API tools faq
paste
Advertisement
Guest User

Cisco 877w config Orange BroadbandMax

a guest
Oct 20th, 2016
1,248
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.36 KB | None | 0 0
raw download clone embed print report
  1. This config was used on Orange Internet UK
  2.  
  3.  
  4. ~ $ telnet 192.168.1.254
  5. Trying 192.168.1.254...
  6. Connected to 192.168.1.254.
  7. Escape character is '^]'.
  8. No unauthorised access!
  9.  
  10. User Access Verification
  11.  
  12. Username: admin
  13. Password:
  14.  
  15. 877router#term len 0
  16. 877router#sh conf
  17. Using 6907 out of 131072 bytes
  18. !
  19. version 12.4
  20. no service pad
  21. service tcp-keepalives-in
  22. service tcp-keepalives-out
  23. service timestamps debug datetime msec
  24. service timestamps log datetime msec
  25. service password-encryption
  26. service sequence-numbers
  27. !
  28. hostname 877router
  29. !
  30. boot-start-marker
  31. boot-end-marker
  32. !
  33. logging message-counter syslog
  34. logging buffered 51200 critical
  35. logging console critical
  36. enable secret 5 $1$Y9sI$1Maf1UqHNVfkZaEMMDZ1R/
  37. !
  38. aaa new-model
  39. !
  40. !
  41. aaa authentication login local_authen local
  42. aaa authorization exec local_author local
  43. !
  44. !
  45. aaa session-id common
  46. clock timezone PCTime 0
  47. !
  48. crypto pki trustpoint TP-self-signed-1176679093
  49. enrollment selfsigned
  50. subject-name cn=IOS-Self-Signed-Certificate-1176679093
  51. revocation-check none
  52. rsakeypair TP-self-signed-1176679093
  53. !
  54. !
  55. crypto pki certificate chain TP-self-signed-1176679093
  56. certificate self-signed 01 nvram:IOS-Self-Sig#C.cer
  57. dot11 syslog
  58. !
  59. dot11 ssid 877w
  60. vlan 1
  61. authentication open
  62. authentication key-management wpa
  63. guest-mode
  64. wpa-psk ascii 7 070C285F4D06485744
  65. !
  66. no ip source-route
  67. ip dhcp excluded-address 192.168.1.1 192.168.1.99
  68. ip dhcp excluded-address 192.168.1.254
  69. !
  70. ip dhcp pool LANpool
  71. import all
  72. network 192.168.1.0 255.255.255.0
  73. default-router 192.168.1.254
  74. dns-server 8.8.8.8 8.8.4.4
  75. lease 0 12
  76. update arp
  77. !
  78. !
  79. ip cef
  80. no ip bootp server
  81. no ip domain lookup
  82. ip domain name example.com
  83. ip name-server 8.8.8.8
  84. ip name-server 8.8.4.4
  85. !
  86. !
  87. !
  88. !
  89. file verify auto
  90. username admin privilege 15 secret 5 $1$S8My$eXfzK02DYRtGcNHswBgTM1
  91. !
  92. !
  93. !
  94. archive
  95. log config
  96. hidekeys
  97. !
  98. !
  99. ip tcp selective-ack
  100. ip tcp timestamp
  101. ip tcp synwait-time 10
  102. ip ssh source-interface BVI1
  103. ip ssh version 2
  104. !
  105. class-map type inspect match-any sdm-cls-insp-traffic
  106. match protocol cuseeme
  107. match protocol dns
  108. match protocol ftp
  109. match protocol h323
  110. match protocol https
  111. match protocol icmp
  112. match protocol imap
  113. match protocol pop3
  114. match protocol netshow
  115. match protocol shell
  116. match protocol realmedia
  117. match protocol rtsp
  118. match protocol smtp extended
  119. match protocol sql-net
  120. match protocol streamworks
  121. match protocol tftp
  122. match protocol vdolive
  123. match protocol tcp
  124. match protocol udp
  125. class-map type inspect match-all sdm-insp-traffic
  126. match class-map sdm-cls-insp-traffic
  127. class-map type inspect match-any SDM-Voice-permit
  128. match protocol h323
  129. match protocol skinny
  130. match protocol sip
  131. class-map type inspect match-any sdm-cls-icmp-access
  132. match protocol icmp
  133. match protocol tcp
  134. match protocol udp
  135. class-map type inspect match-all sdm-invalid-src
  136. match access-group 100
  137. class-map type inspect match-all sdm-icmp-access
  138. match class-map sdm-cls-icmp-access
  139. class-map type inspect match-all sdm-protocol-http
  140. match protocol http
  141. !
  142. !
  143. policy-map type inspect sdm-permit-icmpreply
  144. class type inspect sdm-icmp-access
  145. inspect
  146. class class-default
  147. pass
  148. policy-map type inspect sdm-inspect
  149. class type inspect sdm-invalid-src
  150. drop log
  151. class type inspect sdm-insp-traffic
  152. inspect
  153. class type inspect sdm-protocol-http
  154. inspect
  155. class type inspect SDM-Voice-permit
  156. inspect
  157. class class-default
  158. pass
  159. policy-map type inspect sdm-permit
  160. class class-default
  161. drop
  162. !
