artemk
Full Member | Редактировать | Профиль | Сообщение | ICQ | Цитировать | Сообщить модератору
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.17.1.1 172.17.1.62
!
ip dhcp pool main
network 172.17.1.0 255.255.255.0
default-router 172.17.1.62
domain-name domain.local
dns-server 172.17.1.19 172.17.1.58
!
!
interface FastEthernet0
no ip address
duplex auto
speed auto
bridge-group 2
!
!
interface FastEthernet1
!
!
interface FastEthernet4
switchport trunk allowed vlan 1,2,16-19,613,1002-1005
switchport mode trunk
!
!
interface Vlan1
ip address 172.17.1.62 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan613 #new ISP
ip address 1.2.3.4 255.255.255.248
ip access-group 170 in
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
crypto map Guestmap
!
!
interface BVI2 #old ISP
ip address 10.11.12.13 255.255.255.252
ip access-group 102 in
ip mtu 1452
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
crypto map Guestmap
!
ip local pool ippool 7.30.30.1 7.30.30.9
ip route 0.0.0.0 0.0.0.0 1.2.3.3
ip route 0.0.0.0 0.0.0.0 10.11.12.12 50
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map 111 interface Vlan613 overload
!
access-list 101 deny ip any any log
access-list 102 deny ip 0.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip 224.0.0.0 15.255.255.255 any
access-list 102 deny ip 240.0.0.0 7.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.0.2.0 0.0.0.255 any
access-list 102 deny ip 169.254.0.0 0.0.255.255 any
access-list 102 permit udp host 212.85.158.10 any eq ntp
access-list 102 permit udp host 195.13.1.153 any eq ntp
access-list 102 permit udp host 213.112.52.107 any eq ntp
access-list 102 permit udp host 207.46.232.182 any eq ntp
access-list 102 permit tcp any any eq 3389
access-list 102 permit tcp any any eq 3900
access-list 102 permit udp any eq 87 any
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq 1194
access-list 102 permit tcp any any eq ftp
access-list 102 permit udp any any eq isakmp
access-list 102 permit udp any any eq non500-isakmp
access-list 102 permit tcp any any eq domain
access-list 102 permit udp any any eq domain
access-list 102 permit udp any eq domain any gt 1023
access-list 102 deny ip any any log
access-list 117 deny ip 172.17.1.0 0.0.0.255 172.17.6.0 0.0.0.255
access-list 117 deny ip 172.17.1.0 0.0.0.255 10.10.100.0 0.0.0.255
access-list 117 permit tcp any any eq 87
access-list 117 permit udp any any eq 87
access-list 117 permit tcp host 172.17.1.61 any
access-list 117 permit tcp any any eq smtp
access-list 117 permit tcp any any eq pop3
access-list 117 permit tcp any any eq 9996
access-list 117 permit tcp any any eq 8000
access-list 117 permit tcp host 172.17.1.1 any
access-list 117 permit tcp host 172.17.1.19 any
access-list 117 permit udp host 172.17.1.19 any
access-list 117 permit tcp host 172.17.1.58 any
access-list 117 permit ip host 172.17.1.46 any
access-list 117 permit udp host 172.17.1.58 host 87.241.223.68
access-list 117 permit udp host 172.17.1.58 host 81.17.2.171
access-list 117 permit udp host 172.17.1.58 host 207.46.232.182 eq ntp
access-list 117 permit tcp host 172.17.1.55 host 195.160.232.195
access-list 117 permit tcp host 172.17.1.46 any eq 443
access-list 117 permit tcp host 172.17.1.10 any
access-list 117 permit tcp host 172.17.1.67 any
access-list 117 permit ip 172.17.18.0 0.0.0.255 any
access-list 117 permit ip host 172.17.1.26 host 85.233.97.214
access-list 117 permit tcp host 172.17.1.5 host 195.160.232.195
access-list 117 permit tcp any any eq 443
access-list 117 permit tcp host 172.17.1.23 any
access-list 117 permit udp host 172.17.1.18 host 8.8.8.8
access-list 117 permit udp host 172.17.1.18 host 87.241.223.68
access-list 117 permit tcp host 172.17.1.61 any eq smtp
access-list 170 deny ip 0.0.0.0 0.255.255.255 any
access-list 170 deny ip host 255.255.255.255 any
access-list 170 deny ip 127.0.0.0 0.255.255.255 any
access-list 170 deny ip 224.0.0.0 15.255.255.255 any
access-list 170 deny ip 240.0.0.0 7.255.255.255 any
access-list 170 deny ip 172.16.0.0 0.15.255.255 any
access-list 170 deny ip 192.0.2.0 0.0.0.255 any
access-list 170 deny ip 169.254.0.0 0.0.255.255 any
access-list 170 permit tcp any host 1.2.3.4 gt 1024
access-list 170 permit icmp any any
access-list 170 permit udp any any eq isakmp
access-list 170 permit udp any any eq non500-isakmp
access-list 170 permit tcp any any eq domain
access-list 170 permit udp any any eq domain
access-list 170 permit udp any eq domain any gt 1023
access-list 170 permit udp any any eq ntp
access-list 170 permit tcp any any eq 3389
access-list 170 permit tcp any any eq 3900
access-list 170 permit udp any eq 87 any
access-list 170 permit tcp any any eq smtp
access-list 170 permit tcp any any eq pop3
access-list 170 permit tcp any any eq 1194
access-list 170 permit tcp any any eq ftp
access-list 170 deny ip any any log
!
!
!
route-map 111 permit 10
match ip address 1 117
match interface Vlan613 #тут просто сменил интерфейс со старого на новый
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
privilege exec level 1 enable
!
line con 0
line aux 0
line vty 0 4
!
|
