Scribd
Upload
41 views9 pages

Antena 4g Cajxbalati

This document contains configuration settings for network access, interfaces, routing, and AAA authentication for a router. Key points: - It configures an access control list (ACL) with multiple entries permitting or denying traffic by source/destination addresses and ports. - Interface configurations include Ethernet, cellular, Direct IP encapsulation, and loopback interfaces with assigned IP addresses. - Routing protocols like RIP and protocols like GRE are configured for IP tunnels to other networks. - AAA authentication is configured to use a TACACS+ server group for authentication, authorization, and accounting. Privilege levels are set to use the TACACS+ servers.

Uploaded by

est.mbsandro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
41 views9 pages

Antena 4g Cajxbalati

This document contains configuration settings for network access, interfaces, routing, and AAA authentication for a router. Key points: - It configures an access control list (ACL) with multiple entries permitting or denying traffic by source/destination addresses and ports. - Interface configurations include Ethernet, cellular, Direct IP encapsulation, and loopback interfaces with assigned IP addresses. - Routing protocols like RIP and protocols like GRE are configured for IP tunnels to other networks. - AAA authentication is configured to use a TACACS+ server group for authentication, authorization, and accounting. Privilege levels are set to use the TACACS+ servers.

Uploaded by

est.mbsandro
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 9

; Showing Menu and Submenus Configuration for access-level 15 ...

