!
!
version 12.4 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption no service dhcp ! hostname border ! boot-start-marker boot-end-marker ! enable secret 5 $1$jXfg$3OY1xeyi4OoLarvTw10AN1 ! aaa new-model ! ! aaa authentication attempts login 2 aaa authentication fail-message C The password error,Please try_again aaa authentication password-prompt Password-Error,try-again! aaa authentication username-prompt Password: aaa authentication login manage_access local ! ! aaa session-id common memory-size iomem 5 clock timezone gmt 8 ! ! ip cef no ip domain lookup ip domain name xiaohe.com ! ! no ip bootp server ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! username xiaohe privilege 15 secret 5 $1$jXfg$3OY1xeyi4OoLarvTw10AN1 archive log config hidekeys ! ! ! ! ! track 1 rtr 1 reachability ! track 2 rtr 2 reachability ! class-map match-any down-2M match access-group name to-vlan10 match access-group name to-vlan20 class-map match-any down-1M match access-group name to-vlan30 class-map match-any 1M match access-group name to-vlan30 class-map match-any 2M match access-group name to-vlan10 match access-group name to-vlan20 ! ! policy-map traffic-control-down class down-2M police 2000000 2500000 conform-action transmit exceed-action drop class down-1M police 1000000 1250000 conform-action transmit exceed-action drop policy-map traffic-control class 2M police 2000000 2500000 conform-action transmit exceed-action drop class 1M police 1000000 1250000 conform-action transmit exceed-action drop ! ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip access-group DefenceVirus in ip nat inside ip virtual-reassembly ip ospf cost 100 duplex auto speed auto priority-group 1 service-policy input traffic-control service-policy output traffic-control-down ! interface FastEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip access-group DefenceVirus in ip nat inside ip virtual-reassembly ip ospf cost 200 duplex auto speed auto priority-group 1 service-policy input traffic-control service-policy output traffic-control-down ! interface FastEthernet1/0 ip address 222.xx.xx.4 255.255.255.240 secondary ip address 222.xx.xx.3 255.255.255.240 ip access-group 110 in ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet2/0 ! interface FastEthernet2/1 ! interface FastEthernet2/2 ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface FastEthernet2/5 ! interface FastEthernet2/6 ! interface FastEthernet2/7 ! interface FastEthernet2/8 ! interface FastEthernet2/9 ! interface FastEthernet2/10 ! interface FastEthernet2/11 ! interface FastEthernet2/12 ! interface FastEthernet2/13 ! interface FastEthernet2/14 ! interface FastEthernet2/15 ! interface Vlan1 no ip address ! router ospf 1 log-adjacency-changes redistribute connected subnets network 1.1.1.0 0.0.0.255 area 0 network 192.168.0.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 network 222.xx.xx.0 0.0.0.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 172.16.1.0 255.255.255.0 192.168.0.2 track 1 ip route 172.16.10.0 255.255.255.0 192.168.0.2 track 1 ip route 172.16.20.0 255.255.255.0 192.168.0.2 track 1 ip route 172.16.30.0 255.255.255.0 192.168.0.2 track 1 ip route 172.16.40.0 255.255.255.0 192.168.0.2 track 1 ip route 172.16.1.0 255.255.255.0 192.168.1.2 track 2 ip route 172.16.10.0 255.255.255.0 192.168.1.2 track 2 ip route 172.16.20.0 255.255.255.0 192.168.1.2 track 2 ip route 172.16.30.0 255.255.255.0 192.168.1.2 track 2 ip route 172.16.40.0 255.255.255.0 192.168.1.2 track 2 ip route 0.0.0.0 0.0.0.0 FastEthernet1/0 ! ip nat pool web 222.xx.xx.4 222.xx.xx.4 netmask 255.255.255.240 ip nat pool internet 222.xx.xx.3 222.xx.xx.3 netmask 255.255.255.240 ip nat inside source list 1 pool internet overload ip nat inside source list 2 pool internet overload ip nat inside source list 3 pool internet overload ip nat inside source list 4 pool internet overload ip nat inside source list 5 pool internet overload ip nat inside source list 6 pool internet overload ip nat inside source list web pool web overload ip nat inside source static tcp 172.16.40.200 8080 222.xx.xx.4 8080 extendable ip nat inside source static tcp 172.16.40.200 2700 222.xx.xx.4 2700 extendable ip nat inside source static tcp 172.16.40.201 21 222.xx.xx.4 21 extendable ip nat inside source static tcp 172.16.40.201 80 222.xx.xx.4 80 extendable ip nat inside source static tcp 172.16.40.201 3389 222.xx.xx.4 3389 extendable ! ! ip access-list standard web permit 172.16.40.0 0.0.0.255 ip access-list extended DefenceVirus deny tcp any any eq 27665 deny tcp any any eq 16660 deny tcp any any eq 65000 deny tcp any any eq 33270 deny tcp any any eq 39168 deny tcp any any eq 6711 deny tcp any any eq 6712 deny tcp any any eq 6776 deny tcp any any eq 