MZN
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
881W
В локальной (проводной) сети на одном компе не могу настроить статику (в динамике работает). Со статикой нет интернета, перезагрузка не помогает. Где рыть?
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname RTR881W
!
boot-start-marker
boot system flash:c880data-universalk9-mz.153-3.M1.bin
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 8
logging buffered 51200 informational
!
no aaa new-model
clock timezone MSK 4 0
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint tti
revocation-check crl
!
crypto pki trustpoint TP-self-signed-1084056278
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1084056278
revocation-check none
rsakeypair TP-self-signed-1084056278
!
!
crypto pki certificate chain tti
crypto pki certificate chain TP-self-signed-1084056278
certificate self-signed 01 nvram:IOS-Self-Sig#C.cer
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool Private
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 77.37.255.30 77.37.251.33
domain-name home
!
ip dhcp pool Guest
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 8.8.8.8
!
no ip domain lookup
ip domain name home
ip host mznas.dyndns.org 192.168.1.63
ip host mike1st.no-ip.org 192.168.1.107
ip name-server 77.37.255.30
ip name-server 77.37.251.33
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO881W-GN-A-K9 sn <skipped>
license accept end user agreement
license boot module c880-data level advipservices
!
archive
log config
hidekeys
username Mike privilege 15 view root secret 4 <skipped>
!
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
key-string
<skipped>
quit
!
no ip ftp passive
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
switchport access vlan 12
no ip address
!
interface FastEthernet3
switchport access vlan 12
no ip address
!
interface FastEthernet4
description ISP Connection
ip address dhcp
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in max-reassemblies 1024
duplex auto
speed auto
no cdp enable
!
interface wlan-ap0
description Service module to manage the enbedded AP
ip address 192.168.3.3 255.255.255.0
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip directed-broadcast
ip flow ingress
ip nat inside
ip virtual-reassembly in max-reassemblies 1024
ip tcp adjust-mss 1452
!
interface Vlan12
description Guest Vlan
ip address 172.16.1.1 255.255.255.0
ip virtual-reassembly in
!
interface Dialer0
no ip address
!
interface vmi1
no ip address
!
ip forward-protocol nd
ip forward-protocol udp discard
ip forward-protocol udp echo
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
!
!
ip nat pool passive_FTP 192.168.1.63 192.168.1.63 netmask 255.255.255.0 type rotary
ip nat pool NAS_Bittorrent 192.168.1.63 192.168.1.63 netmask 255.255.255.0 type rotary
ip nat pool RAC 192.168.1.2 192.168.1.2 netmask 255.255.255.0 type rotary
ip nat inside source list NAT_ALLOWED interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.2 30539 interface FastEthernet4 30539
ip nat inside source static udp 192.168.1.2 30539 interface FastEthernet4 30539
ip nat inside source static tcp 192.168.1.4 57649 interface FastEthernet4 57649
ip nat inside source static udp 192.168.1.4 57649 interface FastEthernet4 57649
ip nat inside source static tcp 192.168.1.2 13852 interface FastEthernet4 13852
ip nat inside source static tcp 192.168.1.2 5650 interface FastEthernet4 5650
ip nat inside source static tcp 192.168.1.2 5651 interface FastEthernet4 5651
ip nat inside source static tcp 192.168.1.63 20 interface FastEthernet4 20
ip nat inside source static tcp 192.168.1.63 221 interface FastEthernet4 221
ip nat inside source static tcp 192.168.1.63 23 interface FastEthernet4 23
ip nat inside source static tcp 192.168.1.63 22 interface FastEthernet4 22
ip nat inside source static tcp 192.168.1.63 873 interface FastEthernet4 873
ip nat inside source static tcp 192.168.1.63 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.1.63 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.1.63 111 interface FastEthernet4 111
ip nat inside source static udp 192.168.1.63 111 interface FastEthernet4 111
ip nat inside source static tcp 192.168.1.63 892 interface FastEthernet4 892
ip nat inside source static udp 192.168.1.63 892 interface FastEthernet4 892
ip nat inside source static tcp 192.168.1.63 2049 interface FastEthernet4 2049
