...
Блок кода | ||
---|---|---|
| ||
hostname esr-ipsec object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group service ipsec_ports port-range 500 port-range 4500 exit object-group service dns port-range 53 exit object-group network SoftWLC ip prefix 100.123.0.0/24 exit object-group network ipsec_remote_address ip prefix 10.100.0.0/16 ip prefix 172.31.252.0/22 exit object-group network gre_termination ip prefix 192.168.200.48/28 exit object-group network AP_mgmt ip prefix 192.168.128.0/22 ip prefix 198.18.160.0/22 exit object-group network AP_users ip prefix 198.18.160.0/22 exit syslog console none radius-server timeout 10 radius-server retransmit 5 radius-server host 100.123.0.2 key ascii-text encrypted 88B11079B9014FAAF7B9 timeout 11 priority 20 source-address 192.168.128.1 auth-port 31812 acct-port 31813 retransmit 10 dead-interval 10 exit aaa radius-profile PCRF radius-server host 100.123.0.2 exit das-server COA key ascii-text encrypted 88B11079B9014FAAF7B9 port 3799 clients object-group SoftWLC exit aaa das-profile COA das-server COA exit tech-support login enable root login enable vlan 3 force-up exit vlan 10 force-up exit security zone trusted exit security zone untrusted exit security zone ipsec exit security zone gre exit security zone users exit ip access-list extended users_pbr rule 10 action deny match protocol udp match source-port 68 match destination-port 67 enable exit rule 11 action deny match protocol udp match destination-port 53 enable exit rule 20 action permit enable exit exit route-map out_BGP_AP rule 10 match ip address object-group AP_mgmt action permit exit exit route-map out_BGP_NAT rule 10 match ip address object-group AP_users action permit exit exit route-map users_map rule 10 match ip access-group users_pbr action set ip next-hop verify-availability 100.64.0.69 10 action permit exit exit router bgp 64604 address-family ipv4 router-id 198.18.156.1 redistribute connected neighbor 100.64.0.65 remote-as 1238965001 route-map out_BGP_AP out update-source 100.64.0.66 enable exit neighbor 100.64.0.69 remote-as 1238965001 route-map out_BGP_NAT out update-source 100.64.0.70 enable exit enable exit exit snmp-server snmp-server system-shutdown snmp-server community "private1" rw snmp-server community "public11" ro snmp-server host 100.123.0.2 exit snmp-server enable traps snmp-server enable traps config snmp-server enable traps config commit snmp-server enable traps config confirm snmp-server enable traps environment snmp-server enable traps environment fan snmp-server enable traps environment fan-speed-changed snmp-server enable traps environment fan-speed-high snmp-server enable traps environment memory-flash-critical-low snmp-server enable traps environment memory-flash-low snmp-server enable traps environment memory-ram-critical-low snmp-server enable traps environment memory-ram-low snmp-server enable traps environment cpu-load snmp-server enable traps environment cpu-critical-temp snmp-server enable traps environment cpu-overheat-temp snmp-server enable traps environment cpu-supercooling-temp snmp-server enable traps environment board-overheat-temp snmp-server enable traps environment board-supercooling-temp snmp-server enable traps wifi snmp-server enable traps wifi wifi-tunnels-number-in-bridge-high snmp-server enable traps file-operations snmp-server enable traps file-operations successful snmp-server enable traps file-operations failed snmp-server enable traps file-operations canceled snmp-server enable traps interfaces snmp-server enable traps interfaces rx-utilization-high snmp-server enable traps interfaces tx-utilization-high snmp-server enable traps interfaces number-high snmp-server enable traps bras snmp-server enable traps bras sessions-number-high snmp-server enable traps screen snmp-server enable traps screen dest-limit snmp-server enable traps screen source-limit snmp-server enable traps screen icmp-threshold snmp-server enable traps screen udp-threshold snmp-server enable traps screen syn-flood snmp-server enable traps screen land snmp-server enable traps screen winnuke snmp-server enable traps screen icmp-frag snmp-server enable traps screen udp-frag snmp-server enable traps screen icmp-large snmp-server enable traps screen syn-frag snmp-server enable traps screen unknown-proto snmp-server enable traps screen ip-frag snmp-server enable traps screen port-scan snmp-server enable traps screen ip-sweep snmp-server enable traps screen syn-fin snmp-server enable traps screen fin-no-ack snmp-server enable