  163. zone security out-zone
  164. zone security in-zone
  165. zone-pair security sdm-zp-self-out source self destination out-zone
  166. service-policy type inspect sdm-permit-icmpreply
  167. zone-pair security sdm-zp-out-self source out-zone destination self
  168. service-policy type inspect sdm-permit
  169. zone-pair security sdm-zp-in-out source in-zone destination out-zone
  170. service-policy type inspect sdm-inspect
  171. !
  172. bridge irb
  173. !
  174. !
  175. interface Null0
  176. no ip unreachables
  177. !
  178. interface ATM0
  179. description "your service provider"
  180. no ip address
  181. no ip redirects
  182. no ip unreachables
  183. no ip proxy-arp
  184. ip flow ingress
  185. ip virtual-reassembly
  186. no ip mroute-cache
  187. no atm ilmi-keepalive
  188. !
  189. interface ATM0.1 point-to-point
  190. no ip redirects
  191. no ip unreachables
  192. no ip proxy-arp
  193. ip flow ingress
  194. pvc 0/38
  195. encapsulation aal5mux ppp dialer
  196. dialer pool-member 1
  197. !
  198. !
  199. interface FastEthernet0
  200. !
  201. interface FastEthernet1
  202. !
  203. interface FastEthernet2
  204. !
  205. interface FastEthernet3
  206. !
  207. interface Dot11Radio0
  208. no ip address
  209. no ip redirects
  210. no ip unreachables
  211. no ip proxy-arp
  212. ip flow ingress
  213. !
  214. encryption vlan 1 mode ciphers tkip
  215. !
  216. ssid 877w
  217. !
  218. speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  219. station-role root
  220. no cdp enable
  221. !
  222. interface Dot11Radio0.1
  223. encapsulation dot1Q 1 native
  224. ip flow ingress
  225. ip virtual-reassembly
  226. no cdp enable
  227. bridge-group 1
  228. bridge-group 1 subscriber-loop-control
  229. bridge-group 1 spanning-disabled
  230. bridge-group 1 block-unknown-source
  231. no bridge-group 1 source-learning
  232. no bridge-group 1 unicast-flooding
  233. !
  234. interface Vlan1
  235. no ip address
  236. bridge-group 1
  237. bridge-group 1 spanning-disabled
  238. !
  239. interface Dialer0
  240. description VIRTUAL DIALER to yourISP$FW_OUTSIDE$
  241. ip address negotiated
  242. no ip redirects
  243. no ip unreachables
  244. no ip proxy-arp
  245. ip mtu 1492
  246. ip flow ingress
  247. ip nat outside
  248. ip virtual-reassembly
  249. zone-member security out-zone
  250. encapsulation ppp
  251. ip tcp adjust-mss 1452
  252. no ip mroute-cache
  253. dialer pool 1
  254. dialer-group 1
  255. no cdp enable
  256. ppp authentication chap pap callin
  257. ppp chap hostname yourname@yourisp.com
  258. ppp chap password 7 0605072042490C1400
  259. ppp ipcp dns request accept
  260. ppp ipcp route default
  261. ppp ipcp address accept
  262. !
  263. interface BVI1
  264. description $FW_INSIDE$
  265. ip address 192.168.1.254 255.255.255.0
  266. no ip redirects
  267. no ip unreachables
  268. no ip proxy-arp
  269. ip flow ingress
  270. ip nat inside
  271. ip virtual-reassembly
  272. zone-member security in-zone
  273. !
  274. ip forward-protocol nd
  275. ip route 0.0.0.0 0.0.0.0 Dialer0
  276. ip http server
  277. ip http access-class 3
  278. ip http authentication local
  279. no ip http secure-server
  280. !
  281. ip nat inside source list 1 interface Dialer0 overload
  282. !
  283. logging trap debugging
  284. access-list 1 permit 192.168.1.0 0.0.0.255
  285. access-list 2 remark HTTP Access-class list
  286. access-list 2 remark SDM_ACL Category=1
  287. access-list 2 permit 192.168.1.0 0.0.0.255
  288. access-list 2 deny any
  289. access-list 3 remark HTTP Access-class list
  290. access-list 3 remark SDM_ACL Category=1
  291. access-list 3 permit 192.168.1.0 0.0.0.255
  292. access-list 3 deny any
  293. access-list 100 remark SDM_ACL Category=128
  294. access-list 100 permit ip host 255.255.255.255 any
  295. access-list 100 permit ip 127.0.0.0 0.255.255.255 any
  296. access-list 101 remark VTY Access-class list
  297. access-list 101 remark SDM_ACL Category=1
  298. access-list 101 permit ip 192.168.1.0 0.0.0.255 any
  299. access-list 101 deny ip any any
  300. dialer-list 1 protocol ip permit
  301. no cdp run
  302.  
  303. !
  304. !
  305. !
  306. !
  307. control-plane
  308. !
  309. bridge 1 route ip
  310. banner login ^CNo unauthorized access!^C
  311. !
  312. line con 0
  313. login authentication local_authen
  314. no modem enable
  315. transport output telnet
  316. line aux 0
  317. login authentication local_authen
  318. transport output telnet
  319. line vty 0 4
  320. access-class 101 in
  321. authorization exec local_author
  322. login authentication local_authen
  323. transport input telnet ssh
  324. !
  325. scheduler max-task-time 5000
  326. scheduler allocate 4000 1000
  327. scheduler interval 500
  328. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!