forum.opennet.ru

Составление сообщения

Исходное сообщение

"запись arp 10.10.10.x xxxx.xxxx.xxxx ARPA"
Отправлено Pistonov, 06-Авг-07 09:35

>Покажите полный конфиг роутера.
Вот конфиг с роутера на котором 1 абонент пока. Блокировка по МАК не работает

Current configuration : 9464 bytes
!
! No configuration change since last restart
!
version 12.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname R2
!
boot-start-marker
boot system flash flash:c2800nm-adventerprisek9-mz.124-12.bin
boot system flash
boot-end-marker
!
logging count
logging buffered 262144 debugging
logging rate-limit 10 except warnings
logging console critical
enable secret 5 XXXXXXXX
!
aaa new-model
!
!
aaa authentication login default group tacacs+ enable
aaa authentication login local-admin-access group tacacs+ enable
aaa authentication login remote-admin-access group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec local-admin-access group tacacs+ if-authenticated
aaa authorization exec remote-admin-access group tacacs+ if-authenticated
aaa accounting send stop-record authentication failure
aaa accounting exec default stop-only group tacacs+
aaa accounting exec local-admin-access stop-only group tacacs+
aaa accounting exec remote-admin-access stop-only group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 0 local-admin-access stop-only group tacacs+
aaa accounting commands 0 remote-admin-access stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 1 local-admin-access stop-only group tacacs+
aaa accounting commands 1 remote-admin-access stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting commands 15 local-admin-access stop-only group tacacs+
aaa accounting commands 15 remote-admin-access stop-only group tacacs+
aaa accounting system default start-stop group tacacs+
!
aaa session-id common
clock timezone MSK 3
clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00
no ip source-route
ip host-routing
ip arp proxy disable
ip gratuitous-arps
ip icmp rate-limit unreachable 1000
ip icmp rate-limit unreachable DF 1000
ip tcp selective-ack
ip tcp timestamp
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip telnet source-interface Loopback0
!
!
ip cef
!
!
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
no ip bootp server
ip domain name XXX
ip name-server XX.XX.XX.XX
ip name-server XX.XX.XX.XX
ip rcmd rsh-enable
ip rcmd remote-host root XX.XX.XX.XX root enable
ip rcmd source-interface Loopback0
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
memory reserve critical 256
!
!
!
!
!
!
interface Loopback0
ip address XX.XX.XX.XX 255.255.255.255
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
no ip address
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/0.2
description ###Catalist MGMNT ###
encapsulation dot1Q 2
ip address XX.XX.XX.XX 255.255.255.252
!
interface FastEthernet0/0.3
description ### DSLAM MGMNT ###
encapsulation dot1Q 3
ip address XX.XX.XX.XX 255.255.255.252
ip access-group manag_dev out
no ip proxy-arp
no ip mroute-cache
!
interface FastEthernet0/0.4
description ### DSLAM DATA ###
encapsulation dot1Q 4
ip address 10.10.17.1 255.255.255.0
ip access-group 103 in
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip virtual-reassembly
no ip mroute-cache
no cdp enable
!
interface FastEthernet0/0.5
description ### UPS MENEGMENT ###
encapsulation dot1Q 5
ip address XX.XX.XX.XX 255.255.255.252
no ip proxy-arp
ip accounting output-packets
ip virtual-reassembly
no ip mroute-cache
no cdp enable
!
interface FastEthernet0/1
ip address XX.XX.XX.XX 255.255.255.240
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX
ip route XX.XX.XX.XX 255.255.255.255 Null0 tag 555 name nat_monitor_adsl_abon
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation timeout 1200
ip nat translation tcp-timeout 3600
ip nat translation syn-timeout 30
ip nat inside source list 17 interface FastEthernet0/1 overload
ip nat inside source static 10.10.17.254 XX.XX.XX.XX
!
ip access-list extended manag_dev
permit ip host XX.XX.XX.XX any
permit ip XX.XX.XX.XX 0.0.0.255 any log-input
permit ip XX.XX.XX.XX 0.0.0.255 any log-input
permit ip XX.XX.XX.XX 0.0.0.127 any
permit ip host XX.XX.XX.XX any log-input
permit ip host XX.XX.XX.XX any log-input
ip access-list extended remote-admin-access
remark -- remote administrative access policy --
permit tcp host XX.XX.XX.XX any
permit tcp host XX.XX.XX.XX any
permit tcp host XX.XX.XX.XX any
permit tcp host XX.XX.XX.XX any
permit tcp XX.XX.XX.XX.0 0.0.0.255 any log-input
deny   tcp any any range 0 65535 log-input
deny   ip any any log-input
!
ip radius source-interface Loopback0
logging history informational
logging source-interface Loopback0
logging XX.XX.XX.XX
logging XX.XX.XX.XX
access-list 2 permit XX.XX.XX.XX
access-list 2 remark -- ntp hosts to which the router can synchronize --
access-list 2 permit XX.XX.XX.XX
access-list 2 deny   any
access-list 4 remark ## tftp servers to/from which config download/upload is permitted ###
access-list 4 permit XX.XX.XX.XX log
access-list 4 permit XX.XX.XX.XX log
access-list 4 permit XX.XX.XX.XX log
access-list 4 deny   any log
access-list 5 remark ## hosts permitted to read snmp mibs on the router ##
access-list 5 permit XX.XX.XX.XX
access-list 5 permit XX.XX.XX.XX
access-list 5 permit XX.XX.XX.XX
access-list 5 permit XX.XX.XX.XX
access-list 5 deny   any log
access-list 8 remark -- remote http access --
access-list 8 deny   any
access-list 17 permit 10.10.17.0 0.0.0.255
access-list 103 deny   tcp any any range 137 139
access-list 103 deny   tcp any any eq 135
access-list 103 deny   tcp any any eq 445
access-list 103 deny   ip any 127.0.0.0 0.255.255.255
access-list 103 deny   ip any 172.16.0.0 0.15.255.255
access-list 103 deny   ip any 192.168.0.0 0.0.255.255
access-list 103 deny   ip any 255.0.0.0 0.255.255.255
access-list 103 deny   ip any 224.0.0.0 7.255.255.255
access-list 103 permit ip host 10.10.17.11 any
access-list 103 deny   ip any 10.0.0.0 0.255.255.255
access-list 103 deny   ip any any
access-list 103 remark ###################################
access-list compiled
snmp-server community XXXX RW 5
snmp-server community XXXX RO 5
snmp-server community XXXX RO 5
arp 10.10.17.11 0015.e9cd.d1d3 ARPA
!
!
!
tacacs-server host XX.XX.XX.XX key 7 XX.XX.XX.XX
tacacs-server timeout 2
tacacs-server directed-request
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^CCC
________________________________________________________________________________

