...
Без форматирования |
---|
object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group service dns port-range 53 exit object-group service redirect port-range 3128-3131 exit object-group network users ip prefix 192.168.132.0/22 exit object-group network SoftWLC ip address-range 100.123.0.2 exit object-group network bras_users ip address-range 192.168.132.2-192.168.135.254 exit radius-server timeout 10 radius-server retransmit 5 radius-server host 100.123.0.2 key ascii-text encryptedtesting123 88B11079B9014FAAF7B9 timeout 11 priority 20 source-address 100.123.0.176 auth-port 31812 acct-port 31813 retransmit 10 dead-interval 10 exit aaa radius-profile PCRF radius-server host 100.123.0.2 exit das-server COA key ascii-text encrypted 88B11079B9014FAAF7B9 port 3799 clients object-group SoftWLC exit aaa das-profile COA das-server COA exit security zone trusted exit security zone untrusted exit security zone users exit ip access-list extended WELCOME rule 1 action permit match protocol tcp match destination-port 443 enable exit rule 2 action permit match protocol tcp match destination-port 8443 enable exit rule 3 action permit match protocol tcp match destination-port 80 enable exit rule 4 action permit match protocol tcp match destination-port 8080 enable exit exit ip access-list extended INTERNET rule 1 action permit enable exit exit ip access-list extended unauthUSER rule 1 action permit match protocol udp match source-port 68 match destination-port 67 enable exit rule 2 action permit match protocol udp match destination-port 53 enable exit exit subscriber-control filters-server-url http://100.123.0.2:7070/filters/file subscriber-control aaa das-profile COA aaa sessions-radius-profile PCRF aaa services-radius-profile PCRF nas-ip-address 100.123.0.176 session mac-authentication bypass-traffic-acl unauthUSER default-service class-map unauthUSER filter-name remote gosuslugi filter-action permit default-action redirect http://100.123.0.2:8080/eltex_portal/ exit enable exit snmp-server snmp-server system-shutdown snmp-server community "private1" rw snmp-server community "public11" ro snmp-server host 100.123.0.2 source-address 100.123.0.176 exit bridge 10 description "users" security-zone users ip address 192.168.132.1/22 ip helper-address 100.123.0.2 service-subscriber-control any object-group bras_users location data10 enable exit interface gigabitethernet 1/0/1.3500 description "UpLink" security-zone untrusted ip address 172.31.240.3/29 exit interface gigabitethernet 1/0/1.2300 description "mgmt" security-zone trusted ip address 100.123.0.176/24 exit interface gigabitethernet 1/0/1.2336 bridge-group 10 exit interface gigabitethernet 1/0/1.2337 bridge-group 10 exit security zone-pair users untrusted rule 1 action permit enable exit exit security zone-pair trusted self rule 1 action permit enable exit exit security zone-pair trusted users rule 1 action permit enable exit exit security zone-pair users self rule 1 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit rule 2 action permit match protocol tcp match destination-port redirect enable exit exit security zone-pair users trusted rule 1 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit rule 2 action permit match protocol udp match destination-port dns enable exit exit nat source pool nat_addr ip address-range 172.31.240.3 exit ruleset nat_source to zone untrusted rule 1 match source-address users action source-nat pool nat_addr enable exit exit exit ip dhcp-relay ip route 0.0.0.0/0 172.31.240.1 ip telnet server ip ssh server clock timezone gmt +7 ntp enable ntp server 100.123.0.2 exit |
...