Cisco 1812 K9

Wordo · 25. November 2009

Was sagt "sh int fa1"?

Iceman7 · 25. November 2009

CHOSS-Cisco#sh int fa1

FastEthernet1 is up, line protocol is up

Hardware is PQ3_TSEC, address is 0024.14aa.e601 (bia 0024.14aa.e601)

Description: Internet_Port$FW_OUTSIDE$

Internet address is 88.151.70.82/29

MTU 1452 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not set

Auto-duplex, Auto Speed, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:04:19, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

184 packets input, 15823 bytes

Received 39 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

1961 packets output, 194170 bytes, 0 underruns

0 output errors, 0 collisions, 12 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Wordo · 25. November 2009

Mach mal ein write und starte beide Geraete neu ...

Iceman7 · 25. November 2009

access-list 1 any 192.168.0.0 255.255.255.0????

kann das sein das der befehl irgend wie falsch ist?

Iceman7 · 25. November 2009

ping vom router geht wieder aber die clients nicht

Iceman7 · 25. November 2009

ich kann von den Clients jeweils bis zum router Pingen aber wenn ich auf den IPS GW pinge geht nix

wenn ich vom Router auf den IPS GW pinge geht es!!!

Welche rechte muss ich noch setzen????

blackbox · 25. November 2009

Hallo,

dein "NAT" nach aussen fehlt :

ip nat inside source list 1 interface FastEthernet1 overload

(List 1 bitte deine Access Liste kontrollieren - z.B. permit 192.168.2.0 0.0.0.255 wäre was richtiges).

(PS: Hast noch das gute alte "RIP" im Einsatz - staun :-)

Iceman7 · 25. November 2009

hi blackbox,

das hab ich schon drinnen bringt nix sobald ich nen client den GW 192.168.3.254 zuweise geht der ping nicht auf google oder auf den GW vom Provider, soll ich Dir nochmal die Aktuelle Config Posten?

Otaku19 · 25. November 2009

lass aber den ganzen unnötigen krempel weg

blackbox · 25. November 2009

Jau gibt mal die Config

Iceman7 · 26. November 2009

Building configuration...

Current configuration : 10769 bytes

!

! Last configuration change at 06:00:00 Berlin Thu Nov 26 2009 by Admin

! NVRAM config last updated at 06:02:53 Berlin Thu Nov 26 2009 by Admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CHOSS-Cisco

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

no logging buffered

enable secret 5 $1$yItG$.0vfgfJ7sndOXA/12UkzA0

enable password XXXXXXXX

!

aaa new-model

!

aaa authentication login default local

aaa authorization exec default local

!

aaa session-id common

clock timezone Berlin 1

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

!

crypto pki trustpoint TP-self-signed-3776332574

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3776332574

revocation-check none

rsakeypair TP-self-signed-3776332574

!

crypto pki certificate chain TP-self-signed-3776332574

certificate self-signed 01

3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33373736 33333235 3734301E 170D3039 31313235 31363437

33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37373633

33323537 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100AE04 4D2991DF 084E9EDD 82F9B42A 85F2FC53 3994A79D A269A45B B23744BC

B9642EE1 31B415D3 2CBE9D59 6615445D 9CCF5202 151FD06D 4C0159CB 2E41FF5E

87D0A680 C3AF8569 DFC3CD5D 736C569C 98F270FB 92717156 6F333919 69387BD6

BBC42DC5 1976EE4B 3B5018E1 E209EA03 32FC42CE 0F52DAA7 C6D165D5 DCF9F461

3DB70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603

551D1104 1B301982 1743484F 53532D43 6973636F 2E63686F 73732D69 742E6465

301F0603 551D2304 18301680 14FC9B70 E5CD8081 EA083189 03C636E5 252DFE81

02301D06 03551D0E 04160414 FC9B70E5 CD8081EA 08318903 C636E525 2DFE8102

300D0609 2A864886 F70D0101 04050003 81810010 A066B47A FF220E59 85EDCA96

284BC1D9 7662B1B7 52BEF23B EBE0FECE 75AD126C F3B1A704 B7B0D2F5 BC9714C9

7177E009 37428DDD 823A96AB B27FD133 C1125A8E 05822D12 25FFA934 4FBEF416

70108F27 504F33F0 FDC4C195 6771AFF9 589E2FF2 4B1F2E2A 5232B232 046FFD5E

5645CE9A 2445E960 CB3A1382 835B4878 A511F9

quit

dot11 syslog

ip source-route

!

ip cef

ip domain name choss-it.de

ip name-server 88.151.64.34

ip name-server 88.92.4.176

ip name-server 192.168.0.1

ip name-server 192.168.0.2

ip port-map user-protocol--2 port tcp 20

ip port-map user-protocol--3 port tcp 8333

ip port-map user-protocol--1 port tcp 8000

ip port-map user-protocol--4 port tcp 8787

ip ips notify SDEE

ip ips name myips

no ipv6 cef

!

multilink bundle-name authenticated

!

vpdn enable

!

parameter-map type regex sdm-regex-nonascii

pattern [^\x00-\x80]

Iceman7 · 26. November 2009

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com

parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com

!

username XXXXXXX privilege 15 password 0 XXXXXXXXXXXXX

!