; 4Ge-routerRouter 35 2 Version 11.01.00.20.31

log-command-errors
no configuration
enable patch RIP_LISTS_USE_MASK 1
enable patch RTE_LISTS_USE_MASK 1
add device direct-ip 1
add device tnip 1
add device tnip 2
add device loopback 600
set contact-person "MIGUEL ANGEL GUZMAN"
set data-link at cellular1/0
set data-link nic cellular1/1
set hostname cajxbalati
set host-location "ESPANYA 28 - Quintana de la Serena,BADAJOZ"
feature access-lists
; -- Access Lists user configuration --
access-list 150
description "Filtro de proteccion para accesos remotos"
entry 10 default
entry 10 permit
entry 10 source address 192.168.134.0 255.255.255.0
entry 10 destination port-range 21 23
entry 10 protocol tcp
;
entry 20 default
entry 20 permit
entry 20 source address 213.0.187.192 255.255.255.192
entry 20 destination port-range 21 23
entry 20 protocol tcp
;
entry 30 default
entry 30 permit
entry 30 source address 81.46.92.0 255.255.254.0
entry 30 destination port-range 21 23
entry 30 protocol tcp
;
entry 40 default
entry 40 permit
entry 40 source address 213.0.254.0 255.255.255.192
entry 40 destination port-range 21 23
entry 40 protocol tcp
;
entry 50 default
entry 50 permit
entry 50 source address 213.0.190.192 255.255.255.192
entry 50 destination port-range 21 23
entry 50 protocol tcp
;
entry 52 default
entry 52 permit
entry 52 source address 10.227.255.255 255.255.255.255
entry 52 destination port-range 22 23
entry 52 protocol tcp
;
entry 60 default
entry 60 permit
entry 60 source address 10.21.102.1 255.255.255.255
entry 60 destination port-range 23 23
entry 60 protocol tcp
;
entry 61 default
entry 61 permit
entry 61 source address 10.21.102.9 255.255.255.255
entry 61 destination port-range 23 23
entry 61 protocol tcp
;
entry 70 default
entry 70 permit
entry 70 source address 217.124.116.41 255.255.255.255
entry 70 destination port-range 22 23
entry 70 protocol tcp
;
entry 80 default
entry 80 deny
entry 80 destination port-range 21 23
entry 80 protocol tcp
;
entry 90 default
entry 90 permit
entry 90 source address 192.168.134.86 255.255.255.255
entry 90 destination port-range 123 123
entry 90 protocol udp
;
entry 100 default
entry 100 permit
entry 100 source address 192.168.134.87 255.255.255.255
entry 100 destination port-range 123 123
entry 100 protocol udp
;
entry 110 default
entry 110 deny
entry 110 destination port-range 123 123
entry 110 protocol udp
;
entry 120 default
entry 120 deny
entry 120 destination port-range 80 80
entry 120 protocol tcp
;
entry 130 default
entry 130 permit
;
exit
;
access-list 10
entry 1 description "Denegamos todos los anuncios hacia el EDC Principal"
entry 1 default
entry 1 deny
;
exit
;
exit
;
banner login "QUEDA PROHIBIDO CUALQUIER ACCESO NO AUTORIZADO"
banner login " "
;
banner exec "AVISO: ha accedido a un sistema propiedad de TELEFONICA "
banner exec "Necesita tener autorizacion antes de usarlo, estando usted "
banner exec "estrictamente limitado al uso indicado en dicha autorizacion "
banner exec "El acceso no autorizado a este sistema o el uso indebido del"
banner exec "mismo esta prohibido y es contrario a la Politica Corporativa"
banner exec "de Seguridad y a la legislacion vigente"
banner exec "El uso que realice de este sistema puede ser monitorizado"
;
confirm-cfg-needed default
time summer-time recurring 5 sun mar 02:00 5 sun oct 03:00
;
user admin hash-password 45F26F9B4D6810256A7653FECF4F8783
;
global-profiles dial
; -- Dial Profiles Configuration --
profile ACC_MVL_RPV default
profile ACC_MVL_RPV dialout
profile ACC_MVL_RPV 3gpp-accessibility-control rx-timer 360s
profile ACC_MVL_RPV 3gpp-apn bkp-cajx-10995.movistar.es
profile ACC_MVL_RPV hold-queue 32
;
exit
;
feature aaa
; -- AAA user configuration --
enable
tacacs-servers
server "TACACS+_1"
key ciphered 0xCFBBFBC3F31C19E7
host 213.0.187.234
source-address loopback600
exit
;
server "TACACS+_2"
key ciphered 0xCFBBFBC3F31C19E7
host 213.0.190.208
source-address loopback600
exit
;
exit
;
group server tacacs+ "TACACS+CG"
server TACACS+_1
server TACACS+_2
exit
;
authentication login "default"
method 1 group TACACS+CG
method 2 local
method 3 none
exit
;
authorization exec "default"
method 1 group TACACS+CG
method 2 local
method 3 none
exit
;
authorization commands "default"
privilege-level 0
method 1 group TACACS+CG
method 2 local
exit
;
privilege-level 1
method 1 group TACACS+CG
method 2 local
exit
;
privilege-level 5
method 1 group TACACS+CG
method 2 local
exit
;
privilege-level 10
method 1 group TACACS+CG
method 2 local
exit
;
privilege-level 15
method 1 group TACACS+CG
method 2 local
exit
;
exit
;
accounting exec "default"
action-type start-stop
method 1 group TACACS+CG
exit
;
accounting commands "default"
privilege-level 0
action-type start-stop
method 1 group TACACS+CG
exit
;
privilege-level 1
action-type start-stop
method 1 group TACACS+CG
exit
;
privilege-level 5
action-type start-stop
method 1 group TACACS+CG
exit
;
privilege-level 10
action-type start-stop
method 1 group TACACS+CG
exit
;
privilege-level 15
action-type start-stop
method 1 group TACACS+CG
exit
;
exit
;
exit
;
network ethernet0/0
; -- Ethernet Interface User Configuration --
description "CONEXION con EDC Prpal."
;
ip address 217.124.116.42 255.255.255.252
;
input-buffers 200
exit
;
