Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This config was used on Orange Internet UK
- ~ $ telnet 192.168.1.254
- Trying 192.168.1.254...
- Connected to 192.168.1.254.
- Escape character is '^]'.
- No unauthorised access!
- User Access Verification
- Username: admin
- Password:
- 877router#term len 0
- 877router#sh conf
- Using 6907 out of 131072 bytes
- !
- version 12.4
- no service pad
- service tcp-keepalives-in
- service tcp-keepalives-out
- service timestamps debug datetime msec
- service timestamps log datetime msec
- service password-encryption
- service sequence-numbers
- !
- hostname 877router
- !
- boot-start-marker
- boot-end-marker
- !
- logging message-counter syslog
- logging buffered 51200 critical
- logging console critical
- enable secret 5 $1$Y9sI$1Maf1UqHNVfkZaEMMDZ1R/
- !
- aaa new-model
- !
- !
- aaa authentication login local_authen local
- aaa authorization exec local_author local
- !
- !
- aaa session-id common
- clock timezone PCTime 0
- !
- crypto pki trustpoint TP-self-signed-1176679093
- enrollment selfsigned
- subject-name cn=IOS-Self-Signed-Certificate-1176679093
- revocation-check none
- rsakeypair TP-self-signed-1176679093
- !
- !
- crypto pki certificate chain TP-self-signed-1176679093
- certificate self-signed 01 nvram:IOS-Self-Sig#C.cer
- dot11 syslog
- !
- dot11 ssid 877w
- vlan 1
- authentication open
- authentication key-management wpa
- guest-mode
- wpa-psk ascii 7 070C285F4D06485744
- !
- no ip source-route
- ip dhcp excluded-address 192.168.1.1 192.168.1.99
- ip dhcp excluded-address 192.168.1.254
- !
- ip dhcp pool LANpool
- import all
- network 192.168.1.0 255.255.255.0
- default-router 192.168.1.254
- dns-server 8.8.8.8 8.8.4.4
- lease 0 12
- update arp
- !
- !
- ip cef
- no ip bootp server
- no ip domain lookup
- ip domain name example.com
- ip name-server 8.8.8.8
- ip name-server 8.8.4.4
- !
- !
- !
- !
- file verify auto
- username admin privilege 15 secret 5 $1$S8My$eXfzK02DYRtGcNHswBgTM1
- !
- !
- !
- archive
- log config
- hidekeys
- !
- !
- ip tcp selective-ack
- ip tcp timestamp
- ip tcp synwait-time 10
- ip ssh source-interface BVI1
- ip ssh version 2
- !
- class-map type inspect match-any sdm-cls-insp-traffic
- match protocol cuseeme
- match protocol dns
- match protocol ftp
- match protocol h323
- match protocol https
- match protocol icmp
- match protocol imap
- match protocol pop3
- match protocol netshow
- match protocol shell
- match protocol realmedia
- match protocol rtsp
- match protocol smtp extended
- match protocol sql-net
- match protocol streamworks
- match protocol tftp
- match protocol vdolive
- match protocol tcp
- match protocol udp
- class-map type inspect match-all sdm-insp-traffic
- match class-map sdm-cls-insp-traffic
- class-map type inspect match-any SDM-Voice-permit
- match protocol h323
- match protocol skinny
- match protocol sip
- class-map type inspect match-any sdm-cls-icmp-access
- match protocol icmp
- match protocol tcp
- match protocol udp
- class-map type inspect match-all sdm-invalid-src
- match access-group 100
- class-map type inspect match-all sdm-icmp-access
- match class-map sdm-cls-icmp-access
- class-map type inspect match-all sdm-protocol-http
- match protocol http
- !
- !
- policy-map type inspect sdm-permit-icmpreply
- class type inspect sdm-icmp-access
- inspect
- class class-default
- pass
- policy-map type inspect sdm-inspect
- class type inspect sdm-invalid-src
- drop log
- class type inspect sdm-insp-traffic
- inspect
- class type inspect sdm-protocol-http
- inspect
- class type inspect SDM-Voice-permit
- inspect
- class class-default
- pass
- policy-map type inspect sdm-permit
- class class-default
- drop
- !