                            XX.XX.XX.XX, POP

        Warning : authorized access only !!!
        Disconnect IMMEDIATELY if you are not an authorized person !!!

        Contact information:
                email:          XX.XX.XX.XX
                phone:          XX.XX.XX.XX

________________________________________________________________________________
^C
alias router s do show
alias router sr do show running-config
alias router srb do show running-config | begin
alias subinterface s do show
alias subinterface sr do show running-config
alias subinterface srb do show running-config | begin
alias interface s do show
alias interface sr do show running-config
alias interface srb do show running-config | begin
alias configure s do show
alias configure sr do show running-config
alias configure srb do show running-config | begin
alias exec nd undebug all
alias exec sd show debug
alias exec mn terminal monitor
alias exec nm terminal no monitor
alias exec sl show log
alias exec cl clear log
alias exec ct configure terminal
alias exec sr show running-config
alias exec srb show running-config | begin
alias exec cpu show proces cpu | include CPU
alias exec uptime show version | include _uptime_|_returned_|_image_|_reload_
alias exec r show ip route
alias exec so show ip ospf
alias exec sb show ip bgp
alias exec acl show access-lists
alias exec sbgp sh proces cpu | include PID|BGP
alias exec bgpmem show ip bgp summary | include ^BGP_.*_memory$
!
line con 0
line aux 0
line vty 0 4
access-class remote-admin-access in
privilege level 15
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet
!
scheduler allocate 20000 1000
process cpu threshold type interrupt rising 75 interval 60
ntp clock-period 17180094
ntp source Loopback0
ntp access-group peer 2
ntp update-calendar
ntp server XX.XX.XX.XX prefer
ntp server XX.XX.XX.XX prefer
!
end

