Jump to content

Richtige Config setzen? Cisco 1812K9


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Recommended Posts

Hallo Liebe Gemeinde,

 

ich brauche eure Hilfe mein Lataien ist am ende

ich habe einen Cisco Router1812 K9 dieser ist mit Vlan 1 configuriert allerdings bekomme ich mit den Clients keine Verbindung ins Netz über diesen Router und auch keine von aussen auf die forts?

Warum was ist falsch?!

 

anbei die aktuelle Config!

 

Building configuration...

 

Current configuration : 12549 bytes

!

! Last configuration change at 08:56:45 Berlin Sat Jul 2 2011 by Admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname WCS-IT_CISCO_ROUTER

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

no logging buffered

enable secret 5 $1$Y4S6$yNZkU6uzD9Q7Bfy53lQu3.

enable password XXXXXXXX

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

clock timezone Berlin 1

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

!

crypto pki trustpoint TP-self-signed-3776332574

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3776332574

revocation-check none

rsakeypair TP-self-signed-3776332574

!

!

crypto pki certificate chain TP-self-signed-3776332574

certificate self-signed 01

3082025C 308201C5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33373736 33333235 3734301E 170D3131 30353133 30383534

33375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37373633

33323537 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100AE04 4D2991DF 084E9EDD 82F9B42A 85F2FC53 3994A79D A269A45B B23744BC

B9642EE1 31B415D3 2CBE9D59 6615445D 9CCF5202 151FD06D 4C0159CB 2E41FF5E

87D0A680 C3AF8569 DFC3CD5D 736C569C 98F270FB 92717156 6F333919 69387BD6

BBC42DC5 1976EE4B 3B5018E1 E209EA03 32FC42CE 0F52DAA7 C6D165D5 DCF9F461

3DB70203 010001A3 81833081 80300F06 03551D13 0101FF04 05300301 01FF302D

0603551D 11042630 24822257 43532D49 545F4349 53434F5F 524F5554 45522E7A

656E7472 616C652E 6C6F6361 6C301F06 03551D23 04183016 8014FC9B 70E5CD80

81EA0831 8903C636 E5252DFE 8102301D 0603551D 0E041604 14FC9B70 E5CD8081

EA083189 03C636E5 252DFE81 02300D06 092A8648 86F70D01 01040500 03818100

75804B67 1604F15F 9074B52F 1CFABDE2 30AF027C 24A1620D 3785FF0C A91D0963

C4D9D1EF 8DDF9D7D 080B728D E1289010 C5F3BCC3 8B7E79B6 65558E23 297E3530

44230E0D 922AB554 72A89B2A 67775B88 CC0D6FDE 466BF604 265ADBD8 04FDE64E

027A13D1 D1864B60 AD3E9CD1 863F09A4 9CDACF57 21F0E9C0 DB89554A 6B70EC4C

quit

dot11 syslog

ip source-route

!

!

!

!

ip cef

ip domain name zentrale.local

ip name-server 192.168.0.1

ip name-server 192.168.0.2

ip name-server 213.172.96.18

ip name-server 213.172.97.18

ip port-map user-protocol--2 port tcp 20

ip port-map user-protocol--3 port tcp 8333

ip port-map user-protocol--1 port tcp 8000

ip port-map user-protocol--4 port tcp 8787

ip ips notify SDEE

ip ips name myips

no ipv6 cef

!

multilink bundle-name authenticated

!

vpdn enable

!

parameter-map type regex sdm-regex-nonascii

pattern [^\x00-\x80]

 

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com

 

parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com

Link to comment

parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com

 

!

!

!

spanning-tree vlan 1 priority 0

username admin privilege 15 secret 5 $1$9mue$oXAjBVHEYxjduIfKMBJIJ.

!

!

crypto isakmp policy 1

encr 3des

group 2

crypto isakmp key helferchen hostname Sony-Laptop.zentrale.local no-xauth

!

crypto isakmp client configuration group Zentrale

key XXXXXXXXXXXX

dns 192.168.0.1 192.168.0.2

wins 192.168.0.1 192.168.0.2

domain Zentrale

pool SDM_POOL_2

save-password

include-local-lan

backup-gateway Server.zentrale.local

max-users 50

max-logins 10

netmask 255.255.255.192

banner ^C*************************************************************************

***** SIE WERDEN JETZT MIT DER ZENTRALE VERBUNDEN *****

**************************************************************************

****** BITTE HABEN SIE GEDULD ES DAUERT NOCH ETWAS *****

************************************************************************** ^C

!

!

archive

log config

hidekeys

!

!

!

class-map match-any SDM-Transactional-1

match dscp af21

match dscp af22

match dscp af23

class-map match-any SDM-Signaling-1

match dscp cs3

match dscp af31

class-map match-any SDM-Scavenger-1

match dscp cs1

class-map match-any SDM-Routing-1

match dscp cs6

class-map match-any SDM-Voice-1

match dscp ef

class-map match-any SDM-Streaming-Video-1

match dscp cs4

class-map type inspect match-any SDM_SSH

match access-group name SDM_SSH

class-map type inspect match-any SDM_HTTPS

match access-group name SDM_HTTPS

class-map match-any SDM-Management-1

match dscp cs2

class-map type inspect match-any SDM_SHELL

match access-group name SDM_SHELL

class-map match-any SDM-Interactive-Video-1

match dscp af41

class-map match-any SDM-BulkData-1

match dscp af11

match dscp af12

match dscp af13

!