- zone security out-zone
- zone security in-zone
- zone-pair security sdm-zp-self-out source self destination out-zone
- service-policy type inspect sdm-permit-icmpreply
- zone-pair security sdm-zp-out-self source out-zone destination self
- service-policy type inspect sdm-permit
- zone-pair security sdm-zp-in-out source in-zone destination out-zone
- service-policy type inspect sdm-inspect
- !
- bridge irb
- !
- !
- interface Null0
- no ip unreachables
- !
- interface ATM0
- description "your service provider"
- no ip address
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip flow ingress
- ip virtual-reassembly
- no ip mroute-cache
- no atm ilmi-keepalive
- !
- interface ATM0.1 point-to-point
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip flow ingress
- pvc 0/38
- encapsulation aal5mux ppp dialer
- dialer pool-member 1
- !
- !
- interface FastEthernet0
- !
- interface FastEthernet1
- !
- interface FastEthernet2
- !
- interface FastEthernet3
- !
- interface Dot11Radio0
- no ip address
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip flow ingress
- !
- encryption vlan 1 mode ciphers tkip
- !
- ssid 877w
- !
- speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
- station-role root
- no cdp enable
- !
- interface Dot11Radio0.1
- encapsulation dot1Q 1 native
- ip flow ingress
- ip virtual-reassembly
- no cdp enable
- bridge-group 1
- bridge-group 1 subscriber-loop-control
- bridge-group 1 spanning-disabled
- bridge-group 1 block-unknown-source
- no bridge-group 1 source-learning
- no bridge-group 1 unicast-flooding
- !
- interface Vlan1
- no ip address
- bridge-group 1
- bridge-group 1 spanning-disabled
- !
- interface Dialer0
- description VIRTUAL DIALER to yourISP$FW_OUTSIDE$
- ip address negotiated
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip mtu 1492
- ip flow ingress
- ip nat outside
- ip virtual-reassembly
- zone-member security out-zone
- encapsulation ppp
- ip tcp adjust-mss 1452
- no ip mroute-cache
- dialer pool 1
- dialer-group 1
- no cdp enable
- ppp authentication chap pap callin
- ppp chap hostname yourname@yourisp.com
- ppp chap password 7 0605072042490C1400
- ppp ipcp dns request accept
- ppp ipcp route default
- ppp ipcp address accept
- !
- interface BVI1
- description $FW_INSIDE$
- ip address 192.168.1.254 255.255.255.0
- no ip redirects
- no ip unreachables
- no ip proxy-arp
- ip flow ingress
- ip nat inside
- ip virtual-reassembly
- zone-member security in-zone
- !
- ip forward-protocol nd
- ip route 0.0.0.0 0.0.0.0 Dialer0
- ip http server
- ip http access-class 3
- ip http authentication local
- no ip http secure-server
- !
- ip nat inside source list 1 interface Dialer0 overload
- !
- logging trap debugging
- access-list 1 permit 192.168.1.0 0.0.0.255
- access-list 2 remark HTTP Access-class list
- access-list 2 remark SDM_ACL Category=1
- access-list 2 permit 192.168.1.0 0.0.0.255
- access-list 2 deny any
- access-list 3 remark HTTP Access-class list
- access-list 3 remark SDM_ACL Category=1
- access-list 3 permit 192.168.1.0 0.0.0.255
- access-list 3 deny any
- access-list 100 remark SDM_ACL Category=128
- access-list 100 permit ip host 255.255.255.255 any
- access-list 100 permit ip 127.0.0.0 0.255.255.255 any
- access-list 101 remark VTY Access-class list
- access-list 101 remark SDM_ACL Category=1
- access-list 101 permit ip 192.168.1.0 0.0.0.255 any
- access-list 101 deny ip any any
- dialer-list 1 protocol ip permit
- no cdp run
- !
- !
- !
- !
- control-plane
- !
- bridge 1 route ip
- banner login ^CNo unauthorized access!^C
- !
- line con 0
- login authentication local_authen
- no modem enable
- transport output telnet
- line aux 0
- login authentication local_authen
- transport output telnet
- line vty 0 4
- access-class 101 in
- authorization exec local_author
- login authentication local_authen
- transport input telnet ssh
- !
- scheduler max-task-time 5000
- scheduler allocate 4000 1000
- scheduler interval 500
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement