Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • ASR1K Config

    Enviado por

    amar_gahir
    134 visualizações13 páginas
    Cisco ASR1K ISG Sample

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    RTF, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Cisco ASR1K ISG Sample

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato RTF, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    134 visualizações13 páginas

    ASR1K Config

    Enviado por

    amar_gahir
    Cisco ASR1K ISG Sample

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato RTF, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 13

    SP-WiFi-ASR01#sh run

    Building confguration...
    Current confguration : 12733 bytes
    !
    ! Last confguration change at 18:24:04 BDT Tue Mar 11 2014 by cisco
    ! NVRAM confg last updated at 18:24:06 BDT Tue Mar 11 2014 by cisco
    !
    version 15.3
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime localtime show-timezone
    service timestamps log datetime localtime show-timezone
    service password-encryption
    service sequence-numbers
    no platform punt-keepalive disable-kernel-core
    !
    hostname SP-WiFi-ASR01
    !
    boot-start-marker
    boot-end-marker
    !
    !
    vrf defnition Mgmt-intf
    !
    address-family ipv4
    exit-address-family
    !
    address-family ipv6
    exit-address-family
    !
    logging bufered notifcations
    enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
    !
    aaa new-model
    !
    !
    aaa group server radius EC
    server name EC
    server 10.101.42.92 auth-port 1812 acct-port 1813
    !
    aaa authentication login default local
    aaa authentication login EC_Prepaid_Auth_List group EC
    aaa authorization network default group EC
    aaa authorization network EC_Prepaid_Auth_List group EC
    aaa authorization subscriber-service default local group EC
    aaa accounting delay-start all
    aaa accounting update periodic 15
    aaa accounting network EC_Prepaid_Acct_List start-stop group EC
    aaa accounting network EC_EapSim_Acct_List start-stop group EC
    aaa accounting network UNAUTH-LIST start-stop group EC
    !
    !
    !
    aaa server radius policy-device
    !
    aaa server radius dynamic-author
    client 10.101.42.92 server-key 7 071C244F5C0C0D
    port 3799
    auth-type any
    ignore session-key
    ignore server-key
    !
    aaa session-id common
    aaa policy interface-confg allow-subinterface
    clock timezone BDT 6 0
    no ip source-route
    no ip gratuitous-arps
    !
    !
    !
    !
    !
    no ip bootp server
    no ip domain lookup
    ip domain name wif.robi.bd
    ip dhcp excluded-address 10.73.0.1 10.73.0.5
    ip dhcp ping packets 3
    ip dhcp ping timeout 2000
    !
    ip dhcp pool SP-WiFi-temp-User
    network 10.101.42.96 255.255.255.224
    default-router 10.101.42.97
    dns-server 202.134.12.13
    !
    ip dhcp pool OPEN_WLAN
    network 10.73.0.0 255.255.255.0
    default-router 10.73.0.4
    dns-server 202.134.12.13
    lease 0 0 10
    !
    !
    !
    ipv6 multicast rpf use-bgp
    ipv6 multicast vrf Mgmt-intf rpf use-bgp
    !
    subscriber feature prepaid default
    threshold time 0 seconds
    threshold volume 0 bytes
    method-list author EC_Prepaid_Auth_List
    method-list accounting EC_Prepaid_Acct_List
    password secret
    !
    !
    multilink bundle-name authenticated
    password encryption aes
    !
    !
    !
    !
    !
    !
    !
    !
    crypto pki trustpoint TP-self-signed-3636812456
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certifcate-3636812456
    revocation-check none
    rsakeypair TP-self-signed-3636812456
