Вы просматриваете старую версию данной страницы. Смотрите текущую версию.
Сравнить с текущим |
просмотр истории страницы
Для настраивающих данное оборудование впервые будет полезно прочитать данный конфигурационный файл полностью.
Для более опытных специалистов интересующая информация (создание сервисов) выделена курсивом.
service multiple-contexts service inter-context routing flow admission-control profile heavy-user max-flows-per-circuit 100 sustained-creation-rate 10 burst-creation-rate 20 flow ip profile p1 active-timeout 1000 inactive-timeout 10 aggregation-cache-size 8192 context local no ip domain-lookup interface GNC ip address 192.168.97.166/30 interface vlan150-upravlenie ip address 172.16.10.1/24 ip access-group acl-for-v150-relays-only in interface vlan99-colocation ip address 172.16.5.1/24 logging console ip access-list acl-for-v150-relays-only seq 10 permit ip 172.16.10.0 0.0.0.255 seq 20 permit ip host 10.64.0.178 ip access-list admin-access seq 10 permit tcp any any eq ssh seq 20 deny tcp any any eq telnet ip prefix-list MyBGPAllOut description Filter BGP Out My Networks seq 10 permit 10.128.72.0/21 router bgp 56956 router-id 192.168.97.166 address-family ipv4 unicast redistribute static aggregate-address 10.128.72.0/21 network 10.128.72.0/21 neighbor 192.168.97.165 external remote-as 49800 address-family ipv4 unicast prefix-list MyBGPAllOut out enable encrypted 1 $1$........$here was a hash aaa authentication administrator local aaa authentication administrator maximum sessions 12 administrator ********** encrypted ************************. administrator ro encrypted ******************** ip route 0.0.0.0/0 192.168.97.165 ip route 4.4.4.4/32 context arm ip route 10.64.10.0/30 context arm ip route 10.64.0.96/29 172.16.5.5 connected tag 101 ip route 10.64.0.160/28 172.16.172.16 connected tag 200 ip route 10.64.0.176/29 172.16.5.5 connected tag 199 ip route 10.64.0.184/29 context arm ip route 10.128.72.0/26 172.16.5.5 connected tag 101 ip route 10.128.72.0/21 null0 distance 200 no service telnet server context arm no ip domain-lookup interface klienti_10.64.0.184/29 multibind ip address 10.64.0.190/29 dhcp proxy 254 interface loop0 loopback ip address 4.4.4.4/32 interface to-L3-Relay-001 p2p ip address 10.64.192.168/30 ip source-address radius dhcp-server flow-ip ip access-group acl-for-l3-relays-only in no logging console ip access-list acl-for-l3-relays-only seq 10 permit ip 10.64.0.160 0.0.0.15 seq 20 permit ip host 10.64.0.178 seq 30 permit ip host 10.64.0.185 seq 40 permit ip 172.16.0.0 0.0.255.255 policy access-list HTTP-REDIRECT seq 10 permit ip any host 8.8.8.8 class CLS-NORMAL seq 20 permit ip any host 8.8.4.4 class CLS-NORMAL seq 30 permit tcp any host 10.64.0.98 eq 67 class CLS-NORMAL seq 31 permit tcp any host 10.64.0.98 eq 68 class CLS-NORMAL seq 35 permit tcp any host 15.16.17.18 eq www class CLS-NORMAL seq 40 permit tcp any any eq www class CLS-REDIRECT seq 50 permit ip any any class CLS-DROP policy access-list acl-classess-in seq 10 permit ip any 172.16.5.0 0.0.0.255 class cls-Local seq 20 permit ip any 10.64.0.184 0.0.0.7 class cls-Local seq 30 permit ip any any class cls-Inet policy access-list acl-classess-out seq 10 permit ip 172.16.5.0 0.0.0.255 any class cls-Local seq 20 permit ip 10.64.0.184 0.0.0.7 any class cls-Local seq 30 permit ip any any class cls-Inet http-redirect profile NOAUTH url "http://vpn.mydomain.ru" aaa authentication administrator local aaa authentication administrator maximum sessions 1 aaa authentication subscriber radius aaa accounting subscriber radius aaa update subscriber 10 aaa accounting event dhcp aaa accounting suppress-acct-on-fail radius accounting server 10.64.0.98 encrypted-key ***************** radius coa server 10.64.0.98 encrypted-key ************** port 1700 radius server 10.64.0.98 encrypted-key ***************** radius attribute nas-ip-address interface to-L3-Relay-001 radius attribute calling-station-id format agent-circuit-id agent-remote-id non-ascii radius attribute calling-station-id separator # radius attribute nas-port format session-info radius attribute nas-identifier Redback subscriber default qos policy policing default-in qos policy metering default-out dhcp max-addrs 1 flow apply admission-control profile heavy-user bidirectional flow apply ip profile p1 both radius service profile RSE-BASED-INET-LOCAL parameter value Rate-Inet 1000 parameter value Burst-Inet 125000 parameter value ExBurst-Inet 250000 parameter value Rate-Local 1000 parameter value Burst-Local 125000 parameter value ExBurst-Local 250000 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local" seq 170 attribute Service-Interim-Accounting 1200 radius service profile service1024 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 1000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 