Current configuration : 11637 bytes ! ! Last configuration change at 14:43:32 TIME Mon May 26 2008 by Edgar ! NVRAM config last updated at 12:32:31 TIME Mon May 26 2008 by Edgar ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Cisco1811W ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 xxxxx enable password 7 xxxx ! aaa new-model ! ! aaa authentication login rtr-remote local aaa authorization network rtr-remote local ! aaa session-id common ! resource policy ! clock timezone TIME -4 dot11 arp-cache no ip source-route ! ! no ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.10.1.1 10.10.1.6 ip dhcp excluded-address 10.10.1.33 10.10.1.36 ip dhcp excluded-address 10.10.1.48 10.10.1.52 ip dhcp excluded-address 10.10.1.17 10.10.1.22 ! ip dhcp pool Vlan_1 network 10.10.1.0 255.255.255.240 default-router 10.10.1.1 domain-name xxxxxx.com dns-server 66.93.87.2 64.81.79.2 10.10.1.3 netbios-name-server 10.10.1.3 10.10.1.20 ! ip dhcp pool Vlan_2 network 10.10.1.16 255.255.255.240 default-router 10.10.1.17 domain-name xxxxxxx.com dns-server 66.93.87.2 64.81.79.2 10.10.1.20 netbios-name-server 10.10.1.3 10.10.1.20 ! ip dhcp pool Vlan_3 network 10.10.1.32 255.255.255.240 default-router 10.10.1.33 domain-name xxxxxxx.com dns-server 66.93.87.2 64.81.79.2 10.10.1.20 10.10.1.3 netbios-name-server 10.10.1.3 10.10.1.20 ! ip dhcp pool Vlan_4 network 10.10.1.48 255.255.255.240 default-router 10.10.1.49 domain-name xxxxxxxxx.com dns-server 66.93.87.2 64.81.79.2 10.10.1.20 10.10.1.3 netbios-name-server 10.10.1.3 10.10.1.20 ! ! ip tcp synwait-time 10 ip telnet hidden addresses no ip bootp server ip domain timeout 5 no ip domain lookup ip domain name xxxxxxx.com ip name-server 66.93.87.2 ip name-server 64.81.79.2 ip name-server 64.81.159.2 ip name-server 66.92.224.2 ip ssh time-out 60 ip inspect name FIREWALL cuseeme ip inspect name FIREWALL ftp ip inspect name FIREWALL h323 ip inspect name FIREWALL https ip inspect name FIREWALL icmp ip inspect name FIREWALL imap ip inspect name FIREWALL pop3 ip inspect name FIREWALL netshow ip inspect name FIREWALL rcmd ip inspect name FIREWALL realaudio ip inspect name FIREWALL rtsp ip inspect name FIREWALL esmtp ip inspect name FIREWALL sqlnet ip inspect name FIREWALL streamworks ip inspect name FIREWALL tftp ip inspect name FIREWALL tcp ip inspect name FIREWALL udp ip inspect name FIREWALL vdolive ! password encryption aes ! ! ! spanning-tree portfast bpduguard spanning-tree backbonefast username xxxxx privilege 15 secret 5 xxxxxxxx ! ! ! ! ! ! interface Null0 no ip unreachables ! interface Loopback0 description $FW_INSIDE$ ip address 10.0.0.1 255.255.255.255 ip helper-address 10.10.1.1 ip helper-address 10.10.1.17 ip helper-address 10.10.1.33 ip helper-address 10.10.1.49 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow ! interface FastEthernet0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow shutdown duplex auto speed auto ! interface FastEthernet1 description WAN$FW_OUTSIDE$ ip address dhcp client-id FastEthernet1 ip access-group 103 in no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip flow egress ip nat outside ip inspect FIREWALL out ip virtual-reassembly ip route-cache flow duplex auto speed auto ntp broadcast client ! interface FastEthernet2 switchport access vlan 2 ! interface FastEthernet3 switchport access vlan 2 ! interface FastEthernet4 description DESKTOP PC switchport access vlan 2 speed 100 ! interface FastEthernet5 description DESKTOP PC ! interface FastEthernet6 description HOMESRV Vlan_1 ! interface FastEthernet7 description Printer switchport mode trunk ! interface FastEthernet8 description WEBSRV Vlan_All switchport access vlan 2 ! interface FastEthernet9 description WEBSRV Vlan_1 switchport mode trunk ! interface Dot11Radio0 bandwidth inherit no ip address no ip redirects no ip unreachables no ip proxy-arp ! encryption vlan 3 mode ciphers tkip ! ! ssid Cisco13 vlan 3 authentication open authentication key-management wpa wpa-psk ascii 7 xxxxxx ! ssid Cisco14 vlan 4 authentication open guest-mode wpa-psk ascii 7 105D1D1800041A0E5D5D7273 ! speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 rts threshold 2312 channel 2462 beacon dtim-period 100 antenna gain -64 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 3 ip address 10.10.1.33 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip tcp adjust-mss 1412 no cdp enable ! interface Dot11Radio0.2 encapsulation dot1Q 4 ip address 10.10.1.49 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip tcp adjust-mss 1412 no cdp enable ! interface Dot11Radio1 no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown ! encryption vlan 4 mode ciphers tkip speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 antenna gain -64 station-role root ! interface Vlan1 description $FW_INSIDE$ ip address 10.10.1.1 255.255.255.240 ip access-group 111 in ip helper-address 10.10.1.1 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! interface Vlan2 description $FW_INSIDE$ ip address 10.10.1.17 255.255.255.240 