Cisco-2911 公司网络配置

show run
dnamedtech_c2921#show running-config  
Building configuration...

Current configuration : 7276 bytes
!
! Last configuration change at 18:26:40 cst Tue Nov 21 2017
! NVRAM config last updated at 18:26:41 cst Tue Nov 21 2017
!
version 15.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname dnamedtech_c2921
!
boot-start-marker
boot system flash:/c2900-universalk9-mz.SPA.154-3.M8.bin
warm-reboot
boot-end-marker
!
!
logging exception 40960
logging buffered 40960
enable secret 5 $1$SL.J$xQqrEMc22GXGa4wQUQtUx.
enable password 7 0622062F43580848544543
!
no aaa new-model
clock timezone cst 8 0
!
no ip source-route
!
ip dhcp excluded-address 10.1.4.1 10.1.4.20
ip dhcp excluded-address 10.1.5.1 10.1.5.20
ip dhcp excluded-address 10.1.8.1 10.1.8.20
ip dhcp excluded-address 10.1.16.1 10.1.16.20
ip dhcp excluded-address 10.1.17.1 10.1.17.20
ip dhcp excluded-address 10.1.18.1 10.1.18.20
ip dhcp excluded-address 10.1.19.1 10.1.19.20
!
ip dhcp pool vlan4
 network 10.1.4.0 255.255.255.0
 default-router 10.1.4.1 
 dns-server 202.101.172.35 202.101.172.46 
!
ip dhcp pool vlan5
 network 10.1.5.0 255.255.255.0
 default-router 10.1.5.1 
 dns-server 202.101.172.35 202.101.172.46 
!
ip dhcp pool vlan8
 network 10.1.8.0 255.255.255.0
 default-router 10.1.8.1 
 dns-server 202.101.172.35 202.101.172.46 
!
ip dhcp pool vlan16
 network 10.1.16.0 255.255.255.0
 default-router 10.1.16.1 
 dns-server 202.101.172.35 202.101.172.46 
 lease 0 4
!
ip dhcp pool vlan17
 network 10.1.17.0 255.255.255.0
 default-router 10.1.17.1 
 dns-server 202.101.172.35 202.101.172.46 
 lease 0 4
!
ip dhcp pool vlan18
 network 10.1.18.0 255.255.255.0
 default-router 10.1.18.1 
 dns-server 202.101.172.35 202.101.172.46 
 lease 0 4
!
ip dhcp pool vlan19
 network 10.1.19.0 255.255.255.0
 default-router 10.1.19.1 
 dns-server 202.101.172.35 202.101.172.46 
 lease 0 4
!
!
!
ip dhcp snooping
no ip domain lookup
ip name-server 114.114.114.114
ip name-server 202.101.172.35
ip name-server 202.101.172.46
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group dna-vpn
 ! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
!
cts logging verbose
!
!
license udi pid CISCO2921/K9 sn FGL154511CN
!
!
username admin privilege 15 secret 5 $1$oFWn$4Ur1kw5kIwBrwaiwi1So8/
username ls password 7 101C5E485D
!
redundancy
!
interface Loopback1
 ip address 10.1.20.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 ip nat inside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0.4
 encapsulation dot1Q 4
 ip address 10.1.4.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
!
interface GigabitEthernet0/0.5
 encapsulation dot1Q 5
 ip address 10.1.5.1 255.255.255.0
!
interface GigabitEthernet0/0.8
 encapsulation dot1Q 8
 ip address 10.1.8.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 ip policy route-map server2ctnet
!
interface GigabitEthernet0/0.16
 encapsulation dot1Q 16
 ip address 10.1.16.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
!
interface GigabitEthernet0/0.17
 encapsulation dot1Q 17
 ip address 10.1.17.1 255.255.255.0
 ip access-group 117 in
 ip nat inside
 no ip virtual-reassembly in
!
interface GigabitEthernet0/0.18
 encapsulation dot1Q 18
 ip address 10.1.18.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
!
interface GigabitEthernet0/0.19
 encapsulation dot1Q 19
 ip address 10.1.19.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
!
interface GigabitEthernet0/1
 description CTNET
 ip address 1.1.1.1 255.255.255.248
 no ip redirects
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description Telecom_PPPoE
 no ip address
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Virtual-Template1
 ip unnumbered GigabitEthernet0/1
 peer default ip address pool l2tp
 ppp mtu adaptive
 ppp authentication pap chap ms-chap-v2 callin
!
interface Dialer1
 bandwidth 1000000
 ip address negotiated
 ip mtu 1492
 ip nat outside
 no ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp authentication pap callin
 ppp pap sent-username 057127814906 password 7 08751B1E5E4852
!
ip local pool l2tp 3.3.4.128 3.3.4.240
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip tftp source-interface GigabitEthernet0/0.8
ip dns server
ip nat inside source list Server interface GigabitEthernet0/1 overload
ip nat inside source route-map host interface Dialer1 overload
ip nat inside source route-map host_2 interface Dialer1 overload
ip nat inside source static udp 10.1.8.11 500 122.224.247.154 500 extendable
ip nat inside source static tcp 10.1.4.12 902 122.224.247.154 902 extendable
ip nat inside source static udp 10.1.8.11 1701 122.224.247.154 1701 extendable
ip nat inside source static tcp 10.1.8.11 1723 122.224.247.154 1723 extendable
ip nat inside source static udp 10.1.8.11 4500 122.224.247.154 4500 extendable
ip nat inside source static tcp 10.1.4.12 443 122.224.247.154 9444 extendable
ip nat inside source static tcp 10.1.8.12 9801 122.224.247.154 9801 extendable
ip nat inside source static tcp 10.1.8.12 9802 122.224.247.154 9802 extendable
ip nat inside source static tcp 10.1.8.12 9803 122.224.247.154 9803 extendable
ip nat inside source static tcp 10.1.8.11 22 122.224.247.154 9922 extendable
ip nat inside source static tcp 10.1.8.11 80 122.224.247.154 9980 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 1.1.1.1 100
ip route 3.3.3.0 255.255.255.0 10.1.8.11 name pptp_vpn
!
ip access-list extended Server
 permit ip 10.1.8.0 0.0.7.255 any
ip access-list extended t3001
 deny   tcp any any eq telnet
 permit tcp any any eq 3001
!
kron occurrence daily at 1:00 recurring
 policy-list backupconfig
!
kron policy-list backupconfig
 cli show run | redirect tftp://10.1.8.11/c2911-config.cfg
!
!
route-map host permit 10
 match ip address 150
 match interface Dialer1 GigabitEthernet0/2
!
route-map server2ctnet permit 10
 match ip address 101
 set ip next-hop 122.224.247.153
!
route-map host_2 permit 10
 match ip address 150
 match interface GigabitEthernet0/2
!
!
snmp-server community dinova RO
access-list 101 deny   ip 10.1.16.0 0.0.7.255 3.3.4.0 0.0.0.255
access-list 101 permit ip 10.1.8.0 0.0.7.255 any
access-list 117 permit udp 10.1.17.0 0.0.0.255 any eq domain
access-list 117 deny   ip 10.1.17.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 117 permit ip any any
access-list 150 deny   ip 10.1.16.0 0.0.7.255 3.3.4.0 0.0.0.255
access-list 150 permit ip 10.1.16.0 0.0.7.255 any
!
control-plane
!
!
 vstack
!
line con 0
 password 7 02220D5504100E701E1D
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class t3001 in
 password 7 112D100B18040A5D55787A
 login
 rotary 1
 length 0
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp server 133.100.11.8
!
end