Исходное сообщение
"запись arp 10.10.10.x xxxx.xxxx.xxxx ARPA" Отправлено Pistonov, 06-Авг-07 09:35
>Покажите полный конфиг роутера. Вот конфиг с роутера на котором 1 абонент пока. Блокировка по МАК не работает Current configuration : 9464 bytes ! ! No configuration change since last restart ! version 12.4 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption ! hostname R2 ! boot-start-marker boot system flash flash:c2800nm-adventerprisek9-mz.124-12.bin boot system flash boot-end-marker ! logging count logging buffered 262144 debugging logging rate-limit 10 except warnings logging console critical enable secret 5 XXXXXXXX ! aaa new-model ! ! aaa authentication login default group tacacs+ enable aaa authentication login local-admin-access group tacacs+ enable aaa authentication login remote-admin-access group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization console aaa authorization exec default group tacacs+ if-authenticated aaa authorization exec local-admin-access group tacacs+ if-authenticated aaa authorization exec remote-admin-access group tacacs+ if-authenticated aaa accounting send stop-record authentication failure aaa accounting exec default stop-only group tacacs+ aaa accounting exec local-admin-access stop-only group tacacs+ aaa accounting exec remote-admin-access stop-only group tacacs+ aaa accounting commands 0 default stop-only group tacacs+ aaa accounting commands 0 local-admin-access stop-only group tacacs+ aaa accounting commands 0 remote-admin-access stop-only group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 1 local-admin-access stop-only group tacacs+ aaa accounting commands 1 remote-admin-access stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ aaa accounting commands 15 local-admin-access stop-only group tacacs+ aaa accounting commands 15 remote-admin-access stop-only group tacacs+ aaa accounting system default start-stop group tacacs+ ! aaa session-id common clock timezone MSK 3 clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00 no ip source-route ip host-routing ip arp proxy disable ip gratuitous-arps ip icmp rate-limit unreachable 1000 ip icmp rate-limit unreachable DF 1000 ip tcp selective-ack ip tcp timestamp ip tcp synwait-time 10 ip tcp path-mtu-discovery ip telnet source-interface Loopback0 ! ! ip cef ! ! ip ftp source-interface Loopback0 ip tftp source-interface Loopback0 no ip bootp server ip domain name XXX ip name-server XX.XX.XX.XX ip name-server XX.XX.XX.XX ip rcmd rsh-enable ip rcmd remote-host root XX.XX.XX.XX root enable ip rcmd source-interface Loopback0 ! ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! memory reserve critical 256 ! ! ! ! ! ! interface Loopback0 ip address XX.XX.XX.XX 255.255.255.255 ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ no ip address no ip mroute-cache duplex auto speed auto ! interface FastEthernet0/0.2 description ###Catalist MGMNT ### encapsulation dot1Q 2 ip address XX.XX.XX.XX 255.255.255.252 ! interface FastEthernet0/0.3 description ### DSLAM MGMNT ### encapsulation dot1Q 3 ip address XX.XX.XX.XX 255.255.255.252 ip access-group manag_dev out no ip proxy-arp no ip mroute-cache ! interface FastEthernet0/0.4 description ### DSLAM DATA ### encapsulation dot1Q 4 ip address 10.10.17.1 255.255.255.0 ip access-group 103 in no ip proxy-arp ip accounting output-packets ip nat inside ip virtual-reassembly no ip mroute-cache no cdp enable ! interface FastEthernet0/0.5 description ### UPS MENEGMENT ### encapsulation dot1Q 5 ip address XX.XX.XX.XX 255.255.255.252 no ip proxy-arp ip accounting output-packets ip virtual-reassembly no ip mroute-cache no cdp enable ! interface FastEthernet0/1 ip address XX.XX.XX.XX 255.255.255.240 no ip proxy-arp ip nat outside ip virtual-reassembly no ip mroute-cache duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX ip route XX.XX.XX.XX 255.255.255.255 Null0 tag 555 name nat_monitor_adsl_abon ! ! ip http server ip http access-class 23 ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat translation timeout 1200 ip nat translation tcp-timeout 3600 ip nat translation syn-timeout 30 ip nat inside source list 17 interface FastEthernet0/1 overload ip nat inside source static 10.10.17.254 XX.XX.XX.XX ! ip access-list extended manag_dev permit ip host