سلام
من کانفیگ روتر رو در زیر آوردم. اگه اشکالی می بینید یه لطفی کنید راهنمایی کنید. وقتی تعداد کاربران زیاد می شود cpu load به بالای هشتاد درصد می رسد. حتی به 95 درصد هم می رسد. تعداد کاربران در حالت حداکثری 237 می شود.

service password-encryption
!
hostname AS3-PRI
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$dZNv$NtgIfV0.cbfw/VD8jZeg91
!
spe 1/0 2/9
firmware location system:/ucode/mica_port_firmware
!
!
resource-pool disable
clock timezone IRST 3 30
clock summer-time IRDT date Mar 21 2009 0:00 Sep 22 2020 23:59
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local group radius
aaa authorization network default local group radius if-authenticated
aaa accounting delay-start
aaa accounting suppress null-username
aaa accounting update newinfo periodic 1
aaa accounting network default start-stop group radius
aaa pod server auth-type any ignore server-key
aaa session-id common
ip subnet-zero
ip rcmd rsh-enable
ip rcmd remote-host root x.x.x.x root enable
ip rcmd remote-host root x.x.x.x root enable
ip rcmd remote-host root x.x.x.x root enable
ip cef
ip name-server x.x.x.x
ip name-server x.x.x.x
!
async-bootp dns-server x.x.x.x x.x.x.x
!
isdn switch-type primary-net5
modemcap entry mica-e1:MSC=&F&D2S34=18000S40=10S54=172S53=1S29=12S63=5
!
!
!
!
!
!
!
!
!
!
username xxxxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxx
username xxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxx
!
!
controller E1 0
framing NO-CRC4
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
framing NO-CRC4
clock source line secondary 1
pri-group timeslots 1-31
!
controller E1 2
framing NO-CRC4
clock source line secondary 2
pri-group timeslots 1-31
!
controller E1 3
framing NO-CRC4
clock source line secondary 3
pri-group timeslots 1-31
!
controller E1 4
framing NO-CRC4
clock source line secondary 4
pri-group timeslots 1-31
!
controller E1 5
framing NO-CRC4
clock source line secondary 5
pri-group timeslots 1-31
!
controller E1 6
framing NO-CRC4
clock source line secondary 6
pri-group timeslots 1-31
!
controller E1 7
framing NO-CRC4
clock source line secondary 7
pri-group timeslots 1-31
!
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial1
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial2
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial3
no ip address
shutdown
clock rate 2015232
no fair-queue
!
interface Serial0:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial1:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial2:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial3:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial4:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial5:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial6:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface Serial7:15
ip unnumbered FastEthernet0
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no peer default ip address
!
interface FastEthernet0
ip address x.x.x.x x.x.x.x
duplex full
speed 100
!
interface Group-Async0
ip unnumbered FastEthernet0
ip access-group anti in
ip access-group anti out
no ip unreachables
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
ip policy route-map proxy-redirect
async mode interactive
peer default ip address pool POOL240
ppp authentication pap chap ms-chap callin
group-range 1 240
!
ip local pool POOL240 x.x.x.x x.x.x.x
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
no ip http server
!
!
!
ip access-list extended anti
deny tcp any any range 133 139
deny udp any any range 133 netbios-ss
deny udp any any eq 370
deny tcp any any eq 445
deny tcp any any eq 593
deny tcp any any eq 707
deny udp any any range 995 999
deny tcp any any range 1023 1025
deny tcp any any eq 1214
deny tcp any any eq 4751
deny tcp any any eq 5554
deny tcp any any eq 31337
deny tcp any any eq 6667
deny tcp any any eq 6346
deny tcp any any eq 1034
deny tcp any any eq 3140
deny tcp any any eq 3410
deny tcp any any eq 4191
deny tcp any any eq 9136
deny tcp any any eq 9898
permit ip any any
ip access-list extended as-anti
deny udp any any eq tftp
deny tcp any any range 133 139
deny udp any any range 133 netbios-ss
deny udp any any eq 370
deny tcp any any eq 445
deny tcp any any eq 593
deny tcp any any eq 707
deny udp any any range 995 999
deny tcp any any range 1023 1025
deny tcp any any eq 1214
deny tcp any any eq 1234
deny tcp any any eq 1549
deny tcp any any eq 2535
deny tcp any any eq 2745
deny tcp any any range 3127 3129
deny tcp any any eq 3333
deny tcp any any eq 4444
deny tcp any any eq 4751
deny tcp any any eq 5554
deny tcp any any eq 31337
deny tcp any any eq 6667
deny tcp any any eq 6346
deny tcp any any eq 1034
deny tcp any any eq 3140
deny tcp any any eq 3410
deny tcp any any eq 4191
deny tcp any any eq 9136
deny tcp any any eq 9898
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.20.0.0 0.0.255.255
permit ip any any
access-list 2 permit 172.20.20.12
access-list 2 permit 172.20.20.4
access-list 2 permit 172.20.20.25
access-list 2 permit x.x.x.0 0.0.0.7
access-list 2 permit x.x.x.x 0.0.0.7
access-list 2 permit x.x.x.x 0.0.0.7
access-list 2 permit x.x.x.x 0.0.0.7
access-list 2 permit x.x.x.x 0.0.0.7
access-list 2 permit x.x.x.x 0.0.0.7
access-list 2 permit x.x.x.x 0.0.0.15
!
tftp-server flash:c5300-is-mz.123-20.bin
snmp-server community xxxx RO 2
snmp-server community xxxx xxx 1
!
radius-server attribute 44 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server host x.x.x.x auth-port 1812 acct-port xxxxkey 7 xxxxxx
radius-server key 7 xxxxxxxxx

!
!
!
!
line con 0
password 7 0107030C490A08
logging synchronous
line 1 120
no flush-at-activation
modem Dialin
modem autoconfigure type mica-e1
autocommand ppp
transport preferred none
transport input all
transport output none
autoselect ppp
line aux 0
modem autoconfigure type mica-e1
autocommand ppp
transport preferred none
transport input all
transport output none
autoselect ppp
line vty 0 4
session-timeout 30
password 7 xxxxxxxxxxx
transport preferred none
transport input pad telnet rlogin udptn
transport output none
line vty 5 15
password 7 xxxxxxxxxxxx
transport preferred none
transport input pad telnet rlogin udptn
transport output none
!
ntp clock-period 17179781
ntp server 192.43.244.18
end



موضوعات مشابه: