· 7 years ago · Feb 16, 2018, 04:16 AM
1Current configuration : 9010 bytes
2!
3! Last configuration change at 20:36:54 CEST Sun May 14 2017 by admin
4! NVRAM config last updated at 19:36:27 CEST Sat May 13 2017 by admin
5!
6version 15.4
7no service pad
8service timestamps debug datetime msec
9service timestamps log datetime localtime show-timezone
10service password-encryption
11!
12hostname rtr-vlan11
13!
14boot-start-marker
15boot system flash c880data-universalk9-mz.154-3.M2.bin
16boot system flash c880data-universalk9-mz.151-4.M4.bin
17boot-end-marker
18!
19!
20!
21aaa new-model
22!
23!
24aaa authentication enable default none
25aaa authentication ppp default local
26aaa authorization exec default none
27aaa authorization commands 0 default none
28aaa authorization commands 15 default none
29!
30!
31!
32!
33!
34aaa session-id common
35memory-size iomem 10
36clock timezone CET 1 0
37clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
38!
39!
40no ip source-route
41!
42!
43!
44!
45!
46!
47!
48!
49
50
51!
52ip dhcp bootp ignore
53ip dhcp excluded-address 192.168.11.2
54ip dhcp excluded-address 192.168.11.3
55ip dhcp excluded-address 192.168.10.5
56ip dhcp excluded-address 192.168.11.4
57ip dhcp excluded-address 192.168.11.5
58!
59ip dhcp pool 192.168.11.0/24
60 network 192.168.11.0 255.255.255.0
61 default-router 192.168.11.1
62 domain-name example.com
63 dns-server 192.168.10.5
64 option 42 ip 192.168.10.5
65 option 252 ascii "https://proxy.example.com/proxy.pac"
66!
67ip dhcp pool 192.168.12.0/24
68 network 192.168.12.0 255.255.255.0
69 default-router 192.168.12.1
70 domain-name example.com
71 dns-server 8.8.8.8 8.8.4.4
72!
73ip dhcp pool 192.168.10.0/24
74 network 192.168.10.0 255.255.255.0
75 default-router 192.168.10.1
76 domain-name example.com
77 dns-server 192.168.10.5
78 option 42 ip 192.168.10.5
79!
80!
81!
82ip flow-cache timeout active 1
83no ip bootp server
84no ip domain lookup
85ip domain name example.com
86ip name-server 192.168.10.5
87ip cef
88ip wccp check services all
89ip wccp source-interface Vlan10
90ip wccp web-cache redirect-list acl4_wccp_out group-list acl4_wccp_servers
91ip wccp 70 redirect-list acl4_wccp_out group-list acl4_wccp_servers
92ipv6 unicast-routing
93ipv6 cef
94ipv6 wccp web-cache redirect-list acl6_wccp_out group-list acl6_wccp_servers
95ipv6 wccp 70 redirect-list acl6_wccp_out group-list acl6_wccp_servers
96!
97!
98multilink bundle-name authenticated
99chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
100cts logging verbose
101license udi pid C881G+7-K9 sn FCZ1722C407
102license accept end user agreement
103license boot module c880-data level advipservices
104!
105!
106object-group network grp_out_allowed
107 host IP1
108 host IP2
109 host IP3
110 host IP4
111 192.168.0.0 255.255.0.0
112 host 8.8.8.8
113!
114username admin privilege 15 password 7 SECRET_REMOVED
115!
116!
117!
118!
119!
120controller Cellular 0
121!
122ip ssh version 2
123!
124class-map match-any proto_voip
125 match protocol sip
126 match protocol rtp audio
127!
128policy-map pol_www_out
129 class proto_voip
130 priority 512
131 class class-default
132 fair-queue
133policy-map pol_uplink
134 class class-default
135 shape average 8000000
136 service-policy pol_www_out
137!
138!
139!
140!
141!
142!
143!
144!
145!
146!
147!
148interface FastEthernet0
149 description to_nas
150 switchport access vlan 10
151 no ip address
152!
