הגדרת נתבי סיסקו 1.0

839 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
839
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

הגדרת נתבי סיסקו 1.0

  1. 1. ‫הגדרת נתבי סיסקו‬ ‫נכתב על ידי אלי קנדל‬ INTERFACE-‫ כולל הגדרות פיזיות על גבי ה‬MultiLink ‫הגדרת‬ controller E1 12/1/0 channel-group 0 timeslots 1-31 description !*E1 to Moked Concord|13-119-508| PP45 ! ! interface Serial12/1/0:0 description @! E1 from Vered-Sec To R-Moked-Concors-Sec 2M bandwidth 2000 no ip address no ip directed-broadcast encapsulation ppp load-interval 30 tx-queue-limit 26 ppp multilink multilink-group 1 end ! ! controller E1 12/1/6 channel-group 0 timeslots 1-31 description E1 to Moked Concord-sec Panel A-27 ! ! interface Serial12/1/6:0 description @! * E1 Vered-Sec To ConCord port A-27 ADM-2 TAG 21 bandwidth 2000 no ip address no ip directed-broadcast encapsulation ppp load-interval 30 tx-queue-limit 26 ppp multilink multilink-group 1 end ! ! interface Multilink1 bandwidth 2000 ip address 10.7.140.1 255.255.255.0 no ip directed-broadcast ip load-sharing per-packet ip summary-address eigrp 110 0.0.0.0 0.0.0.0 200 ip route-cache flow input
  2. 2. delay 1900 ppp multilink no ppp multilink fragmentation multilink-group 1 no shut end ! ################################################################ Site To Site VPN ‫הגדרת‬ crypto isakmp policy 10 hash md5 group 2 authentication pre-share lifetime 3600 ! crypto isakmp key isrlaw002 address 10.57.32.70 crypto isakmp keepalive 10 ! ! crypto ipsec transform-set ADSL esp-des esp-md5-hmac ! crypto map VPN_ADSL Local-address Ethernet0/1 ! crypto map VPN_ADSL 10 ipsec-isakmp set peer 10.57.32.70 set transform-set ADSL match address 100 ! access-list 100 permit ip 10.180.102.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 100 permit ip 10.180.102.0 0.0.0.255 192.168.0.0 0.0.255.255 ! int ethernet0/0 crypto map VPN_ADSL ! ################################################################ Easy VPN ‫הגדרת‬ crypto ipsec client ezvpn vpn_store connect auto group vpn_store key adsl2store mode network-extension peer 10.57.32.70 ! interface Ethernet0 crypto ipsec client ezvpn vpn_store inside
  3. 3. ! interface Dialer0 crypto ipsec client ezvpn vpn_store ! ################################################################ Control Plan ‫הגדרת‬ Control-plane Police !!!!!!! ! access-list 140 deny tcp host 10.1.30.82 any eq telnet access-list 140 deny tcp host 10.1.30.142 any eq telnet access-list 140 deny tcp host 10.57.7.207 any eq telnet access-list 140 deny tcp host 10.57.7.99 any eq telnet access-list 140 deny tcp host 10.57.4.222 any eq telnet access-list 140 deny tcp 10.53.102.0 0.0.0.255 any eq telnet access-list 140 permit tcp any any eq telnet access-list 140 remark Telnet Limit to 80K bit except the Mengment Stations ! class-map telnet-class description Telnet Limit to 80K bit except the Mengment Stations match access-group 140 exit ! ! ! no access-list 141 access-list 141 permit udp host 10.1.30.81 any eq snmp access-list 141 permit udp host 10.1.30.82 any eq snmp access-list 141 permit udp host 10.57.7.99 any eq snmp access-list 141 permit udp host 10.57.4.222 any eq snmp access-list 141 permit udp host 10.1.30.142 any eq snmp access-list 141 permit udp host 10.57.7.207 any eq snmp access-list 141 permit udp 10.53.102.0 0.0.0.255 any eq snmp access-list 141 deny udp any any eq snmp access-list 141 remark Snmp Limit to 80K bit ! class-map snmp-class description Snmp Limit to 80K bit To the authorized Station match access-group 141 exit ! ! ! no access-list 142 access-list 142 deny icmp host 10.1.30.81 any echo access-list 142 deny icmp host 10.1.30.82 any echo access-list 142 deny icmp host 10.1.30.142 any echo access-list 142 deny icmp host 10.57.4.222 any echo