ip nat inside source static udp 192.168.1.63 2049 interface FastEthernet4 2049
ip nat inside source static udp 192.168.1.63 137 interface FastEthernet4 137
ip nat inside source static udp 192.168.1.63 138 interface FastEthernet4 138
ip nat inside source static udp 192.168.1.63 139 interface FastEthernet4 139
ip nat inside source static tcp 192.168.1.63 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.1.63 110 interface FastEthernet4 110
ip nat inside source static tcp 192.168.1.63 143 interface FastEthernet4 143
ip nat inside source static tcp 192.168.1.63 993 interface FastEthernet4 993
ip nat inside source static tcp 192.168.1.63 995 interface FastEthernet4 995
ip nat inside source static tcp 192.168.1.63 389 interface FastEthernet4 389
ip nat inside source static udp 192.168.1.63 389 interface FastEthernet4 389
ip nat inside source static tcp 192.168.1.2 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.1.2 8080 interface FastEthernet4 8080
ip nat inside source static tcp 192.168.1.63 445 interface FastEthernet4 445
ip nat inside source static udp 192.168.1.63 445 interface FastEthernet4 445
ip nat inside source static tcp 192.168.1.63 537 interface FastEthernet4 537
ip nat inside source static udp 192.168.1.63 537 interface FastEthernet4 537
ip nat inside source static tcp 192.168.1.63 989 interface FastEthernet4 989
ip nat inside source static tcp 192.168.1.63 990 interface FastEthernet4 990
ip nat inside source static tcp 192.168.1.63 548 interface FastEthernet4 548
ip nat inside source static tcp 192.168.1.63 3260 interface FastEthernet4 3260
ip nat inside source static tcp 192.168.1.63 3306 interface FastEthernet4 3306
ip nat inside source static udp 192.168.1.63 3306 interface FastEthernet4 3306
ip nat inside source static tcp 192.168.1.63 3689 interface FastEthernet4 3689
ip nat inside source static tcp 192.168.1.63 4662 interface FastEthernet4 4662
ip nat inside source static udp 192.168.1.63 4672 interface FastEthernet4 4672
ip nat inside source static tcp 192.168.1.63 5000 interface FastEthernet4 5000
ip nat inside source static tcp 192.168.1.63 5001 interface FastEthernet4 5001
ip nat inside source static tcp 192.168.1.63 5432 interface FastEthernet4 5432
ip nat inside source static udp 192.168.1.63 5432 interface FastEthernet4 5432
ip nat inside source static tcp 192.168.1.63 5353 interface FastEthernet4 5353
ip nat inside source static udp 192.168.1.63 5353 interface FastEthernet4 5353
ip nat inside source static udp 192.168.1.63 9997 interface FastEthernet4 9997
ip nat inside source static udp 192.168.1.63 9998 interface FastEthernet4 9998
ip nat inside source static udp 192.168.1.63 9999 interface FastEthernet4 9999
ip nat inside source static udp 192.168.1.2 9 interface FastEthernet4 9
ip nat inside source static udp 192.168.1.2 64999 interface FastEthernet4 64999
ip nat inside source static tcp 192.168.1.2 8600 interface FastEthernet4 8600
ip nat inside source static tcp 192.168.1.2 5123 interface FastEthernet4 5123
ip nat inside source static tcp 192.168.1.2 5120 interface FastEthernet4 5120
ip nat inside source static tcp 192.168.1.2 623 interface FastEthernet4 623
ip nat inside source static udp 192.168.1.2 623 interface FastEthernet4 623
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.1.2 7578 interface FastEthernet4 7578
ip nat inside source static tcp 192.168.1.2 443 interface FastEthernet4 443
ip nat inside source static udp 192.168.1.2 161 interface FastEthernet4 161
ip nat inside destination list NAS_Bittorrent_ACL pool NAS_Bittorrent
ip nat inside destination list RAC_ACL pool RAC
ip nat inside destination list passive_FTP_ACL pool passive_FTP
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended NAS_Bittorrent_ACL
permit tcp any any range 6881 6891
ip access-list extended NAT_ALLOWED
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended RAC_ACL
permit tcp any any range 8700 8762
ip access-list extended passive_FTP_ACL
permit tcp any any range 55536 55663
!
ip sla auto discovery
ip sla 1
http get <skipped>
ip sla schedule 1 life 86000 start-time now recurring
ip sla 2
http get <skipped>
ip sla schedule 2 life 86000 start-time now recurring
ip sla 3
http get <skipped>
ip sla schedule 3 life 86000 start-time now recurring
kron occurrence TIME in 5:0 recurring
!
kron policy-list TIME
cli ntp server pool.ntp.org prefer source fa4
!
