Cisco Router Configuration

‫הגדרת נתבי סיסקו‬
‫נכתב על ידי אלי קנדל‬
INTERFACE-‫ כולל הגדרות פיזיות על גבי ה‬MultiLink ‫הגדרת‬
controller E1 12/1/0
channel-group 0 timeslots 1-31
description !*E1 to Moked Concord|13-119-508| PP45
!
!
interface Serial12/1/0:0
description @! E1 from Vered-Sec To R-Moked-Concors-Sec 2M
bandwidth 2000
no ip address
no ip directed-broadcast
encapsulation ppp
load-interval 30
tx-queue-limit 26
ppp multilink
multilink-group 1
end
!
!
channel-group 0 timeslots 1-31
description E1 to Moked Concord-sec Panel A-27
!
!
description @! * E1 Vered-Sec To ConCord port A-27 ADM-2 TAG 21
bandwidth 2000
no ip address
encapsulation ppp
load-interval 30
tx-queue-limit 26
ppp multilink
multilink-group 1
end
!
!
interface Multilink1
bandwidth 2000
ip address 10.7.140.1 255.255.255.0
ip load-sharing per-packet
ip summary-address eigrp 110 0.0.0.0 0.0.0.0 200
ip route-cache flow input

delay 1900
ppp multilink
no ppp multilink fragmentation
multilink-group 1
no shut
end
!
################################################################

Site To Site VPN ‫הגדרת‬

crypto isakmp policy 10
hash md5
group 2
authentication pre-share
lifetime 3600
!
crypto isakmp key isrlaw002 address 10.57.32.70
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set ADSL esp-des esp-md5-hmac
!
crypto map VPN_ADSL Local-address Ethernet0/1
!
crypto map VPN_ADSL 10 ipsec-isakmp
set peer 10.57.32.70
set transform-set ADSL
match address 100
!
access-list 100 permit ip 10.180.102.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 permit ip 10.180.102.0 0.0.0.255 192.168.0.0 0.0.255.255
!
int ethernet0/0
crypto map VPN_ADSL
!
################################################################

Easy VPN ‫הגדרת‬
crypto ipsec client ezvpn vpn_store
connect auto
group vpn_store key adsl2store
mode network-extension
peer 10.57.32.70
!
interface Ethernet0
crypto ipsec client ezvpn vpn_store inside

!
interface Dialer0
crypto ipsec client ezvpn vpn_store
!
################################################################

Control Plan ‫הגדרת‬
Control-plane Police !!!!!!!
!
access-list 140 deny tcp host 10.1.30.82 any eq telnet
access-list 140 deny tcp 10.53.102.0 0.0.0.255 any eq telnet
access-list 140 permit tcp any any eq telnet
access-list 140 remark Telnet Limit to 80K bit except the Mengment Stations
!
class-map telnet-class
description Telnet Limit to 80K bit except the Mengment Stations
match access-group 140
exit
!
!
!
no access-list 141

access-list 141 permit udp host 10.1.30.81 any eq snmp
access-list 141 permit udp 10.53.102.0 0.0.0.255 any eq snmp
access-list 141 deny udp any any eq snmp
access-list 141 remark Snmp Limit to 80K bit
!
class-map snmp-class
description Snmp Limit to 80K bit To the authorized Station
exit
!
!
!
no access-list 142

access-list 142 deny icmp host 10.1.30.81 any echo

access-list 142 deny icmp 10.53.102.0 0.0.0.255 any port-unreachable
access-list 142 deny icmp 10.53.102.0 0.0.0.255 any echo
access-list 142 permit icmp any any port-unreachable
access-list 142 permit icmp any any echo
access-list 142 remark Drop All ICMP except the Mengment Stations

!
class-map icmp-class
description Drop All ICMP except the Mengment Stations
exit
!
!
!

policy-map control-plane-policy
!
class match-any telnet-class
police 80000 conform-action transmit exceed-action drop
exit
!
class match-any snmp-class
police 80000 conform-action transmit exceed-action drop
exit
!
class match-any icmp-class
drop
exit
!
class class-default
!
!
control-plane
service-policy input control-plane-policy
exit
!
################################################################