network cellular1/0
; -- Interface AT. Configuration --
coverage-timer 10
sim-select internal-socket-2
network mode automatic
exit
;
;
network direct-ip1
; -- Generic Direct IP Encapsulation User Configuration --
ip address dhcp-negotiated
;
base-interface
; -- Base Interface Configuration --
base-interface cellular1/1 link
base-interface cellular1/1 profile ACC_MVL_RPV
;
exit
;
direct-ip
; -- Direct IP encapsulator user configuration --
address dhcp
authentication sent-user 10995_sucursal119@vpn-mvb-bkp-cajx-10995
ciphered-pwd 0xA7E5FC9C2FA4B7466105E84B87D71825
exit
;
exit
;
network tnip1
; -- IP Tunnel Net Configuration --
description "Tunel contra NMAMBEV1"
;
ip address 10.21.102.2 255.255.255.252
;
ip mtu 1476
ip tcp adjust-mss 1436
mode gre ip
source 10.29.100.245
destination 172.19.189.157
exit
;
network tnip2
; -- IP Tunnel Net Configuration --
description "Tunel contra NMABCER1"
;
ip address 10.21.102.10 255.255.255.252
;
ip mtu 1476
ip tcp adjust-mss 1436
mode gre ip
source 10.29.100.245
destination 172.19.189.161
exit
;
;
network loopback600
; -- Loopback interface configuration --
ip address 172.31.111.134 255.255.255.255
;
exit
;
feature route-map
; -- Route maps user configuration --
route-map "Tunel_Bck_in"
entry 1 default
entry 1 permit
entry 1 set local-preference 100
;
exit
;
route-map "Tunel_Pral_in"
entry 1 default
entry 1 permit
entry 1 set local-preference 150
;
exit
;
route-map "eBGP_in"
entry 1 default
entry 1 permit
entry 1 set local-preference 75
;
exit
;
route-map "iBGP"
entry 1 default
entry 1 permit
entry 1 match ip address 10
;
exit
;
exit
;
set ftp
; -- FTP user configuration --
clients 2
exit
;
;
;
;
;
;
protocol ip
; -- Internet protocol user configuration --
internal-ip-address 10.29.100.245
management-ip-address 172.31.111.134
router-id 172.31.111.134
administrative-distance
;
route 10.222.223.175 255.255.255.255 217.124.116.41
route 172.19.189.157 255.255.255.255 direct-ip1
route 172.19.189.161 255.255.255.255 direct-ip1
route 192.168.134.0 255.255.255.0 217.124.116.41 distance 245
route 213.0.187.192 255.255.255.192 217.124.116.41 distance 245
route 213.0.254.0 255.255.255.192 217.124.116.41 distance 245
route 213.0.190.192 255.255.255.192 217.124.116.41 distance 245
route 81.46.92.0 255.255.254.0 217.124.116.41 distance 245
route 217.124.116.192 255.255.255.240 217.124.116.41 distance 245
route 81.45.156.0 255.255.254.0 217.124.116.41 distance 245
route 172.29.16.32 255.255.255.224 217.124.116.41
;
local access-group 150 in
;
ip-param cache-size 800
ip-param routing-table-size 500000
no icmp-redirects
exit
;
;
protocol snmp
; -- SNMP user configuration --
no default-config
;
;
community avsvMda access write-read-trap
community avsvMda subnet 192.168.134.0 255.255.255.0
community avsvMda subnet 213.0.187.192 255.255.255.192
community avsvMda subnet 81.46.92.0 255.255.254.0
community avsvMda subnet 213.0.254.0 255.255.255.192
community avsvMda subnet 213.0.190.192 255.255.255.192
community avsvMda subnet 81.45.156.0 255.255.254.0
community avsvMda subnet 217.124.116.192 255.255.255.240
;
community nvaiaJC4 subnet 192.168.134.0 255.255.255.0
community nvaiaJC4 subnet 213.0.187.192 255.255.255.192
community nvaiaJC4 subnet 81.46.92.0 255.255.254.0
community nvaiaJC4 subnet 213.0.254.0 255.255.255.192
community nvaiaJC4 subnet 213.0.190.192 255.255.255.192
community nvaiaJC4 subnet 81.45.156.0 255.255.254.0
community nvaiaJC4 subnet 217.124.116.192 255.255.255.240
;
host 192.168.134.220 trap version v1 nvaiaJC4 cold-start enterprise-specific
link-down link-up warm-start
;
trap sending-parameters reachability-checking ip-route
exit
;
protocol bgp
; -- Border Gateway Protocol user configuration --
enable
;
as 65000
;
address-family ipv4
; -- BGP IPv4 address family configuration --
export as 3352 prot static 172.29.16.32 mask 255.255.255.224
export as 3352 prot direct host 172.31.111.134
;
import as 3352 all
;
import as 65000 all
;
exit
;
group type external peer-as 3352
; -- BGP group configuration --
peer 10.21.102.1
peer 10.21.102.1 metric-out 150
peer 10.21.102.1 next-hop-self
peer 10.21.102.1 no-shared-interface
peer 10.21.102.1 no-v4-as-loop
peer 10.21.102.1 log-up-down
peer 10.21.102.1 in-route-map Tunel_Pral_in
peer 10.21.102.9
peer 10.21.102.9 metric-out 150
peer 10.21.102.9 next-hop-self
peer 10.21.102.9 no-shared-interface
peer 10.21.102.9 no-v4-as-loop
peer 10.21.102.9 log-up-down
peer 10.21.102.9 in-route-map Tunel_Bck_in
exit
;
group type internal peer-as 65000
; -- BGP group configuration --
option out-route-map iBGP
peer 217.124.116.41
peer 217.124.116.41 next-hop-self
exit
;
exit
;
feature ntp
; -- NTP Protocol user configuration --
protocol
source-address 172.31.111.134
peer address 1 192.168.134.86
peer address 2 192.168.134.87
peer poll-interval 1 2048
exit
;
feature wrr-backup-wan
; -- WAN Reroute Backup user configuration --
pair 1 primary ip-route 217.124.116.18 secondary interface direct-ip1
pair 1 primary ip-mask 255.255.255.255
pair 1 first-stabilization-time 3s
pair 1 stabilization-time 120s
;
enable
exit
;
feature ssh
; -- SSH protocol configuration --
server
; -- SSH Server --
max-connections 5
login authentication default
enable
exit
;
exit
;
dump-command-errors
end

You might also like