  4. 4. access-list 142 deny icmp host 10.57.7.99 any echo access-list 142 deny icmp host 10.57.7.207 any echo access-list 142 deny icmp 10.53.102.0 0.0.0.255 any port-unreachable access-list 142 deny icmp 10.53.102.0 0.0.0.255 any echo access-list 142 permit icmp any any port-unreachable access-list 142 permit icmp any any echo access-list 142 remark Drop All ICMP except the Mengment Stations ! class-map icmp-class description Drop All ICMP except the Mengment Stations match access-group 142 exit ! ! ! policy-map control-plane-policy ! class match-any telnet-class police 80000 conform-action transmit exceed-action drop exit ! class match-any snmp-class police 80000 conform-action transmit exceed-action drop exit ! class match-any icmp-class drop exit ! class class-default ! ! control-plane service-policy input control-plane-policy exit ! ################################################################ Rotary ‫ כולל הגדרת‬Ip Alias ‫הגדרת‬ ip alias 10.202.200.41 3011 ip alias 10.202.200.42 3012 ip alias 10.202.200.51 3001 ip alias 10.202.200.52 3002 ip alias 10.202.200.136 2136 ip alias 10.202.200.137 2137 ip alias 10.202.200.138 2138 ip alias 10.202.200.139 2139
  5. 5. ! ################################################################ QOS ‫הגדרת‬ class-map match-any INFO_ZEN_TORMAT_110 description Traffic To INFO Cluster And TORMAT And ZEN match access-group 110 class-map match-any LOGIN_PRINTER_120 description Traffic To LOGIN To Domain Controller And DNS And File System And Printer's match access-group 120 class-map match-any CITRIX_ERP_100 description Traffic To CITRIX And ERP And Vantiv Application match access-group 100 class-map match-any NICE_140 description Traffic To NICE System match access-group 140 class-map match-any VOIP_130 description Traffic To VOIP TNN match access-group 130 ! policy-map MAPA_OUT class VOIP_130 priority percent 6 class CITRIX_ERP_100 bandwidth percent 35 class INFO_ZEN_TORMAT_110 bandwidth percent 35 random-detect class LOGIN_PRINTER_120 bandwidth percent 15 ! interface Serial1/0/3:0 max-reserved-bandwidth 90 service-policy output MAPA_OUT ! ip access-list extended CITRIX_ERP permit icmp any any permit ip any 10.57.14.0 0.0.0.255 permit ip any host 10.57.65.150 remark 10.57.65.150 - App Maof (virt ip), 10.57.14.0 - Citrix Network ip access-list extended INFO_ZEN_TORMAT permit tcp any host 10.57.65.100 eq www permit tcp any host 10.57.66.100 eq www permit tcp any host 10.4.10.100 eq www remark 10.57.65.100 - info , 10.57.66.100 - zen , 10.4.10.100 - QFLOWSRV1 ip access-list extended LOGIN_PRINTER permit ip any host 10.57.5.200 permit ip any host 10.57.5.201 permit ip any host 10.57.9.150 permit ip any host 10.57.9.151
  6. 6. permit ip any host 10.57.9.52 permit ip any host 10.57.9.53 permit tcp any host 10.57.10.62 eq 9100 permit tcp any host 10.57.10.64 eq 9100 permit tcp any host 10.1.31.111 eq 9100 permit tcp any host 10.57.9.131 eq 9100 permit tcp any host 10.57.9.132 eq 9100 permit tcp any host 10.57.9.133 eq 9100 permit tcp any host 10.57.9.134 eq 9100 permit tcp any host 10.57.9.131 eq lpd permit tcp any host 10.57.9.132 eq lpd permit tcp any host 10.57.9.133 eq lpd permit tcp any host 10.57.9.134 eq lpd remark 10.57.9.150 - NEVU-Domain Controller , 10.57.9.151 - MORPH-DC remark 10.57.9.52 - NEO-DC+DNS , 10.57.9.53 - TRINITY-DC+DNS - LDAP+RPC+DNS+NETBIOS-- PROTOCOL remark 10.57.5.200-201 - MF1-MF2(Home Directory O,Q,M) , Printer - 10.57.9.131-134 ip access-list extended VOIP permit ip any host 10.61.1.50 permit ip any host 10.61.1.51 permit ip any host 10.61.1.52 ! ! ################################################################ Time Range ‫הגדרת‬ time-range NIGHT periodic Friday 7:00 to 15:00 periodic Monday Tuesday Wednesday Thursday Sunday 7:00 to 20:00 ! ! ################################################################ Route Map ‫הגדרת‬ route-map POC-EXP-Ashdod permit 10 match ip address 151 set ip next-hop 10.5.16.15 ! access-list 151 permit ip any 10.5.16.0 0.0.0.255 ! interface Serial0/0/0:0 ip policy route-map POC-EXP-Ashdod ! ! ################################################################ Source Interface ‫הגדרת‬ ip flow-export source FastEthernet0/0 ip tacacs source-interface FastEthernet0/0 ip telnet source-interface FastEthernet3/1/0 snmp-server trap-source Loopback1