Rotary ‫ כולל הגדרת‬Ip Alias ‫הגדרת‬
ip alias 10.202.200.41 3011
ip alias 10.202.200.42 3012
ip alias 10.202.200.51 3001
ip alias 10.202.200.52 3002

ip alias 10.202.200.136 2136
ip alias 10.202.200.137 2137
ip alias 10.202.200.138 2138
ip alias 10.202.200.139 2139

!
################################################################

QOS ‫הגדרת‬
class-map match-any INFO_ZEN_TORMAT_110
description Traffic To INFO Cluster And TORMAT And ZEN
class-map match-any LOGIN_PRINTER_120
description Traffic To LOGIN To Domain Controller And DNS And File System And Printer's
class-map match-any CITRIX_ERP_100
description Traffic To CITRIX And ERP And Vantiv Application
class-map match-any NICE_140
description Traffic To NICE System
class-map match-any VOIP_130
description Traffic To VOIP TNN
!
policy-map MAPA_OUT
class VOIP_130
priority percent 6
class CITRIX_ERP_100
bandwidth percent 35
class INFO_ZEN_TORMAT_110
random-detect
class LOGIN_PRINTER_120
!
max-reserved-bandwidth 90
service-policy output MAPA_OUT
!
ip access-list extended CITRIX_ERP
permit icmp any any
permit ip any 10.57.14.0 0.0.0.255
permit ip any host 10.57.65.150
remark 10.57.65.150 - App Maof (virt ip), 10.57.14.0 - Citrix Network
ip access-list extended INFO_ZEN_TORMAT
permit tcp any host 10.57.65.100 eq www
remark 10.57.65.100 - info , 10.57.66.100 - zen , 10.4.10.100 - QFLOWSRV1
ip access-list extended LOGIN_PRINTER

permit tcp any host 10.57.10.62 eq 9100
permit tcp any host 10.57.9.131 eq lpd
remark 10.57.9.150 - NEVU-Domain Controller , 10.57.9.151 - MORPH-DC
remark 10.57.9.52 - NEO-DC+DNS , 10.57.9.53 - TRINITY-DC+DNS - LDAP+RPC+DNS+NETBIOS--
PROTOCOL
remark 10.57.5.200-201 - MF1-MF2(Home Directory O,Q,M) , Printer - 10.57.9.131-134
ip access-list extended VOIP
!
!
################################################################

Time Range ‫הגדרת‬

time-range NIGHT
periodic Friday 7:00 to 15:00
periodic Monday Tuesday Wednesday Thursday Sunday 7:00 to 20:00
!
!
################################################################
Route Map ‫הגדרת‬
route-map POC-EXP-Ashdod permit 10
match ip address 151
set ip next-hop 10.5.16.15
!
access-list 151 permit ip any 10.5.16.0 0.0.0.255
!
ip policy route-map POC-EXP-Ashdod
!
!
################################################################
Source Interface ‫הגדרת‬
ip flow-export source FastEthernet0/0
ip tacacs source-interface FastEthernet0/0
ip telnet source-interface FastEthernet3/1/0
snmp-server trap-source Loopback1

ip tftp source-interface GigabitEthernet0/0
!
################################################################
NTP ‫הגדרת שעון‬
clock timezone ISRAEL 2
ntp server 10.0.0.11 prefer
ntp server 10.0.0.12
ntp master 1
ntp source GigabitEthernet0/0
!
################################################################
Tacacs ‫הגדרת‬
tacacs-server host 10.57.4.61 single-connection
tacacs-server host 10.57.4.62 single-connection
tacacs-server attempts 1
tacacs-server key ciscoVered
!