Link to comment

!

policy-map SDM-QoS-Policy-1

class SDM-Voice-1

priority percent 33

class SDM-Signaling-1

bandwidth percent 5

class SDM-Routing-1

bandwidth percent 5

class SDM-Management-1

bandwidth percent 5

class SDM-Transactional-1

bandwidth percent 5

class class-default

fair-queue

random-detect

!

!

!

!

interface FastEthernet0

no ip address

ip virtual-reassembly

shutdown

speed 100

full-duplex

no cdp enable

!

interface FastEthernet1

description WAN WCS-IT$ETH-WAN$$FW_OUTSIDE$

ip address 82.100.196.3 255.255.255.248

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

no cdp enable

service-policy output SDM-QoS-Policy-1

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

no cdp enable

!

interface FastEthernet2

switchport mode trunk

duplex full

no cdp enable

spanning-tree portfast

!

interface FastEthernet3

shutdown

no cdp enable

!

interface FastEthernet4

shutdown

no cdp enable

!

interface FastEthernet5

shutdown

no cdp enable

!

interface FastEthernet6

shutdown

no cdp enable

!

interface FastEthernet7

shutdown

no cdp enable

!

interface FastEthernet8

shutdown

no cdp enable

!

interface FastEthernet9

shutdown

no cdp enable

!

interface Vlan1

ip address 192.168.0.200 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

!

interface Dialer0

no ip address

shutdown

!

router rip

version 1

passive-interface Vlan1

network 192.168.0.0

no auto-summary

!

ip local pool SDM_POOL_1 192.168.1.110 192.168.1.111

ip local pool SDM_POOL_2 192.168.5.200 192.168.5.250

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 82.100.196.1 permanent

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip flow-cache timeout active 1

!

ip nat inside source static tcp 192.168.0.17 80 interface FastEthernet1 5555

ip nat inside source static tcp 192.168.0.1 444 interface FastEthernet1 444

!

ip access-list standard local

!

ip access-list extended SDM_HTTPS

remark SDM_ACL Category=1

permit tcp any any eq 443

ip access-list extended SDM_SHELL

remark SDM_ACL Category=1

permit tcp any any eq cmd

ip access-list extended SDM_SSH

remark SDM_ACL Category=1

permit tcp any any eq 22

!

logging trap debugging

logging facility syslog

Link to comment

logging trap debugging

logging facility syslog

logging 192.168.0.21

access-list 1 remark INSIDE_IF=FastEthernet0

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 remark INSIDE_IF=FastEthernet1

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.168.1.0 0.0.0.255

access-list 100 deny tcp any eq www any

access-list 100 deny tcp any eq 5555 any

access-list 100 deny tcp any eq smtp any

access-list 100 deny tcp any eq 8787 any

access-list 100 deny tcp any eq 8333 any

access-list 100 deny tcp any eq 8222 any

access-list 101 deny ip any any

access-list 102 deny udp any eq netbios-dgm any

access-list 102 deny udp any eq netbios-ns any

access-list 102 deny udp any eq netbios-ss any

access-list 102 deny udp any range snmp snmptrap any

access-list 102 deny udp any range bootps bootpc any

access-list 102 deny tcp any eq 137 any

access-list 102 deny tcp any eq 138 any

access-list 102 deny tcp any eq 139 any

access-list 102 permit ip any any

dialer-list 1 protocol ip permit

Link to comment

snmp-server community cisco RW

snmp-server trap-source FastEthernet1

snmp-server location XXXXXXXXXXXXXXXXXXX

snmp-server contact XXXXXXXXXXXXXXXXXXXXXXXX

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps tty

snmp-server enable traps eigrp

snmp-server enable traps flash insertion removal

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps isdn chan-not-avail

snmp-server enable traps isdn ietf

snmp-server enable traps envmon

snmp-server enable traps disassociate

snmp-server enable traps deauthenticate

snmp-server enable traps authenticate-fail

snmp-server enable traps dot11-qos

snmp-server enable traps switch-over

snmp-server enable traps rogue-ap

snmp-server enable traps wlan-wep

snmp-server enable traps atm subif

snmp-server enable traps bgp

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency

snmp-server enable traps cnpd

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps dlsw

snmp-server enable traps entity

snmp-server enable traps fru-ctrl

snmp-server enable traps resource-policy

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps msdp

snmp-server enable traps mvpn

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps pppoe

snmp-server enable traps cpu threshold

snmp-server enable traps rsvp

snmp-server enable traps ipsla

snmp-server enable traps syslog

snmp-server enable traps l2tun session

snmp-server enable traps l2tun pseudowire status

snmp-server enable traps pw vc

snmp-server enable traps event-manager

snmp-server enable traps firewall serverstatus

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server host 192.168.0.1 cisco

no cdp run

Link to comment

!

!

!

!

!

!

!

control-plane

!

banner motd ^C

**********************************************

** HELLO OF CISCO 1812 K9 ROUTER **

** PLEASE MAKE A COMMAND **

** THANKS **

**********************************************

`^C

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password XXXXXXXXXX

transport input telnet ssh

!

no process cpu extended

no process cpu autoprofile hog

ntp master

ntp server 192.168.0.1

end

Link to comment

welcher switch ? Wie ist dessen upolink port konfiguriert ?

Ist der port zwischen router und switch up ?

wie ist einer der ports zu den clients konfiguriert ?

können die clients überhaupt ihr gateway erreichen ?

Was heisst " von externer Quelle getestet" ? Vversuchst du da einen der statics ?

Link to comment
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...