扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
Private Network: 192.168.0.0/24
External Network (DMZ): 202.0.0.0/28
CISCO Router (2600): Ethernet0/0: 192.168.0.4
Etnernet0/1: 202.0.0.14
Serial0/0: HDLC (WAN)
The Internet Server1: 202.0.0.1 (DNS, SMTP, POP3)
The Internet Server2: 202.0.0.2 (DNS, WWW, SYSLOG, NTP)
gw#show running-config
Building configuration...
Current configuration : 3174 bytes
!
version 12.1
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log uptime
service password-encryption
!
hostname gw
!
boot system flash
logging buffered 8192 debugging
aaa new-model
aaa authentication login default local enable
enable secret 5 12345678901234567890
!
username user1 password 7 12345678901234567890
username user2 password 7 12345678901234567890
username user3 password 7 12345678901234567890
!
!
!
!
clock timezone BST 6
ip subnet-zero
no ip source-route
ip domain-list test.gov.bt
ip domain-name test.gov.bt
ip name-server 202.0.0.1
ip name-server 202.0.0.2
!
!
!
!
interface Ethernet0/0
description Private LAN
ip address 192.168.0.4 255.255.255.0
no ip redirects
no ip proxy-arp
ip accounting access-violations
ip nat inside
no ip mroute-cache
no cdp enable
!
interface Serial0/0
description 64K HDLC link to the Internet
bandwidth 64
ip unnumbered Ethernet0/1
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip proxy-arp
ip accounting access-violations
ip nat outside
no ip mroute-cache
down-when-looped
no cdp enable
!
interface Ethernet0/1
description HOGE External (DMZ) LAN
ip address 202.0.0.14 255.255.255.240
no ip redirects
no ip proxy-arp
ip accounting access-violations
no ip mroute-cache
no cdp enable
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
logging facility local1
logging source-interface Ethernet0/1
logging 202.0.0.2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit icmp any 202.0.0.0 0.0.0.15
access-list 100 permit tcp any 202.0.0.0 0.0.0.15 established
access-list 100 permit tcp any 202.0.0.0 0.0.0.15 gt 1023
access-list 100 permit udp any 202.0.0.0 0.0.0.15 gt 1023
access-list 100 permit tcp any 202.0.0.1 0.0.0.0 eq domain
access-list 100 permit udp any 202.0.0.1 0.0.0.0 eq domain
access-list 100 permit tcp any 202.0.0.2 0.0.0.0 eq domain
access-list 100 permit udp any 202.0.0.2 0.0.0.0 eq domain
access-list 100 permit tcp any 202.0.0.1 0.0.0.0 eq smtp
access-list 100 permit tcp any 202.0.0.1 0.0.0.0 eq pop3
access-list 100 permit tcp any 202.0.0.2 0.0.0.0 eq www
access-list 100 deny tcp any 202.0.0.0 0.0.0.15 eq 2049 log
access-list 100 deny udp any 202.0.0.0 0.0.0.15 eq 2049 log
access-list 100 deny tcp any 202.0.0.0 0.0.0.15 eq 6000 log
access-list 100 deny ip any any log
access-list 101 permit ip 202.0.0.0 0.0.0.15 any
access-list 101 deny ip any any log
access-list 102 permit ip 202.0.0.0 0.0.0.15 any
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 deny ip any any log
no cdp run
snmp-server community public RO
banner login ^C
Welcome to HOGE router
^C
!
line con 0
line aux 0
line vty 0 4
access-class 102 in
exec-timeout 0 0
password 7 12345678901234567890
transport input telnet
transport output none
!
ntp server 202.0.0.2
end
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。