Iceman7 · 26. November 2009

archive

log config

hidekeys

!

class-map type inspect match-any SDM_SSH

match access-group name SDM_SSH

class-map type inspect match-any SDM_HTTPS

match access-group name SDM_HTTPS

class-map type inspect match-any SDM_SHELL

match access-group name SDM_SHELL

!

interface FastEthernet0

description Programmier Interface$ETH-LAN$$FW_INSIDE$

ip address 192.168.0.251 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet1

description Internet_Port$FW_OUTSIDE$

mtu 1452

ip address 88.151.70.82 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no keepalive

no cdp enable

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

no cdp enable

!

interface FastEthernet2

description Netgear_UPLINK

duplex full

speed 100

no cdp enable

!

interface FastEthernet3

shutdown

duplex full

speed 100

no cdp enable

!

interface FastEthernet4

shutdown

duplex full

speed 100

no cdp enable

!

interface FastEthernet5

shutdown

duplex full

speed 100

no cdp enable

!

interface FastEthernet6

description HP_2600N

duplex full

speed 100

no cdp enable

!

interface FastEthernet7

shutdown

duplex full

speed 100

no cdp enable

!

interface FastEthernet8

shutdown

duplex full

speed 100

no cdp enable

!

interface FastEthernet9

shutdown

duplex full

speed 100

no cdp enable

!

interface Vlan1

description 192.168.0.0_Knoten$FW_INSIDE$

ip address 192.168.3.254 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip split-horizon

!

Iceman7 · 26. November 2009

router rip

passive-interface FastEthernet1

passive-interface Vlan1

network 192.168.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

no auto-summary

!

ip local pool SDM_POOL_1 192.168.1.110 192.168.1.111

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 88.151.70.81

ip http server

ip http authentication local

ip http secure-server

!

ip flow-cache timeout active 1

!

ip nat inside source static tcp 192.168.0.1 80 interface FastEthernet1 80

ip nat inside source static tcp 192.168.0.200 25 interface FastEthernet1 25

ip nat inside source static tcp 192.168.0.2 8000 interface FastEthernet1 8000

ip nat inside source static tcp 192.168.0.1 21 interface FastEthernet1 21

ip nat inside source static tcp 192.168.0.1 20 interface FastEthernet1 20

ip nat inside source static tcp 192.168.0.2 8333 interface FastEthernet1 8333

ip nat inside source static tcp 192.168.0.7 8787 interface FastEthernet1 8787

ip nat inside source list 1 interface FastEthernet1 overload

!

ip access-list standard local

!

ip access-list extended SDM_HTTPS

remark SDM_ACL Category=1

permit tcp any any eq 443

ip access-list extended SDM_SHELL

remark SDM_ACL Category=1

permit tcp any any eq cmd

ip access-list extended SDM_SSH

remark SDM_ACL Category=1

permit tcp any any eq 22

!

logging trap debugging

logging facility syslog

logging 192.168.0.21

access-list 101 deny ip any any

access-list 102 deny udp any eq netbios-dgm any

access-list 102 deny udp any eq netbios-ns any

access-list 102 deny udp any eq netbios-ss any

access-list 102 deny udp any range snmp snmptrap any

access-list 102 deny udp any range bootps bootpc any

access-list 102 deny tcp any eq 137 any

access-list 102 deny tcp any eq 138 any

access-list 102 deny tcp any eq 139 any

access-list 102 permit ip any any

snmp-server community puplic RO

snmp-server community public RW

snmp-server community cisco RW

snmp-server trap-source FastEthernet1

snmp-server location Munich

snmp-server contact Alexander Voigt

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps tty

snmp-server enable traps eigrp

snmp-server enable traps flash insertion removal

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps isdn chan-not-avail

snmp-server enable traps isdn ietf

snmp-server enable traps envmon

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps switch-over

Iceman7 · 26. November 2009

snmp-server enable traps rogue-ap

snmp-server enable traps wlan-wep

snmp-server enable traps atm subif

snmp-server enable traps bgp

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency

snmp-server enable traps cnpd

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps dlsw

snmp-server enable traps entity

snmp-server enable traps fru-ctrl

snmp-server enable traps resource-policy

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps msdp

snmp-server enable traps mvpn

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps pppoe

snmp-server enable traps cpu threshold

snmp-server enable traps rsvp

snmp-server enable traps ipsla

snmp-server enable traps syslog

snmp-server enable traps l2tun session

snmp-server enable traps l2tun pseudowire status

snmp-server enable traps pw vc

snmp-server enable traps event-manager

snmp-server enable traps firewall serverstatus

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server host 192.168.0.1 public

no cdp run

!

Anmelden

Cisco 1812 K9

Empfohlene Beiträge

Wordo 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Wordo 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

blackbox 10

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Otaku19 33

Link zu diesem Kommentar

blackbox 10

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Iceman7 11

Link zu diesem Kommentar

Schreibe einen Kommentar

Menu

Aktivitäten