路由器典型防火墙设置:2012年思科网络认证考试:综合指导-百考试题网

路由器典型防火墙设置

文章作者 100test 发表时间 2007:03:14 13:15:25
来源 100Test.Com百考试题网

show running-config

version 11.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname fw-rtr
!
enable password cisco
!
username admin password cisco
username chw10.Sydney password cisco
no ip source-route
ip nat pool inside-pool 203.1.1.2 203.1.1.254 netmask 255.255.255.0
ip nat inside source list 99 pool inside-pool
ip domain-list domain.com
ip domain-name domain.com
ip name-server 192.168.1.1
ip inspect name internet smtp
ip inspect name internet http java-list 42 timeout 60
ip inspect name internet ftp
ip inspect name internet tcp
ip inspect name internet udp
ip inspect name internet realaudio
ip inspect name internet h323
ip inspect name internet cuseeme
isdn switch-type basic-net3
clock timezone AEST 10
!
interface Loopback0
ip address 203.1.1.1 255.255.255.0
!
interface Ethernet0
ip address 192.168.1.253 255.255.255.0
ip nat inside
ip route-cache same-interface
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
no fair-queue
ppp authentication chap callin
ppp multilink
!
interface Dialer0
description BigPond Dialup Link
ip address 139.130.98.32 255.255.254.0
ip access-group 169 in
ip access-group 158 out
no ip unreachables
no ip directed-broadcast
no ip proxy-arp
ip nat outside
ip inspect internet out
encapsulation ppp
dialer remote-name chw10.Sydney
dialer idle-timeout 999999
dialer string 84486000
dialer load-threshold 1 either
dialer pool 1
dialer-group 1
no fair-queue
no cdp enable
ppp chap hostname anixte0
ppp multilink
!
ip classless
ip route 0.0.0.0 0.0.0.0 139.130.98.1
ip route 192.168.0.0 255.255.0.0 192.168.1.254
ip http server
ip http access-class 1
logging buffered 16000 debugging
logging 192.168.1.1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 42 permit any
access-list 99 permit 192.168.0.0 0.0.255.255
access-list 101 deny udp any any eq rip
access-list 101 permit icmp any any
access-list 101 permit ip any any
access-list 158 permit icmp any any
access-list 158 permit udp any any
access-list 158 permit tcp any any
access-list 158 deny ip any any log-input
access-list 159 permit icmp any any
access-list 159 permit ip any any
access-list 159 permit tcp any any eq smtp
access-list 159 permit tcp any any eq www
access-list 159 permit tcp any any eq telnet
access-list 159 permit tcp any any eq ftp
access-list 159 permit tcp any any eq ftp-data
access-list 159 permit tcp any any eq domain
access-list 159 permit udp any any eq domain
access-list 159 permit tcp any any eq 554
access-list 159 permit tcp any any eq 7070
access-list 159 deny ip any any log-input
access-list 169 permit icmp any any
access-list 169 permit tcp any any eq smtp
access-list 169 permit tcp any any eq www
access-list 169 permit tcp any any eq ftp
access-list 169 permit tcp any any eq domain
access-list 169 permit udp any any eq domain
access-list 169 deny ip any any log-input
access-list 181 permit tcp any any eq www
access-list 181 permit tcp any eq www any
access-list 182 permit tcp any any eq ftp-data
access-list 182 permit tcp any eq ftp-data any
snmp-server community public RO 1
snmp-server community private RW 1
snmp-server trap-source Ethernet0
snmp-server contact Keith Sinclair
snmp-server host 192.168.1.1 public
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip list 101
banner motd #
*********************************************************************
* *
* Firewall Router. RESTRICTED ACCESS *
* *
* No Unauthorised Access. *
* *
* No Hackers, Phreaks, Crackers or so called security *
* experts allowed! *
* *
* Contact(s): http://www.net130.com *
* *
*********************************************************************
#
!
line con 0
login local
line vty 0 4
access-class 1 in
access-class 2 out
exec-timeout 15 0
login local
!
end

show version

Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-OY-L), Version 11.2(17)P, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 12-Jan-99 14:25 by pwade
Image text-base: 0x0801FC84, data-base: 0x02005000

ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc
1)
ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)

fw-rtr uptime is 4 weeks, 5 hours, 47 minutes
System restarted by reload
System image file is "flash:c1600-oy-l_112-17_P.bin", booted via flash

cisco 1603 (68360) processor (revision C) with 3584K/512K bytes of memory.
Processor board ID 07064947, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
System/IO memory with parity disabled
2048K bytes of DRAM onboard 2048K bytes of DRAM on SIMM
System running from FLASH
8K bytes of non-volatile configuration memory.
4096K bytes of processor board PCMCIA flash (Read ONLY)

Configuration register is 0x2102

相关文章

思科646-057认证考题
 OSPF与EIGRP的比较
 思科认证CCIER&S考试要看的书和文档
 CCIE变更路由&交换实验设备和IOS
路由器典型防火墙设置
 CCIE路由与交换笔试用书
 Cisco路由器的安全配置简易方案
 如何使用Cisco路由器回拨功能
 CCIERouting&Switching备考指南2006版(1)
澳大利亚华人论坛
 考好网
 日本华人论坛
 华人移民留学论坛
 英国华人论坛