logging trap debugging
access-list 10 permit 192.43.244.18
access-list 10 remark NTP
access-list 101 remark My list
access-list 101 permit udp host 192.43.244.18 eq ntp any eq ntp
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 remark RMS & RAC
access-list 101 permit tcp any any range 5650 5651
access-list 101 permit tcp any any eq 8600
access-list 101 remark utorrent DHT
access-list 101 permit tcp any any eq 30539
access-list 101 permit udp any any eq 30539
access-list 101 permit tcp any any eq 57649
access-list 101 permit udp any any eq 57649
access-list 101 remark NAS begins
access-list 101 remark FTP port 21 blocked by MTS 21->221
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq 221
access-list 101 remark Passive FTP
access-list 101 permit tcp any any range 55536 55663
access-list 101 remark telnet: port 23 blocked by MTS
access-list 101 permit tcp any any eq telnet
access-list 101 remark SSH/Ecrypted Network Backup
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq 873
access-list 101 remark DNS
access-list 101 permit tcp any any eq domain
access-list 101 remark PhotoStation 2+ Video, Web Service: port 80 blocked by MTS
access-list 101 permit tcp any any eq www
access-list 101 remark NFS
access-list 101 permit tcp any any eq sunrpc
access-list 101 permit udp any any eq sunrpc
access-list 101 permit tcp any any eq 892
access-list 101 permit udp any any eq 892
access-list 101 permit tcp any any eq 2049
access-list 101 permit udp any any eq 2049
access-list 101 remark NTP server
access-list 101 permit udp any any eq ntp
access-list 101 remark NetBIOS: ports 137-139 blocked by MTS
access-list 101 permit udp any any range netbios-ns netbios-ss
access-list 101 remark Mail Station: port 25 blocked by MTS
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq 993
access-list 101 permit tcp any any eq 995
access-list 101 remark LDAP
access-list 101 permit tcp any any eq 389
access-list 101 permit udp any any eq 389
access-list 101 remark HTTPS: port 443 blocked by MTS 443->1443
access-list 101 permit tcp any any eq 443
access-list 101 remark Microsoft-ds (CIFS): port 445 blocked by MTS
access-list 101 permit tcp any any eq 445
access-list 101 permit udp any any eq 445
access-list 101 remark Network Media Streamig Protocol
access-list 101 permit tcp any any eq 537
access-list 101 permit udp any any eq 537
access-list 101 remark FTP over TLS/SSL
access-list 101 permit tcp any any eq 989
access-list 101 permit tcp any any eq 990
access-list 101 remark Apple Filing Protocol
access-list 101 permit tcp any any eq 548
access-list 101 remark iSCSI
access-list 101 permit tcp any any eq 3260
access-list 101 remark MySQL Service
access-list 101 permit tcp any any eq 3306
access-list 101 permit udp any any eq 3306
access-list 101 remark DAAP
access-list 101 permit tcp any any eq 3689
access-list 101 remark eMule
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
access-list 101 remark Management Console, File Station, Audio Station
access-list 101 permit tcp any any eq 5000
access-list 101 permit tcp any any eq 5001
access-list 101 remark Download Redirector
access-list 101 permit tcp any any eq 5432
access-list 101 permit udp any any eq 5432
access-list 101 remark iTunes Service -> Multicast DNS
access-list 101 permit tcp any any eq 5353
access-list 101 permit udp any any eq 5353
access-list 101 remark NAS Setup
access-list 101 permit udp any any range 9997 9999
access-list 101 remark NAS finishes
access-list 101 remark WoL
access-list 101 permit udp any any eq echo
access-list 101 permit udp any any eq discard
access-list 150 permit tcp any any eq 22
access-list 150 permit tcp any any eq 443
access-list 150 permit tcp any any eq telnet
access-list 101 remark ASMB4-iKVM
access-list 101 permit tcp any any eq 5123
access-list 101 permit tcp any any eq 5120
access-list 101 permit tcp any any eq 623
access-list 101 permit udp any any eq 623
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 7578
access-list 101 permit tcp any any eq 443
access-list 101 permit udp any any eq 161
cdp timer 10
arp 192.168.1.2 0030.487f.4bc2 ARPA
!
control-plane
!
line con 0
privilege level 15
password 7 version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname RTR881W
!
boot-start-marker
boot system flash:c880data-universalk9-mz.153-3.M1.bin
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 8
logging buffered 51200 informational
!
no aaa new-model
clock timezone MSK 4 0
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint tti
revocation-check crl
!
crypto pki trustpoint TP-self-signed-1084056278
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1084056278
revocation-check none
rsakeypair TP-self-signed-1084056278
!