6669 deny tcp any any eq 2222 deny tcp any any eq 7000 deny tcp any any eq 135 deny tcp any any eq 136 deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 deny tcp any any eq 445 deny tcp any any eq 4444 deny tcp any any eq 5554 deny tcp any any eq 9996 deny tcp any any eq 3332 deny tcp any any eq 1068 deny tcp any any eq 455 deny udp any any eq 31335 deny udp any any eq 27444 deny udp any any eq 135 deny udp any any eq 136 deny udp any any eq 445 deny udp any any eq 4444 permit ip any any ip access-list extended to-vlan10 permit ip any 172.16.10.0 0.0.0.255 ip access-list extended to-vlan20 permit ip any 172.16.20.0 0.0.0.255 ip access-list extended to-vlan30 permit ip any 172.16.30.0 0.0.0.255 ip sla 1 icmp-echo 192.168.0.2 source-interface FastEthernet0/0 timeout 999 frequency 3 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 192.168.1.2 source-interface FastEthernet0/1 timeout 999 frequency 3 ip sla schedule 2 life forever start-time now access-list 1 permit 172.16.1.0 0.0.0.255 access-list 2 permit 172.16.10.0 0.0.0.255 access-list 3 permit 172.16.20.0 0.0.0.255 access-list 4 permit 172.16.30.0 0.0.0.255 access-list 5 permit 192.168.0.0 0.0.0.255 access-list 6 permit 192.168.1.0 0.0.0.255 access-list 110 deny udp any any eq snmptrap access-list 110 deny udp any any eq snmp access-list 110 permit ip any any access-list 110 deny tcp any any eq telnet access-list 110 deny tcp any any range exec cmd access-list 110 deny tcp any any eq sunrpc access-list 110 deny udp any any eq sunrpc access-list 110 deny tcp any any range 135 445 access-list 110 deny tcp any any eq ftp access-list 110 deny icmp any any echo log access-list 110 deny icmp any any redirect log access-list 110 deny icmp any any mask-request log access-list 110 permit icmp any any access-list 110 permit icmp any any echo access-list 110 deny udp any any eq 33400 access-list 110 permit udp any any eq 33400 access-list 110 deny ip 127.0.0.0 0.255.255.255 any log access-list 110 deny ip 192.168.0.0 0.0.255.255 any log access-list 110 deny ip 172.16.0.0 0.15.255.255 any log access-list 110 deny ip 10.0.0.0 0.255.255.255 any log access-list 110 deny ip 192.168.2.0 0.0.0.255 any access-list 110 deny ip 224.0.0.0 0.255.255.255 any access-list 110 deny ip 1.0.0.0 0.255.255.255 any access-list 110 deny ip 2.0.0.0 0.255.255.255 any access-list 110 deny ip 5.0.0.0 0.255.255.255 any access-list 110 deny ip 14.0.0.0 0.255.255.255 any access-list 110 deny ip 23.0.0.0 0.255.255.255 any access-list 110 deny ip 27.0.0.0 0.255.255.255 any access-list 110 deny ip 31.0.0.0 0.255.255.255 any access-list 110 deny ip 36.0.0.0 0.255.255.255 any access-list 110 deny ip 37.0.0.0 0.255.255.255 any access-list 110 deny ip 39.0.0.0 0.255.255.255 any access-list 110 deny ip 42.0.0.0 0.255.255.255 any access-list 110 deny ip 46.0.0.0 0.255.255.255 any access-list 110 deny ip 49.0.0.0 0.255.255.255 any access-list 110 deny ip 50.0.0.0 0.255.255.255 any access-list 110 deny ip 100.0.0.0 0.255.255.255 any access-list 110 deny ip 101.0.0.0 0.255.255.255 any access-list 110 deny ip 102.0.0.0 0.255.255.255 any access-list 110 deny ip 103.0.0.0 0.255.255.255 any access-list 110 deny ip 104.0.0.0 0.255.255.255 any access-list 110 deny ip 105.0.0.0 0.255.255.255 any access-list 110 deny ip 106.0.0.0 0.255.255.255 any access-list 110 deny ip 107.0.0.0 0.255.255.255 any access-list 110 deny ip 175.0.0.0 0.255.255.255 any access-list 110 deny ip 176.0.0.0 0.255.255.255 any access-list 110 deny ip 177.0.0.0 0.255.255.255 any access-list 110 deny ip 179.0.0.0 0.255.255.255 any access-list 110 deny ip 181.0.0.0 0.255.255.255 any access-list 110 deny ip 182.0.0.0 0.255.255.255 any access-list 110 deny ip 185.0.0.0 0.255.255.255 any access-list 110 deny ip 198.18.0.0 0.1.255.255 any access-list 110 deny ip 223.0.0.0 0.255.255.255 any access-list 110 deny ip 172.16.0.0 0.0.255.255 any access-list 110 remark Other bogons deny ip 224.0.0.0 15.255.255.255 any access-list 110 remark Other bogons deny ip 240.0.0.0 15.255.255.255 any access-list 110 remark Other bogons deny ip 0.0.0.0 0.255.255.255 any access-list 110 remark Other bogons deny ip 169.254.0.0 0.0.255.255 any access-list 110 remark Other bogons deny ip 192.0.2.0 0.0.0.255 any access-list 110 remark permit all other traffic permit ip any any priority-list 1 protocol ip high tcp telnet priority-list 1 protocol ip low tcp ftp no cdp run ! ! ! ! control-plane ! ! ! ! ! ! ! ! banner motd C This Router is for xiaohe and thank you again! ! line con 0 logging synchronous login authentication manage_access line aux 0 line vty 0 4 login authentication manage_access transport input telnet ! ntp clock-period 17207853 ntp source FastEthernet1/0 ntp server 129.6.15.28 ! end