    !
    !
    crypto pki certifcate chain TP-self-signed-3636812456
    certifcate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101
    05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
    43657274
    69666963 6174652D 33363336 38313234 3536301E 170D3134 30333130
    30373433
    30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504
    03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33
    36333638
    31323435 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030
    81890281
    8100AA83 5B14BE44 C6735462 543D5A99 8719558B 4846A6DD E0E51471
    1D0FECF0
    A882E36D E3E153A7 12F0294B FA78DB47 32020C24 41B57CFD 6AFAC76C
    06619CCA
    597BFB6C 7A08A71A 2988FFAF E90DEDC0 78B0F767 3298FCDC DB306CA9
    DE03F4EB
    F5C17720 6765766C 3C553EC7 37C237C7 F8A81AE2 4E0170DA 051EDA38
    03212E9D
    564D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
    301F0603
    551D2304 18301680 14B8250A 4934862B 7199CA8A 81147E0A 0964A94C
    3D301D06
    03551D0E 04160414 B8250A49 34862B71 99CA8A81 147E0A09 64A94C3D
    300D0609
    2A864886 F70D0101 05050003 81810005 9B0763AD 52C28291 176D791D
    5A70496D
    04D0EDED 016CFEEC 1450FE5E D7C271DC 231C689A 3CBF6FEC 1239510B
    723A83F2
    B28A94D2 0F3C4EFA 5092C17B A9902ED5 BF075152 13774E57 2DFA2E43
    03BFB059
    54607AFF 2D20B9DF C067D9F6 131925B0 1FCFD5D9 78DE10E8 8554CAC5
    A78A3A48
    8706B66D F150A4A7 FF32C933 6F1392
    quit
    !
    !
    !
    !
    !
    !
    username cisco password 7 123A5404115B5D5679
    !
    redundancy
    mode sso
    redirect server-group ROBI_PORTAL
    server ip 10.101.42.92 port 18080
    !
    !
    !
    !
    !
    !
    !
    ip tftp source-interface GigabitEthernet0
    ip ssh time-out 60
    class-map type trafc match-any TC_L4REDIRECT
    match access-group input name L4REDIRECT_ACL_IN
    !
    class-map type trafc match-any TC_OPENGARDEN
    match access-group output name OPENGARDEN_ACL_OUT
    match access-group input name OPENGARDEN_ACL_IN
    !
    class-map type trafc match-any TC_EAPSIM
    match access-group output name INTERNET_ACL_OUT
    match access-group input name INTERNET_ACL_OUT
    !
    class-map type trafc match-any TC_ROBI_WALKIN
    match access-group output name INTERNET_ACL_OUT
    match access-group input name INTERNET_ACL_IN
    !
    class-map type control match-all IP_UNAUTH_COND
    match timer IP_UNAUTH_TIMER
    match authen-status unauthenticated
    !
    policy-map type service ROBI_REDIRECT_SERVICE
    10 class type trafc TC_L4REDIRECT
    redirect to group ROBI_PORTAL
    !
    class type trafc default in-out
    drop
    !
    !
    policy-map type service OPENGARDEN_SERVICE
    10 class type trafc TC_OPENGARDEN
    !
    class type trafc default in-out
    drop
    !
    !
    policy-map type service EAPSIM_SERVICE
    10 class type trafc TC_EAPSIM
    accounting aaa list EC_Prepaid_Acct_List
    !
    !
    policy-map type service ROBI_WALKIN
    10 class type trafc TC_ROBI_WALKIN
    accounting aaa list EC_Prepaid_Acct_List
    prepaid confg default
    !
    !
    policy-map type control ROBI_POLICY_RULE
    class type control IP_UNAUTH_COND event timed-policy-expiry
    1 service disconnect
    !
    class type control always event session-restart
    10 service-policy type service name OPENGARDEN_SERVICE
    25 service-policy type service name ROBI_REDIRECT_SERVICE
    30 set-timer IP_UNAUTH_TIMER 5
    !
    class type control always event account-logon
    1 authenticate aaa list EC_Prepaid_Auth_List
    2 service-policy type service unapply name ROBI_REDIRECT_SERVICE
    3 service-policy type service unapply name OPENGARDEN_SERVICE
    !