XX.XX.XX.XX any permit ip XX.XX.XX.XX 0.0.0.255 any log-input permit ip XX.XX.XX.XX 0.0.0.255 any log-input permit ip XX.XX.XX.XX 0.0.0.127 any permit ip host XX.XX.XX.XX any log-input permit ip host XX.XX.XX.XX any log-input ip access-list extended remote-admin-access remark -- remote administrative access policy -- permit tcp host XX.XX.XX.XX any permit tcp host XX.XX.XX.XX any permit tcp host XX.XX.XX.XX any permit tcp host XX.XX.XX.XX any permit tcp XX.XX.XX.XX.0 0.0.0.255 any log-input deny tcp any any range 0 65535 log-input deny ip any any log-input ! ip radius source-interface Loopback0 logging history informational logging source-interface Loopback0 logging XX.XX.XX.XX logging XX.XX.XX.XX access-list 2 permit XX.XX.XX.XX access-list 2 remark -- ntp hosts to which the router can synchronize -- access-list 2 permit XX.XX.XX.XX access-list 2 deny any access-list 4 remark ## tftp servers to/from which config download/upload is permitted ### access-list 4 permit XX.XX.XX.XX log access-list 4 permit XX.XX.XX.XX log access-list 4 permit XX.XX.XX.XX log access-list 4 deny any log access-list 5 remark ## hosts permitted to read snmp mibs on the router ## access-list 5 permit XX.XX.XX.XX access-list 5 permit XX.XX.XX.XX access-list 5 permit XX.XX.XX.XX access-list 5 permit XX.XX.XX.XX access-list 5 deny any log access-list 8 remark -- remote http access -- access-list 8 deny any access-list 17 permit 10.10.17.0 0.0.0.255 access-list 103 deny tcp any any range 137 139 access-list 103 deny tcp any any eq 135 access-list 103 deny tcp any any eq 445 access-list 103 deny ip any 127.0.0.0 0.255.255.255 access-list 103 deny ip any 172.16.0.0 0.15.255.255 access-list 103 deny ip any 192.168.0.0 0.0.255.255 access-list 103 deny ip any 255.0.0.0 0.255.255.255 access-list 103 deny ip any 224.0.0.0 7.255.255.255 access-list 103 permit ip host 10.10.17.11 any access-list 103 deny ip any 10.0.0.0 0.255.255.255 access-list 103 deny ip any any access-list 103 remark ################################### access-list compiled snmp-server community XXXX RW 5 snmp-server community XXXX RO 5 snmp-server community XXXX RO 5 arp 10.10.17.11 0015.e9cd.d1d3 ARPA ! ! ! tacacs-server host XX.XX.XX.XX key 7 XX.XX.XX.XX tacacs-server timeout 2 tacacs-server directed-request ! control-plane ! ! ! ! ! ! ! ! ! banner login ^CCC ________________________________________________________________________________ XX.XX.XX.XX, POP Warning : authorized access only !!! Disconnect IMMEDIATELY if you are not an authorized person !!! Contact information: email: XX.XX.XX.XX phone: XX.XX.XX.XX ________________________________________________________________________________ ^C alias router s do show alias router sr do show running-config alias router srb do show running-config \| begin alias subinterface s do show alias subinterface sr do show running-config alias subinterface srb do show running-config \| begin alias interface s do show alias interface sr do show running-config alias interface srb do show running-config \| begin alias configure s do show alias configure sr do show running-config alias configure srb do show running-config \| begin alias exec nd undebug all alias exec sd show debug alias exec mn terminal monitor alias exec nm terminal no monitor alias exec sl show log alias exec cl clear log alias exec ct configure terminal alias exec sr show running-config alias exec srb show running-config \| begin alias exec cpu show proces cpu \| include CPU alias exec uptime show version \| include _uptime_\|_returned_\|_image_\|_reload_ alias exec r show ip route alias exec so show ip ospf alias exec sb show ip bgp alias exec acl show access-lists alias exec sbgp sh proces cpu \| include PID\|BGP alias exec bgpmem show ip bgp summary \| include ^BGP_.*_memory$ ! line con 0 line aux 0 line vty 0 4 access-class remote-admin-access in privilege level 15 transport input telnet line vty 5 15 access-class 23 in privilege level 15 transport input telnet ! scheduler allocate 20000 1000 process cpu threshold type interrupt rising 75 interval 60 ntp clock-period 17180094 ntp source Loopback0 ntp access-group peer 2 ntp update-calendar ntp server XX.XX.XX.XX prefer ntp server XX.XX.XX.XX prefer ! end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру