Вы просматриваете старую версию данной страницы. Смотрите текущую версию.
Сравнить с текущим |
просмотр истории страницы
Для настраивающих данное оборудование впервые будет полезно прочитать данный конфигурационный файл полностью.
Для более опытных специалистов интересующая информация (создание сервисов) выделена курсивом.
service multiple-contexts
service inter-context routing
!
flow admission-control profile heavy-user
max-flows-per-circuit 100
sustained-creation-rate 10
burst-creation-rate 20
!
flow ip profile p1
active-timeout 1000
inactive-timeout 10
aggregation-cache-size 8192
!
context local
!
no ip domain-lookup
!
interface GNC
ip address 192.168.97.166/30
!
interface vlan150-upravlenie
ip address 172.16.10.1/24
ip access-group acl-for-v150-relays-only in
!
interface vlan99-colocation
ip address 172.16.5.1/24
logging console
!
ip access-list acl-for-v150-relays-only
seq 10 permit ip 172.16.10.0 0.0.0.255
seq 20 permit ip host 10.64.0.178
!
ip access-list admin-access
seq 10 permit tcp any any eq ssh
seq 20 deny tcp any any eq telnet
!
ip prefix-list MyBGPAllOut
description Filter BGP Out My Networks
seq 10 permit 10.128.72.0/21
!
router bgp 12345
router-id 192.168.97.166
address-family ipv4 unicast
redistribute static
aggregate-address 10.128.72.0/21
network 10.128.72.0/21
!
neighbor 192.168.97.165 external
remote-as 54321
address-family ipv4 unicast
prefix-list MyBGPAllOut out
!
enable encrypted 1 $1$........$here was a hash
!
aaa authentication administrator local
aaa authentication administrator maximum sessions 12
!
administrator ***** encrypted *********************.
administrator ro encrypted ********************
!
ip route 0.0.0.0/0 192.168.97.165
ip route 4.4.4.4/32 context arm
ip route 10.64.10.0/30 context arm
ip route 10.64.0.96/29 172.16.5.5 connected tag 101
ip route 10.64.0.160/28 172.16.172.16 connected tag 200
ip route 10.64.0.176/29 172.16.5.5 connected tag 199
ip route 10.64.0.184/29 context arm
ip route 10.128.72.0/26 172.16.5.5 connected tag 101
ip route 10.128.72.0/21 null0 distance 200
no service telnet server
!
context arm
!
no ip domain-lookup
!
interface clients_10.64.0.184/29 multibind
ip address 10.64.0.190/29
dhcp proxy 254
!
interface loop0 loopback
ip address 4.4.4.4/32
!
interface to-L3-Relay-001 p2p
ip address 10.64.192.168/30
ip source-address radius dhcp-server flow-ip
ip access-group acl-for-l3-relays-only in
no logging console
!
ip access-list acl-for-l3-relays-only
seq 10 permit ip 10.64.0.160 0.0.0.15
seq 20 permit ip host 10.64.0.178
seq 30 permit ip host 10.64.0.185
seq 40 permit ip 172.16.0.0 0.0.255.255
!
policy access-list HTTP-REDIRECT
seq 10 permit ip any host 8.8.8.8 class CLS-NORMAL
seq 20 permit ip any host 8.8.4.4 class CLS-NORMAL
seq 30 permit tcp any host 10.64.0.98 eq 67 class CLS-NORMAL
seq 31 permit tcp any host 10.64.0.98 eq 68 class CLS-NORMAL
seq 35 permit tcp any host 15.16.17.18 eq www class CLS-NORMAL
seq 40 permit tcp any any eq www class CLS-REDIRECT
seq 50 permit ip any any class CLS-DROP
!
policy access-list acl-classess-in
seq 10 permit ip any 172.16.5.0 0.0.0.255 class cls-Local
seq 20 permit ip any 10.64.0.184 0.0.0.7 class cls-Local
seq 30 permit ip any any class cls-Inet
!
policy access-list acl-classess-out
seq 10 permit ip 172.16.5.0 0.0.0.255 any class cls-Local
seq 20 permit ip 10.64.0.184 0.0.0.7 any class cls-Local
seq 30 permit ip any any class cls-Inet
!
http-redirect profile NOAUTH
url "http://vpn.mydomain.ru"
!
aaa authentication administrator local
aaa authentication administrator maximum sessions 1
aaa authentication subscriber radius
aaa accounting subscriber radius
aaa update subscriber 10
aaa accounting event dhcp
aaa accounting suppress-acct-on-fail
radius accounting server 10.64.0.98 encrypted-key *****************
radius coa server 10.64.0.98 encrypted-key ************** port 1700
!
radius server 10.64.0.98 encrypted-key *****************
radius attribute nas-ip-address interface to-L3-Relay-001
radius attribute calling-station-id format agent-circuit-id agent-remote-id non-ascii
radius attribute calling-station-id separator #
radius attribute nas-port format session-info
radius attribute nas-identifier Redback
!
subscriber default
qos policy policing default-in
qos policy metering default-out
dhcp max-addrs 1
flow apply admission-control profile heavy-user bidirectional
flow apply ip profile p1 both
!
radius service profile RSE-BASED-INET-LOCAL
parameter value Rate-Inet 1000
parameter value Burst-Inet 125000
parameter value ExBurst-Inet 250000
parameter value Rate-Local 1000
parameter value Burst-Local 125000
parameter value ExBurst-Local 250000
accounting in qos "cls-Local cls-Inet"
accounting out qos "cls-Local cls-Inet"
seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local"
seq 170 attribute Service-Interim-Accounting 1200
!