153interface FastEthernet1
154 description to_switch
155 switchport access vlan 10
156 no ip address
157!
158interface FastEthernet2
159 description to_ap
160 switchport trunk allowed vlan 1,2,11,12,1002-1005
161 switchport mode trunk
162 no ip address
163!
164interface FastEthernet3
165 switchport access vlan 11
166 no ip address
167 shutdown
168!
169interface FastEthernet4
170 no ip address
171 duplex auto
172 speed auto
173 pppoe enable group global
174 pppoe-client dial-pool-number 1
175!
176interface Cellular0
177 no ip address
178 encapsulation slip
179 dialer in-band
180 dialer string hspa-R7
181!
182interface Vlan1
183 no ip address
184 shutdown
185!
186interface Vlan2
187 no ip address
188 shutdown
189!
190interface Vlan10
191 description DMZ LAN
192 ip address 192.168.10.1 255.255.255.0
193 no ip redirects
194 no ip unreachables
195 no ip proxy-arp
196 ip nat inside
197 ip virtual-reassembly in
198 ipv6 address FE80::2000:1 link-local
199 ipv6 address IPV6_PREFIX_1::1/64
200 ipv6 enable
201!
202interface Vlan11
203 description Internal Users
204 ip address 192.168.11.1 255.255.255.0
205 ip access-group acl4_lan_isolated in
206 no ip redirects
207 no ip unreachables
208 no ip proxy-arp
209 ip wccp web-cache redirect in
210 ip wccp 70 redirect in
211 ip nat inside
212 ip virtual-reassembly in
213 ipv6 address FE80::2001:1 link-local
214 ipv6 address IPV6_PREFIX_2::1/64
215 ipv6 enable
216!
217interface Vlan12
218 description Guest Users
219 ip address 192.168.12.1 255.255.255.0
220 ip access-group acl_guests_isolated in
221 no ip redirects
222 no ip unreachables
223 no ip proxy-arp
224 ip nat inside
225 ip virtual-reassembly in
226 ipv6 address FE80::2002:1 link-local
227 ipv6 address IPV6_PREFIX_3::1/64
228 ipv6 enable
229 ipv6 traffic-filter acl6_guests_isolated in
230!
231interface Vlan1002
232 no ip address
233 shutdown
234!
235interface Vlan1003
236 no ip address
237 shutdown
238!
239interface Vlan1004
240 no ip address
241 shutdown
242!
243interface Vlan1005
244 no ip address
245 shutdown
246!
247interface Dialer1
248 ip address negotiated
249 ip access-group acl_in6_filter in
250 ip access-group acl_out6_filter out
251 no ip redirects
252 no ip unreachables
253 no ip proxy-arp
254 ip mtu 1492
255 ip nat outside
256 ip virtual-reassembly in
257 encapsulation ppp
258 dialer pool 1
259 dialer-group 1
260 ipv6 address FE80::10 link-local
261 ipv6 address autoconfig default
262 ipv6 enable
263 ipv6 dhcp client pd prefix_wan
264 ipv6 traffic-filter acl_in6_filter in
265 ipv6 traffic-filter acl_out6_filter out
266 ppp authentication pap chap callin
267 ppp chap hostname PPPOE_LOGIN_REMOVED
268 ppp chap password 7 SECRET_REMOVED
269 ppp pap sent-username PPPOE_LOGIN_REMOVED password 7 SECRET_REMOVED
270 no cdp enable
271!
272no ip forward-protocol nd
273no ip http server
274no ip http secure-server
275!
276!
277ip nat inside source list acl_nat_allowed interface Dialer1 overload
278ip route 0.0.0.0 0.0.0.0 Dialer1
279ip route 192.168.20.0 255.255.255.0 192.168.10.5
280ip route 192.168.21.0 255.255.255.0 192.168.10.5
281!
