0 оценок0% нашли этот документ полезным (0 голосов)
29 просмотров4 страницы
No service pad service timestamps log datetime msec service password-encryption. No aaa new-model clock timezone MET 1 clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00.
No service pad service timestamps log datetime msec service password-encryption. No aaa new-model clock timezone MET 1 clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00.
Авторское право:
Attribution Non-Commercial (BY-NC)
Доступные форматы
Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
No service pad service timestamps log datetime msec service password-encryption. No aaa new-model clock timezone MET 1 clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00.
Авторское право:
Attribution Non-Commercial (BY-NC)
Доступные форматы
Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
service timestamps log datetime msec service password-encryption ! hostname [NOME-ROUTER] ! boot-start-marker boot-end-marker ! logging buffered 52000 enable secret 5 [SECRET-PASSWORD] ! no aaa new-model clock timezone MET 1 clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 ! dot11 association mac-list 700 dot11 syslog dot11 vlan-name WiFi vlan 1 ! dot11 ssid [NOME-SSID] vlan 1 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 [PASSWORD-WIFI-MASSIMO-63-CARATTERI] ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.221 192.168.0.254 ! ip dhcp pool Pool1 import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.221 dns-server [1-DNS-X-CLIENT] [2-DNS-x-CLIENT] lease infinite ! ! ip cef ip inspect log drop-pkt ip inspect name Firewall cuseeme ip inspect name Firewall dns ip inspect name Firewall ftp ip inspect name Firewall h323 ip inspect name Firewall https ip inspect name Firewall icmp ip inspect name Firewall imap ip inspect name Firewall pop3 ip inspect name Firewall rcmd ip inspect name Firewall realaudio ip inspect name Firewall rtsp ip inspect name Firewall esmtp ip inspect name Firewall sqlnet ip inspect name Firewall streamworks ip inspect name Firewall tftp ip inspect name Firewall tcp ip inspect name Firewall udp ip inspect name Firewall vdolive ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ip domain name cisco.com ip name-server [1-DNS-RISOLUXIONE-NOMI-X-ROUTER] ip name-server [2-DNS-RISOLUXIONE-NOMI-X-ROUTER] ip ddns update method dyndns1 HTTP add http://[NOMEUTENTE]:[PASSWORD]@members.dyndns.org/nic/update?system=dyndns &ho stname=<h>&myip=<a> remove http://[NOMEUTENTE]:[PASSWORD]@members.dyndns.org/nic/update?system=dyn dns &hostname=<h>&myip=<a> ! ! username [NOME-UTENTE-ACCESSO-ROUTER] privilege 15 secret 5 [PASSWORD] ! ! archive log config hidekeys ! ! ! bridge irb ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode adsl2+ ! interface ATM0.1 point-to-point pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers aes-ccm tkip ! ssid [NOME-SSID-WIFI] ! speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 station-role root world-mode dot11d country IT both l2-filter bridge-group-acl ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 no ip address ip tcp adjust-mss 1452 bridge-group 1 ! interface Dialer0 ip ddns update hostname [HOST-DYNDNS].gotdns.com ip ddns update dyndns1 ip address negotiated ip access-group 101 in ip mtu 1492 ip inspect Firewall out ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap callin ppp pap sent-username [UTENTE]@alice.it password 7 [PASSWORD] ! interface BVI1 ip address 192.168.0.221 255.255.255.0 ip access-group 102 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 101 remark Traffico abilitato ad entrare nel router da internet access-list 101 deny ip 0.0.0.0 0.255.255.255 any access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip 169.254.0.0 0.0.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.0.2.0 0.0.0.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 198.18.0.0 0.1.255.255 any access-list 101 deny ip 224.0.0.0 0.15.255.255 any access-list 101 deny ip any host 255.255.255.255 access-list 101 permit udp host [1-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any access-list 101 permit udp host [2-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any access-list 101 permit tcp host 63.208.196.96 eq www any log access-list 101 permit udp host 207.46.232.42 eq ntp any access-list 101 permit udp host 192.43.244.18 eq ntp any access-list 101 permit gre any any access-list 101 deny icmp any any echo access-list 101 deny ip any any log access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet access-list 102 permit ip any host 192.168.0.221 access-list 102 deny ip any host 192.168.0.255 access-list 102 deny udp any any eq tftp log access-list 102 deny ip any 0.0.0.0 0.255.255.255 log access-list 102 deny ip any 10.0.0.0 0.255.255.255 log access-list 102 deny ip any 127.0.0.0 0.255.255.255 log access-list 102 deny ip any 169.254.0.0 0.0.255.255 log access-list 102 deny ip any 172.16.0.0 0.15.255.255 log access-list 102 deny ip any 192.0.2.0 0.0.0.255 log access-list 102 deny ip any 192.168.0.0 0.0.255.255 log access-list 102 deny ip any 198.18.0.0 0.1.255.255 log access-list 102 deny udp any any eq 135 log access-list 102 deny tcp any any eq 135 log access-list 102 deny udp any any eq netbios-ns log access-list 102 deny udp any any eq netbios-dgm log access-list 102 deny tcp any any eq 445 log access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 102 permit ip any host 255.255.255.255 access-list 102 deny ip any any log access-list 700 permit [MAC-ADDRESS-WIFI-ABILITATI] (Esempio 0015.1181.a949 00 00.0000.0000) access-list 700 deny 0000.0000.0000 ffff.ffff.ffff dialer-list 1 protocol ip permit no cdp run ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 sntp server 207.46.197.32 sntp server 192.43.244.18 end