traps screen no-flag snmp-server enable traps screen spoofing snmp-server enable traps screen reserved snmp-server enable traps screen quench snmp-server enable traps screen echo-request snmp-server enable traps screen time-exceeded snmp-server enable traps screen unreachable snmp-server enable traps screen tcp-all-flags snmp-server enable traps entity snmp-server enable traps entity config-change snmp-server enable traps entity-sensor snmp-server enable traps entity-sensor threshold snmp-server enable traps envmon snmp-server enable traps envmon fan snmp-server enable traps envmon shutdown snmp-server enable traps envmon temperature snmp-server enable traps flash snmp-server enable traps flash insertion snmp-server enable traps flash removal snmp-server enable traps snmp snmp-server enable traps snmp authentication snmp-server enable traps snmp coldstart snmp-server enable traps snmp linkdown snmp-server enable traps snmp linkup snmp-server enable traps syslog bridge 1 description "gre_termination" vlan 1 security-zone gre ip address 192.168.200.49/28 ip address 192.168.200.50/28 enable exit bridge 3 description "AP_mgmt" vlan 3 security-zone trusted ip address 192.168.128.1/22 ip helper-address 100.123.0.2 ip tcp adjust-mss 1312 enable exit bridge 10 description "Users" vlan 10 security-zone users ip address 198.18.160.1/22 ip helper-address 100.123.0.2 ip policy route-map users_map ip tcp adjust-mss 1312 location data10 enable exit interface gigabitethernet 1/0/1 description "UpLink" exit interface gigabitethernet 1/0/1.212 description "VRF_backbone" security-zone trusted ip address 100.64.0.66/30 ip tcp adjust-mss 1312 exit interface gigabitethernet 1/0/1.213 description "VRF_nat" security-zone untrusted ip address 100.64.0.70/30 ip tcp adjust-mss 1312 exit interface gigabitethernet 1/0/1.1000 description "adm_net" security-zone trusted ip address 100.110.0.133/23 exit interface gigabitethernet 1/0/1.4092 description "IPsec" security-zone ipsec ip address 10.12.20.4/28 exit tunnel softgre 1 description "mgmt" mode management local address 192.168.200.49 default-profile enable exit tunnel softgre 1.1 bridge-group 3 enable exit tunnel softgre 2 description "data" mode data local address 192.168.200.50 default-profile enable exit security zone-pair trusted self rule 10 action permit enable exit exit security zone-pair users self rule 10 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit exit security zone-pair users untrusted rule 10 action permit enable exit exit security zone-pair users trusted rule 10 action permit match protocol udp match source-port dhcp_client match destination-port dhcp_server enable exit rule 20 action permit match protocol udp match destination-port dns enable exit exit security zone-pair ipsec self rule 1 action permit match protocol udp match destination-port ipsec_ports enable exit rule 2 action permit match protocol esp enable exit rule 3 action permit match protocol gre match source-address ipsec_remote_address match destination-address gre_termination enable exit rule 4 action permit match protocol icmp enable exit exit security zone-pair trusted trusted rule 10 action permit enable exit exit address-assignment pool ipsec_xauth_pool ip prefix 172.31.252.0/22 data-tunnel address 192.168.200.50 management-tunnel address 192.168.200.49 exit security ike proposal dh1_md5_aes128 authentication algorithm md5 encryption algorithm aes128 exit security ike policy psk_xauth lifetime seconds 86400 pre-shared-key ascii-text testing123 authentication method xauth-psk-key authentication mode radius proposal dh1_md5_aes128 exit security ike gateway xauth_gw ike-policy psk_xauth local address 10.12.20.4 local network 192.168.200.48/28 remote address any remote network dynamic pool ipsec_xauth_pool mode policy-based dead-peer-detection action clear dead-peer-detection interval 60 dead-peer-detection timeout 180 exit security ipsec proposal md5_aes128_esp authentication algorithm md5 encryption algorithm aes128 exit security ipsec policy ipsec_pol proposal md5_aes128_esp exit security ipsec vpn xauth_ipsec mode ike ike establish-tunnel by-request ike gateway xauth_gw ike ipsec-policy ipsec_pol enable exit security passwords history 0 ip dhcp-relay ip route 0.0.0.0/0 10.12.20.2 wireless-controller nas-ip-address 192.168.128.1 resp-time 3 failure-count 3 data-tunnel configuration radius aaa das-profile COA aaa radius-profile PCRF enable exit ip telnet server ip ssh server clock timezone gmt +7 ntp enable ntp server 100.123.0.2 exit |
...