  7. 7. ip tftp source-interface GigabitEthernet0/0 ! ################################################################ NTP ‫הגדרת שעון‬ clock timezone ISRAEL 2 ntp server 10.0.0.11 prefer ntp server 10.0.0.12 ntp master 1 ntp source GigabitEthernet0/0 ! ################################################################ Tacacs ‫הגדרת‬ tacacs-server host 10.57.4.61 single-connection tacacs-server host 10.57.4.62 single-connection tacacs-server attempts 1 tacacs-server key ciscoVered ! aaa new-model aaa authentication login default tacacs+ local aaa authorization exec default tacacs+ local aaa authorization commands 15 default tacacs+ local aaa accounting suppress null-username +aaa accounting exec default start-stop tacacs +aaa accounting commands 15 default stop-only tacacs ! ################################################################ Radius ‫הגדרת‬ radius-server host 10.57.4.151 auth-port 1645 acct-port 1646 radius-server host 10.57.4.152 auth-port 1645 acct-port 1646 radius-server retransmit 1 radius-server key 7 0822455D0A1637161F0709 ! aaa group server radius ACE-SER-RAD server 10.57.4.151 auth-port 1645 acct-port 1646 server 10.57.4.152 auth-port 1645 acct-port 1646 server 10.5.14.82 auth-port 1645 acct-port 1646 ! aaa authentication login ACE group ACS-SER-RAD local aaa authentication ppp DIAL-PPP group ACS-SER-RAD local aaa authorization network DIAL-PPP group ACS-SER-RAD local aaa accounting commands 15 ADMIN start-stop group ACS-Radius-Tifuli ! ################################################################ HDCP POOL ‫הגדרת‬ ip local pool RAS_Pool 10.203.200.65 10.203.200.72 ip local pool Pool_Comverse 10.203.200.245 10.203.200.254
  8. 8. ################################################################ DHCP ‫הגדרת‬ ip dhcp excluded-address 10.5.14.1 10.5.14.115 ip dhcp excluded-address 10.5.14.130 10.5.14.255 ! ip dhcp pool Main-Ramle network 10.5.14.0 255.255.255.0 default-router 10.5.14.1 netbios-name-server 10.1.30.6 10.1.30.13 netbios-node-type h-node dns-server 10.57.9.52 10.57.9.53 "option 66 ascii "winmapa65.pelephone.co.il bootfile boot/x86/wds/nbp.com lease 3 ! ################################################################ ISDN ‫הגדרת‬ ##### Configure isdn on vered-sec ########## ! username isdn_test password sheni ! isdn switch-type primary-net5 ! controller E1 12/1/3 pri-group timeslots 1-31 description E1 for ISDN (ALL MAPA SITE) 03-5725993 2M ! interface Serial12/1/3:15 description E1 for ISDN (ALL MAPA SITE) 2M bandwidth 2000 no ip address encapsulation ppp isdn switch-type primary-net5 isdn incoming-voice modem no ip route-cache no ip mroute-cache no keepalive no peer default ip address dialer pool-member 1 dialer pool-member 2 no fair-queue ppp authentication chap ppp multilink ! interface Dialer0 description ISDN TO ISDN_TEST 7329121 128K ip address 10.8.15.1 255.255.255.0 encapsulation ppp no ip route-cache
  9. 9. no ip mroute-cache bandwidth 128 delay 40000 no keepalive dialer remote-name isdn_test dialer idle-timeout 360 dialer string 037329109 dialer caller 037329121 dialer pool 2 dialer-group 1 no fair-queue ppp authentication chap ppp multilink pulse-time 0 ! dialer-list 1 protocol ip permit ! !!! ip route 10.215.200.0 255.255.255.0 10.8.15.2 ! ################## ISDN CONFIGURE ############## ! username www Password xxx ! interface BRI0 description ISDN TO xxx No.03-7329109 128K ip address 10.8.15.2 255.255.255.0 no ip directed-broadcast no ip mroute-cache encapsulation ppp no ip route-cache bandwidth 128 delay 5000 no keepalive dialer idle-timeout 360 dialer map ip 10.8.15.1 name www 5725993 dialer load-threshold 1 either dialer-group 1 no fair-queue ppp multilink ppp authentication chap ! ip route 10.0.0.0 255.0.0.0 10.8.15.1 250 ! dialer-list 1 protocol ip list 100 ! access-list 100 deny ip any host 255.255.255.255 access-list 100 deny ip any 0.255.255.255 255.0.0.0 access-list 100 deny ip any 0.0.255.255 255.255.0.0 access-list 100 deny ip any 0.0.0.255 255.255.255.0