!
crypto pki certificate chain tti
crypto pki certificate chain TP-self-signed-1084056278
certificate self-signed 01 nvram:IOS-Self-Sig#C.cer
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool Private
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 77.37.255.30 77.37.251.33
domain-name home
!
ip dhcp pool Guest
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 8.8.8.8
!
no ip domain lookup
ip domain name home
ip host mznas.dyndns.org 192.168.1.63
ip host mike1st.no-ip.org 192.168.1.107
ip name-server 77.37.255.30
ip name-server 77.37.251.33
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO881W-GN-A-K9 sn <skipped>
license accept end user agreement
license boot module c880-data level advipservices
!
archive
log config
hidekeys
username Mike privilege 15 view root secret 4 <skipped>
!
crypto key pubkey-chain rsa
named-key realm-cisco.pub signature
key-string
<skipped>
quit
!
no ip ftp passive
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
switchport access vlan 12
no ip address
!
interface FastEthernet3
switchport access vlan 12
no ip address
!
interface FastEthernet4
description ISP Connection
ip address dhcp
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in max-reassemblies 1024
duplex auto
speed auto
no cdp enable
!
interface wlan-ap0
description Service module to manage the enbedded AP
ip address 192.168.3.3 255.255.255.0
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip directed-broadcast
ip flow ingress
ip nat inside
ip virtual-reassembly in max-reassemblies 1024
ip tcp adjust-mss 1452
!
interface Vlan12
description Guest Vlan
ip address 172.16.1.1 255.255.255.0
ip virtual-reassembly in
!
interface Dialer0
no ip address
!
interface vmi1
no ip address
!
ip forward-protocol nd
ip forward-protocol udp discard
ip forward-protocol udp echo
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
!
!
ip nat pool passive_FTP 192.168.1.63 192.168.1.63 netmask 255.255.255.0 type rotary
ip nat pool NAS_Bittorrent 192.168.1.63 192.168.1.63 netmask 255.255.255.0 type rotary
ip nat pool RAC 192.168.1.2 192.168.1.2 netmask 255.255.255.0 type rotary
ip nat inside source list NAT_ALLOWED interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.2 30539 interface FastEthernet4 30539
ip nat inside source static udp 192.168.1.2 30539 interface FastEthernet4 30539
ip nat inside source static tcp 192.168.1.4 57649 interface FastEthernet4 57649
ip nat inside source static udp 192.168.1.4 57649 interface FastEthernet4 57649
ip nat inside source static tcp 192.168.1.2 13852 interface FastEthernet4 13852
ip nat inside source static tcp 192.168.1.2 5650 interface FastEthernet4 5650
ip nat inside source static tcp 192.168.1.2 5651 interface FastEthernet4 5651
ip nat inside source static tcp 192.168.1.63 20 interface FastEthernet4 20
ip nat inside source static tcp 192.168.1.63 221 interface FastEthernet4 221
ip nat inside source static tcp 192.168.1.63 23 interface FastEthernet4 23
ip nat inside source static tcp 192.168.1.63 22 interface FastEthernet4 22
ip nat inside source static tcp 192.168.1.63 873 interface FastEthernet4 873
ip nat inside source static tcp 192.168.1.63 53 interface FastEthernet4 53
ip nat inside source static tcp 192.168.1.63 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.1.63 111 interface FastEthernet4 111
ip nat inside source static udp 192.168.1.63 111 interface FastEthernet4 111
ip nat inside source static tcp 192.168.1.63 892 interface FastEthernet4 892
ip nat inside source static udp 192.168.1.63 892 interface FastEthernet4 892
ip nat inside source static tcp 192.168.1.63 2049 interface FastEthernet4 2049
ip nat inside source static udp 192.168.1.63 2049 interface FastEthernet4 2049
ip nat inside source static udp 192.168.1.63 137 interface FastEthernet4 137
ip nat inside source static udp 192.168.1.63 138 interface FastEthernet4 138
ip nat inside source static udp 192.168.1.63 139 interface FastEthernet4 139
