سلام دوستان
من چند صد سال قبل ارور 721 و 619 داشتم !
با کمک دوستان حل شد منتها هنوز کانفیگ را رایت نکردم
میخواستم بدانم از نظر دوستان این کانفیگ دارای مشکل خاصی نیست؟
از لحاظ عملکرد کاملا درست عمل میکند و ارور نداریم و سر ساعت یوزر ها را کیل میکند ولی از لحاظ فنی نمیدانم ایا کانفیگ درستی است یا نه؟
کد:
User Access Verification
Username: admin
Password:
Authentication Successful.
IAUKhash-Ro535>en
Password:
IAUKhash-Ro535#sho run
Building configuration...
Current configuration : 5732 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname IAUKhash-Ro535
!
boot-start-marker
no boot startup-test
boot-end-marker
!
enable password 7 *************
!
!
!
resource-pool disable
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication login no_tacacs enable
aaa authentication login bidel line
aaa authentication ppp default local group radius
aaa authorization exec default group radius local
aaa authorization network default local group radius
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa accounting network acc1 start-stop group radius
aaa accounting system default start-stop group tacacs+
!
aaa session-id common
!
resource policy
!
spe default-firmware spe-firmware-1
ip rcmd rsh-enable
ip rcmd remote-host SYSTEM 5 SYSTEM enable
!
!
ip cef
ip name-server 5
ip name-server 4
ip name-server 4.2.2.4
!
!
isdn switch-type primary-net5
isdn voice-call-failure 0
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 password 7 *************
username behi privilege 15 password 7 *************
!
!
controller E1 3/0
framing NO-CRC4
pri-group timeslots 1-31
!
controller E1 3/1
framing NO-CRC4
line-termination 75-ohm
pri-group timeslots 1-31
!
!
interface GigabitEthernet0/0
ip address 78.38.***.* 255.255.255.192
duplex auto
speed auto
negotiation auto
!
interface GigabitEthernet0/1
ip address 192.168.80.45 255.255.255.252
ip access-group 110 out
duplex auto
speed auto
negotiation auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
no dce-terminal-timing-enable
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
no dce-terminal-timing-enable
!
interface Serial3/0:15
ip unnumbered GigabitEthernet0/0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem 56
isdn guard-timer 3000
no peer default ip address
no keepalive
no fair-queue
ppp authentication pap
!
interface Serial3/1:15
ip unnumbered GigabitEthernet0/0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem 56
isdn guard-timer 3000
no peer default ip address
no keepalive
no fair-queue
ppp authentication pap
!
interface Group-Async0
no ip address
encapsulation slip
no group-range
!
interface Group-Async1
ip unnumbered GigabitEthernet0/0
encapsulation ppp
ip tcp header-compression
async mode dedicated
peer default ip address pool Group-Pool-1
keepalive 15 3
ppp authentication pap
group-range 1/00 1/29
!
interface Group-Async2
ip unnumbered GigabitEthernet0/0
encapsulation ppp
ip tcp header-compression
shutdown
async mode dedicated
peer default ip address pool Group-Pool-1
ppp authentication pap
group-range 1/30 1/59
!
router rip
version 2
passive-interface GigabitEthernet0/1
network 78.0.0.0
no auto-summary
!
ip local pool Group-Pool-1 225-254
!
ip route 0.0.0.0 0.0.0.0 192.168.80.46
no ip http server
!
!
access-list 23 permit 80.191.*.*
access-list 23 permit 5
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny tcp any any eq 135
access-list 110 deny udp any any eq 135
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 139
access-list 110 deny udp any any eq netbios-ss
access-list 110 deny tcp any any eq 445
access-list 110 deny udp any any eq 445
access-list 110 deny tcp any any eq 1434
access-list 110 deny udp any any eq 1434
access-list 110 deny tcp any any eq 31789
access-list 110 deny tcp any any eq 31790
access-list 110 deny tcp any any range 666 765
access-list 110 deny udp any any range 666 765
access-list 110 deny tcp any any eq 1234
access-list 110 deny tcp any any eq 16959
access-list 110 deny tcp any any eq 27374
access-list 110 deny tcp any any eq 6711
access-list 110 deny tcp any any eq 6712
access-list 110 deny tcp any any eq 6776
access-list 110 deny tcp any any eq 4444
access-list 110 deny tcp any any eq 3333
access-list 110 deny tcp any any eq 593
access-list 110 deny udp any any eq tftp
access-list 110 deny tcp any any eq 4662
access-list 110 deny udp any any eq 4672
access-list 110 deny tcp any any range 6881 6999
access-list 110 deny tcp any any eq 1214
access-list 110 deny ip 10.0.0.0 0.255.255.255 any
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip any 10.0.0.0 0.255.255.255
access-list 110 deny ip any 127.0.0.0 0.255.255.255
access-list 110 deny ip 172.16.0.0 0.15.255.255 any
access-list 110 permit ip 192.168.80.44 0.0.0.3 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
access-list 110 deny ip any 172.16.0.0 0.15.255.255
access-list 110 deny ip any 192.168.0.0 0.0.255.255
access-list 110 permit icmp 2 0.0.0.63 any
access-list 110 permit ip 2 0.0.0.63 any
access-list 110 permit ip any 2 0.0.0.63
snmp-server community ******* RW
snmp-server enable traps tty
!
!
radius-server host 5 auth-port 1645 acct-port 1646
radius-server key 7 ********
!
control-plane
!
!
!
voice-port 3/0:D
!
voice-port 3/1:D
!
!
!
!
ss7 mtp2-variant Bellcore 0
ss7 mtp2-variant Bellcore 1
ss7 mtp2-variant Bellcore 2
ss7 mtp2-variant Bellcore 3
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 *****
line 1/00 1/59
no flush-at-activation
no modem callout
modem Dialin
modem autoconfigure discovery
transport input all
autoselect during-login
autoselect ppp
!
scheduler allocate 10000 400
end
IAUKhash-Ro535#
موضوعات مشابه: