API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 24th, 2015
366
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.51 KB | None | 0 0
raw download clone embed print report
  1. dot11 syslog
  2. !
  3. dot11 ssid CISCO
  4. vlan 500
  5. authentication open
  6. authentication key-management wpa
  7. guest-mode
  8. wpa-psk ascii 7 06273C056A05584B564353
  9. !
  10. ip dhcp pool VOIP
  11. import all
  12. network 192.168.20.0 255.255.255.252
  13. default-router 192.168.20.1
  14. lease 0 2
  15. !
  16. ip dhcp pool LOCAL_NET
  17. import all
  18. network 192.168.15.0 255.255.255.224
  19. default-router 192.168.15.1
  20. lease 0 2
  21. !
  22. ip dhcp pool WIFI
  23. import all
  24. network 192.168.10.0 255.255.255.224
  25. default-router 192.168.10.1
  26. lease 0 2
  27. !ip cef
  28. !
  29. login block-for 600 attempts 5 within 60
  30. login delay 5
  31. login quiet-mode access-class VTY
  32. login on-failure log
  33. login on-success log
  34. no ipv6 cef
  35. !
  36. multilink bundle-name authenticated
  37. !
  38. password encryption aes
  39. !
  40. !
  41. object-group network remote-pcs
  42. host *.*.*.*
  43. host *.*.*.*
  44. !
  45. object-group network voip-providers
  46. host *.*.*.*
  47. host *.*.*.*
  48. !
  49. object-group network voip-stun-servers
  50. host *.*.*.*
  51. host *.*.*.*
  52. host *.*.*.*
  53. host *.*.*.*
  54. !
  55. class-map type inspect match-all OUTSIDE_TO_VOIP_EXCLUSIONS_CLASS
  56. match access-group name OUTSIDE_TO_VOIP_EXCLUSIONS_ACL
  57.  
  58. class-map type inspect match-all OUTSIDE_TO_SELF_EXCLUSIONS_CLASS
  59. match access-group name OUTSIDE_TO_SELF_EXCLUSIONS_ACL
  60.  
  61. class-map type inspect match-all INSIDE_TO_VOIP_CLASS
  62. match access-group name INSIDE_TO_VOIP_ACL
  63.  
  64. class-map type inspect match-all VOIP_TO_INSIDE_CLASS
  65. match access-group name VOIP_TO_INSIDE_ACL
  66.  
  67. class-map type inspect match-any INSIDE_TO_OUTSIDE_CLASS
  68. match protocol http
  69. match protocol https
  70. match protocol pop3s
  71. match protocol smtp
  72. match protocol dns
  73. match protocol icmp
  74. match protocol ntp
  75. match protocol tcp
  76. match protocol udp
  77.  
  78. class-map type inspect match-any VOIP_TO_OUTSIDE_CLASS
  79. match protocol ntp
  80. match protocol dns
  81. match protocol tcp
  82. match protocol udp
  83. !
  84. !
  85. policy-map type inspect INSIDE_TO_VOIP
  86. class type inspect INSIDE_TO_VOIP_CLASS
  87. inspect
  88. class class-default
  89. drop
  90.  
  91. policy-map type inspect VOIP_TO_INSIDE
  92. class type inspect VOIP_TO_INSIDE_CLASS
  93. pass
  94. class class-default
  95. drop
  96.  
  97. policy-map type inspect OUTSIDE_TO_VOIP_EXCLUSIONS
  98. class type inspect OUTSIDE_TO_VOIP_EXCLUSIONS_CLASS
  99. pass
  100. class class-default
  101. drop
  102.  
  103. policy-map type inspect VOIP_TO_OUTSIDE
  104. class type inspect VOIP_TO_OUTSIDE_CLASS
  105. inspect
  106. class class-default
  107. drop
  108.  
  109. policy-map type inspect INSIDE_TO_OUTSIDE
  110. class type inspect INSIDE_TO_OUTSIDE_CLASS
  111. inspect
  112. class class-default
  113. drop
  114.  
  115. policy-map type inspect OUTSIDE_TO_SELF
  116. class type inspect OUTSIDE_TO_SELF_EXCLUSIONS_CLASS
  117. pass
  118. class class-default
  119. drop
  120. !
  121. zone security INSIDE
  122. zone security OUTSIDE
  123. zone security VOIP
  124.  
  125. zone-pair security INSIDE-to-OUTSIDE source INSIDE destination OUTSIDE
  126. service-policy type inspect INSIDE_TO_OUTSIDE
  127.  
  128. zone-pair security VOIP-to-OUTSIDE source VOIP destination OUTSIDE
  129. service-policy type inspect VOIP_TO_OUTSIDE
  130.  
  131. zone-pair security INSIDE-to-VOIP source INSIDE destination VOIP
  132. service-policy type inspect INSIDE_TO_VOIP
  133.  
  134. zone-pair security VOIP-to-INSIDE source VOIP destination INSIDE
  135. service-policy type inspect VOIP_TO_INSIDE
  136.  
