成功配置,已经调试成功的说!
hongyi#show run
Building configuration...

Current configuration : 4655 bytes
!
! Last configuration change at 04:47:29 UTC Sun Apr 25 2004 by tonyxue
! NVRAM config last updated at 04:47:50 UTC Sun Apr 25 2004 by tonyxue
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hongyi
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$nyjl$3Q7avJNhGMGg9h8S3TxL01
!
username tonyxue password 7 110B0B0C101A1F010524
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login hongyi_authen group tacacs+
aaa authentication login no_tacasc enable
aaa authentication login line_vty local
aaa authorization network hongyi_author local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
ip dhcp excluded-address 172.16.0.1 172.16.0.220
!
ip dhcp pool hongyi
network 172.16.0.0 255.255.255.0
dns-server 202.96.209.5 202.96.209.133
default-router 172.16.0.10
lease 30
!
no ip bootp server
ip cef
ip inspect audit-trail
ip inspect name firewall cuseeme
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall ftp
ip inspect name firewall h323
ip inspect name firewall icmp
ip inspect name firewall netshow
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall rtsp
ip inspect name firewall sqlnet
ip inspect name firewall streamworks
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall vdolive
ip inspect name firewall http
ip audit po max-events 100
vpdn enable
!
vpdn-group FTTB
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group hongyi
key *********
pool hongyi_pool
!
!
crypto ipsec transform-set hongyi_set esp-3des esp-sha-hmac
!
crypto dynamic-map hongyi_dynamic_map 10
set transform-set hongyi_set
!
!
crypto map clientmap client authentication list hongyi_authen
crypto map clientmap isakmp authorization list hongyi_author
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic hongyi_dynamic_map
!
!
!
interface Ethernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0
ip address 172.16.0.10 255.255.0.0
ip access-group Local_Ruler in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
speed auto
no cdp enable
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group Outbound_Ruler in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect firewall out
encapsulation ppp
no ip mroute-cache
dialer pool 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username ad********* @shtel password 7 046B08133D255F7908
crypto map clientmap
!
ip local pool hongyi_pool 192.168.0.1 192.168.0.254
ip nat inside source route-map nat_map interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
!
ip access-list extended Local_Ruler
deny 53 any any log
deny 55 any any log
deny pim any any log
deny tcp any any eq echo log
deny tcp any any eq chargen log
deny tcp any any eq 135 log
deny tcp any any eq 136 log
deny tcp any any eq 137 log
deny tcp any any eq 138 log
deny tcp any any eq 139 log
deny tcp any any eq 445 log
deny tcp any any eq 4444 log
deny udp any any eq tftp log
deny udp any any eq 135 log
deny udp any any eq 136 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny udp any any eq netbios-ss log
deny udp any any eq snmp log
deny udp any any eq 445 log
permit ip any any
ip access-list extended Outbound_Ruler
permit udp any any eq isakmp log
permit esp any any log
permit udp any any eq non500-isakmp log
permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255 log
deny ip any any log
logging source-interface FastEthernet0
logging 172.16.0.100
access-list 1 deny any
access-list 101 deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 172.16.0.0 0.0.255.255 any
no cdp run
!
route-map nat_map permit 10
match ip address 101
!
tacacs-server host 172.16.0.100 key 7 0459190F082958430817
tacacs-server directed-request
!
line con 0
logging synchronous
login authentication line_vty
line aux 0
logging synchronous
line vty 0 4
logging synchronous
login authentication line_vty
!
!
end

转载于:https://blog.51cto.com/sniffer/21204

FTTB+NAT+DHCP+pppoe+CBAC+*** client+Authentication AAA相关推荐

  1. FTTB+NAT+pppoe+CBAC+*** client+AAA配置

    拓扑结构: 成功配置,已经调试成功的说! hongyi#show run Building configuration... Current configuration : 4655 bytes ! ...

  2. 配置 Cisco ASA Static IP Addressing or DHCP for IPSec ××× Client

    配置 Cisco ASA Static IP Addressin g or DHCP for IPSec ××× Client <?xml:namespace prefix = o ns = & ...