ip helper-address 10.10.1.17 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! interface Vlan3 description $FW_INSIDE$ bandwidth inherit no ip address ip access-group 113 in ip helper-address 10.10.1.33 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! interface Vlan4 description LAN_VLAN4$FW_INSIDE$ no ip address ip access-group 114 in ip helper-address 10.10.1.49 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! interface Async1 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation slip ! interface Dialer0 no ip address no cdp enable ! router eigrp 1 passive-interface FastEthernet1 network 10.10.1.0 0.0.0.15 no auto-summary ! router eigrp 2 passive-interface FastEthernet1 network 10.10.1.16 0.0.0.15 no auto-summary ! router eigrp 3 passive-interface FastEthernet1 network 10.10.1.32 0.0.0.15 no auto-summary ! router eigrp 4 passive-interface FastEthernet1 network 10.10.1.48 0.0.0.15 no auto-summary ! router rip version 2 network 10.0.0.0 no auto-summary ! ip forward-protocol spanning-tree any-local-broadcast ip route 0.0.0.0 0.0.0.0 FastEthernet1 ip route 10.10.1.0 255.255.255.240 FastEthernet1 permanent ip route 10.10.1.16 255.255.255.240 FastEthernet1 permanent ip route 10.10.1.32 255.255.255.240 FastEthernet1 permanent ip route 10.10.1.48 255.255.255.240 FastEthernet1 permanent ! ! ip http server ip http access-class 6 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat pool Pool1 10.10.1.0 10.10.1.16 netmask 0.0.0.15 ip nat pool Pool2 10.10.1.32 10.10.1.48 netmask 0.0.0.15 ip nat inside source list 1 interface FastEthernet1 overload ip nat inside source list 2 interface FastEthernet1 overload ip nat inside source list 3 interface FastEthernet1 overload ip nat inside source list 4 interface FastEthernet1 overload ip nat inside source static tcp 10.10.1.3 3389 interface FastEthernet1 3389 ip nat inside source static tcp 10.10.1.3 80 interface FastEthernet1 80 ip nat inside source static tcp 10.10.1.20 21 interface FastEthernet1 21 ! logging trap debugging access-list 1 permit 10.10.1.0 0.0.0.15 access-list 2 permit 10.10.1.16 0.0.0.15 access-list 3 permit 10.10.1.32 0.0.0.15 access-list 4 permit 10.10.1.48 0.0.0.15 access-list 103 remark FIREWALL ACL access-list 103 permit udp host 192.43.244.18 eq ntp any eq ntp access-list 103 permit tcp any any eq 3389 access-list 103 permit tcp any any eq www access-list 103 permit ip 10.10.1.32 0.0.0.15 any access-list 103 permit ip 10.10.1.16 0.0.0.15 any access-list 103 permit ip 10.10.1.0 0.0.0.15 any access-list 103 deny ip 10.10.1.32 0.0.0.15 any access-list 103 deny ip 10.10.1.16 0.0.0.15 any access-list 103 deny ip 10.10.1.0 0.0.0.15 any access-list 103 permit udp any eq bootps any eq bootpc access-list 103 permit icmp any any echo-reply access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any unreachable access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 172.16.0.0 0.15.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip any any log access-list 111 permit ip 10.10.1.0 0.0.0.15 host 10.10.1.1 access-list 111 deny ip any 10.10.1.0 0.0.0.255 access-list 111 permit ip 10.10.1.0 0.0.0.15 any access-list 111 permit udp any any eq bootpc access-list 111 permit udp any any eq bootps access-list 111 deny ip any any access-list 112 permit ip 10.10.1.16 0.0.0.15 host 10.10.1.17 access-list 112 deny ip any 10.10.1.0 0.0.0.255 access-list 112 permit ip 10.10.1.16 0.0.0.15 any access-list 112 permit udp any any eq bootpc access-list 112 permit udp any any eq bootps access-list 112 deny ip any any log access-list 113 permit ip 10.10.1.32 0.0.0.15 host 10.10.1.33 access-list 113 deny ip any 10.10.1.0 0.0.0.255 access-list 113 permit ip 10.10.1.32 0.0.0.15 any access-list 113 permit udp any any eq bootpc access-list 113 permit udp any any eq bootps access-list 113 deny ip any any log access-list 114 permit ip 10.10.1.48 0.0.0.15 host 10.10.1.49 access-list 114 deny ip any 10.10.1.0 0.0.0.255 access-list 114 permit ip 10.10.1.48 0.0.0.15 any access-list 114 permit udp any any eq bootpc access-list 114 permit udp any any eq bootps access-list 114 deny ip any any log no cdp run ! ! ! ! ! radius-server host 10.10.1.2 auth-port 1645 acct-port 1646 key 7 xxxx radius-server vsa send accounting ! control-plane ! banner login ^CCAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user! I will not be responsible to what happens to your connection if you are connected longer than 15 seconds!^C ! line con 0 transport output telnet line 1 modem InOut stopbits 1 speed 115200 flowcontrol hardware line aux 0 transport output telnet line vty 0 4 access-class 107 in privilege level 15 password 7 xxxxxxx transport input telnet ssh line vty 5 15 access-class 107 in privilege level 15 transport input telnet ssh ! scheduler allocate 4000 1000 scheduler interval 500 ntp broadcastdelay 10000 ntp clock-period 17180254 ntp update-calendar ntp server 192.43.244.18 source FastEthernet1 prefer sntp server 192.43.244.18 sntp broadcast client end Cisco1811W#