model
aaa authentication login NO-TAC line
aaa authentication ppp default local group tacacs+
aaa authorization network default if-authenticated
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
enable secret 5 $1$1nNS$ism0xqaEycU/
enable password 7 11584B
!
username myconf password 7 00071C080C
username system privilege 15 password 7 00512055
username payam password 7 060C454A
username reza password 7 1416001203
ip subnet-zero
ip rcmd rsh-enable
ip rcmd remote-host system 213.155.46.2 system enable
ip wccp version 1
ip wccp web-cache redirect-list 150
!
!
ip name-server 195.146.32.1
ip name-server 195.146.32.65
ip name-server 195.146.32.2
ip name-server 195.146.32.66
ip name-server 192.9.9.3
!
async-bootp dns-server 213.155.46.2
!
!
!
interface FastEthernet0/0
ip address 217.219.93.1 255.255.255.0
ip access-group 121 in
ip access-group 121 out
ip policy route-map ptt
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 213.155.46.1 255.255.255.0
ip access-group 121 out
ip policy route-map ptt
duplex auto
speed auto
!
interface Serial1/0
ip unnumbered FastEthernet0/0
ip access-group 121 in
ip access-group 121 out
ip accounting output-packets
ip wccp web-cache redirect out
!
interface Serial1/1
ip unnumbered FastEthernet0/1
ip access-group 121 out
ip wccp web-cache redirect out
no keepalive
ignore-dcd
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Group-Async1
ip unnumbered FastEthernet0/1
ip access-group 121 in
ip access-group 121 out
encapsulation ppp
ip tcp header-compression passive
ip policy route-map ptt
async dynamic address
async dynamic routing
async mode interactive
peer default ip address pool dialup
ppp authentication chap pap
group-range 65 80
!
interface Group-Async2
ip unnumbered FastEthernet0/1
ip access-group 121 in
ip access-group 121 out
encapsulation ppp
ip tcp header-compression passive
ip policy route-map ptt
async mode interactive
peer default ip address pool dialup
ppp authentication pap chap
group-range 97 112
!
ip local pool dialup 213.155.46.235 213.155.46.254
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0
no ip http server
ip pim bidir-enable
!
access-list 7 permit 192.168.1.0 0.0.0.255
access-list 7 permit 213.155.46.0 0.0.0.255
access-list 101 permit ip 213.155.46.0 0.0.0.255 any
access-list 121 deny tcp any any range 135 139
access-list 121 deny tcp any any eq 4444
access-list 121 deny tcp any any eq 1434
access-list 121 deny udp any any eq 1434
access-list 121 deny tcp any any eq 445
access-list 121 deny tcp any any eq 593
access-list 121 deny udp any any range 995 999
access-list 121 deny udp any any eq ntp
access-list 121 permit ip any any
access-list 122 deny icmp any any echo
access-list 122 deny icmp any any echo-reply
access-list 122 permit ip any any
access-list 150 permit tcp 217.219.93.0 0.0.0.255 any eq www
access-list 150 permit tcp 213.155.46.0 0.0.0.255 any eq www
route-map ptt permit 2
match ip address 101
set interface Serial1/1
!
tacacs-server host 213.155.46.2
tacacs-server timeout 20
snmp-server community public RW 15
!
line con 0
line 65 80
exec-timeout 0 0
modem InOut
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
stopbits 1
flowcontrol hardware
line 97 112
exec-timeout 0 0
modem Dialin
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 0132352C6F2227F
login authentication NO-TAC
telnet speed 9600 38400
!
end
انشالله از فردا با كمك همه اين همه دستورات عجيب غريب رو بررسي مي كنيم.
از همه دوستان كه استاد بنده هستن بخصوص آقا كوروش كمك مي خوام
با اجازه دوستان از امروز مي خام شروع كنم به تحليل كامل دستورات و تنظيمات يك روتر
براي همين تنظيمات يه 3662 رو انتخاب كردم كه در موردش بحث كنيم.اميدوارم دوستان خوب من كاري نكنن كه من از گذاشتن كامل تمام IP ها اينجا شرمنده بشم.
