Downloads |
 Feedback
|
Table Of Contents
Sample Configuration
This chapter collects the results of the Ethernet WAN interface, DHCP, VLAN, Easy VPN, and wireless interface configurations made in previous chapters. This allows you to view what a basic configuration provided by this guide looks like in a single sample, Example 10-1.
Note
Commands marked by "(default)" are generated automatically when you run the show running-config command.
Example 10-1 Sample Configuration
Router# show running-configBuilding configuration...Current configuration : 3781 bytes!version 12.3no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname retail!boot-start-markerboot-end-marker!enable password cisco123!username jsomeone password 0 cg6#107Xaaa new-model!aaa group server radius rad_eapserver 10.0.1.1 auth-port 1812 acct-port 1813!aaa authentication login eap_methods group rad_eapaaa session-id commonip subnet-zeroip cef!vpdn enablevpdn-group 1request-dialinprotocol pppoe!interface dialer 1ip address negotiatedppp authentication chapdialer pool 1dialer-group 1!dialer-list 1 protocol ip permitip nat inside source list 1 interface dialer 0 overloadip classless (default)ip route 10.10.25.2 0.255.255.255 dialer 0!ip dhcp excluded-address 10.0.1.1 10.0.1.10ip dhcp excluded-address 10.0.2.1 10.0.2.10ip dhcp excluded-address 10.0.3.1 10.0.3.10!ip dhcp pool vlan1network 10.0.1.0 255.255.255.0default-router 10.0.1.1!ip dhcp pool vlan2network 10.0.2.0 255.255.255.0default-router 10.0.2.1!ip dhcp pool vlan3network 10.0.3.0 255.255.255.0default-router 10.0.3.1!ip ips po max-events 100no ftp-server write-enable!bridge irb!interface FastEthernet0no ip address!interface FastEthernet1no ip address!interface FastEthernet2no ip address!interface FastEthernet3switchport mode trunkno ip address!interface FastEthernet4ip address 192.168.12.2 255.255.255.0no ip directed-broadcast (default)speed autoip nat outsideip access-group 103 inno cdp enablecrypto ipsec client ezvpn ezvpnclient outsidecrypto map static-map!crypto isakmp policy 1encryption 3desauthentication pre-sharegroup 2lifetime 480!crypto isakmp client configuration group rtr-remotekey secret-passworddns 10.50.10.1 10.60.10.1domain company.compool dynpool!crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac!crypto ipsec security-association lifetime seconds 86400!crypto dynamic-map dynmap 1set transform-set vpn1reverse-route!crypto map static-map 1 ipsec-isakmp dynamic dynmapcrypto map dynmap isakmp authorization list rtr-remotecrypto map dynmap client configuration address respondcrypto ipsec client ezvpn ezvpnclientconnect autogroup 2 key secret-passwordmode clientpeer 192.168.100.1!interface Dot11Radio0no ip address!broadcast-key vlan 1 change 45!encryption vlan 1 mode ciphers tkip!ssid ciscovlan 1authentication openauthentication network-eap eap_methodsauthentication key-management wpa optional!ssid ciscowepvlan 2authentication open!ssid ciscowpavlan 3authentication open!speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0rts threshold 2312power local cck 50power local ofdm 30channel 2462station-role root!interface Dot11Radio0.1description Cisco Openencapsulation dot1Q 1 nativeno cdp enablebridge-group 1bridge-group 1 subscriber-loop-controlbridge-group 1 spanning-disabledbridge-group 1 block-unknown-sourceno bridge-group 1 source-learningno bridge-group 1 unicast-flooding!interface Dot11Radio0.2encapsulation dot1Q 2bridge-group 2bridge-group 2 subscriber-loop-controlbridge-group 2 spanning-disabledbridge-group 2 block-unknown-sourceno bridge-group 2 source-learningno bridge-group 2 unicast-flooding!interface Dot11Radio0.3encapsulation dot1Q 3bridge-group 3bridge-group 3 subscriber-loop-controlbridge-group 3 spanning-disabledbridge-group 3 block-unknown-sourceno bridge-group 3 source-learningno bridge-group 3 unicast-flooding!interface Vlan1no ip addressno ip directed-broadcast (default)ip nat insidecrypto ipsec client ezvpn ezvpnclient insideip inspect firewall inno cdp enablebridge-group 1bridge-group 1 spanning-disabled!interface Vlan2no ip addressbridge-group 2bridge-group 2 spanning-disabled!interface Vlan3no ip addressbridge-group 3bridge-group 3 spanning-disabled!interface BVI1ip address 10.0.1.1 255.255.255.0!interface BVI2ip address 10.0.2.1 255.255.255.0!interface BVI3ip address 10.0.3.1 255.255.255.0!ip classless!ip http serverno ip http secure-server!radius-server localnas 10.0.1.1 key 0 cisco123group rad_eap!user jsomeone nthash 7 0529575803696F2C492143375828267C7A760E1113734624452725707C010B065Buser AMER\jsomeone nthash 7 0224550C29232E041C6A5D3C5633305D5D560C09027966167137233026580E0B0D!radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 key cisco123!control-plane!bridge 1 route ipbridge 2 route ipbridge 3 route ip!ip inspect name firewall tcpip inspect name firewall udpip inspect name firewall rtspip inspect name firewall h323ip inspect name firewall netshowip inspect name firewall ftpip inspect name firewall sqlnet!access-list 103 permit udp host 200.1.1.1 any eq isakmpaccess-list 103 permit udp host 200.1.1.1 eq isakmp anyaccess-list 103 permit esp host 200.1.1.1 anyaccess-list 103 permit icmp any anyaccess-list 103 deny ip any anyaccess-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255no cdp run!line con 0password cisco123no modem enabletransport preferred alltransport output allline aux 0transport preferred alltransport output allline vty 0 4password cisco123transport preferred alltransport input alltransport output all!