282ip access-list extended acl4_lan_isolated
283 permit ip any host 255.255.255.255
284 permit ip any object-group grp_out_allowed
285 deny ip any any
286ip access-list extended acl4_wccp_out
287 deny ip 192.168.11.0 0.0.0.255 object-group grp_out_allowed
288 permit tcp 192.168.11.0 0.0.0.255 any eq www
289 permit tcp 192.168.11.0 0.0.0.255 any eq 443
290ip access-list extended acl4_wccp_servers
291 permit ip 192.168.20.0 0.0.0.255 any
292ip access-list extended acl_guests_isolated
293 deny ip any 192.168.0.0 0.0.255.255
294 permit ip any any
295ip access-list extended acl_nat_allowed
296 permit ip 192.168.0.0 0.0.255.255 any
297ip access-list extended acl_ssh_allowed
298 permit tcp 192.168.11.0 0.0.0.255 any eq 22
299!
300ipv6 route IPV6_PREFIX_1:FFFF:FFFF::/96 IP_NAS_V6
301!
302!
303!
304!
305ipv6 access-list acl6_guests_isolated
306 sequence 11 deny ipv6 any IPV6_PREFIX_1::/64
307 sequence 20 deny ipv6 any IPV6_PREFIX_2::/64
308 permit ipv6 any any
309!
310ipv6 access-list acl6_wccp_out
311 permit tcp IPV6_PREFIX_2::/64 any eq www
312 permit tcp IPV6_PREFIX_2::/64 any eq 443
313!
314ipv6 access-list acl6_wccp_servers
315 permit ipv6 host IP_NAS_V6 any
316 permit ipv6 IPV6_PREFIX_1:FFFF:FFFF::/96 any
317!
318ipv6 access-list acl_in6_filter
319 permit icmp any any
320 permit ipv6 any host IP_NAS_V6
321 deny ipv6 any any
322!
323ipv6 access-list acl_out6_filter
324 permit icmp any any
325 permit ipv6 IPV6_PREFIX_1::/64 any
326 permit ipv6 IPV6_PREFIX_3::/64 any
327 deny ipv6 any any
328!
329control-plane
330!
331!
332!
333line con 0
334 logging synchronous
335 no modem enable
336line aux 0
337line 3
338 script dialer hspa-R7
339 no exec
340line vty 0 4
341 session-timeout 30
342 access-class acl_ssh_allowed in
343 logging synchronous
344 transport input ssh
345line vty 5 15
346 session-timeout 30
347 access-class acl_ssh_allowed in
348 logging synchronous
349 transport input ssh
350!
351ntp source Vlan10
352ntp server 192.168.10.5
353!
354end
355
356rtr-vlan11#sh ip wccp all
357Global WCCP information:
358 Router information:
359 Router Identifier: 192.168.10.1
360 Configured source-interface: Vlan10
361
362 Service Identifier: web-cache
363 Protocol Version: 2.00
364 Number of Service Group Clients: 1
365 Number of Service Group Routers: 1
366 Total Packets Redirected: 0
367 Process: 0
368 CEF: 0
369 Service mode: Open
370 Service Access-list: -none-
371 Total Packets Dropped Closed: 0
372 Redirect access-list: acl4_wccp_out
373 Total Packets Denied Redirect: 9
374 Total Packets Unassigned: 0
375 Group access-list: acl4_wccp_servers
376 Total Messages Denied to Group: 0
377 Total Authentication failures: 0
378 Total GRE Bypassed Packets Received: 0
379 Process: 0
380 CEF: 0
381 GRE tunnel interface: Tunnel1
382
383 Service Identifier: 70
384 Protocol Version: 2.00
385 Number of Service Group Clients: 1
386 Number of Service Group Routers: 1
387 Total Packets Redirected: 7
388 Process: 0
389 CEF: 7
390 Service mode: Open
391 Service Access-list: -none-
392 Total Packets Dropped Closed: 0
393 Redirect access-list: acl4_wccp_out
394 Total Packets Denied Redirect: 229
395 Total Packets Unassigned: 0
396 Group access-list: acl4_wccp_servers
397 Total Messages Denied to Group: 0
398 Total Authentication failures: 0
399 Total GRE Bypassed Packets Received: 0