  10. 10. access-list 100 deny eigrp any any access-list 100 permit ip 10.215.200.0 0.0.0.255 any ! line 33 62 session-timeout 15 modem Dialin modem autoconfigure discovery rotary 1 autocommand ppp transport input all autoselect during-login autoselect ppp ! autohangup ! ################################################################ Frame Relay ‫הגדרת‬ interface Serial0 description F.R To Vendors-Pri 128K no ip address no ip directed-broadcast encapsulation frame-relay bandwidth 128 keepalive 11 no fair-queue frame-relay lmi-type ansi no sh ! interface Serial0.16 point-to-point description F.R To xxx 128K ip address 10.176.23.2 255.255.255.0 no ip directed-broadcast bandwidth 128 frame-relay interface-dlci 16 no sh ! ################################################################ LockAndKey ‫הגדרת‬ interface Serial2/1:30 description ellular site #459 ip address 10.208.1.106 255.255.255.252 ip access-group LockAndKey in encapsulation ppp no cdp enable ! ip access-list extended LockAndKey permit tcp any any established permit icmp any any permit udp any any eq snmptrap
  11. 11. permit udp any eq snmp any permit udp any eq 21 any permit udp any eq 20 any permit udp any eq tftp any permit udp any any eq ntp ! ################################################################ IP PIM ‫הגדרת‬ ---------------------- router- primary------------------------ ip multicast-routing ip pim autorp listener interface FastEthernet5/0/1 ip pim sparse-mode ! ! interface FastEthernet2/1/0 ip pim sparse-mode ! ip pim accept-rp 10.4.10.253 8 ip pim send-rp-announce FastEthernet5/0/1 scope 16 group-list 8 ip pim send-rp-discovery scope 16 ! access-list 8 permit 225.10.10.10 0.0.0.0 ! ################################################################ ‫ ברמה פיזית בכרטיס‬AGGRIGATION ‫ כרטיס שמבצע‬IMA ‫הגדרת‬ ! interface ATM1/IMA2 description ATM/IMA Router Pri P.T.P 11 2M ip address 10.xx.xx.65 255.255.255.252 no ip directed-broadcast no atm ilmi-keepalive pvc 2/2 protocol ip 10.xx.xx.66 broadcast encapsulation aal5snap no shut ! interface ATM1/3 description E1 to Router Primary P.T.P 11 2M no ip address no atm ilmi-keepalive ima-group 2 scrambling-payload impedance 120-ohm no shut ! ################################################################ HSRP ‫הגדרת‬ interface GigabitEthernet0/0
  12. 12. standby 1 ip 212.xx.xx.137 standby 1 priority 170 standby 1 preempt standby 1 name SURFER standby 1 track GigabitEthernet0/1 80 standby 2 ip 212.25.81.67 standby 2 priority 105 standby 2 preempt standby 2 name BACK_BONE ! ################################################################ RTR ‫הגדרת‬ rtr 10 type echo protocol ipIcmpEcho 199.xx.xx.41 rtr schedule 10 life forever start-time now rtr 20 type echo protocol ipIcmpEcho 212.xx.xx.129 rtr schedule 20 life forever start-time now ! track 10 rtr 10 reachability ! track 20 rtr 20 reachability ! ! access-list 150 permit ip 194.xx.195.0 0.0.0.255 any route-map www permit 10 match ip address 150 set ip next-hop verify-availability 199.xx.xx.41 10 track 10 set ip next-hop verify-availability 212.xx.xx.129 20 track 20 ! interface GigabitEthernet0/0 ip policy route-map www ! ################################################################ WCCP ‫הגדרת‬ ip wccp 1 redirect-list 100 group-list 20 password 7 044B0E0A0A ip wccp 2 redirect-list 100 group-list 20 password 7 105E0C1500 ! access-list 20 permit 10.10.10.20 access-list 100 permit ip 10.10.10.0 0.0.0.255 any ! ‫ לפי איזה פרוטוקול שאנחנו רוצים בדוגמה לעלה מעבירים את כל התעבורה‬ACL ‫יכולים להגדיר‬ .‫אבל ללא ספק אפשר להעביר איזה פרוטוקולים שאנחנו רוצים‬ ################################################################

×