    class type control always event service-stop
    1 service-policy type service unapply identifer service-name
    2 service-policy type service name ROBI_REDIRECT_SERVICE
    3 service-policy type service name OPENGARDEN_SERVICE
    !
    class type control always event service-start
    2 service-policy type service identifer service-name
    !
    class type control always event account-logof
    1 service disconnect delay 5
    !
    class type control always event session-start
    10 service-policy type service name OPENGARDEN_SERVICE
    25 service-policy type service name ROBI_REDIRECT_SERVICE
    30 set-timer IP_UNAUTH_TIMER 5
    !
    !
    policy-map type control EAP_SIM
    class type control always event session-start
    5 service-policy type service name EAPSIM_SERVICE
    10 authorize identifer mac-address
    20 set-timer IP_UNAUTH_TIMER 4
    !
    class type control always event session-restart
    5 service-policy type service name EAPSIM_SERVICE
    10 authorize identifer mac-address
    20 set-timer IP_UNAUTH_TIMER 4
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback0
    ip address 10.101.42.253 255.255.255.255
    !
    interface GigabitEthernet0/0/0
    no ip address
    negotiation auto
    !
    interface GigabitEthernet0/0/0.611
    description Portal_users_C3560X-01_0/12
    encapsulation dot1Q 611
    ip address 10.73.0.2 255.255.255.0
    ip nat inside
    vrrp 1 ip 10.73.0.4
    vrrp 1 priority 120
    cdp enable
    service-policy type control ROBI_POLICY_RULE
    ip subscriber l2-connected
    initiator unclassifed mac-address
    initiator dhcp
    !
    interface GigabitEthernet0/0/0.614
    description EAP_SIM_USERS_C3560X-01_0/12
    encapsulation dot1Q 614
    ip address 10.101.42.66 255.255.255.248
    vrrp 4 ip 10.101.42.65
    vrrp 4 priority 120
    service-policy type control EAP_SIM
    ip subscriber l2-connected
    initiator dhcp
    !
    interface GigabitEthernet0/0/1
    description towards Tango proxy
    ip address 10.17.9.253 255.255.255.252
    no ip redirects
    no ip proxy-arp
    ip ospf network point-to-point
    ip ospf dead-interval 6
    ip ospf hello-interval 2
    ip ospf 32 area 4
    ip ospf cost 1000
    negotiation auto
    !
    interface GigabitEthernet0/0/2
    description *** Connect for ISP-POP-4507-Sw-01 ***
    ip address 202.134.15.106 255.255.255.252
    no ip redirects
    no ip proxy-arp
    ip nat outside
    ip ospf network point-to-point
    ip ospf hello-interval 2
    negotiation auto
    !
    interface GigabitEthernet0/0/3
    description *** Use for temp-NAT ***
    no ip address
    ip nat inside
    shutdown
    negotiation auto
    !
    interface GigabitEthernet0/0/4
    no ip address
    negotiation auto
    !
    interface GigabitEthernet0/0/4.601
    description CommonAAA_C3560X-01_0/13
    encapsulation dot1Q 601
    ip address 10.101.42.89 255.255.255.248
    !
    interface GigabitEthernet0/0/4.612
    description portal_int_C3560X-01_0/13
    encapsulation dot1Q 612
    ip address 10.101.42.50 255.255.255.248
    vrrp 2 ip 10.101.42.49
    vrrp 2 priority 120
    !
    interface GigabitEthernet0/0/4.613
    description towards AAA_C3560X-01_0/13
    encapsulation dot1Q 613
    ip address 10.101.42.58 255.255.255.248
    vrrp 3 ip 10.101.42.57
    vrrp 3 priority 120
    !
    interface GigabitEthernet0/0/4.616
    !
    interface GigabitEthernet0
    vrf forwarding Mgmt-intf
    no ip address
    shutdown
    negotiation auto
    !
    mcsa
    enable sessionmgr
    !
    router ospf 32
    router-id 10.17.9.253
    network 10.17.9.253 0.0.0.0 area 4
    !
    router ospf 24432
    area 1003 nssa