ip nat inside source static tcp 192.168.1.63 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.1.63 110 interface FastEthernet4 110
ip nat inside source static tcp 192.168.1.63 143 interface FastEthernet4 143
ip nat inside source static tcp 192.168.1.63 993 interface FastEthernet4 993
ip nat inside source static tcp 192.168.1.63 995 interface FastEthernet4 995
ip nat inside source static tcp 192.168.1.63 389 interface FastEthernet4 389
ip nat inside source static udp 192.168.1.63 389 interface FastEthernet4 389
ip nat inside source static tcp 192.168.1.2 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.1.2 8080 interface FastEthernet4 8080
ip nat inside source static tcp 192.168.1.63 445 interface FastEthernet4 445
ip nat inside source static udp 192.168.1.63 445 interface FastEthernet4 445
ip nat inside source static tcp 192.168.1.63 537 interface FastEthernet4 537
ip nat inside source static udp 192.168.1.63 537 interface FastEthernet4 537
ip nat inside source static tcp 192.168.1.63 989 interface FastEthernet4 989
ip nat inside source static tcp 192.168.1.63 990 interface FastEthernet4 990
ip nat inside source static tcp 192.168.1.63 548 interface FastEthernet4 548
ip nat inside source static tcp 192.168.1.63 3260 interface FastEthernet4 3260
ip nat inside source static tcp 192.168.1.63 3306 interface FastEthernet4 3306
ip nat inside source static udp 192.168.1.63 3306 interface FastEthernet4 3306
ip nat inside source static tcp 192.168.1.63 3689 interface FastEthernet4 3689
ip nat inside source static tcp 192.168.1.63 4662 interface FastEthernet4 4662
ip nat inside source static udp 192.168.1.63 4672 interface FastEthernet4 4672
ip nat inside source static tcp 192.168.1.63 5000 interface FastEthernet4 5000
ip nat inside source static tcp 192.168.1.63 5001 interface FastEthernet4 5001
ip nat inside source static tcp 192.168.1.63 5432 interface FastEthernet4 5432
ip nat inside source static udp 192.168.1.63 5432 interface FastEthernet4 5432
ip nat inside source static tcp 192.168.1.63 5353 interface FastEthernet4 5353
ip nat inside source static udp 192.168.1.63 5353 interface FastEthernet4 5353
ip nat inside source static udp 192.168.1.63 9997 interface FastEthernet4 9997
ip nat inside source static udp 192.168.1.63 9998 interface FastEthernet4 9998
ip nat inside source static udp 192.168.1.63 9999 interface FastEthernet4 9999
ip nat inside source static udp 192.168.1.2 9 interface FastEthernet4 9
ip nat inside source static udp 192.168.1.2 64999 interface FastEthernet4 64999
ip nat inside source static tcp 192.168.1.2 8600 interface FastEthernet4 8600
ip nat inside source static tcp 192.168.1.2 5123 interface FastEthernet4 5123
ip nat inside source static tcp 192.168.1.2 5120 interface FastEthernet4 5120
ip nat inside source static tcp 192.168.1.2 623 interface FastEthernet4 623
ip nat inside source static udp 192.168.1.2 623 interface FastEthernet4 623
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.1.2 7578 interface FastEthernet4 7578
ip nat inside source static tcp 192.168.1.2 443 interface FastEthernet4 443
ip nat inside source static udp 192.168.1.2 161 interface FastEthernet4 161
ip nat inside destination list NAS_Bittorrent_ACL pool NAS_Bittorrent
ip nat inside destination list RAC_ACL pool RAC
ip nat inside destination list passive_FTP_ACL pool passive_FTP
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended NAS_Bittorrent_ACL
permit tcp any any range 6881 6891
ip access-list extended NAT_ALLOWED
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended RAC_ACL
permit tcp any any range 8700 8762
ip access-list extended passive_FTP_ACL
permit tcp any any range 55536 55663
!
ip sla auto discovery
ip sla 1
http get <skipped>
ip sla schedule 1 life 86000 start-time now recurring
ip sla 2
http get <skipped>
ip sla schedule 2 life 86000 start-time now recurring
ip sla 3
http get <skipped>
ip sla schedule 3 life 86000 start-time now recurring
kron occurrence TIME in 5:0 recurring
!
kron policy-list TIME
cli ntp server pool.ntp.org prefer source fa4
!
