من که نفهمیدم چیکار کنم.
هرجاش اضافیه بگید پاک کنم
Printable View
من که نفهمیدم چیکار کنم.
هرجاش اضافیه بگید پاک کنم
[quote=shabake_karan][LEFT][ltr]no logging rate-limit: [COLOR=blue]if you are using rate-limit and u have enbaled syslog logging , this will avoid generating syslog messages when rate-limit speed limit has reached , This line seems to be spare[/COLOR][/ltr][/LEFT]
[ltr]
[LEFT]aaa new-model : [COLOR=blue]This command will enable the AAA : Its critical[/COLOR]
aaa authentication login default group tacacs+ local : [COLOR=blue]Your configurtaion shows that you are using a TACACS server , so this will line will check the login facility on the router. Actually when u type "Enable" which will lead you to the privilage mode this line is working : Critical[/COLOR]
aaa authentication login no_tacacs enable : [COLOR=blue]Seems to be spare[/COLOR]
aaa authentication login data none : [COLOR=blue]seems to be spare[/COLOR]
aaa authentication ppp default group tacacs+ :[COLOR=blue] This will check the dialin users authentication : Critical[/COLOR]
aaa authentication ppp defalt if-needed group tacacs+ local : [COLOR=blue]EXTRA LINE[/COLOR]
aaa authentication ppp data none : [COLOR=blue]EXTRA LINE[/COLOR]
aaa authorization exec default group tacacs+ local : [COLOR=blue]This will specify TACAS to check every command that you enter and authorize you[/COLOR]
aaa authorization network default group tacacs+ local : [COLOR=blue]This will authorize the PPP Dial-in Users[/COLOR]
aaa accounting nested : [COLOR=blue]Extra Line [/COLOR]
aaa accounting update newinfo : [COLOR=blue]Change this to priodic[/COLOR]
aaa accounting exec default start-stop group tacacs+ : [COLOR=blue]How accounting information will be send to the Accounting software about any command that you type: If you like to have log of what you do , enable this[/COLOR]
aaa accounting network default start-stop group tacacs+ : [COLOR=blue]This determines how the ppp dial-in users accounting infomation is sent to accounting software : Critical[/COLOR][/LEFT]
[LEFT]enable secret 5 $1$Mnfl$0CIzepuR6rRS6MTGpbWMX. :[COLOR=blue]If router wont be able to communicate with TACACS Server will use this password will let you log-in[/COLOR][/LEFT]
[/ltr][/quote]
دوستمون که توضیح دادن !!
من واستون یه کانفیگ میزارم
Current configuration : 5266 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 *******
enable password 7*******
!
spe 2/0 2/9
firmware location system:/ucode/mica_port_firmware
!
!
resource-pool disable
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs enable
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default group tacacs+
aaa authentication ppp if-needed group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization network default group tacacs+ local
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
ip subnet-zero
ip name-server 192.9.9.3
ip name-server 4.2.2.4
!
!
isdn switch-type primary-net5
isdn gateway-max-interworking
!
!
!
!
!
!
!
!
!
!
username ****** password 7 ******
!
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
clock source line secon
pri-group timeslots 1-31
!
controller E1 2
clock source line secondary 2
!
controller E1 3
clock source line secondary 3
!
controller E1 4
clock source line secondary 4
!
controller E1 5
clock source line secondary 5
!
controller E1 6
clock source line secondary 6
!
controller E1 7
clock source line secondary 7
!
!
interface Ethernet0
ip address 192.168.129.1 255.255.255.0
ip access-group 115 in
ip access-group 115 out
!
interface Serial0
ip unnumbered FastEthernet0
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial2
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial3
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial0:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no cdp enable
!
interface Serial1:15
no ip address
isdn switch-type prim
no cdp enable
!
interface FastEthernet0
ip address *.*.*.* 255.255.255.248
ip access-group 115 in
ip access-group 115 out
duplex half
speed 100
!
interface Group-Async0
ip unnumbered Ethernet0
ip access-group 115 in
ip access-group 115 out
encapsulation ppp
ip route-cache policy
no ip mroute-cache
ip policy route-map firewall
async mode interactive
peer ip address forced
peer default ip address pool setup_pool
compress mppc
ppp authentication pap chap
group-range 1 120
!
interface Group-Async1
physical-layer asy
ip unnumbered Ethernet0
!
ip local pool setup_pool 192.168.129.150 192.168.129.200
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
access-list 1 permit *.*.*.*
access-list 115 deny icmp any any echo
access-list 115 deny icmp any
access-list 115 permit ip any any
access-list 115 deny tcp any any eq 139
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny udp any any eq tftp
access-list 115 deny tcp any any eq 135
access-list 115 deny udp any any eq 135
access-list 115 deny udp any any eq netbios-ns
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny tcp any any eq 593
access-list 115 deny tcp any any eq 4444
access-list 115 permit ip any any
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 5556
access-list 115 deny tcp any any eq 9996
access-list 115 deny tcp any any eq 1434
access-list 115 deny udp any any eq 999
access-list 115 deny udp any any eq 998
access-list 115 deny udp any any eq 997
access-list 115 deny udp any any eq 996
access-list 115 deny udp any any eq 995
access-list 115 deny tcp any any eq 138
!
route-map firewall permit 10
match ip address 110
set ip next-hop 192.168.129.3
!
route-map cache-redirect permit 10
match ip address
set ip next-hop 192.168.129.3
!
tacacs-server host *.*.*.*
tacacs-server timeout 100
tacacs-server directed-request
tacacs-server key 7 ****
snmp-server community public RW 15
snmp-server enable traps tty
!
!
!
!
gateway
!
!
line con 0
logging synchronous
autocommand ppp
autoselect during-login
autoselect ppp
line 1 120
no flush-at-activation
modem Dialin
transport preferred none
transport input pad telnet rlogin udptn v120 lapb-ta
transport output none
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
access-class 1 in
transport input all
!
end