    network 202.134.15.104 0.0.0.3 area 1003
    !
    ip nat inside source list NAT interface GigabitEthernet0/0/2 overload
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip access-list standard NAT
    permit 10.73.0.0 0.0.0.255
    permit 10.101.42.96 0.0.0.31
    !
    ip access-list extended INTERNET_ACL_IN
    permit ip any any
    ip access-list extended INTERNET_ACL_OUT
    permit ip any any
    ip access-list extended L4REDIRECT_ACL_IN
    deny tcp any host 10.101.42.92 eq 18080
    deny ip any host 202.134.12.13
    permit tcp any any eq 8080 log-input
    permit tcp any any eq www log-input
    permit tcp any any eq 443 log-input
    deny ip any any
    ip access-list extended OPENGARDEN_ACL_IN
    permit ip any host 202.134.12.13
    permit ip any host 10.101.42.92
    deny ip any any
    ip access-list extended OPENGARDEN_ACL_OUT
    permit ip host 202.134.12.13 any
    permit ip host 10.101.42.92 any
    deny ip any any
    !
    !
    snmp-server community robi RW 5
    snmp-server trap-source Loopback0
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps vrrp
    snmp-server enable traps tty
    snmp-server enable traps ospf state-change
    snmp-server enable traps ospf errors
    snmp-server enable traps ospf retransmit
    snmp-server enable traps ospf lsa
    snmp-server enable traps ospf cisco-specifc state-change nssa-trans-change
    snmp-server enable traps ospf cisco-specifc errors
    snmp-server enable traps ospf cisco-specifc retransmit
    snmp-server enable traps ospf cisco-specifc lsa
    snmp-server enable traps aaa_server
    snmp-server enable traps bfd
    snmp-server enable traps bgp cbgp2
    snmp-server enable traps confg-copy
    snmp-server enable traps confg
    snmp-server enable traps confg-ctid
    snmp-server enable traps dhcp
    snmp-server enable traps cpu threshold
    snmp-server enable traps syslog
    snmp-server enable traps cef resource-failure peer-state-change peer-fb-state-
    change inconsistency
    snmp-server enable traps ip local pool
    snmp-server enable traps alarms informational
    snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
    !
    radius-server attribute 44 include-in-access-req default-vrf
    radius-server attribute 44 extend-with-addr
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 8 include-in-access-req
    radius-server attribute 32 include-in-access-req
    radius-server attribute 32 include-in-accounting-req
    radius-server attribute 55 include-in-acct-req
    radius-server attribute 55 access-request include
    radius-server attribute 30 original-called-number
    radius-server attribute 31 mac format ietf lower-case
    radius-server attribute 31 send nas-port-detail mac-only
    radius-server attribute nas-port-id include remote-id
    radius-server host 10.101.42.92 auth-port 1812 acct-port 1813 key 7
    04480E051D2458
    radius-server retransmit 2
    radius-server timeout 3
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    alias exec sss show subscriber session
    alias exec sssd show subscriber session detail
    !
    line con 0
    exec-timeout 5 0
    password 7 13264601085C557878
    stopbits 1
    line aux 0
    exec-timeout 0 10
    no exec
    stopbits 1
    line vty 0 4
    exec-timeout 5 0
    password 7 123A5404115B5D5679
    transport input telnet ssh
    !
    ntp server 192.168.90.4
    ntp server 192.168.80.30
    gtp
    interval echo-request 65
    information-element rat-type wlan
    interface local GigabitEthernet0/0/1
    apn 1
    apn-name wif
    ip address ggsn 202.134.10.12
    default-gw 10.24.128.1 prefx-len 17
    dhcp-server 10.24.128.1
    !
    end

    Você também pode gostar