radius service profile service1024
accounting in qos "cls-Local cls-Inet"
accounting out qos "cls-Local cls-Inet"
seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 1000"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 125000"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 250000"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 1000"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 125000"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 250000"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"
seq 170 attribute Service-Interim-Accounting 900
!
radius service profile service2048
accounting in qos "cls-Local cls-Inet"
accounting out qos "cls-Local cls-Inet"
seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 2000"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 250000"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 500000"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 2000"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 250000"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 500000"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"
seq 170 attribute Service-Interim-Accounting 1200
!
radius service profile service3072
accounting in qos "cls-Local cls-Inet"
accounting out qos "cls-Local cls-Inet"
seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 3000"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 375000"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 750000"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 3000"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 375000"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 750000"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"
seq 170 attribute Service-Interim-Accounting 1200
!
radius service profile service4096
accounting in qos "cls-Local cls-Inet"
accounting out qos "cls-Local cls-Inet"
seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute 4000"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet 500000"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet 1000000"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute 4000"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet 500000"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet 1000000"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute 50000"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local 6250000"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local 125000000"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute 50000"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local 6250000"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local 125000000"
seq 170 attribute Service-Interim-Accounting 1200
!
radius service profile service512
parameter value Rate-Inet 500
parameter value Burst-Inet 62500
parameter value ExBurst-Inet 125000
parameter value Rate-Local 50000
parameter value Burst-Local 6250000
parameter value ExBurst-Local 125000000
accounting in qos "cls-Local cls-Inet"
accounting out qos "cls-Local cls-Inet"
seq 10 attribute Dynamic-Policy-Filter "ip in forward class cls-Inet qos"
seq 20 attribute Dynamic-Policy-Filter "ip out forward class cls-Inet qos"
seq 30 attribute Dynamic-Policy-Filter "ip in forward class cls-Local qos"
seq 40 attribute Dynamic-Policy-Filter "ip out forward class cls-Local qos"
seq 50 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Inet rate-absolute $Rate-Inet"
seq 60 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Inet $Burst-Inet"
seq 70 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Inet $ExBurst-Inet"
seq 80 attribute Dynamic-Qos-Parameter "police-class-rate cls-Inet rate-absolute $Rate-Inet"
seq 90 attribute Dynamic-Qos-Parameter "police-class-burst cls-Inet $Burst-Inet"
seq 100 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Inet $ExBurst-Inet"
seq 110 attribute Dynamic-Qos-Parameter "meter-class-rate cls-Local rate-absolute $Rate-Local"
seq 120 attribute Dynamic-Qos-Parameter "meter-class-burst cls-Local $Burst-Local"
seq 130 attribute Dynamic-Qos-Parameter "meter-class-excess-burst cls-Local $ExBurst-Local"
seq 140 attribute Dynamic-Qos-Parameter "police-class-rate cls-Local rate-absolute $Rate-Local"
seq 150 attribute Dynamic-Qos-Parameter "police-class-burst cls-Local $Burst-Local"
seq 160 attribute Dynamic-Qos-Parameter "police-class-excess-burst cls-Local $ExBurst-Local"
seq 170 attribute Service-Interim-Accounting 1200
!
ip route 0.0.0.0/0 context local
ip route 10.64.0.96/29 172.16.5.5 connected tag 101
ip route 10.64.0.184/29 10.64.10.1 connected tag 777
!
dhcp relay option
dhcp relay server 10.64.0.98
!
flow collector ideco
ip-address 10.64.0.98 context arm
port 9996
export-version v5
ip profile p1
!
logging tdm console
logging active
logging standby short
!
forward policy NOAUTH-IPOE
access-group HTTP-REDIRECT arm
class CLS-NORMAL
class CLS-REDIRECT
redirect destination local
class CLS-DROP
drop
!
qos policy default-in policing radius-guided
access-group acl-classess-in arm
class cls-Local
rate 2000 burst 25000 excess-burst 500000
class cls-Inet
rate 2000 burst 25000 excess-burst 500000
rate-calculation exclude layer-2-overhead
!
qos policy default-out metering radius-guided
access-group acl-classess-out arm
class cls-Local
rate 2000 burst 25000 excess-burst 500000
class cls-Inet
rate 2000 burst 25000 excess-burst 500000
rate-calculation exclude layer-2-overhead
!
snmp server
traps ifmib encaps
traps ifmib ip
snmp engine-id local 10:10:10:10:10
snmp view Inet-View internet included
snmp community public view Inet-View
!
system clock timezone MSK 0 0
!
http-redirect server
port 80
!
card carrier 2
mic 1 ge-2-port
mic 2 ge-2-port
!
port ethernet 2/1
no auto-negotiate
no shutdown
encapsulation dot1q
dot1q pvc 150
bind interface vlan150-upravlenie local
dot1q pvc 177
bind interface to-L3-Relay-001 arm
service clips dhcp context arm
!
port ethernet 2/2
no auto-negotiate
speed 100
no shutdown
medium-type copper
bind interface GNC local
!
port ethernet 2/15
no auto-negotiate
no shutdown
encapsulation dot1q
dot1q pvc 99
bind interface vlan99-colocation local
!
boot configuration tmplt1.cfg
no service console-break
service crash-dump-dram
no service auto-system-recovery
!
end