aaa new-model
aaa authentication login default tacacs+ local
aaa authorization exec default tacacs+ local
aaa authorization commands 15 default tacacs+ local
aaa accounting suppress null-username
+aaa accounting exec default start-stop tacacs
+aaa accounting commands 15 default stop-only tacacs
!
################################################################
Radius ‫הגדרת‬
radius-server host 10.57.4.151 auth-port 1645 acct-port 1646
radius-server host 10.57.4.152 auth-port 1645 acct-port 1646
radius-server retransmit 1
radius-server key 7 0822455D0A1637161F0709
!
aaa group server radius ACE-SER-RAD
server 10.57.4.151 auth-port 1645 acct-port 1646
!
aaa authentication login ACE group ACS-SER-RAD local
aaa authentication ppp DIAL-PPP group ACS-SER-RAD local
aaa authorization network DIAL-PPP group ACS-SER-RAD local
aaa accounting commands 15 ADMIN start-stop group ACS-Radius-Tifuli
!
################################################################

HDCP POOL ‫הגדרת‬
ip local pool RAS_Pool 10.203.200.65 10.203.200.72
ip local pool Pool_Comverse 10.203.200.245 10.203.200.254

################################################################
DHCP ‫הגדרת‬
ip dhcp excluded-address 10.5.14.1 10.5.14.115
ip dhcp excluded-address 10.5.14.130 10.5.14.255
!
ip dhcp pool Main-Ramle
network 10.5.14.0 255.255.255.0
default-router 10.5.14.1
netbios-name-server 10.1.30.6 10.1.30.13
netbios-node-type h-node
dns-server 10.57.9.52 10.57.9.53
"option 66 ascii "winmapa65.pelephone.co.il
bootfile boot/x86/wds/nbp.com
lease 3
!
################################################################

ISDN ‫הגדרת‬
##### Configure isdn on vered-sec ##########
!
username isdn_test password sheni
!
isdn switch-type primary-net5
!
pri-group timeslots 1-31
description E1 for ISDN (ALL MAPA SITE) 03-5725993 2M
!
description E1 for ISDN (ALL MAPA SITE) 2M
bandwidth 2000
no ip address
encapsulation ppp
isdn switch-type primary-net5
isdn incoming-voice modem
no ip route-cache
no ip mroute-cache
no keepalive
no peer default ip address
dialer pool-member 1
dialer pool-member 2
no fair-queue
ppp authentication chap
ppp multilink
!
interface Dialer0
description ISDN TO ISDN_TEST 7329121 128K
ip address 10.8.15.1 255.255.255.0
encapsulation ppp
no ip route-cache

no ip mroute-cache
bandwidth 128
delay 40000
no keepalive
dialer remote-name isdn_test
dialer idle-timeout 360
dialer string 037329109
dialer caller 037329121
dialer pool 2
dialer-group 1
no fair-queue
ppp multilink
pulse-time 0
!
dialer-list 1 protocol ip permit
!

!!! ip route 10.215.200.0 255.255.255.0 10.8.15.2
!
################## ISDN CONFIGURE ##############
!
username www Password xxx
!
interface BRI0
description ISDN TO xxx No.03-7329109 128K
ip address 10.8.15.2 255.255.255.0
no ip mroute-cache
encapsulation ppp
no ip route-cache
bandwidth 128
delay 5000
no keepalive
dialer idle-timeout 360
dialer map ip 10.8.15.1 name www 5725993
dialer load-threshold 1 either
dialer-group 1
no fair-queue
ppp multilink
!
ip route 10.0.0.0 255.0.0.0 10.8.15.1 250
!
dialer-list 1 protocol ip list 100
!
access-list 100 deny ip any host 255.255.255.255
access-list 100 deny ip any 0.255.255.255 255.0.0.0

access-list 100 deny eigrp any any
access-list 100 permit ip 10.215.200.0 0.0.0.255 any
!
line 33 62
session-timeout 15
modem Dialin
modem autoconfigure discovery
rotary 1
autocommand ppp
transport input all
autoselect during-login
autoselect ppp
!
autohangup
!
################################################################

