========
Gateway#sh startup-config
Using 6917 out of 2095096 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret XXXXXX
!
no aaa new-model
ip source-route
ip wccp 80 redirect-list E1
ip wccp 90 redirect-list E2
ip cef
!
!
!
!
ip accounting-threshold 4294967295
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username TTTT password TTTTTTTT
archive
log config
hidekeys
!
!
!
!
!
!
class-map match-any WEB_SENSTIVE
match protocol http mime "text*"
match protocol http mime "image*"
match protocol http mime "application/x-javascript"
match protocol http mime "application/javascript"
match protocol http mime "application/xml"
class-map match-all ICMP
match protocol icmp
class-map match-all P2P
match protocol bittorrent
match protocol kazaa2
match protocol fasttrack
match protocol gnutella
match protocol edonkey
class-map match-all BAD_USER1
match access-group name BAD_USER1
class-map match-all BUS
match access-group name BUS
class-map match-all VIP
match access-group name VIP
class-map match-any VIDEO
match protocol http mime "video*"
class-map match-any MANAGMENT
match protocol snmp
match protocol telnet
match protocol ssh
match protocol ospf
match protocol bgp
match protocol dns
!
!
policy-map BAD_USER
class BAD_USER1
police cir 4000000 bc 125000 be 125000
conform-action transmit
exceed-action drop
violate-action drop
class WEB_SENSTIVE
bandwidth percent 40
class ICMP
priority 1000
class MANAGMENT
bandwidth percent 4
class P2P
shape average percent 1
class VIDEO
bandwidth percent 40
class VIP
priority 6000
class class-default
policy-map TEST
class class-default
shape average 33000000
policy-map TEST2
class class-default
!
!
!
!
!
interface GigabitEthernet0/1
description LAN to BRAS
bandwidth 230000
ip address 10.160.150.2 255.255.255.0
ip wccp 80 redirect in
ip policy route-map CACHE-REDIRECT
load-interval 30
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
description Cache
bandwidth 150000
ip address XXXXXXXXXX
ip wccp redirect exclude in
load-interval 30
duplex auto
speed 1000
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
description Internet from XXXXXXl
bandwidth 230000
ip address XXXXX
ip wccp 90 redirect in
load-interval 30
duplex full
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3.11
description InternetXXXXXXl
encapsulation dot1Q 11
ip address XXXXX
ip wccp 90 redirect in
!
router bgp XXXXX
no synchronization
bgp log-neighbor-changes
network XXXX mask 255.255.254.0
network XXXX mask 255.255.255.0
network XXXX mask 255.255.255.0
network 1XXXX mask 255.255.255.128
network XXXXX mask 255.255.254.0
network XXXXX mask 255.255.252.0
network XXXX mask 255.255.252.0
network 1XXXXXXX.0 mask 255.255.252.0
redistribute connected
neighbor XXXXX remote-as XXXXX
neighbor XXXXX route-map XXXXout
neighbor XXXX remote-as XXX
neighbor XXXX route-map XXX out
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 XXXX
ip route XXXXXX 255.255.254.0 10.160.150.1
ip route XXXX 255.255.255.128 10.160.150.1
ip route XXXXX 255.255.254.0 10.160.150.1
ip route XXXX 255.255.252.0 10.160.150.1
ip route XXXXX 255.255.252.0 10.160.150.1
ip route XXXXX0 255.255.252.0 10.160.150.1
no ip http server
no ip http secure-server
!
!
!
ip access-list extended BAD_USER1
permit ip any XXXX 0.0.0.3
permit ip any XXXX 0.0.0.15
permit ip any XXXX 0.0.0.15
permit ip any XXXX 0.0.0.31
permit ip any XXXXX0.0.0.7
ip access-list extended YYYY
permit ip XXX 0.0.1.255 any
ip access-list extended BUS
permit ip any XXXXX
permit ip any XXXXX
ip access-list extended CACHE80
deny tcp any host XXXXXeq www
deny tcp host XXXXX any eq www
deny tcp any host 9XXXX eq www
permit tcp X5 any eq www
permit tcp XXXX any eq www
permit tcp XXXX5 any eq www
permit tcp XXXXX.255 any eq www
ip access-list extended CACHE90
permit tcp any XXXX0 0.0.0.255
permit tcp any XXXX8.0 0.0.3.255
permit tcp any 1XXX0 0.0.3.255
permit tcp any 1XXXX6.0 0.0.3.255
ip access-list extended XXXXX
permit ip XXXX0.0.1.255 any
permit ip 1XXXX.3.255 any
permit ip XXXX5 any
permit ip XXXXXXXXDMZ
permit ip any XXX
ip access-list extended VIP
permit ip any XXXXXX
ip access-list extended wireless
permit ip any XXXXXX!
!
ip prefix-list Y seq 5 permit XXXXX
ip prefix-list Y seq 10 permit XXXX
!
ip prefix-list Y seq 5 permit XXXX
ip prefix-list Y seq 10 permit XX
ip prefix-list YL seq 15 permit XXX
ip prefix-list YL seq 20 permit 1XXX
!
ip prefix-list paltelisp1 seq 5 permit XXXX
!
ip prefix-list paltelisp2 seq 5 permit XXXX
access-list 10 permit XXXX
access-list 10 permit XXXX
access-list 100 permit ip host XXXXXX any
access-list 111 permit ip any XXXXX
!
!
!
!
route-map PALTEL permit 10
match ip address prefix-list PrefPALTEL
!
route-map XXX permit 10
match ip address prefix-list XXX
set as-path prepend XX 5XX5 5XX5 5X
!
route-map TOPALTEL permit 20
match ip address prefix-list XXXX
!
route-map XXXX permit 10
match ip address prefix-list XXX
!
route-map XXXXpermit 10
match ip address prefix-list XXXX
set as-path prepend XXXXXX
!
route-map XXXX permit 20
match ip address prefix-list XXXX
!
route-map CACHE-REDIRECT permit 5
match ip address TO_DMZ
!
route-map CACHE-REDIRECT permit 10
match ip address 100
set ip next-hop XXXX
!
route-map CACHE-REDIRECT permit 20
match ip address XXX
set ip next-hop XXXXX!
route-map CACHE-REDIRECT permit 30
match ip address XXXX
set ip next-hop XXXXX
!
route-map CACHE-REDIRECT permit 100
!
!
snmp-server community Gateway RO
!
control-plane
!
!
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
password XXXXXXXX
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password XXXXXXXXX
login
!
end
المشاركة الأصلية كتبت بواسطة sheno
ضوابط المشاركة
المفضلات