AppendixD_Lab2_FinalConfigurations.txt

(34 KB) Pobierz
!************************************************
!*						*
!* Lab 2 Final Solutions for all Devices	*
!*						*
!************************************************



!********************************
!*				*
!* R1 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
no logging console
enable password cisco
no aaa new-model
ip source-route
ip cef
no ip domain lookup
ip domain name cisco.com
ip multicast-routing 

crypto key generate rsa exportable label dmvpn_gdoi





ip ips config location flash:ips5/ retries 1
ip ips notify SDEE
ip ips name myIOSipsV5
!
ip ips signature-category
  category all
   retired true
  category ios_ips basic
   retired false
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto gdoi group dmvpn_gdoi
 identity number 2
 server address ipv4 10.6.6.6
!
!
crypto map dmvpn_using_gdoi local-address Loopback0
crypto map dmvpn_using_gdoi 10 gdoi 
 set group dmvpn_gdoi
!
!         
crypto key pubkey-chain rsa
 named-key realm-cisco.pub signature
  key-string
   30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 
   00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 
   17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 
   B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E 
   5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 
   FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 
   50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 
   006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE 
   2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 
   F3020301 0001
  quit
!
load protocol ip.phdf
load protocol udp.phdf
!
ip tcp synwait-time 5
ip ssh version 1
!
class-map type access-control match-all W32-Blaster
 description "Match W32.Blaster worm packets"
 match field UDP dest-port eq 0x45
 match start l3-start offset 50 size 4 eq 0x20A29010
 match field IP length gt 0x192
class-map type stack match-all udp_protocol
 description "Match UDP over IP packets"
 match field IP protocol eq 0x11 next UDP
!
!
policy-map type access-control drop-W32-Blaster
 description "Policy for UDP based W32.Blaster worm attack"
 class W32-Blaster
   drop
policy-map type access-control fpm-policy
 description "drop W32.Blaster worm packets"
 class udp_protocol
  service-policy drop-W32-Blaster
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.0
!
interface Loopback11
 ip address 10.11.11.11 255.255.255.255
!
interface Tunnel0
 ip address 172.16.1.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip next-hop-self eigrp 2
 ip pim dr-priority 10
 ip pim nbma-mode
 ip pim sparse-dense-mode
 ip nhrp authentication cisco
 ip nhrp map multicast dynamic
 ip nhrp network-id 2
 ip nhrp server-only
 no ip split-horizon eigrp 2
 no ip mroute-cache
 delay 1500
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 2
!         
interface GigabitEthernet0/0
 ip address 192.168.3.11 255.255.255.0
 ip pim sparse-dense-mode
 ip ips myIOSipsV5 in
 ip ips myIOSipsV5 out
 rate-limit input access-group 101 32000 6000 12000 conform-action transmit exceed-action drop
 crypto map dmvpn_using_gdoi
!
interface GigabitEthernet0/1
 ip address 192.168.2.11 255.255.255.0
 service-policy type access-control input fpm-policy
 no shutdown
!
router eigrp 2
 network 10.11.11.11 0.0.0.0
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 10.2.2.0 255.255.255.0 192.168.3.2
ip route 10.3.3.0 255.255.255.0 192.168.3.3
ip route 10.4.4.0 255.255.255.0 192.168.3.2
ip route 10.5.5.0 255.255.255.0 192.168.3.2
ip route 10.6.6.0 255.255.255.0 192.168.3.2
ip route 10.7.7.0 255.255.255.0 192.168.3.2
ip route 10.8.8.0 255.255.255.0 192.168.3.3
ip route 192.168.0.0 255.255.0.0 192.168.3.2
ip http server
no ip http secure-server
!
access-list 101 permit udp any host 10.1.1.1 eq isakmp
!
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
line aux 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
!
end
          