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3662
!
aaa new-model
aaa authentication login NO-TAC line
aaa authentication ppp default local group tacacs+
aaa authorization network default if-authenticated
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
enable secret 5 $1$1nNS$ism0xqaEycU/
enable password 7 11584B
!
username myconf password 7 00071C080C
username system privilege 15 password 7 00512055
username payam password 7 060C454A
username reza password 7 1416001203
ip subnet-zero
ip rcmd rsh-enable
ip rcmd remote-host system 213.155.46.2 system enable
ip wccp version 1
ip wccp web-cache redirect-list 150
!
!
ip name-server 195.146.32.1
ip name-server 195.146.32.65
ip name-server 195.146.32.2
ip name-server 195.146.32.66
ip name-server 192.9.9.3
!
async-bootp dns-server 213.155.46.2
!
!
!
interface FastEthernet0/0
ip address 217.219.93.1 255.255.255.0
ip access-group 121 in
ip access-group 121 out
ip policy route-map ptt
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 213.155.46.1 255.255.255.0
ip access-group 121 out
ip policy route-map ptt
duplex auto
speed auto
!
interface Serial1/0
ip unnumbered FastEthernet0/0
ip access-group 121 in
ip access-group 121 out
ip accounting output-packets
ip wccp web-cache redirect out
!
interface Serial1/1
ip unnumbered FastEthernet0/1
ip access-group 121 out
ip wccp web-cache redirect out
no keepalive
ignore-dcd
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Group-Async1
ip unnumbered FastEthernet0/1
ip access-group 121 in
ip access-group 121 out
encapsulation ppp
ip tcp header-compression passive
ip policy route-map ptt
async dynamic address
async dynamic routing
async mode interactive
peer default ip address pool dialup
ppp authentication chap pap
group-range 65 80
!
interface Group-Async2
ip unnumbered FastEthernet0/1
ip access-group 121 in
ip access-group 121 out
encapsulation ppp
ip tcp header-compression passive
ip policy route-map ptt
async mode interactive
peer default ip address pool dialup
ppp authentication pap chap
group-range 97 112
!
ip local pool dialup 213.155.46.235 213.155.46.254
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/0
no ip http server
ip pim bidir-enable
!
access-list 7 permit 192.168.1.0 0.0.0.255
access-list 7 permit 213.155.46.0 0.0.0.255
access-list 101 permit ip 213.155.46.0 0.0.0.255 any
access-list 121 deny tcp any any range 135 139
access-list 121 deny tcp any any eq 4444
access-list 121 deny tcp any any eq 1434
access-list 121 deny udp any any eq 1434
access-list 121 deny tcp any any eq 445
access-list 121 deny tcp any any eq 593
access-list 121 deny udp any any range 995 999
access-list 121 deny udp any any eq ntp
access-list 121 permit ip any any
access-list 122 deny icmp any any echo
access-list 122 deny icmp any any echo-reply
access-list 122 permit ip any any
access-list 150 permit tcp 217.219.93.0 0.0.0.255 any eq www
access-list 150 permit tcp 213.155.46.0 0.0.0.255 any eq www
route-map ptt permit 2
match ip address 101
set interface Serial1/1
!
tacacs-server host 213.155.46.2
tacacs-server timeout 20
snmp-server community public RW 15
!
line con 0
line 65 80
exec-timeout 0 0
modem InOut
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
stopbits 1
flowcontrol hardware
line 97 112
exec-timeout 0 0
modem Dialin
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
stopbits 1
flowcontrol hardware
line aux 0
line vty 0 4
password 7 0132352C6F2227F
login authentication NO-TAC
telnet speed 9600 38400
!
end
انشالله از فردا با كمك همه اين همه دستورات عجيب غريب رو بررسي مي كنيم.
از همه دوستان كه استاد بنده هستن بخصوص آقا كوروش كمك مي خوام