  137. zone-pair security OUTSIDE-to-VOIP source OUTSIDE destination VOIP
  138. service-policy type inspect OUTSIDE_TO_VOIP_EXCLUSIONS
  139.  
  140. zone-pair security OUTSIDE-to-SELF source OUTSIDE destination self
  141. service-policy type inspect OUTSIDE_TO_SELF
  142. !
  143. !
  144. !
  145. !
  146. bridge irb
  147. !
  148. !
  149. !
  150. interface FastEthernet0
  151. description VOIP
  152. switchport access vlan 700
  153. no ip address
  154. spanning-tree portfast
  155. !
  156. interface FastEthernet1
  157. description LOCAL_NET
  158. switchport access vlan 600
  159. no ip address
  160. spanning-tree portfast
  161. !
  162. interface FastEthernet2
  163. description LOCAL_NET
  164. switchport access vlan 600
  165. no ip address
  166. spanning-tree portfast
  167. !
  168. interface FastEthernet3
  169. description LOCAL_NET
  170. switchport access vlan 600
  171. no ip address
  172. spanning-tree portfast
  173. !
  174. interface FastEthernet4
  175. description INTERNET
  176. ip dhcp client client-id FastEthernet4
  177. ip address dhcp
  178. ip nat outside
  179. ip virtual-reassembly in
  180. zone-member security OUTSIDE
  181. duplex auto
  182. speed auto
  183. !
  184. interface Dot11Radio0
  185. no ip address
  186. !
  187. encryption vlan 500 mode ciphers aes-ccm
  188. !
  189. encryption mode ciphers aes-ccm
  190. !
  191. ssid CISCO
  192. !
  193. speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  194. channel 2462
  195. station-role root
  196. antenna gain 25
  197. world-mode dot11d country HU both
  198. !
  199. interface Dot11Radio0.500
  200. encapsulation dot1Q 500
  201. bridge-group 1
  202. bridge-group 1 subscriber-loop-control
  203. bridge-group 1 spanning-disabled
  204. bridge-group 1 block-unknown-source
  205. no bridge-group 1 source-learning
  206. no bridge-group 1 unicast-flooding
  207. !
  208. interface Vlan1
  209. no ip address
  210. shutdown
  211. !
  212. interface Vlan500
  213. no ip address
  214. ip virtual-reassembly in
  215. no autostate
  216. bridge-group 1
  217. !
  218. interface Vlan600
  219. ip address 192.168.15.1 255.255.255.224
  220. ip nat inside
  221. ip virtual-reassembly in
  222. zone-member security INSIDE
  223. no autostate
  224. !
  225. interface Vlan700
  226. ip address 192.168.20.1 255.255.255.252
  227. ip nat inside
  228. ip virtual-reassembly in
  229. zone-member security VOIP
  230. no autostate
  231. !
  232. interface BVI1
  233. ip address 192.168.10.1 255.255.255.224
  234. ip nat inside
  235. ip virtual-reassembly in
  236. zone-member security INSIDE
  237. !
  238. !
  239. ip nat inside source list NAT interface FastEthernet4 overload
  240. ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
  241. !
  242. ip access-list standard NAT
  243. permit 192.168.20.0 0.0.0.3
  244. permit 192.168.15.0 0.0.0.31
  245. permit 192.168.10.0 0.0.0.31
  246.  
  247. ip access-list standard VTY
  248. permit *.*.*.*
  249. permit *.*.*.*
  250. deny any log
  251. !
  252. ip access-list extended INSIDE_TO_VOIP_ACL
  253. permit tcp 192.168.15.0 0.0.0.31 host 192.168.20.2 eq www
  254. permit tcp 192.168.10.0 0.0.0.31 host 192.168.20.2 eq www
  255.  
  256. ip access-list extended OUTSIDE_TO_SELF_EXCLUSIONS_ACL
  257. permit udp any eq bootps any eq bootpc
  258. permit udp any eq domain any
  259. permit udp any eq ntp any
  260. permit tcp object-group remote-pcs any eq *SSH_PORT*
  261. permit tcp host *.*.*.* eq www any
  262.  
  263. ip access-list extended OUTSIDE_TO_VOIP_EXCLUSIONS_ACL
  264. permit udp object-group voip-stun-servers eq 3478 any
  265. permit udp any any range *RTP_PORTS*
  266.  
  267. ip access-list extended VOIP_TO_INSIDE_ACL
  268. permit tcp host 192.168.20.2 eq www 192.168.15.0 0.0.0.31
  269. permit tcp host 192.168.20.2 eq www 192.168.10.0 0.0.0.31
  270. !
  271. !
  272. bridge 1 protocol ieee
  273. bridge 1 route ip
  274. !
  275. line con 0
  276. logging synchronous
  277. no modem enable
  278. speed 115200
  279. line aux 0
  280. access-class VTY in
  281. transport input ssh
  282. transport output ssh
  283. line vty 0 4
  284. access-class VTY in
  285. length 0
  286. transport input ssh
  287. transport output ssh
  288. !
  289. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!