400 Process: 0
401 CEF: 0
402 GRE tunnel interface: Tunnel0
403
404rtr-vlan11#sh ip wccp 70 c
405rtr-vlan11#sh ip wccp 70 co
406rtr-vlan11#sh ip wccp 70 counters
407WCCP Service Group Counters:
408 Redirected Packets:
409 Process: 0
410 CEF: 7
411 Non-Redirected Packets:
412 Action - Forward:
413 Reason - no assignment:
414 Process: 0
415 CEF: 0
416 Action - Ignore (forward):
417 Reason - redir ACL check:
418 Process: 0
419 CEF: 218
420 Action - Discard:
421 Reason - closed services:
422 Process: 0
423 CEF: 0
424 GRE Bypassed Packets:
425 Process: 0
426 CEF: 0
427 GRE Bypassed Packet Errors:
428 Total Errors:
429 Process: 0
430 CEF: 0
431
432 WCCP Client Counters:
433 WCCP Client ID: 192.168.20.2
434 Redirect Assignments:
435 Received: 1
436 Invalid: 0
437 Duplicate: 0
438 Redirected Packets:
439 Process: 0
440 CEF: 0
441 GRE Bypassed Packets:
442 Process: 0
443 CEF: 0
444
445rtr-vlan11#
446rtr-vlan11#sh ip wccp 70 clients
447WCCP Client information:
448 WCCP Client ID: 192.168.20.2
449 Protocol Version: 2.00
450 State: Usable
451 Redirection: GRE
452 Packet Return: GRE
453 Assignment: MASK
454 Connect Time: 00:30:16
455 Redirected Packets:
456 Process: 0
457 CEF: 0
458 GRE Bypassed Packets:
459 Process: 0
460 CEF: 0
461 Mask Allotment: 64 of 64 (100.00%)
462
463
464rtr-vlan11#show version
465Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2)
466Technical Support: http://www.cisco.com/techsupport
467Copyright (c) 1986-2015 by Cisco Systems, Inc.
468Compiled Fri 06-Feb-15 23:07 by prod_rel_team
469
470ROM: System Bootstrap, Version 15.1(2r)T2, RELEASE SOFTWARE (fc1)
471
472rtr-vlan11 uptime is 1 day, 9 hours, 9 minutes
473System returned to ROM by power-on
474System restarted at 12:56:49 CEST Sat May 13 2017
475System image file is "flash:c880data-universalk9-mz.154-3.M2.bin"
476Last reload type: Normal Reload
477Last reload reason: power-on
478
479
480
481[... cisco blabla ... ]
482
483Cisco 881G2 (MPC8300) processor (revision 1.0) with 472064K/52224K bytes of memory.
484Processor board ID FCZ1722C407
485
4865 FastEthernet interfaces
4871 terminal line
4881 Virtual Private Network (VPN) Module
4891 Cellular interface
490256K bytes of non-volatile configuration memory.
491125440K bytes of ATA CompactFlash (Read/Write)
492
493
494License Info:
495
496License UDI:
497
498-------------------------------------------------
499Device# PID SN
500-------------------------------------------------
501*0 C881G+7-K9 FCZ1722C407
502
503
504
505License Information for 'c880-data'
506 License Level: advipservices Type: Permanent
507 Next reboot license Level: advipservices
508
509
510Configuration register is 0x2102
511
512rtr-vlan11#show wccp cap
513rtr-vlan11#show wccp capabilities
514WCCP Platform Capability Settings
515
516Capability Setting
517
518Supported forwarding methods GRE & L2
519Supported return methods GRE & L2
520Supported assignment methods Hash & Mask
521Accelerated forwarding methods L2
522Accelerated return methods GRE & L2
523Accelerated assignment methods Mask
524Accelerated Mode CLI Off, CLI Disabled
525Supported redirection types Input & Output
526Check Outbound ACL CLI CLI Enabled
527Check All Services CLI CLI Enabled
528Closed Service Suport Supported
529VRF Support Supported
530Supported service groups 256