  3. RouterOS安装以及搭建DHCP PPPoE PPTP L2TP服务

    1.安装routeros https://mikrotik.com/download 网站下载routeros镜像 vdi格式 :VirtualBox默认创建的硬盘文件格式 vmdk格式:VMware ...

  4. oauth2源码级别解析报错原因:There is no client authentication. Try adding an appropriate authentication filter

    请求地址:localhost:40150/oauth/token/?grant_type=mobile_password 请求头, Basic 是 client_id 和 client_secret ...

  5. 华为路由器qos car+nat+dhcp+vlan配置心得

    好久没有写博客了,也好久没有泡坛了,工作压力是大了很多,但实际上还是自己懒了很多,也比以前浮澡了很多,趁今天领导都去开会的机会,把昨天的帮客户解决网络问题的心得写一下,供大家参考,也希望大家提出宝贵意 ...

  6. H3C防火墙实现NAT+DHCP

    实验要求:使用防火墙,使内网中的PC自动获得IP地址,而且经过NAT转换,使内网内的主机能够正常访问因特网. 实验设备:H3C防火墙 拓扑图: 由于网络环境是处于局域网(192.168.102.0/2 ...

  7. NAT/DHCP协议实际应用小实验——小范围降低网络延迟

    前几天还在乡下的时候,无意间看见一个关于NAT协议多次转换ip会导致网络卡顿的视频.仔细想了想感觉还是挺有道理的,至少协议执行也需要时间,多一层协议也会让网络出问题的概率更大. NAT协议我个人简单理 ...

  8. 思科路由器PPOE client+NAT解决地址回流问题测试

    一.测试拓扑: 二.测试思路: A.通过不设置方向的ip nat enable解决 ---这种方式可以直接用公网IP地址访问,也可以用域名方式访问 ---不幸的是思科不同的IOS,有的虽然有ip na ...

  9. AAA之PPPOE认证

    园区网PPPOE接入 如上图,该园区用户统一使用PPPOE拨号接入,并在PPPOE服务器上进行本地认证或外部服务器认证(ACS) 基本配置如上图(略) PPPOE SERVER RT5上配置如下: u ...

最新文章

  1. 计算机原理解读图,详细讲解仪器仪表测试系统,结构原理图拿走不谢
  2. spring aop不执行_使用Spring AOP重试方法执行
  3. hystrix熔断 简介_Hystrix简介– Hello World
  4. git学习相关的博客地址
  5. 一个路径下挂载(匹配)多个子组件
  6. jQuery的DataTables插件的使用方法[转]
  7. AMD优势: 与众不同 选择丰富
  8. 我和面试官的博弈:Redis 篇
  9. python求解LeetCode习题Find the First Missing Positive Number
  10. 一级注册结构工程师《基础考试》题库历年真题
  11. VRCORE开发者大赛圆满落幕,中国虚拟现实内容大集结
  12. 小程序实现文字竖排展示
  13. 长期招对日/赴日开发人才
  14. C语言找中位数(一位数组)
  15. RDS数据库空间满了怎么办?
  16. Resnet18卷积神经网络实现图片分类算法(代码全注释)
  17. 什么是数字孪生专用引擎技术
  18. 对称加密与非对称加密结合应用
  19. SurfaceView出现ANR:Surface has already been released的解决办法
  20. 30_ue4[动画]02_动画蓝图播放蒙太奇和打包

热门文章

  1. 有关前端的一些问题(一)
  2. Java生成动态GIF图片
  3. 【Java容器】Java容器入门教程
  4. DSP28335—FLASH烧写的方法
  5. Abp 构造注入服务接口后运行报错 Host terminated unexpectedly!
  6. linux 下如何添加用户、权限
  7. Linux添加系统用户
  8. 总结python中的乱码问题
  9. PartNet: A Recursive Part Decomposition Network for Fine-grained and Hierarchical Shape Segmentation
  10. python训练自己中文语料库_Python nltk载入自己的中文语料库的两种方法 for Windows7...