!This is the running config of the router: 10.10.10.1 !---------------------------------------------------------------------------- !version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname HOME_ROUTER ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging message-counter syslog logging buffered 51200 warnings enable secret 5 ***** ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! ! aaa session-id common clock timezone MDT -7 clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00 ! ! Output Omitted ! ! dot11 syslog ! dot11 ssid ***** vlan 1 authentication open authentication key-management wpa wpa-psk ascii 7 ***** ! no ip source-route ! ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ip cef no ip bootp server ip domain name yourdomain.com no ipv6 cef ! multilink bundle-name authenticated ! ! ! username ***** privilege 15 view root password 7 ***** username ***** privilege 15 view root password 7 ***** ! ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit inspect class class-default pass policy-map type inspect sdm-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect ! bridge irb ! ! interface Null0 no ip unreachables ! interface FastEthernet0 shutdown ! interface FastEthernet1 shutdown ! interface FastEthernet2 shutdown ! interface FastEthernet3 shutdown ! interface FastEthernet4 description DHCP Connection$FW_OUTSIDE$ mac-address ****.****.**** ip address dhcp client-id FastEthernet4 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly zone-member security out-zone duplex auto speed auto ! interface Dot11Radio0 description Main Wireless Interface no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ! encryption vlan 1 mode ciphers tkip ! broadcast-key vlan 1 change 72 ! ! ssid ***** ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 description Network Wireless Interface encapsulation dot1Q 1 native ip flow ingress no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ no ip address ip virtual-reassembly ip tcp adjust-mss 1452 bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 description Wireless Bridge to Router$FW_INSIDE$ ip address 10.10.10.1 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly zone-member security in-zone no ip route-cache cef no ip route-cache ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 dhcp ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list 1 interface FastEthernet4 overload ! access-list 1 remark Inside NAT to Outside Access-class list access-list 1 permit 10.10.10.0 0.0.0.7 access-list 2 remark HTTP Access-class list access-list 2 remark SDM_ACL Category=1 access-list 2 permit 10.10.10.0 0.0.0.7 access-list 2 deny any access-list 23 permit 10.10.10.0 0.0.0.7 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any no cdp run ! ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^C NOTICE TO USERS THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only. Users(authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site personnel. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. If you do not agree to the conditions stated in this warning. LOG OFF IMMEDIATELY!!! ^C ! line con 0 password 7 ***** login authentication local_authen no modem enable transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 23 in privilege level 15 password 7 ***** authorization exec local_author login authentication local_authen transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end