Frame Relay ‫הגדרת‬
interface Serial0
description F.R To Vendors-Pri 128K
no ip address
encapsulation frame-relay
bandwidth 128
keepalive 11
no fair-queue
frame-relay lmi-type ansi
no sh
!
interface Serial0.16 point-to-point
description F.R To xxx 128K
ip address 10.176.23.2 255.255.255.0
bandwidth 128
frame-relay interface-dlci 16
no sh
!
################################################################
LockAndKey ‫הגדרת‬
interface Serial2/1:30
description ellular site #459
ip address 10.208.1.106 255.255.255.252
ip access-group LockAndKey in
encapsulation ppp
no cdp enable
!
ip access-list extended LockAndKey
permit tcp any any established
permit icmp any any
permit udp any any eq snmptrap

permit udp any eq snmp any
permit udp any eq 21 any
permit udp any eq 20 any
permit udp any eq tftp any
permit udp any any eq ntp
!
################################################################
IP PIM ‫הגדרת‬
---------------------- router- primary------------------------
ip multicast-routing
ip pim autorp listener

interface FastEthernet5/0/1
ip pim sparse-mode
!
!
interface FastEthernet2/1/0
ip pim sparse-mode
!
ip pim accept-rp 10.4.10.253 8
ip pim send-rp-announce FastEthernet5/0/1 scope 16 group-list 8
ip pim send-rp-discovery scope 16
!
access-list 8 permit 225.10.10.10 0.0.0.0
!
################################################################
‫ ברמה פיזית בכרטיס‬AGGRIGATION ‫ כרטיס שמבצע‬IMA ‫הגדרת‬
!
interface ATM1/IMA2
description ATM/IMA Router Pri P.T.P 11 2M
ip address 10.xx.xx.65 255.255.255.252
no atm ilmi-keepalive
pvc 2/2
protocol ip 10.xx.xx.66 broadcast
encapsulation aal5snap
no shut
!
interface ATM1/3
description E1 to Router Primary P.T.P 11 2M
no ip address
no atm ilmi-keepalive
ima-group 2
scrambling-payload
impedance 120-ohm
no shut
!
################################################################
HSRP ‫הגדרת‬
interface GigabitEthernet0/0

standby 1 ip 212.xx.xx.137
standby 1 priority 170
standby 1 preempt
standby 1 name SURFER
standby 1 track GigabitEthernet0/1 80
standby 2 ip 212.25.81.67
standby 2 priority 105
standby 2 preempt
standby 2 name BACK_BONE
!
################################################################

RTR ‫הגדרת‬
rtr 10
type echo protocol ipIcmpEcho 199.xx.xx.41
rtr schedule 10 life forever start-time now
rtr 20
type echo protocol ipIcmpEcho 212.xx.xx.129
rtr schedule 20 life forever start-time now
!
track 10 rtr 10 reachability
!
track 20 rtr 20 reachability
!
!
access-list 150 permit ip 194.xx.195.0 0.0.0.255 any
route-map www permit 10
match ip address 150
set ip next-hop verify-availability 199.xx.xx.41 10 track 10
set ip next-hop verify-availability 212.xx.xx.129 20 track 20
!
interface GigabitEthernet0/0
ip policy route-map www
!
################################################################
WCCP ‫הגדרת‬
ip wccp 1 redirect-list 100 group-list 20 password 7 044B0E0A0A
ip wccp 2 redirect-list 100 group-list 20 password 7 105E0C1500
!
access-list 20 permit 10.10.10.20
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
!
‫ לפי איזה פרוטוקול שאנחנו רוצים בדוגמה לעלה מעבירים את כל התעבורה‬ACL ‫יכולים להגדיר‬
.‫אבל ללא ספק אפשר להעביר איזה פרוטוקולים שאנחנו רוצים‬
################################################################

Cisco Router Configuration

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Cisco Router Configuration

Similar to Cisco Router Configuration (20)

More from ELI KENDEL אלי קנדל

More from ELI KENDEL אלי קנדל (17)

Cisco Router Configuration