logging trap debugging
access-list 10 permit 192.43.244.18
access-list 10 remark NTP
access-list 101 remark My list
access-list 101 permit udp host 192.43.244.18 eq ntp any eq ntp
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 remark RMS & RAC
access-list 101 permit tcp any any range 5650 5651
access-list 101 permit tcp any any eq 8600
access-list 101 remark utorrent DHT
access-list 101 permit tcp any any eq 30539
access-list 101 permit udp any any eq 30539
access-list 101 permit tcp any any eq 57649
access-list 101 permit udp any any eq 57649
access-list 101 remark NAS begins
access-list 101 remark FTP port 21 blocked by MTS 21->221
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any any eq 221
access-list 101 remark Passive FTP
access-list 101 permit tcp any any range 55536 55663
access-list 101 remark telnet: port 23 blocked by MTS
access-list 101 permit tcp any any eq telnet
access-list 101 remark SSH/Ecrypted Network Backup
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq 873
access-list 101 remark DNS
access-list 101 permit tcp any any eq domain
access-list 101 remark PhotoStation 2+ Video, Web Service: port 80 blocked by MTS
access-list 101 permit tcp any any eq www
access-list 101 remark NFS
access-list 101 permit tcp any any eq sunrpc
access-list 101 permit udp any any eq sunrpc
access-list 101 permit tcp any any eq 892
access-list 101 permit udp any any eq 892
access-list 101 permit tcp any any eq 2049
access-list 101 permit udp any any eq 2049
access-list 101 remark NTP server
access-list 101 permit udp any any eq ntp
access-list 101 remark NetBIOS: ports 137-139 blocked by MTS
access-list 101 permit udp any any range netbios-ns netbios-ss
access-list 101 remark Mail Station: port 25 blocked by MTS
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq 993
access-list 101 permit tcp any any eq 995
access-list 101 remark LDAP
access-list 101 permit tcp any any eq 389
access-list 101 permit udp any any eq 389
access-list 101 remark HTTPS: port 443 blocked by MTS 443->1443
access-list 101 permit tcp any any eq 443
access-list 101 remark Microsoft-ds (CIFS): port 445 blocked by MTS
access-list 101 permit tcp any any eq 445
access-list 101 permit udp any any eq 445
access-list 101 remark Network Media Streamig Protocol
access-list 101 permit tcp any any eq 537
access-list 101 permit udp any any eq 537
access-list 101 remark FTP over TLS/SSL
access-list 101 permit tcp any any eq 989
access-list 101 permit tcp any any eq 990
access-list 101 remark Apple Filing Protocol
access-list 101 permit tcp any any eq 548
access-list 101 remark iSCSI
access-list 101 permit tcp any any eq 3260
access-list 101 remark MySQL Service
access-list 101 permit tcp any any eq 3306
access-list 101 permit udp any any eq 3306
access-list 101 remark DAAP
access-list 101 permit tcp any any eq 3689
access-list 101 remark eMule
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
access-list 101 remark Management Console, File Station, Audio Station
access-list 101 permit tcp any any eq 5000
access-list 101 permit tcp any any eq 5001
access-list 101 remark Download Redirector
access-list 101 permit tcp any any eq 5432
access-list 101 permit udp any any eq 5432
access-list 101 remark iTunes Service -> Multicast DNS
access-list 101 permit tcp any any eq 5353
access-list 101 permit udp any any eq 5353
access-list 101 remark NAS Setup
access-list 101 permit udp any any range 9997 9999
access-list 101 remark NAS finishes
access-list 101 remark WoL
access-list 101 permit udp any any eq echo
access-list 101 permit udp any any eq discard
access-list 150 permit tcp any any eq 22
access-list 150 permit tcp any any eq 443
access-list 150 permit tcp any any eq telnet
access-list 101 remark ASMB4-iKVM
access-list 101 permit tcp any any eq 5123
access-list 101 permit tcp any any eq 5120
access-list 101 permit tcp any any eq 623
access-list 101 permit udp any any eq 623
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 7578
access-list 101 permit tcp any any eq 443
access-list 101 permit udp any any eq 161
cdp timer 10
arp 192.168.1.2 0030.487f.4bc2 ARPA
!
control-plane
!
line con 0
privilege level 15
password 7 <skipped>
logging synchronous
login local
no modem enable
no activation-character
transport preferred telnet
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
password 7 <skipped>
login local
length 0
transport input all
!
scheduler max-task-time 5000
ntp access-group peer 10
ntp update-calendar
ntp server pool.ntp.org prefer
ntp server time.nist.gov
!
end
logging synchronous
login local
no modem enable
no activation-character
transport preferred telnet
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class 23 in
password 7 <skipped>
login local
length 0
transport input all
!
scheduler max-task-time 5000
ntp access-group peer 10
ntp update-calendar
ntp server pool.ntp.org prefer
ntp server time.nist.gov
!
end |
Всего записей: 1717 | Зарегистр. 23-10-2004 | Отправлено: 18:41 16-11-2013 | Исправлено: MZN, 19:29 16-11-2013 |
|