125000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 250000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 1000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 125000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 250000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 900 radius service profile service2048 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 2000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 250000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 500000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 2000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 250000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 500000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 1200 radius service profile service3072 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 3000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 375000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 750000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 3000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 375000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 750000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 1200 radius service profile service4096 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 4000" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 500000" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 1000000" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 4000" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 500000" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 1000000" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000" seq 170 attribute Service-Interim-Accounting 1200 radius service profile service512 parameter value Rate-Inet 500 parameter value Burst-Inet 62500 parameter value ExBurst-Inet 125000 parameter value Rate-Local 50000 parameter value Burst-Local 6250000 parameter value ExBurst-Local 125000000 accounting in qos "cls-Local cls-Inet" accounting out qos "cls-Local cls-Inet" seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos" seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos" seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos" seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos" seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet" seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet" seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet" seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet" seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet" seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet" seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local" seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local" seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local" seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local" seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local" seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local" seq 170 attribute Service-Interim-Accounting 1200 ip route 0.0.0.0/0 context local ip route 10.64.0.96/29 172.16.5.5 connected tag 101 ip route 10.64.0.184/29 10.64.10.1 connected tag 777 dhcp relay option dhcp relay server 10.64.0.98 flow collector ideco ip-address 10.64.0.98 context arm port 9996 export-version v5 ip profile p1 logging tdm console logging active logging standby short forward policy NOAUTH-IPOE access-group HTTP-REDIRECT arm class CLS-NORMAL class CLS-REDIRECT redirect destination local class CLS-DROP drop qos policy default-in policing radius-guided access-group acl-classess-in arm class cls-Local rate 2000 burst 25000 excess-burst 500000 class cls-Inet rate 2000 burst 25000 excess-burst 500000 rate-calculation exclude layer-2-overhead qos policy default-out metering radius-guided access-group acl-classess-out arm class cls-Local rate 2000 burst 25000 excess-burst 500000 class cls-Inet rate 2000 burst 25000 excess-burst 500000 rate-calculation exclude layer-2-overhead snmp server traps ifmib encaps traps ifmib ip snmp engine-id local 10:10:10:10:10 snmp view Inet-View internet included snmp community public view Inet-View system clock timezone MSK 0 0 http-redirect server port 80 card carrier 2 mic 1 ge-2-port mic 2 ge-2-port port ethernet 2/1 no auto-negotiate no shutdown encapsulation dot1q dot1q pvc 150 bind interface vlan150-upravlenie local dot1q pvc 177 bind interface to-L3-Relay-001 arm service clips dhcp context arm port ethernet 2/2 no auto-negotiate speed 100 no shutdown medium-type copper bind interface GNC local port ethernet 2/15 no auto-negotiate no shutdown encapsulation dot1q dot1q pvc 99 bind interface vlan99-colocation local boot configuration tmplt1.cfg no service console-break service crash-dump-dram no service auto-system-recovery end