2012年10月5日金曜日

aaa


Question

CISCO 892 ROUTER
HQ_BACKUP_CONNECTION_ROUTER#show run
Building configuration...

Current configuration : 6487 bytes
!
! Last configuration change at 15:30:45 EST Thu Mar 17 2011 by coxma
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ_BACKUP_CONNECTION_ROUTER
!
boot-start-marker
boot-end-marker
!
aaa new-model
!
!
aaa authentication password-prompt "Enter local password:"
aaa authentication username-prompt "Enter local username:"
aaa authentication login default local group tacacs+
aaa authentication enable default enable group tacacs+
aaa authorization console
aaa authorization exec default local group tacacs+
aaa authorization network default local group tacacs+
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EST recurring
!
crypto pki trustpoint TP-self-signed-92435657
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-92435657
 revocation-check none
 rsakeypair TP-self-signed-92435657
!
!

ip source-route
!
!
!
!
ip cef
ip domain
ip name-server 199.129.247.145
ip name-server 199.129.207.34
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FHK145170ME
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
!
interface Loopback0
 no ip address
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
 !
!
interface FastEthernet0
 shutdown
 !
!
interface FastEthernet1
 !
!
interface FastEthernet2
 !
!
interface FastEthernet3
 !
!
interface FastEthernet4
 !
!
interface FastEthernet5
 !
!
interface FastEthernet6
 !
!
interface FastEthernet7
 !
!
interface FastEthernet8
 description CONNECTION_TO_NEW_EDGE
 ip address 10.10.1.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0
 description CONNECTION_TO_HQ_Core
 ip address 199.129.156.2 255.255.255.0
 ip virtual-reassembly
 ip nat outside
duplex full
 speed 100
 !
!
interface Vlan1
 no ip address
 !
!
interface Vlan5
 ip address 199.129.205.170 255.255.255.0
 !
!
ip forward-protocol nd
ip http server
ip http access-class 5
ip http authentication aaa
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-export version 5
ip flow-export destination 199.129.206.88 2055
!
ip nat log translations syslog
ip nat pool BacUp 199.129.156.3 199.129.156.254 netmask 255.255.255.0
ip nat source list 7 pool BacUp
ip route 0.0.0.0 0.0.0.0 199.129.156.1
ip route 10.10.0.0 255.255.0.0 10.10.1.1
ip route 199.129.0.0 255.255.0.0 199.129.156.1
!
access-list 5 permit 199.129.0.0 0.0.255.255
access-list 5 permit 10.0.0.0 0.255.255.255
access-list 5 deny   any
access-list 6 permit 199.129.0.0 0.0.255.255
access-list 6 permit 10.0.0.0 0.255.255.255
access-list 6 deny   any
access-list 7 permit 10.10.0.0 0.0.255.255
!
!
!
!
snmp-server community C0mm$$l@nw@n RO 6
snmp-server community Kw2004R!pe@c RW 6
snmp-server community public-y9M5&e#U-h RO 6
snmp-server community private-5Ebrewr@XA RW 6
snmp-server enable traps tty
snmp-server host 199.129.206.14 C0mm$$l@nw@n
snmp-server host 199.129.206.88 C0mm$$l@nw@n
snmp-server host 199.129.206.96 Kw2004R!pe@c
snmp-server host 199.129.208.103 Kw2004R!pe@c
!
tacacs-server host 199.129.247.180
tacacs-server host 199.129.208.10
tacacs-server directed-request
tacacs-server key 7 12170453565B59142B6F60
!
control-plane
 !
!
!
line con 0
line aux 0
 speed 38400
line vty 0 4
 access-class 5 in
 privilege level 15
 login authentication local
 transport input ssh
line vty 5 15
 access-class 5 in
 privilege level 15
 login authentication local
 transport input ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp access-group peer 7
ntp server 199.129.247.145
ntp server 199.129.207.34
end
=================================================
Router 2 Cisco 1841


OMS363560#show run
Building configuration...

Current configuration : 2526 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname _OMS363560
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 10000
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!

archive
 log config
  hidekeys
!
!
!
!
!
!
class-map match-any C5_QUEUE
 match  dscp cs5
 match  dscp ef
 match  dscp cs6
 match  dscp cs7
 match ip precedence 5
class-map match-any C4_QUEUE
 match  dscp cs4
 match  dscp af41
 match  dscp af42
 match  dscp af43
 match ip precedence 4
class-map match-any C1_QUEUE
 match  dscp cs1
 match  dscp af11
 match  dscp af12
 match  dscp af13
 match ip precedence 1
class-map match-any C3_QUEUE
 match  dscp cs3
 match  dscp af31
 match  dscp af32
 match  dscp af33
 match ip precedence 3
class-map match-any C2_QUEUE
 match  dscp cs2
 match  dscp af21
 match  dscp af22
 match  dscp af23
 match ip precedence 2
!
!
policy-map QUEUE
 description Product 4
 class C2_QUEUE
    bandwidth percent 5
 class C3_QUEUE
    bandwidth percent 15
 class C4_QUEUE
    bandwidth percent 40
 class C5_QUEUE
    priority percent 15
 class class-default
    fair-queue
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.30.228.14 255.255.255.252
 speed 100
 full-duplex
 service-policy output QUEUE
!
router ospf 4589
 router-id 10.10.1.1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet0/0
 network 10.10.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.30.228.13
ip route 10.10.230.0 255.255.255.0 172.30.228.13
ip route 10.10.250.0 255.255.255.0 172.30.228.13
ip route 172.30.255.0 255.255.255.0 172.30.228.13
ip route 199.129.0.0 255.255.0.0 10.10.1.2
no ip http server
no ip http secure-server
!
!
!
logging trap notifications
!
!
!
!
!
snmp-server view noSysOr internet included
snmp-server view noSysOr ip excluded
snmp-server view noSysOr system.9 excluded
snmp-server community th3l04n3r view noSysOr RO
snmp-server community 79joliet view noSysOr RO
snmp-server location New Edge Networks
snmp-server contact noc@newedgenetworks.com
snmp-server enable traps tty
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 login local
!
scheduler allocate 20000 1000
end
投稿者 時刻:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)