!********************************
!*				*
!* R2 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
no logging console
enable password cisco
aaa new-model
aaa authentication login ezvpn local
aaa authorization network ezvpn local 
!
ip source-route
ip cef
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
username cisco privilege 15 password 0 cisco
secure boot-image
secure boot-config
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto isakmp client configuration group cisco
 key cisco
 domain cisco.com
 pool mypool
crypto isakmp profile ezvpn_dvti
   match identity group cisco
   client authentication list ezvpn
   isakmp authorization list ezvpn
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ezvpn_trans esp-3des esp-sha-hmac 
!
crypto ipsec profile ezvpn_dvti
 set transform-set ezvpn_trans 
 set isakmp-profile ezvpn_dvti
!
!
ip tcp synwait-time 5
!
no policy-map drop23
no class-map match-any drop23
!
class-map match-all drop23
 match protocol telnet
 match ip dscp 1 
!
!
policy-map drop23
 class drop23
   drop
!
!         
interface Loopback0
 ip address 10.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0
 ip address 192.168.3.2 255.255.255.0
 no shutdown
!
interface GigabitEthernet0/1
 ip address 192.168.4.2 255.255.255.0
 service-policy input drop23
 no service-policy output drop23
 no shutdown
!
interface Virtual-Template1 type tunnel
 ip unnumbered Loopback0
 tunnel source Loopback0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile ezvpn_dvti
!
ip local pool mypool 10.20.20.1 10.20.20.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.4.10
ip route 10.1.1.0 255.255.255.0 192.168.3.11
ip route 192.168.2.0 255.255.255.0 192.168.3.11
no ip http server
no ip http secure-server
!
!
access-list 101 permit tcp any any eq telnet
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
line aux 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 transport input telnet
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 transport input telnet
!
end




!********************************
!*				*
!* R3 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
enable password cisco
!
no aaa new-model
ip source-route
ip cef
no ip domain lookup
ip domain name cisco.com
ip multicast-routing 
no ipv6 cef
!


crypto key generate rsa exportable label dmvpn_gdoi




!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!         
!
crypto gdoi group dmvpn_gdoi
 identity number 2
 server address ipv4 10.6.6.6
!
!
crypto map dmvpn_using_gdoi local-address Loopback0
crypto map dmvpn_using_gdoi 10 gdoi 
 set group dmvpn_gdoi
!
ip tcp synwait-time 5
ip ssh version 1
!
class-map type port-filter match-all myclassmap
 match  closed-ports
!
!
policy-map type port-filter mypolicymap
 class myclassmap
   drop
!         
!
interface Loopback0
 ip address 10.3.3.3 255.255.255.0
!
interface Loopback11
 ip address 10.33.33.33 255.255.255.255
!
interface Tunnel0
 ip address 172.16.1.3 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip next-hop-self eigrp 2
 ip pim sparse-dense-mode
 ip nhrp authentication cisco
 ip nhrp map 172.16.1.1 10.1.1.1
 ip nhrp map multicast 10.1.1.1
 ip nhrp network-id 2
 ip nhrp nhs 172.16.1.1
 ip nhrp registration no-unique
 no ip split-horizon eigrp 2
 no ip mroute-cache
 load-interval 30
 delay 2000
 qos pre-classify
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 2
!
interface GigabitEthernet0/0
 ip address 192.168.3.3 255.255.255.0
 ip policy route-map drop4444-pbr
 crypto map dmvpn_using_gdoi
 no shutdown
!
interface GigabitEthernet0/1
 ip address 192.168.5.3 255.255.255.0
 crypto map dmvpn_using_gdoi
 no shutdown
!         
router eigrp 2
 network 10.33.33.33 0.0.0.0
 network 172.16.1.0 0.0.0.255
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 192.168.5.10
ip route 10.1.1.0 255.255.255.0 192.168.3.11
ip route 10.11.11.0 255.255.255.0 Tunnel0
ip route 10.33.33.0 255.255.255.0 Tunnel0
ip http server
no ip http secure-server
!
!         
ip mroute 10.1.1.1 255.255.255.255 172.16.1.1
access-list 101 permit tcp any any eq 4444
!
!
route-map drop4444-pbr permit 10
 match ip address 101
 match length 100 100
 set interface Null0
!
route-map drop4444-pbr permit 20
!
!
control-plane host
 service-policy type port-filter input mypolicymap
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
line aux 0
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
 transport input telnet
!
end




!********************************
!*				*
!* R4 Final Solution Config	*
!*				*
!********************************
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
no logging console
enable password cisco
!
no aaa new-model
ip source-route
ip cef
!
no ip domain lo...
AppendixD_Lab2_FinalConfigurations.txt

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:
